December 12, 2016
Without prejudice to compelling legal regulations and the provisions of the Terms, the PP governs the handling of data made available on HEADSTORE by Users, or which arise as a result of the use of Services. With registration and on each login to Services, the User declares his express consent to the processing of his data according to the principles stated hereinafter.
1. The services of HEADSTORE are described and defined in the term (“Services”).
2. HEADSTORE implements reasonable technical and organizational security measures in order to protect data from unintentional or malicious manipulation, loss, destruction or access by unauthorized persons. Passwords are stored in encrypted form, and the security measures are periodically examined and continually improved in line with technological developments. At HEADSTORE, data is saved on servers in such a way that HEADSTORE can administer the process and access controls in line with the legal requirements. Although the data encryption at HEADSTORE is in line with state-of-the-art technology, the User is solely responsible for the transfer of the data over the internet, in particular when using mobile devices.
3. In order to be able to use the Services, HEADSTORE captures the following data (and combinations thereof):
3a) Personal data can be used to identify the User, and to enable the core functions of Services. HEADSTORE will only capture personal data if it is provided by the User or, by means of the use of single-sign-on services (“SSO”) like «Facebook Connect» or «Sign in with Twitter», or «Sign in with Google», or or «Sign in with Linkedin» or by the use of connectors to social media networks, is indirectly retrieved via such services. By using a SSO-service or social media connector, the User accepts the general terms and conditions of business and data protection provisions of such service providers. To the extent legally permissible, the User releases HEADSTORE from all liability and guarantee in this respect. Examples of personal data which the User may place on HEADSTORE as part of his profile and which HEADSTORE may capture include name, address, nationality, date of birth, profile pictures, status, e-mail address, telephone number and contact details.
3b) As stated in the Terms, HEADSTORE relies on the fact that the User will only use HEADSTORE with data aggregated from third-party sources if entitled to do so.
3c) Demographical data that may be accumulated through the use of HEADSTORE relates not only to the User, but to specific population characteristics, such as post code, age, preferences, gender, nationality, status, interests, etc.
3d) Behavioral data is collected by HEADSTORE on how the User uses HEADSTORE, the areas of the website he visits, the services he selects and the details available from the browser of his computer hardware and software, including IP address, browser, operating system, domain names, access times and the addresses of websites referring to Services. This data is required to analyze the use of resources, to find and rectify errors, to fight misuse and to improve the services.
3e) In addition, HEADSTORE may collect indirect data on the User (e.g. geographical analysis of IP addresses).
4. When registering, the User’s first name, surname, e-mail address and a password will be recorded, and the e-mail address will be verified. The data recorded in the profile might be called up individually by other users, but not by any third parties outside of the group of HEADSTORE Users, and will only be used subject to the provisions of the PP. By activating the relevant function in his profile, the User accepts the sending of e-mail notifications at the intervals defined and the periodic sending of information on new services from HEADSTORE. The type and intervals of e-mail notifications may be changed at any time.
5. HEADSTORE aggregates various data generated by Users in a database and employs the aggregated content to support, facilitate and suggest feeds, according to certain criteria, to other Users or to any third party (“System Data”). It is not possible, however, to deduce from externally employed System Data the identity and the preference of a User. Furthermore, HEADSTORE might temporarily store (cache) certain third-party data in order to provide for an improved user experience.
6. In order to facilitate the user experience, particularly the mashup with social media networks or other third party services, HEADSTORE employs embedded code snippets (widgets, codelets, iFrames etc.) and other technical means which might relay certain static and behavioral data of the User (visited web pages, references etc.) to third-party web servers without HEADSTORE’s control or involvement.
7. HEADSTORE may provide the Services based on different subscription models, part of which might be free of charge to the User and supported by commercial advertisement or embedment of the Services in third-party sites which might be targeted to the User based on data collected by HEADSTORE or by third-party-services. If a subscription fee is paid by credit card or other form of payment, the payment is made via a link to the website of the financial service provider in question. HEADSTORE does not become aware of or save any payment data, but is notified by the financial services provider of the payment status, so that HEADSTORE services requested by the User can be activated. By choosing a payment form, the User accepts any general terms and conditions of business and data protection provisions of the financial services provider in question and, to the extent that this is legally permissible, releases HEADSTORE from all liability and guarantee.
