Privacy Policy

The protection of information related to you – such as your name, telephone number and email or IP address (“personal data”) – is important to us. We therefore operate this website and the services we provide on it in accordance with the applicable data protection laws, particularly the EU General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”).

This privacy policy applies to the following websites and pages:

The following statement contains an explanation as to how we handle your personal data in this context. We will also inform you if we transmit personal data to the bookseller from which you have purchased your tolino eReader (“tolino Bookseller”).

If you are interested in self-publishing, you will be forwarded from our website to the website https://www.tolino-media.de/. Please note that a separate privacy policy applies there.

1. Who is the controller? Who is the data protection officer?

The controller of this website is

tolino media GmbH & Co. KG

Dr Bernhard Mischke

Albrechtstrasse 14, 80636 Munich, Germany

Tel.: +49 89 / 45 22 01 8 – 66 80

Fax: +49 89 / 45 22 01 8 – 66 88

info@mytolino.com

<< For questions about your tolino eReader, please use our contact form >>

Our data protection officer’s contact information is available below:

PROLIANCE GmbH

www.datenschutzexperte.de

Leopoldstraße 21

80802 München

datenschutzbeauftragter@datenschutzexperte.de

2. What do we do with your personal data?

a. When you use our website and/or contact form

The processing of personal data, such as your IP address, is necessary for the provision of this website. Such processing is required to access the content shown on this website (including its functions) and is necessitated by IT security measures.

You can also use the contact form on our website to get in touch with the tolino Bookseller who sold you your tolino eReader. To this end, we process the personal data you have entered into the contact form and transmit said data to the tolino Bookseller in question in accordance with the options selected by you in the contact form.

(1) Legal basis

The processing of your personal data for the provision of this website and for communication by way of this website is based on our overriding legitimate interest. To provide this website, it is technically necessary for us to process certain personal data (such as your IP address). To enable you to communicate with us, it is necessary for us to handle your personal data.

(2) Weighing of interests

Within the scope of the required weighing of interests, we have weighed your interest in confidentiality against our interest in providing this website and entering into contact with you. For the use of the contact form, we have also taken the interests of the particular tolino Bookseller into account in our considerations.

Your interest in confidentiality does not take precedence in either case. Otherwise, we would be unable to provide this website to you, respond to your queries or forward your message to the appropriate tolino Bookseller.

(3) Recipient categories

We use service providers to provide our website. To this end, we transmit personal data to said service providers, who are contractually obliged by us to exercise the same care and attention while processing personal data as we would.

b. When you sign up for our newsletter

You can register for our newsletter by giving us the appropriate consent.

To this end, we collect the personal data you have entered into the registration form. We also process your corresponding usage data for a variety of purposes, such as measuring the success of a newsletter.

We use Mailjet GmbH (“Mailjet”) and InnoCraft Ltd. (“Matomo”) as service providers within the scope of our newsletter. Through our service providers, we keep records of subscriptions to our newsletter and of unsubscriptions. We also rely on our service providers to evaluate the reach of our newsletter. Working with Matomo and Mailjet enables us to analyse how you use our newsletter, allowing us to monitor whether you open it or where you click, and letting us see how often people click on the links in the newsletter or how many subscribers have opened the newsletter. To this end, we employ conversion tracking by way of our service providers.

(1) Legal basis

Your consent is the legal basis for the corresponding data processing by us.

You may withdraw your consent with future effect at any time by informing us of your desire to unsubscribe by way of the aforementioned contact options or through other channels. You may also unsubscribe by using the opt-out function at the end of each newsletter. If you unsubscribe, we will delete your email address from our newsletter mailing list.

(2) Recipient categories

The newsletter is sent out within the scope of a processing agreement by our service providers Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany, and Matomo, InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, to which we forward your email address for this purpose. These service providers are contractually obliged by us to exercise the same care and attention while processing personal data as we would.

Details on the Mailjet GmbH privacy policy can be found here: https://www.mailjet.de/privacy-policy/

Details on the InnoCraft Ltd privacy policy can be found here: https://matomo.org/privacy-policy

c. When you give us marketing consent

If you give us marketing consent, we will process your personal data (particularly your email address) for our own marketing purposes.

Your declaration of consent is the legal basis for our handling of your personal data in this context. You may withdraw your consent with future effect at any time.

d. When you do not object to the use of your email address for our own marketing purposes

We process your email address, provided we receive it in connection with our efforts to provide a service, to send you advertising for similar goods or services provided by us, unless you have objected to such use.

You can object to this use at any time without incurring any costs other than the basic cost of transmission. Please address your objection to the aforementioned contacts. You may also use the opt-out link in one of our marketing emails.

