- classic.leica-camera.com -
During your use of this website, we as the data controller will process and store your personal information for the period necessary in order to meet the purposes specified and our legal obligations. This information serves to inform you about the data concerned, how it is processed and your rights.
According to Art. 4 (1) of the General Data Protection Regulation (GDPR), personal information is any information relating to an identified or identifiable natural person (hereinafter the "data subject” or “user").
1. Name and contact information of the data controller
Leica Camera AG,
Am Leitz-Park 5,
(hereinafter the “Vendor” or “we/us”)
If you have any questions about data protection law or your rights as a data subject, please contact us directly at any time at the above address.
2. Processing of personal information and purposes of processing
This website is hosted by Profihost GmbH, Expo Plaza 1, 30539 Hannover, Germany (hereinafter "Profihost").
To provide a website, it is necessary to commission a web hosting service. The use of Profihost is governed by Art. 6 (1) (f) of the GDPR because it is our legitimate economic interest to present our offer on this website. In providing the hosting service, Profihost processes personal information on our behalf, which is generated when you use the website.
We concluded a data processing agreement with Profihost on the basis of which the service provider warrants that it will process data in accordance with the General Data Protection Regulation ensuring the protection of the rights of the data subject.
b) When visiting the website
You can access classic.leica-camera.com without having to disclose any personal information. The browser used on your terminal device automatically sends information to the server of our website (e.g., date and time of access, name and URL of the file accessed, browser type and version, website from which access is made (referrer’s URL)).
This includes the IP address of your requesting terminal device. It is temporarily stored in a so-called log file and will be deleted automatically after 31 days.
The IP address is processed for technical and administrative purposes to make and stabilize the connection in order to ensure that our website is secure and functions well and to be able to track any illegal attacks if necessary.
Art. 6 (1) (f) of the GDPR provides the legal basis for the processing of your IP address. Our legitimate interest follows from our security interest mentioned and the necessity to enable the hazzle-free use of our website.
We cannot draw any direct conclusions about your identity from the processing of the IP address in the log file.
c) When using the contact form
You can send us a contact request using our online contact form so that we can contact you personally. Here we collect the following mandatory information:
- e-mail address
- your comment
We need this information in order to know from whom the request originates and to be able to contact you personally. In addition, you can also provide your telephone number. This is voluntary and not required for use of the contact form, but it helps us understand your request and clarify any questions we might have.
The information provided is processed in order to reply to your contact request based on your given consent according to Art. 6 (1) (f) of the GDPR or our legitimate interest according to Art. 6 (1) (f) of the GDPR.
The personal information we collect for use of the contact form will be deleted as soon as your inquiry has been conclusively answered and such deletion does not conflict with any statutory retention obligations.
d) When setting up a user account
You have the option to set up a password-protected user account where we store your personal data. This serves the purpose of providing you with the greatest possible convenience in processing your orders with the merchants by making the purchase process easier, faster and more personal.
If you would like to set up a password-protected user account, we require the following information from you:
- title, first name, last name,
- billing and shipping address,
- valid e-mail address.
In addition, you must choose a password to set up a user account. Together with your e-mail address, this will allow you to access your user account.
For a faster reply to a request, you can also provide your phone number. This information is voluntary and not required for the creation of a user account.
We use the data you provide to conclude, form, process and modify contractual relations with you regarding the use of our platform and the services offered, to provide support when processing your order with merchants, and to evaluate orders for market research and statistical purposes.
We only store and process your personal information in connection with your user account if you have voluntarily given your consent in accordance with Art. 6 (1) (a) of the GDPR.
To use our website and place orders, it is not necessary to create a user account. You have the option of placing your order as a guest. In this case, however, you will have to enter your complete data again for each order.
After your user account has been deleted, your data will be automatically deleted for further use, unless we are obliged to retain it for a longer period of time according to Article 6 (1) (c) of the GDPR to meet retention and documentation obligations arising from tax and commercial law or if you have consented to additional retention in accordance with Art. 6 (1) (a) of the GDPR.
