Privacy Policy for Mister Spex SE
1. Data controller
The data controller responsible for the processing of personal data is:
Mister Spex SE,
Hermann-Blankenstein-Straße 24,
10249 Berlin
Germany
Customer service: 0800 810 8090 (free of charge in Germany and Austria)
Fax: +49 (0)30-443-1230-25
Our data protection officer can be reached at:
Mister Spex SE,
– Data Protection Officer of Mister Spex SE –
Hermann-Blankenstein-Straße 24,
10249 Berlin
Germany
Email: service@misterspex.co.uk
2. Purposes of data processing, legal bases and legitimate interests as well as categories of recipients
a) Accessing our website/application
When you visit our website, the browser used on your device automatically sends information to our hosting provider and temporarily stores it in so-called log files. The following information is also recorded without your intervention and stored until it is automatically deleted:
- the IP address of the requesting internet-enabled device,
- the date and time of access,
- the name and URL of the file retrieved,
- the website from which access was made (referrer URL)
- the browser you are using and, if applicable, the operating system of your Internet-enabled computer as well as the name of the access provider.
The legal basis for processing the IP address is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is based on these purposes for our data collection:
- ensuring a smooth connection to the website;
- ensuring convenient use of our website;
- evaluation of system security and stability; and
- other administrative purposes.
The data is stored by the hosting provider as long as the data is still being used to ensure the legitimate interests defined above; it will then be automatically deleted.
b) Other data collected on our website
Below you will find details regarding data collection on our website. All data is transmitted securely using SSL encryption.
i. Information for job applicants
In order to be able to apply for jobs with us online, we will need certain data in order to process your application. Only your form of address, first and last name, email address, and curriculum vitae are required. The legal basis for the processing of the data transmitted by you is Art. 6 para. 1 lit. a) GDPR in conjunction with §26 para. 2 1 BDSG. We use an external service provider for our e-recruiting processes. We only use the data to process your initial application and during the corresponding recruiting process.
If the application process is positive and we hire you, we will store the data for as long as we are required to do so by law.
If we don’t hire you, access to the data will be blocked immediately after the application process and then deleted after 6 months. This does not apply if you decide to accept an offer to be kept on file as part of our potential talent pool. In this case, we will store your data in the talent pool for a period of 12 months and use it to contact you should a vacancy arise that potentially matches your profile. If you do not give us renewed consent to the storage of this data, we will delete it after the 12 months expires. The legal basis for storage beyond the specific application process is your consent in accordance with Art. 6 I a) GDPR, which you may revoke at any time.
We also offer you the option of registering for our job recommendation emails and managing these settings in a password-protected area. In order to be able to be sure that no errors were made when entering the email address, we use the so-called double opt-in procedure: after you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your email address be added to our mailing list. The processing of your electronic contact details for this purpose takes place solely on the basis of your consent (Art. 6 para. 1 lit. a) GDPR) and will be stored until the consent is withdrawn. You may withdraw your consent at any time with future effect without stating reasons by sending a brief email to jobs@misterspex.de. The processing of your data to set up the password-protected area is based on Art. 6 para. 1 lit. b) GDPR and takes place in order to provide the same. Your email address and the data you provide voluntarily after registration will be processed until you withdraw your consent.
ii. Partner optician enquiries
Opticians may contact us using the corresponding online form regarding possible participation in in our partner optician programme. We use the data provided only to evaluate potential partnership opportunities. The legal basis for the processing of the data transmitted by you is Art. 6 para. 1 lit. b) GDPR. If we decide not to move forward with the partnership, we will delete the data immediately after the decision.
iii. Integration of YouTube videos
On this website, we use the provider YouTube to integrate videos. Videos are embedded using the extended data protection mode. The following applies: if you access a page where such a video is embedded, a connection to the YouTube servers will be established. According to YouTube, information (e.g. which website you are currently on) will only be sent to YouTube when you watch the video. This viewing activity will be assigned to your YouTube account if you are logged in to YouTube at the time you watch the video. If you want to prevent this, log out accordingly before visiting our homepage. For more information provided by Google about YouTube’s privacy policy, go to: https://www.google.de/intl/de/policies/privacy/
iv. Contact Form: Investor Relations
For investor relations enquiries, we offer the option of contacting us using an online form. We use the data you provide only to answer your specific questions. The legal basis for the processing of the data transmitted by you is Art. 6 para. 1 lit. b) GDPR. Your email address and the data you provide voluntarily after registration will be processed until you withdraw your consent. The data is deleted as soon as it is no longer required.
