Supplement to Privacy Policy
• •
We recommend including the following text in your privacy policy. Please note that this suggestion does not constitute legal advice. Please review this template and adjust it to your specific needs. It is advisable to have the template reviewed by a qualified legal advisor to ensure that it complies with all legal requirements.
We use the chatbot of our service provider LoyJoy GmbH, Kapuzinerstr. 20, 48149 Münster, to improve our offering and provide various services such as service chat, product advice, making contact, and marketing campaigns like sweepstakes.
**The chatbot processes the following data:**
* Browser used and device type
* User interactions, which may include personal data such as messages entered, name, address, contact details like email address or telephone number, inquiries in the service chat, product consultations, participation in sweepstakes, registrations, etc.
* If the user communicates with the chat via WhatsApp: phone number
**Purposes of processing:**
The data collected are used to provide and improve our services and, in aggregated and anonymized form, to measure success.
**Legal bases for processing:**
* **Legitimate interest (Art. 6(1)(f) GDPR):** Processing is based on our legitimate interest in effective customer communication and support as well as improving our offering.
* **Consent (Art. 6(1)(a) GDPR):** Where you have given us consent, processing is based on that consent.
* **Contract performance (Art. 6(1)(b) GDPR):** Where processing is necessary for the performance of a contract or pre-contractual measures.
**Storage period:**
* Live chats: data are stored for 7 days.
* Interactions with the chatbot: data are stored for 30 days.
* Certain data (e.g., loyalty points): stored from 30 up to 720 days.
**Cookies and local storage:**
We use optional local storage technologies (e.g., Local Storage) on your device to store the chat history for up to 14 days. This enables you to continue the chat seamlessly. You can delete this storage at any time in your browser settings.
**Disclosure to third parties:**
Your data may be passed on to our processors who support us in providing our services. These processors are contractually obligated to comply with data protection standards in accordance with the GDPR.
**Use of Cloudflare:**
In the context of using the chatbot, we use services from Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare provides protection functions for the web application (Web Application Firewall). Data traffic between your browser and the chatbot’s server flows through Cloudflare’s infrastructure and is analyzed there to fend off attacks.
**Data transfer to third countries:**
Cloudflare operates servers within the European Union, so personal data are generally processed within the EU. A transfer of personal data to the USA may occur in individual cases, for example when users from these regions access our chatbot. In such cases, Cloudflare ensures an adequate level of data protection pursuant to Art. 45 GDPR through certification under the EU–U.S. Data Privacy Framework (DPF).
**Rights of data subjects:**
As a user, you have the right to:
* Access your stored personal data (Art. 15 GDPR).
* Rectification of inaccurate data (Art. 16 GDPR).
* Erasure of your data (Art. 17 GDPR).
* Restriction of processing (Art. 18 GDPR).
* Data portability (Art. 20 GDPR).
* Object to the processing of your data based on legitimate interests (Art. 21 GDPR).
Please note that these rights must be exercised through the data controller, as LoyJoy acts on behalf of the data controller.
**Right to object:**
You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data that is based on Art. 6(1)(f) GDPR.
**Automated decision-making and profiling:**
No automated decision-making or profiling takes place within the meaning of Art. 22 GDPR.