3. Consent regarding promotional information and data processing for advertising purposes
If you have consented to receive promotional information, we will use the information you have provided (including personal information you may have stored in your account and which we may have obtained through your interaction with us) on the basis of your consent in accordance with Art. 6 (1) (a) of the GDPR to send you - depending on the preferences you have set - promotional information about Leica Camera products, services, events, and promotions by e-mail, telephone, push message via Leica Camera mobile apps and social media (Facebook, Instagram and Youtube).
Your consent is valid across the Leica Camera Group.
In order for us to tailor communication to your interests and habits and create the most personalized experience for you, we may analyze and combine other personal information you have provided. This may include the following information:
Information that you have actively provide to us, e.g.:
- date of birth,
- an additional e-mail address,
- mailing address,
- telephone number,
- data from social networks that you have given us,
- personal interests, e.g., photography, professional imaging, hunting, nature observation
- product registration.
Data about your interactions, such as purchases at Leica Camera stores (POS) and Leica Camera online stores, as well as customer care requests, your use of Leica Camera’s digital channels, such as social media, websites, e-mails, Leica Camera apps, and your use of networked Leica Camera products. This data may include the following:
- IP address,
- device information,
- information you clicked,
- location information,
- websites you have visited,
- Leica Camera apps you use,
- purchases you have made (products),
- your inquiries to Leica Camera customer care.
The information is provided on a voluntary basis. However, without this information we are not able to provide you with the relevant information.
We will verify your consent using the so-called double opt-in procedure. This means that we will ask you to reconfirm your consent by e-mail before we will contact you with promotional information. We will use the information about your confirmation to document and, if necessary, prove your consent.
a) Subscribing to our newsletter
Newsletters and other promotional information that we will e-mail you based on your previously selected areas of interest contain so-called "web beacons". Web beacons are pixel-sized files that are retrieved from the sender's server when the e-mail is opened. As part of the retrieval process, technical information is first collected from you, such as
- newsletter delivery
- information about the browser
- information about the system used
- IP address
- time of retrieval
In addition, we collect the following information:
- retrieval location determined based on your IP address.
- information about whether you have opened the e-mail
- Information about which of the links contained in the e-mail you clicked on.
This information is used for statistical purposes in order to technically improve services based on technical data or target groups and their reading habits. For technical reasons, this information can be assigned to individual recipients. Results of analyses are used only to understand the reading habits of our users and to adapt our content accordingly, to improve it or to send different content according to our users’ interests.
The information is provided on a voluntary basis. Without this data, however, we will not be able to adapt our content to your needs, improve it or send different content depending on your interests.
Your consent provides the legal basis for processing information according to your aforementioned purposes (Art. 6 (1) (a) of the GDPR).
b) Transferring your data to companies of the Leica Camera Group for marketing purposes
To the extent necessary to achieve the aforementioned purposes, the aforementioned information will be transferred between the companies of the Leica Camera Group. Your consent provides the legal basis for transferring and further processing information by the companies of the Leica Camera Group (Art. 6 (1) (a) of the GDPR).
If we transfer your data to companies of the Leica Camera Group or other recipients outside the European Union or the European Economic Area for the purposes stated in this section 3 on the basis of your consent, this transfer will only take place in accordance with the provisions of the GDPR.
Any transfer to recipients based on an adequacy decision is made under the following conditions:
For the following third countries, the European Commission has decided that an adequate level of data protection exists (adequacy decision, Art. 45 of the GDPR). We may transfer your data to the following recipients located in countries for which an adequacy decision exists:
- Leica Camera AG (Switzerland) – decision of July 26, 2000
- Leica Camera Japan Co., Ltd. (Japan) - decision of January 23, 2019
In addition, we may also transfer the aforementioned data to companies of the Leica Camera Group located in third countries for which there is currently no adequacy decision by the EU Commission confirming that these third countries generally provide an adequate level of data protection. We therefore use the standard contractual clauses of the EU Commission in accordance with Art. 46 (2) (c) of the GDPR when structuring contractual relations with companies of the Leica Group located in these third countries. The Commission decision can be viewed at any time at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915.
c) Sharing data with Facebook and Instagram
We would like to ensure that ads are only displayed to users who have an interest in our advertising information. Therefore, we use Facebook services to show you individualized advertising. The operator of Facebook and/or Instagram for users outside the United States and Canada is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For users residing in the U.S. and Canada, the operator is Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA.