3. Online presence and website optimisation
a) General information about cookies
On the basis of Art. 6 para. 1 lit. f) GDPR, our website uses so-called cookies to make statistical records on and evaluate the use of our website so that we may further optimise it. Our interest in optimising our website is legitimate within the aforementioned legal basis.
Cookies are small text files that your browser automatically creates and then are stored on your end device when you visit our website. Cookies do no damage to your end device and do not contain viruses, Trojans, or other malware. Information is stored in the cookie which links to the specific end device which has been used. However, this does not provide us with direct information about your identity. The use of cookies helps make our site more convenient and easy to use. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a message always appears before a new cookie is created. The complete deactivation of cookies, however, may result in you being unable to use all the features of our website. The duration for which cookies are stored depends on their purpose and is not always the same.
b) Tracking and web analytics
For the purpose of needs-based design and continuous optimisation of our pages, we use the following tools on the basis of Art. 6 para. 1 lit. f) GDPR. This also represents our legitimate interest.
i. Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are placed on your computer in order to analyse your use of our website. The information generated by the cookie on your use of the website is usually transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within the member states of the European Union or in other countries that are contracting parties to the Agreement in the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports regarding website activity, and provide other services to the website operator related to website and internet usage. The IP address provided by your browser in the framework of Google Analytics will not be combined with other data from Google. You may prevent the use of cookies by selecting the corresponding setting on your browser; however, we would like to inform you that this may prevent you from fully utilising all functions provided on this website.
Data collection and storage may be objected to at any time with future effect by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. In view of the debate regarding the use of analytics tools with full IP addresses, we would like to point out that this website uses Google Analytics with the “_anonymizeIp()” extension and as such ensures that IP addresses are only processed in a truncated form so as to preclude any direct personal reference.
4. Recipients outside the EU
The following recipients of your data are based outside the European Union: Google Inc. (provider of tracking technologies); Pagely, Inc. (hosting service provider). Data is transmitted in accordance with the principles of the so-called Privacy Shield.
5. User rights
a) Revocation of consent
If you have given us your consent to the collection, storage, and use of your personal data when using the website, you may revoke this consent at any time. The revocation does not affect the legality of any data processing that has already taken place. The revocation may be sent by email or in writing to the contacts named under section 1 above. The effects of the revocation are limited to the storage and use of personal data, which may not already be saved and used without your consent due to legal permission.
b) Information, correction, deletion, restriction, data portability
Per Art. 15 GDPR, we will provide information at any time about the personal data we have stored about you upon written request. You also have the option at any time to have the personal data we have on file about you corrected in accordance with Art. 16 GDPR. If the requirements of Art. 17 GDPR are met, you also have the right to have your data deleted. You can also restrict the processing of the data we have stored about you in accordance with Art. 18 GDPR. In addition, you have the right to data portability under the conditions of Art. 20 GDPR. If the processing of your data is based on Art. 6 para. 1 lit. e) or f) GDPR, you have the right to object to its processing in accordance with Art. 21 GDPR. To do this, please contact the office mentioned in section 1 above. Per Art. 22 GDPR, you have the right not to be subjected to a decision based solely on automated processing – including profiling – that has legal bearing on you or that significantly affects you in a similar manner. You can also complain to the relevant supervisory authority.
6. Your duty to provide data
You have no contractual or legal obligation to provide us with personal data. However, if you do not provide the personal data requested by us and identified as mandatory fields, we may be unable to provide you with the requested service.
7. Existence of automated decision-making
We do not use any decisions based solely on automated processing – including profiling – that could have legal effects or similarly significantly affect you.
Updated: July 2023