1. Data controller
The data controller responsible for the processing of personal data is:
Mister Spex SE,
Customer service: 0800 810 8090 (free of charge in Germany and Austria)
Fax: +49 (0)30-443-1230-25
Our data protection officer can be reached at:
Mister Spex SE,
– Data Protection Officer of Mister Spex SE –
2. Purposes of data processing, legal bases and legitimate interests as well as categories of recipients
a) Accessing our website/application
When you visit our website, the browser used on your device automatically sends information to our hosting provider and temporarily stores it in so-called log files. The following information is also recorded without your intervention and stored until it is automatically deleted:
- the IP address of the requesting internet-enabled device,
- the date and time of access,
- the name and URL of the file retrieved,
- the website from which access was made (referrer URL)
- the browser you are using and, if applicable, the operating system of your Internet-enabled computer as well as the name of the access provider.
The legal basis for processing the IP address is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is based on these purposes for our data collection:
- ensuring a smooth connection to the website;
- ensuring convenient use of our website;
- evaluation of system security and stability; and
- other administrative purposes.
The data is stored by the hosting provider as long as the data is still being used to ensure the legitimate interests defined above; it will then be automatically deleted.
b) Other data collected on our website
Below you will find details regarding data collection on our website. All data is transmitted securely using SSL encryption.
i. Information for job applicants
In order to be able to apply for jobs with us online, we will need certain data in order to process your application. Only your form of address, first and last name, email address, and curriculum vitae are required. The legal basis for the processing of the data transmitted by you is Art. 6 para. 1 lit. a) GDPR in conjunction with §26 para. 2 1 BDSG. We use an external service provider for our e-recruiting processes. We only use the data to process your initial application and during the corresponding recruiting process.
If the application process is positive and we hire you, we will store the data for as long as we are required to do so by law.
If we don’t hire you, access to the data will be blocked immediately after the application process and then deleted after 6 months. This does not apply if you decide to accept an offer to be kept on file as part of our potential talent pool. In this case, we will store your data in the talent pool for a period of 12 months and use it to contact you should a vacancy arise that potentially matches your profile. If you do not give us renewed consent to the storage of this data, we will delete it after the 12 months expires. The legal basis for storage beyond the specific application process is your consent in accordance with Art. 6 I a) GDPR, which you may revoke at any time.
We also offer you the option of registering for our job recommendation emails and managing these settings in a password-protected area. In order to be able to be sure that no errors were made when entering the email address, we use the so-called double opt-in procedure: after you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your email address be added to our mailing list. The processing of your electronic contact details for this purpose takes place solely on the basis of your consent (Art. 6 para. 1 lit. a) GDPR) and will be stored until the consent is withdrawn. You may withdraw your consent at any time with future effect without stating reasons by sending a brief email to email@example.com. The processing of your data to set up the password-protected area is based on Art. 6 para. 1 lit. b) GDPR and takes place in order to provide the same. Your email address and the data you provide voluntarily after registration will be processed until you withdraw your consent.
ii. Partner optician enquiries
Opticians may contact us using the corresponding online form regarding possible participation in in our partner optician programme. We use the data provided only to evaluate potential partnership opportunities. The legal basis for the processing of the data transmitted by you is Art. 6 para. 1 lit. b) GDPR. If we decide not to move forward with the partnership, we will delete the data immediately after the decision.
iii. Integration of YouTube videos
iv. Contact Form: Investor Relations
For investor relations enquiries, we offer the option of contacting us using an online form. We use the data you provide only to answer your specific questions. The legal basis for the processing of the data transmitted by you is Art. 6 para. 1 lit. b) GDPR. Your email address and the data you provide voluntarily after registration will be processed until you withdraw your consent. The data is deleted as soon as it is no longer required.
3. Online presence and website optimisation
a) General information about cookies
On the basis of Art. 6 para. 1 lit. f) GDPR, our website uses so-called cookies to make statistical records on and evaluate the use of our website so that we may further optimise it. Our interest in optimising our website is legitimate within the aforementioned legal basis.
b) Tracking and web analytics
For the purpose of needs-based design and continuous optimisation of our pages, we use the following tools on the basis of Art. 6 para. 1 lit. f) GDPR. This also represents our legitimate interest.
i. Google Analytics
Data collection and storage may be objected to at any time with future effect by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. In view of the debate regarding the use of analytics tools with full IP addresses, we would like to point out that this website uses Google Analytics with the “_anonymizeIp()” extension and as such ensures that IP addresses are only processed in a truncated form so as to preclude any direct personal reference.
4. Recipients outside the EU
The following recipients of your data are based outside the European Union: Google Inc. (provider of tracking technologies); Pagely, Inc. (hosting service provider). Data is transmitted in accordance with the principles of the so-called Privacy Shield.
5. User rights
a) Revocation of consent
If you have given us your consent to the collection, storage, and use of your personal data when using the website, you may revoke this consent at any time. The revocation does not affect the legality of any data processing that has already taken place. The revocation may be sent by email or in writing to the contacts named under section 1 above. The effects of the revocation are limited to the storage and use of personal data, which may not already be saved and used without your consent due to legal permission.
b) Information, correction, deletion, restriction, data portability
Per Art. 15 GDPR, we will provide information at any time about the personal data we have stored about you upon written request. You also have the option at any time to have the personal data we have on file about you corrected in accordance with Art. 16 GDPR. If the requirements of Art. 17 GDPR are met, you also have the right to have your data deleted. You can also restrict the processing of the data we have stored about you in accordance with Art. 18 GDPR. In addition, you have the right to data portability under the conditions of Art. 20 GDPR. If the processing of your data is based on Art. 6 para. 1 lit. e) or f) GDPR, you have the right to object to its processing in accordance with Art. 21 GDPR. To do this, please contact the office mentioned in section 1 above. Per Art. 22 GDPR, you have the right not to be subjected to a decision based solely on automated processing – including profiling – that has legal bearing on you or that significantly affects you in a similar manner. You can also complain to the relevant supervisory authority.
6. Your duty to provide data
You have no contractual or legal obligation to provide us with personal data. However, if you do not provide the personal data requested by us and identified as mandatory fields, we may be unable to provide you with the requested service.
7. Existence of automated decision-making
We do not use any decisions based solely on automated processing – including profiling – that could have legal effects or similarly significantly affect you.
Updated: July 2023