If you have a Facebook profile, Facebook may match this data with data that Facebook already has about you. Facebook may also combine this data with other data.
Facebook may share your data within the Facebook group of companies or with other third parties. This may result in the transfer of personal data to the U.S. and to other third countries for which there is no adequacy decision by the EU Commission. According to Facebook's own information, Facebook uses EU standard contractual clauses approved by the EU Commission to ensure an adequate level of data protection for the transfer of data to the U.S. and to other third countries for which there is no adequacy decision by the EU Commission.
With respect to the shared data, together with Facebook we are joint controllers in accordance with Art. 26 of the GDPR. We have entered into a Joint Responsibility Agreement to determine the responsibilities for fulfilling our obligations under the GDPR. Accordingly, we are responsible for the information of users of our website, while Facebook is responsible for fulfilling requests regarding data subjects' rights under Art. 15 to 20 of the GDPR. However, within the framework of our joint responsibility, you can in principle assert your rights as a data subject against each of the joint controllers.
We use the "Custom Audiences from File" procedure. If you have given your consent, we will share your e-mail address or phone number with Facebook in hashed form. Facebook will match this information with information stored by Facebook. If Facebook finds a "match", Facebook will play personalized advertising to you.
d) Sharing data with Youtube
In addition, we may also transfer the aforementioned data to YouTube. The operator of YouTube for users in the European Union, the European Economic Area, and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For users outside the European Union, the European Economic Area and Switzerland, the operator is Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA.
If you have a Google account, Google may match the information with data that Google already has about you. Google may also combine this data with other data.
Google may share your information with other Google companies or other third parties. This may result in the transfer of personal data to the U.S. and other third countries for which there is no adequacy decision by the EU Commission. In this case, Google states that it uses EU standard contractual clauses approved by the EU Commission to ensure an adequate level of data protection for the transfer of data to the U.S. and other third countries for which there is no adequacy decision by the EU Commission.
Basic information on how Google processes your personal information can be found here: https://policies.google.com/privacy?hl=en.
e) Right of withdrawal
You can withdraw your consent at any time with effect for the future, also partially, by sending an e-mail to firstname.lastname@example.org. The withdrawal of consent does not affect the lawfulness of any processing performed on the basis of your consent. If you withdraw your consent, we will no longer use your data to send you promotional information.
In addition, you can edit preferences in your account profile to change communication channels for receiving promotional information.
f) Deleting your data
If you withdraw your consent, we will usually delete your data within 72 hours, unless there is no other legal basis for further processing. If data must be retained beyond this term for legal reasons, it will be blocked. The data will then no longer be available for further use.
4. Transfer of personal data to third parties
a) General information
Your personal information will only be transferred to third parties if
- you have given your express consent in accordance with Art. 6 (1) (a) of the GDPR,
- it is legally permissible and necessary in accordance with Art. 6 (1) (b) of the GDPR in order to fulfill contracts concluded with you,
- there is a legal obligation to transfer data according to Art. 6 (1) (c) of the GDPR, or
- it is legally permissible and necessary in accordance with Art. 6 (1) (f) of the GDPR in order to protect our interests or those of third parties.
The data transferred may be used by third parties only for the purposes stated.
b) Transfer of personal data to third countries
Personal information will only be transferred to a third country or an international organization if we inform you accordingly and if the requirements of Art. 44 et seq. of the GDPR have been met.
A third country is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered unsafe if the EU Commission has not issued an adequacy decision for that country in accordance with Art. 45 (1) of the GDPR confirming that adequate safeguards are in place in the country concerned to protect personal data.
The U.S. is a so-called unsafe third country which means that the U.S. does not offer a level of data protection comparable to that in the EU. The following risks exist when personal data is transferred to the U.S.: There is a risk that U.S. authorities may gain access to personal information on the basis of the PRISM and UPSTREAM surveillance programs based on Section 702 of the Foreign Intelligence Surveillance Act (FISA), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective legal protection against such access in the U.S. or the EU.
- sufficient safeguards are provided by the recipient in accordance with Art. 46 of the GDPR for the protection of your personal information,
- you have expressly consented to the transfer after we informed you of the risks in accordance with Art. 49 (1) (a) of the GDPR,
- the transfer is necessary for the performance of contractual obligations between you and us, or
- another exception arising from Art. 49 of the GDPR applies.
