Private Policy
- Visit our website at http://www.mountainbrat.com, or any website of ours that links to this Privacy Notice
- Engage with us in other related ways, including any sales, marketing, or events
- names
- email addresses
- contact preferences
- billing addresses
- debit/credit card numbers
- health data
- Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).
- Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
- Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
- To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
- To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.
- To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
- To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
- Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
- For investigations and fraud detection and prevention
- For business transactions provided certain conditions are met
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
- For identifying injured, ill, or deceased persons and communicating with next of kin
- If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
- If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
- If the collection is solely for journalistic, artistic, or literary purposes
- If the information is publicly available and is specified by the regulations
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
| Category | Examples | Collected |
|
A. Identifiers
|
Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name
|
NO
|
|
B. Personal information as defined in the California Customer Records statute
|
Name, contact information, education, employment, employment history, and financial information
|
NO
|
|
C. Protected classification characteristics under state or federal law
|
Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data
|
NO
|
|
D. Commercial information
|
Transaction information, purchase history, financial details, and payment information
|
NO
|
|
E. Biometric information
|
Fingerprints and voiceprints
|
NO
|
|
F. Internet or other similar network activity
|
Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements
|
NO
|
|
G. Geolocation data
|
Device location
|
NO
|
|
H. Audio, electronic, sensory, or similar information
|
Images and audio, video or call recordings created in connection with our business activities
|
NO
|
|
I. Professional or employment-related information
|
Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us
|
NO
|
|
J. Education Information
|
Student records and directory information
|
NO
|
|
K. Inferences drawn from collected personal information
|
Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics
|
NO
|
| L. Sensitive personal Information | Health data |
YES
|
- Receiving help through our customer support channels;
- Participation in customer surveys or contests; and
- Facilitation in the delivery of our Services and to respond to your inquiries.
We will use and retain the collected personal information as needed to provide the Services or for:
- Category H – 6 months
- Right to know whether or not we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request the deletion of your personal data
- Right to obtain a copy of the personal data you previously shared with us
- Right to non-discrimination for exercising your rights
- Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”)
- Right to access the categories of personal data being processed (as permitted by applicable law, including Minnesota’s privacy law)
- Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including California’s and Delaware’s privacy law)
- Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including Minnesota’s and Oregon’s privacy law)
- Right to review, understand, question, and correct how personal data has been profiled (as permitted by applicable law, including Minnesota’s privacy law)
- Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including California’s privacy law)
- Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including Florida’s privacy law)
- offer you the products or services that you want
- respond to or help with your requests
Analysis tools and tools from third-party providers
When you visit this website, your surfing behavior may be statistically evaluated. This is mainly done mainly with so-called analysis programs.
Detailed information on these analysis programs can be found in the following privacy policy.
1.. hosting
The hosting services on which this website is based are provided by Raidboxes GmbH (Hafenstrasse 32, 48153 Münster, Germany). Raidboxes GmbH offers Software as a Service (SaaS) services as part of cloud hosting.
Raidboxes GmbH automatically collects and stores server log files with information that your browser transmits to us. This information includes
Browser type
operating system
Referrer URL (previously visited page)
Host name (IP address)
Raidboxes GmbH cannot assign this data to specific persons. This data is not merged with other data sources. The data is deleted after a statistical evaluation after 7 days at the latest. Further information can be found in the data protection regulations of Raidboxes GmbH. These can be viewed here.
We have also concluded a contract for order data processing (AV). This contract regulates the scope, type and purpose of Raidboxes GmbH’s access to data. The access options are limited only to necessary accesses that are required to fulfill the hosting services.
Contact form
If you send us inquiries via the contact form, your details from the enquiry form, including the contact details you provide there, for the purpose of processing the request and in the event of follow-up questions. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the fulfillment of a contract or for the implementation of pre-contractual measures
is required. In all other cases, the processing is based on our legitimate interest in the effective effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time. revocable at any time.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular
in particular retention periods – remain unaffected. Request by e-mail, telephone or fax If you contact us by e-mail, telephone or fax, your inquiry, including all personal data resulting from it personal data (name, inquiry) for the purpose of processing your request. stored and processed by us. We do not share this data.