(1) Legal basis

The legal basis is our legitimate interest in connection with a statutory provision (Sec. 7 (3) of the German Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb)).

(2) Recipient categories

We use service providers for our email marketing. To this end, we transmit personal data to said service providers, who are contractually obliged by us to exercise the same care and attention while processing personal data as we would.

e. When you take part in one of our events

You may register for our events, such as the Tolino Story Days. To this end, we collect the personal data that you provide to us in each case within the scope of an event.

(1) Legal basis

We process your personal data for the initiation, execution and performance of the corresponding contract concerning event participation.

We process your personal data to provide information about future events. You can object to this use at any time without incurring any costs other than the basic cost of transmission. Please address your objection to the aforementioned contacts. You may also use the opt-out link in one of our marketing emails.

(2) Recipient categories

We work with third parties within the scope of events. To this end, we transmit personal data to the appropriate third parties.

f. When you take part in a prize draw, competition or giveaway

You may participate in our prize draws, competitions and giveaways. To this end, we collect the personal data that you provide to us in each case within the scope of a prize draw, competition or giveaway.

(1) Legal basis

We process your personal data for the initiation, execution and performance of the corresponding contract concerning participation in the prize draw, competition or giveaway, or on the basis of the consent you have given us. You may withdraw your consent with future effect at any time.

(2) Recipient categories

We work with third parties within the scope of prize draws, competitions and giveaways. To this end, we transmit personal data to these third parties.

g. When you follow us on social media platforms provided by third parties

You can follow us on various social media platforms provided by third parties (such as Instagram, Twitter, YouTube, Facebook, LinkedIn or XING).

To this end, we process the personal data you provide us and/or the personal data about you provided to us by the respective platform operator, should it have been made available to us. You can manage your privacy settings on the social media platform in question.

(1) Legal basis

We process your personal data as part of our social media activities on the basis of our overriding legitimate interest. To engage with you on social media, it is technically necessary to process certain personal data (such as your IP address; personal data that you have provided to the platform operator in question and/or that said operator has provided to us).

Within the scope of the required weighing of interests, we have weighed your interest in confidentiality against our interest in engaging with you on social media. Your interest in confidentiality does not take precedence. Otherwise, we would be unable to engage with you on social media.

(2) Recipient categories

We use service providers to manage our social media presence. The data transmitted to us as part of our activities on social media are automatically also transmitted to the social media platform in question.

h. When you send us a job application

You may send us a job application. To this end, we process the personal data that you provide to us within the scope of a job application.

We process your personal data for the initiation, execution and performance of the corresponding contract.

i. When we sell our company and/or a service

We reserve the right to sell our company and/or a service either in whole or in part. In the process, we may transmit your personal data to a third party in future in compliance with the respective data protection and privacy requirements. We will notify you thereof at least 30 days before said transaction becomes effective with information about the consequences of the further use of our services.

(1) Legal basis

We process your personal data as part of any such sale on the basis of our overriding legitimate interest. To process a corporate transaction, it may be necessary for us to transmit your personal data to a third party.

(2) Weighing of interests

Within the scope of the required weighing of interests, we have weighed your interest in confidentiality against our interest in such a sale. Your interest in confidentiality does not take precedence. Otherwise, we would be unable to process such a sale.

j. When we anonymise your personal data

We anonymise your personal data in order to analyse it for statistical purposes.

(1) Legal basis

We process your personal data as part of any such anonymisation on the basis of our overriding legitimate interest.

(2) Weighing of interests

Within the scope of the required weighing of interests, we have weighed your interest in confidentiality against our interest in such anonymisation. Your interest in confidentiality does not take precedence. Otherwise, we would be unable to achieve such anonymisation. The GDPR and BDSG do not apply to anonymous data.

(3) Recipient categories

We use service providers for the anonymisation process. To this end, we transmit personal data to said service providers, who are contractually obliged by us to exercise the same care and attention while processing personal data as we would.

k. When you allow the use of cookies and analysis tools

We use cookies and analysis tools to provide our services, such as within the scope of our websites and the tolino eReader. Some of the providers we use process your personal data outside the EU or EEA as well (please see “Data transfer to third countries”).

We use cookies. Cookies are data sets that are stored by a web server on the user’s device (such as a computer, smartphone, tablet or eReader). In certain cases, cookies may be accessed and read by us and/or third parties.

Cookies are sent back either to our website (“first party cookie”) or to another website to which the cookie belongs (“third party cookie”), for example when the website in question is accessed once again with the same device.

Disabling the cookie function will not generally restrict the use of our websites or the services we provide.