Safeguards according to Art. 46 of the GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient warrants to sufficiently protect the data and thus to ensure a level of protection comparable to the GDPR.
5. Cookies and similar functions
Information is stored in the cookie generated in each case in connection with the specific terminal device used. However, this does not mean that we will gain direct knowledge of your identity.
We also use functions similar to cookies, such as pixel tags, tracking pixels or beacon trackers as part of our online offer. Pixels are small graphics that are integrated into the HTML code of our website. The pixel tag itself does not store or change any information on your device, so pixels do not cause any damage to your device and do not contain viruses, Trojans or other malware.
Most browsers accept cookies automatically, but you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is set. However, if you completely deactivate even technically necessary cookies, you may not be able to use all the functions of our website.
6. Web analytics
We use the tracking and targeting measures listed below based on your given consent in accordance with Art. 6 (1) (a) of the GDPR. You can revoke your consent at any time with effect for the future by making the corresponding changes or adjustments in your cookie settings here.
By using these tracking measures, we want to ensure that our website is designed to meet your needs and that it is optimized on an ongoing basis. We also use tracking measures to statistically track the use of our website and to evaluate it for the purpose of optimizing our offer for you.
By using targeting measures, we want to ensure that you are only shown advertising on your devices that is tailored to your actual or perceived interests.
Information on the respective data processing purposes and data categories can be found in the corresponding tracking and targeting tools.
a) Google Analytics
On our website, we use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). In this context, pseudonymous usage profiles are created and cookies (see section 4) are used.
The information generated by the cookie about the use of our website (e.g., IP address of the accessing computer, time of access, the referrer’s URL, and information about the browser and operating system used) is transmitted to Google servers in the U.S. and processed there.
The use of Google Analytics is based on your given consent according to Art. 6 (1) (a) of the GDPR. You can withdraw your consent at any time using the consent management tool. Google processes the information on our behalf in order to evaluate the use of the website, to compile reports on website activities, and to provide us with further services associated with website and internet use for the purposes of market research and to design these internet pages to meet our needs.
We concluded a data processing agreement with Google for the use of Google Analytics. Based on this agreement, Google assures that they will process data in accordance with the General Data Protection Regulation and ensure the protection of the data subject's rights.
We only use Google Analytics with activated IP anonymization. This means that the user's IP address is shortened by Google in member states of the European Union or in other states party to the Agreement on the European Economic Area. The IP address is not combined with other Google data.
We do not use Universal Analytics with user ID offered by Google.
If required by law or if third parties process the data on our behalf, the collected data will be transferred to third parties.
The user data collected using cookies will be automatically deleted after 14 months.
Information about the use of our website generated by the cookies set by Google Analytics is transferred to Google servers in the U.S. and processed there. The transmitted data merely consists of pseudonyms so that we cannot draw any direct conclusions about your name. We concluded an agreement with Google incorporating the EU standard contractual clauses. This guarantees a level of protection comparable to that in the EU (also see section 4b on data transfer to the U.S.).
b) Google Ads Conversion Tracking (including remarketing pixels)
We use Google’s conversion tracking and remarketing on our website by means of pixel tags by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"), in order to statistically track and evaluate the use of our website with the aim of optimizing our offer for you. For this purpose, Google Ads sets a cookie on your computer (see section 4) if you access our website via a Google ad.
These cookies will lose their validity after 100 days. If the user visits certain pages of the Ads customer's website and the cookie has not yet expired, Google and the customer can see that the user clicked on the ad and was redirected to this page.
The information generated by the cookie about your use of this website is transmitted to a Google server in the U.S. and stored there. In addition, we concluded a data processing agreement with Google for the use of Google Ads. Based on this agreement, Google assures that they will process the data in accordance with the General Data Protection Regulation and ensure the protection of the data subject's rights.
Each Ads customer receives a different cookie. Therefore, cookies cannot be tracked through the websites of Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who use conversion tracking. We learn the total number of users who clicked on an ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in the tracking process, you can also refuse the setting of a necessary cookie, e.g., via a browser setting that generally deactivates the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com".
We use the remarketing function. This allows us to send out advertisements based on your previous user or browsing behavior.