Real Cookie Banner
Real Cookie Banner asks website visitors for their consent to the setting of cookies and the processing of personal data. For this purpose, each website visitor is assigned a UUID (pseudonymous identification of the user), which is valid until the cookie for storing consent expires. Cookies are used to test whether cookies can be set, to store a reference to the documented consent, to store which services from which service groups the visitor has consented to and, if consent is obtained in accordance with the Transparency & Consent Framework (TCF), to store the consents in TCF partners, purposes, special purposes, functions and special functions. The consent obtained is fully documented as part of the duty of disclosure under the GDPR. In addition to the services and service groups to which the visitor has consented, and if consent is obtained according to the TCF standard, to which TCF partners, purposes and functions the visitor has consented, this includes all settings of the cookie banner at the time of consent as well as the technical circumstances (e.g. size of the viewing area at the time of consent) and the user interactions (e.g. clicks on buttons) that led to consent. Consent is collected once per language.
17. analysis tools and advertising
Matomo
This website uses the open source web analysis service Matomo.
With the help of Matomo, we are able to collect and analyze data about the use of our website by the
website visitors and to analyze it. This enables us to find out, among other things, when which
page views were made and from which region they come. We also record various
log files (e.g. IP address, referrer, browser and operating system used) and can measure whether
our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The
website operator has a legitimate interest in the analysis of user behavior in order to optimize both its
optimize both its website and its advertising. If a corresponding consent has been requested
has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1
TTDSG, insofar as the consent permits the storage of cookies or access to information in the
user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent is
revocable at any time.
IP anonymization
We use IP anonymization for the analysis with Matomo. Your IP address is shortened before the
analysis so that it can no longer be clearly assigned to you.
Cookie-less analysis
We have configured Matomo so that it does not store any cookies in your browser.
Managing contacts and sending messages
These types of services allow the management of a database of email contacts, phone numbers or any other contact information to communicate with the user.
The services may also collect data about the date and time messages were read by the user, as well as when the user interacts with incoming messages, for example by clicking on links contained therein.
Brevo Email (Sendinblue GmbH)
Brevo is a service provided by Sendinblue GmbH for managing email addresses and sending messages.
Personal Data collected: Cookie; email; Usage Data.
Place of processing: Germany, France
Privacy Policy: https://www.brevo.com/de/legal/privacypolicy/
Management of user databases
This type of service allows the Owner to create User profiles using the email address, name or other details provided by the User on this Application, as well as to track User activity through analytics functionalities. This Personal Data may also be matched with publicly available information about the User (such as social media profiles) and used to build a personal profile that the Owner can display and use to improve this Application.
Some of these services may also provide for the sending of timed messages to the user, such as emails, which this application links to specific actions.
Brevo Marketing Automation (Sendinblue GmbH SendinBlue SAS)
Brevo is a user database management service provided by Brevo GDPR Privacy Policy.
Personal Data collected: Cookie; email; Usage Data.
Place of processing: Germany, France
Privacy policy: https://www.brevo.com/de/legal/privacypolicy/
Conclusion of a contract for order processing
We have concluded a contract with Brevo in which we oblige Brevo to protect our customers’ data and not to pass it on to third parties.
LamaPoll
To conduct online surveys, we use the technology of Lamano GmbH & Co. KG, Prenzlauer Allee 36G, 10405 Berlin, hereinafter referred to as LamaPoll. LamaPoll is a web service for creating and conducting surveys. LamaPoll provides technical infrastructures and software solutions that enable its customers to create, conduct and analyze secure online surveys. It is expressly not part of LamaPoll’s business to trade in data, to pass on data to third parties, to sell it or to use it in any other way.
All connections from LamaPoll’s systems are encrypted by default according to the current state of the art – thus any data transmission is protected against eavesdropping by third parties. Furthermore, LamaPoll attaches great importance to the secure storage of data – all LamaPoll servers are hardened, protected by firewalls, virus scanners etc. and always patched with the latest security updates. The survey tool is regularly subjected to security checks and penetration tests, including by the German Federal Office for Information Security (BSI). All servers are located in Germany and are subject to German data protection and security regulations: The data centers used have independent TÜV certification in accordance with DIN ISO 27001.