Legal basis

The legal basis for the use of technically necessary cookies or identifiers is our legitimate interest in connection with a statutory provision (Sec. 25 (2) No. 2 of the German Telecommunication, Telemedia and Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, TTDSG), Art. 6 (1) f) GDPR). The storage of information on your equipment, or the accessing of information already stored on your equipment, is absolutely essential to our ability to provide you, the user, with the expressly desired digital service.

Otherwise, the general legal basis is your consent if no legal basis is specified below (Sec. 25 (1) TTDSG, Art. 6 (1) a) GDPR). You may withdraw your consent at any time, for example by using your device’s browser settings to erase the cookies stored. Please note that, for technical reasons, this method relates solely to the specifically used device.

You can also prevent the recording and processing of your personal data by stopping the storage of cookies from third-party providers on your device, using the do-not-track function of a supported browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

(1) Use of tracking cookies for marketing purposes

This website works with external performance advertising networks to place proprietary advertisements and optimise its own marketing efforts.

As part of the tracking services, cookies are stored on the devices of users who visit or use the websites or other online services of its clients in order to document transactions. The sole purpose of these cookies is to correctly measure the success of an advertising and marketing tool and ensure proper billing within the scope of the advertising network. Personal data is not collected, processed or used to this end. A cookie solely contains information describing when a device was used to click on a particular advertising tool. The external partners used are listed below, along with a link to their privacy policies.

(2) Matomo

On our website, we use Matomo, a web analysis service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”).

Matomo employs cookies, which are text files that are stored locally on your device in your web browser’s cache and make it possible to analyse your use of our online presence.

Such data can also be used to create and analyse pseudonymised usage profiles for the same purpose. The data collected using Matomo’s technology (including your pseudonymised IP address) is processed solely locally on our server and is not transmitted to third parties.

Certain information that is transmitted by your browser is collected and analysed within the scope of our online services’ use. Collection is powered by a pixel that is embedded in each of the websites in question.

The following data is stored on our server for the statistical analysis of your website visit:

Within the scope of our web analysis through Matomo, your IP address will be stored only in abbreviated and anonymised form and will be used only for session identification, geolocation (down to city level) and to fight cyberattacks. Your IP address will be erased immediately thereafter.

If you do not wish to agree to the pseudonymised storage and analysis of this data pertaining to your website visit, then you can object to the storage and use by clicking on the link below:

https://tracking.mytolino.com/index.php?module=CoreAdminHome&action=optOut&language=de&backgroundColor=&fontColor=&fontSize=18px&fontFamily=

In this case, an opt-out cookie will be stored on your browser. As a result, Matomo will not collect any session data. Please note that erasing all of your cookies will also delete the opt-out cookie, meaning that you may have to reactivate it. Please note that, for technical reasons, this method relates solely to the specifically used device.

Additional information about data processing by Matomo is available on the following website: https://matomo.org/privacy-policy

(3) Facebook Pixel

On our website, we use Facebook Pixel, a web analysis service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (“Facebook”).

Facebook Pixel enables Facebook to display our advertisements on Facebook (“Facebook Ads”) to only those Facebook users who have also visited our websites, allowing the users of our websites and services to see advertisements related to their interests.

We have no knowledge of any details regarding the processing of personal data by Facebook. Information about the processing of personal data by Facebook is available on the following website: https://de-de.facebook.com/about/privacy/

By its own account, Facebook processes the following personal data:

  • Facebook Pixel HTTP data
    Log data generated for technical reasons via Hypertext Transfer Protocol (Secure) (HTTP(S)) upon deployment of the Facebook Pixel used on the website, including IP address, type and version of internet browser, operating system in use, the page accessed and the page previously visited (referrer URL), as well as the date and time of access
  • Facebook Pixel device data
    Data attributed to your device by the Facebook Pixel, including a unique identifier for the recognition of repeat visitors.
  • Facebook Pixel event data
    Data that Facebook records via the Facebook Pixel and attributes to a particular visitor’s unique identifier as contained in the Facebook Pixel device data, including actions that take place on the website (“events”).
  • Facebook Pixel analysis data
    Data that Facebook generates on the basis of the information recorded by the Facebook Pixel and attributes to a particular visitor’s unique identifier as contained in the Facebook Pixel device data, including information on the effectiveness of Facebook Ads and the classification of users into target groups for Facebook Ads. Based on the information recorded, Facebook may be able to generate additional data for its own purposes or for the purposes of third parties. We have no knowledge of any details regarding the data generated by Facebook.

Additional information about data processing by Facebook is available on the following websites: https://www.facebook.com/about/privacy

http://www.facebook.com/policy.php

(4) Google Search Console

For the purpose of continuously optimizing the Google ranking of our website, we use Google Search Console, a web analysis service from Google.