Information about the use of our website generated by the cookies and pixel tags set by Google Ads conversion tracking are transmitted to Google servers in the U.S. and processed there. The transmitted data merely consists of pseudonyms so that we cannot draw any direct conclusions about your name. We concluded an agreement with Google incorporating the EU standard contractual clauses. This guarantees a level of protection comparable to that in the EU (also see section 4b on data transfer to the U.S.).
In addition, you can prevent data processing for the purpose of displaying interest-based advertising using Google's Ads settings manager.
We implement components (videos) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "YouTube"), a Google company, on our web pages. The implementation is based on your given consent according to Art. 6 (1) (a) of the GDPR. When loading videos to our website, data is forwarded to Google. In particular, Google will receive information about which of our websites you visited as well as device-specific information including your IP address.
We use the "extended data protection mode" option provided by YouTube for this purpose. Visiting a page that has an embedded video only establishes a connection to YouTube servers. The content is displayed on the website by notifying your browser when you actually watch the video.
If you are logged in to YouTube at the same time, this information will be assigned to your member account with YouTube. You can prevent this by logging out of your member account before visiting our website. Your data will be deleted as soon as it is no longer required for the purpose of processing.
Information about the use of our website generated by the integration of YouTube is transferred to YouTube servers in the U.S. and processed there. The transferred data merely consists of pseudonyms so that we cannot draw any direct conclusions about your name. We concluded an agreement with YouTube incorporating the EU standard contractual clauses. This guarantees a level of protection comparable to that in the EU (also see section 4b on data transfer to the U.S.).
You can withdraw your consent at any time for the future using the Consent-Management-Tool.
8. Google Fonts
In order to display fonts consistently, we use so-called web fonts provided by Google. When you visit a website, your browser loads the required web fonts into your browser cache so that text and fonts can be displayed correctly. For this purpose, the browser you use must establish connections to Google's servers. This informs Google that our website has been accessed from your IP address.
The information about the use of our website that is generated by the cookies set by Google Fonts is transmitted to Google servers in the U.S. and processed there (see section 4b). The transferred data merely consists of pseudonyms so that we cannot draw any direct conclusions about your name. For transferring this information, Google Fonts relies on standard contractual clauses approved by the EU Commission. This guarantees a level of data protection comparable to that in the EU.
9. Rights of the data subject
You have the right
- pursuant to Art. 7 (3) of the GDPR, to withdraw your given consent at any time resulting in the fact that we will no longer be allowed to continue processing your data in the future based on your previous consent;
- pursuant to Art. 15 of the GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to correct, delete, restrict any processing or to object, the existence of a right to complain, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if necessary, detailed information about it;
- pursuant to Art. 16 of the GDPR, to immediately demand the correction of inaccurate or incomplete personal data stored by us;
- pursuant to Art. 17 of the GDPR, to request the erasure of your personal data stored by us, unless processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or to establish, exercise or defend legal claims;
- pursuant to Art. 18 of the GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it to establish, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 of the GDPR;
- pursuant to Art. 20 of the GDPR, to receive the personal information you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another person responsible for data processing; and
- to complain to a supervisory authority pursuant to Art. 77 of the GDPR. For this purpose, you can typically contact the supervisory authority of your habitual residence or place of work or our company headquarters.
10. Information about your right to object pursuant to Art. 21 of the GDPR
On grounds relating to your particular situation, you have the right to object to the processing of personal data relating to you based on Art. 6 (1) (e) of the GDPR (data processing for reasons of public interest) and Art. 6 (1) (f) of the GDPR (data processing based on a balancing of interests) at any time; this includes profiling based on the provisions of Art. 4 no. 4 of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
If your objection concerns the processing of data for the purpose of direct marketing, we will immediately stop data processing. In this case, it is not necessary to specify a particular situation, including profiling to the extent that it is related to such direct marketing.
If you wish to exercise your right to object, simply send an e-mail to email@example.com.
11. Data security
All data that you transmit personally is encrypted using the TLS (Transport Layer Security) standard which is generally used and safe. TLS is a secure and well-tested standard that is also used in online banking, for example. You can recognize a secure TLS connection by the “s” appended to http (i.e. https://..) in the address bar of your browser or by the lock symbol in the lower part of your browser.