1. controller for the processing of personal data
Mountain nomad
Kathrin Kriesch
Hardenbergstraße 41b
90768 Fürth
3. data collection for internal system purposes
Server log files
When you access a survey, information of a general nature is automatically collected. This data (server log files) includes
Time of access (date & time)
Your web browser
Your operating system
the survey accessed
if applicable, the website from which you accessed the survey (referrer URL)
IP address
This is exclusively data that does not allow any direct conclusions to be drawn about your person. This data is technically necessary in order to correctly deliver the surveys you have requested and is mandatory when using the Internet. It is required for the operation, maintenance, protection and monitoring of the proper functioning of the system. In the event of misuse, these logs are used to create reproduction scenarios and, if necessary, evidence to be provided by us. In the event of an error, these logs are used to enable the system to be updated as quickly as possible. We only use this data if necessary and only for protection, maintenance and to ensure the proper operation of the system.
IP address
When you access a survey, your IP address is transmitted to Lamapoll, but not assigned to your answers. The IP address is not stored unless we, as the host of the survey, have made settings to prevent multiple participation based on the IP address. In this case, the IP address is stored as a cryptographic hash together with the Lamapoll survey ID. It is then used for comparison to exclude future participants with the same IP address from the survey. Your IP address can no longer be read or decoded once it has been encrypted or converted into a cryptographic hash. It will also never be linked to your answers (even in the case of non-anonymous surveys). After completion or deletion of the survey, your encrypted IP address will be deleted.
Cookies
Lamapoll uses so-called “cookies” in its surveys. Cookies are very small text files that your browser stores on your hard disk. The storage of cookies is initiated by the website you are visiting. When you visit a website again, your browser automatically sends the previously stored cookie to the website server. Usually, only an alphanumeric ID is stored in a cookie, which enables the respective website to recognize you. Cookies cannot be used to start programs or transfer viruses to a computer. Cookies are required in particular to enable you to answer or interrupt and continue surveys, to prevent multiple participation and to display multilingual surveys in the correct language and are stored in your browser until you delete them. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your internet browser to find out how to change these settings.
The legal basis for the processing of the above-mentioned data is Art. 6 para. 1 lit. f GDPR.
4 Collection and processing of personal data Participation in an online survey
If we ask you to take part in an online survey, we may store your e-mail address and your answers in the survey platform.
Personal data is also collected and processed if you provide it to us voluntarily during a survey. All information is evaluated anonymously and not on a personal basis.
Which data is transmitted to us is determined by the respective input field used for the transmission. The data you enter is collected and stored anonymously for the creation of internally used statistics.
If a free text field is integrated in the survey, we will collect the data provided in your response. Please do not enter any personal data in a free text field.
All data collected – in particular your answers – is transmitted via secure SSL-encrypted connections and stored securely on Lamapoll’s servers. They are analyzed in graphical and tabular form. The data is stored for the duration of the survey. Once this period has expired, the corresponding data is routinely deleted, provided it is no longer required for the purpose of analyzing the feedback and/or we no longer have a legitimate interest in continuing to store it. A link between your person and your answers is not possible.
Participation in an online data collection
If we ask you to participate in an online data survey, we will store your details in the survey platform. All data collected is transmitted via secure SSL-encrypted connections and stored securely on Lamapoll’s servers. At the end of the survey, the data is stored by the KZVWL to fulfill its purpose and is routinely deleted from Lamapoll’s servers. Your data will be stored by KZVWL until the purpose for which it was collected ceases to apply or until you withdraw your consent.
5 Disclosure to third parties
The personal data that is collected is stored on the servers of the survey provider Lamapoll. Lamapoll will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.
In order to ensure processing in compliance with data protection regulations, we have concluded an order processing contract with Lamapoll.
6 Legal basis for the processing of your data
The lawfulness (legal basis) for the processing of your data entered in the survey results from your consent to participate in the survey (pursuant to Art. 6 para. 1 lit. a GDPR). Non-participation will not result in any disadvantages.
7 Your rights to your personal data Withdrawal of your consent to data processing
You can withdraw your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to lodge a complaint with the competent supervisory authority
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.
You can find further information on data protection from our service provider Lamapoll at www.lamapoll.de/Support/Datenschutz
Security-relevant aspects can be found here:
www.lamapoll.de/Support/Sicherheit