8. The User has the option of saving certain data in his profile. The saving of objects with improper, indecent or prohibited content, or objects contaminated with computer viruses, trojans etc., is forbidden. HEADSTORE expressly reserves the right, if information is received of a breach of this provision, to inspect the objects saved on HEADSTORE, to delete them without warning, or to block the User accounts in question. HEADSTORE expressly draws attention to the fact that the User himself is responsible for ensuring reasonable protection of his computer systems against viruses, trojans, etc.
9. The records contributed by the User to the System Data are not removed if the User’s account and/or the User’s data is deleted. The User declares his express agreement to the continued use of such data even after the deletion of his account and/or his data.
10. HEADSTORE uses the data collected on HEADSTORE in order to provide the Services, to respond to enquiries from Users and to operate and improve the website. By registering with HEADSTORE, the User agrees to HEADSTORE using his data:
10a) to enable him to set up an account
10b) to enable him to draw up profiles and to deliver commercial advertisement to him;
10c) to inform him of updates to HEADSTORE, to send him information and service-related notifications, including important security updates;
10d) to send him additional notifications and information and to inform him of new offerings and future Services;
10e) to put him in a position to give HEADSTORE feedback, to contact HEADSTORE and allow HEADSTORE to respond to him;
10f) to provide and continually improve the System Data;
10g) to carry out surveys, questionnaires, campaigns and competitions and present the results, such as success stories and competition winners;
10h) to be able to compile internal reports on the use of HEADSTORE; and to use combined, anonymized statistical data from HEADSTORE for academic, marketing and publicity purposes.
10i) With the exception of System Data, the User has the opportunity at any time to delete, overwrite or deactivate data which he has actively entered. The User is aware that data which is deleted in the database is still present on backups. For technical reasons, certain data remains saved on the database, but is marked as deleted. Subject to authentication in accordance with section 10o) below, the User is free, insofar as technically feasible, to request the deletion or, where technically impossible, the anonymization of his data.
10k) When accessing HEADSTORE, the general access data is saved in a log file which contains, among other data: IP address, date and time of access, User ID used, files called up, access status (OK, partial content, document not found, etc.), websites referred to, web browser used, operating system used. HEADSTORE uses this data for statistical and technical analyses and in anonymized form, for example to optimize the server infrastructure or to determine what days are particularly busy in terms of access, in order to be able to draw conclusions on possible improvements to the user interface and functionalities. No personal analyses of this data are undertaken.
10l) Apart from cooperation with suppliers and other third parties who are contractually obliged to preserve confidentiality, HEADSTORE only allows third party access to user data if legally obliged to do so, or if obliged on the basis of an official order, as it sees fit following a request from an official body or if it believes in all good faith that this is necessary in order to: (1) comply with legal regulations or legal proceedings; (2) protect its rights or property; (3) expose or prevent an offence or a crime; or (4) protect the personal safety of Users or the general public. On the basis of a typical commercial confidentiality agreement, HEADSTORE is also entitled to allow reasonable inspection of the HEADSTORE database by third parties who wish to acquire part or all of the business of HEADSTORE in any form whatsoever. If HEADSTORE is subject to insolvency proceedings, it or its liquidator, administrator or receiver may sell, license or otherwise dispose of the HEADSTORE database in the course of a legal transaction authorized by a competent authority. Where appropriate, the User will be informed by e-mail or by means of a notification on HEADSTORE of any substantial changes in the ownership of HEADSTORE.
10m) HEADSTORE will never ask the User by e-mail for his login data, in particular his password. In the case of support or other enquiries, HEADSTORE is entitled to use appropriate identification and authentication methods, suitable for the enquiry in question, to verify as far as possible whether the enquirer is entitled to be given information concerning the account and related data.
10n) HEADSTORE data is stored, mirrored, and processed in third-party data centers under various jurisdictions. The User gives its explicit consent to a data transfer abroad, even under the condition that such country might provide less data protection than his home country or the country of incorporation of HEADSTORE (Switzerland).
10o) A User is entitled at any time to request information from HEADSTORE Data Protection Officer in written or electronic form concerning the personal data held on him at HEADSTORE. The request will be responded to as quickly as possible in the form deemed most appropriate by HEADSTORE. The request for information may be refused, limited or postponed if necessary to comply with legal regulations or if HEADSTORE’s interests or those of a third party take precedence.
10p) Requests for information or any other queries to the HEADSTORE data protection officer should be directed to: HEADSTORE AG attn. Data Protection Officer 201 Spear Street, Suite 1100, San Francisco, CA 94105, firstname.lastname@example.org.