Through Google Search Console, we can perform search analytics that tell us how often our website appears in Google search results. This allows us to monitor and manage our websites in the search index.

No personal user or tracking data is processed or transmitted to Google as part of the use of Google Search Console.

(5) Google Ads Remarketing

Our website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Provided that you have given us your consent, this function makes it possible to link the advertising target groups created with Google Ads Remarketing with the cross-device functions of Google Ads and Google Marketing Platform. The legal basis is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO, § 25 (1) TTDSG. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be served on every end device on which you log in with your Google account.

To support this feature, Google Analytics-authenticated IDs of users are collected and temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.

You can permanently opt-out of cross-device remarketing/targeting by disabling personalized advertising in your Google account; follow this link: https://adssettings.google.com/

As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.

Further information and the data protection provisions can be found in Google’s data protection declaration at: https://www.google.com/policies/technologies/ads/.

l. When you visit a website of ours on which a YouTube video may be played

We use the provider YouTube to embed videos. YouTube is operated by YouTube LLC, which has its principle place of business at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google (please see “Data transfer to third countries”).

On some of our websites, we us plug-ins provided by YouTube. When you access web pages with such a plug-in, a connection to the YouTube servers is established to display the plug-in, letting the YouTube server know which of our web pages you have visited. If you are logged into YouTube as a member, YouTube will attribute this information to your personal user account. This information will also be attributed to your user account when you use the plug-in, for example by clicking on the button to play a video. You can prevent this from happening by logging out of your YouTube user account and other user accounts provided by YouTube LLC and Google and by erasing the corresponding cookies of the providers before using our web pages.

Additional information about data processing and the privacy policy of YouTube (Google) is available at:

https://policies.google.com/privacy?hl=de

Legal basis

Your consent is the legal basis for processing (Sec. 25 (1) TTDSG, Art. 6 (1) a) GDPR).

3. How long do we store your personal data?

We will erase your personal data once the purpose of storage ceases to apply and if there are no statutory provisions requiring its storage, such as a retention obligation under the Fiscal Code of Germany (Abgabenordnung) and/or the German Commercial Code (Handelsgesetzbuch). Processing will be restricted if deletion is not possible in a particular case.

4. What rights do you have as a data subject?

Please see the contact information above to exercise your rights and to withdraw your consent.

a) You have the right to access any personal data of yours that we process at any time.

b) Should your personal data be incorrect or incomplete, you have the right to rectification and amendment.

c) You may request the erasure of your personal data at any time, unless we are legally obligated or entitled to continue processing your data.

d) If the legal requirements are met, you may request that the processing of your personal data be restricted.

e) You have the right to object to processing if the purpose of the data processing is direct marketing or profiling. If the processing takes place in consideration of different interests, you may object to the processing on grounds relating to your particular situation.

f) If data is processed on the basis of your consent or within the scope of a contract, you have the right to receive the data provided by you, unless doing so interferes with the rights and freedoms of other persons.

g) If we process your data on the basis of a declaration of consent, you have the right to withdraw said consent with future effect at any time. Any processing performed prior to withdrawal of consent will remain unaffected thereby.

h) You also have the right to lodge a complaint with a supervisory authority for data protection at any time if you are of the opinion that data was processed in violation of applicable law.

The following supervisory authority is generally responsible for us:

          Bayerisches Landesamt für Datenschutzaufsicht

Promenade 27 (Schloss)

91522 Ansbach

Germany

https://www.lda.bayern.de/de/index.html

We will notify all recipients to which we have disclosed personal data of any rectification or erasure of your personal data or any restriction of the corresponding processing, unless doing so proves to be impossible or is associated with disproportionate effort. Upon request, we will notify you of the recipients relevant to you.

5. In what context do we create automatic profiles?

Automatic profiles are not created.

6. Data transfer to third countries

In some cases, personal data will be transferred to recipients in third countries (see the information and statements in each case as provided in our privacy policy). Third countries are those outside the EU and the EEA, including the United States of America.

The United States of America is not subject to the same data protection regulations as Europe. In particular, it may be possible for government agencies to access personal data without us or you knowing about it. Any legal action taken may not result in a positive outcome.

The legal basis for such data transfer is generally your consent (Art. 49 (1) subparagraph 1 a) GDPR) or the performance of a contract (Art. 49 (1) subparagraph 1 b) GDPR).

7. Data security

We take appropriate technical and organisational security measures to protect the personal data processed by us from unintentional or intentional manipulation, loss, destruction or unauthorised access.

********