Data protection

Data Protection Declaration

The following Data Protection Declaration is designed to inform you about the scope and the use of your personal data that we collect and process within the context of our website. In addition, we also inform you about why we collect and process the data, and which data protection rights you have pursuant to the European Data Protection Regulation.

1. Name and contact details of the Data Controller
This data protection information applies to data processing by:

European Down and Feather Association
(responsible for the following content: Dr Juliane Hedderich, Managing Director), Thomas-Mann-Straße 9, 55122 Mainz, Germany, phone: +49 (0) 6131- 588560, e-mail: info(at)edfa.eu

2. Collection and saving of personal data as well as the nature and purpose of its use

2.1 When visiting the website
When our website https://www.downafresh.com is accessed, the browser used on your device automatically sends information to our website’s server. This information is temporarily saved in a so-called logfile. The following information is automatically collected and saved until being automatically erased:

  • IP address of the computer that has submitted the enquiry,
  • Date and time of the accessing,
  • Name and URL of the accessed file,
  • Website from which the access was made (referrer URL),
  • Utilised browser and if necessary the operating system of your computer as well as the name of your access provider.

The aforementioned data are processed by us for the following purposes:

  • to ensure the smooth establishment of the website connection,
  • to ensure the comfortable use of our website,
  • to evaluate the system security and stability as well as
  • for further administrative purposes.

The legal basis for the data processing is Art. 6 Para. 1 p. 1 lit. f GDPR. Our legitimate interest arises out of the above-listed purposes of the data collection. Under no circumstances will we use the collected data to draw inferences about your person.
In addition we use website cookies when our website is visited.

2.1.1. Cookies
We use cookies on our website. These are small computer files that your browser automatically creates and are saved on your device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not cause any damage to your device, contain no viruses, trojans or other malware.

Information is stored in the cookie that relates to the specific utilised device. This does not mean, however, that this provides us with direct knowledge of your identity.

Cookies are used on the one hand to tailor the use of our services more closely to your needs. For example, we use so-called session cookies to identify that you previously visited particular sections of our website. These are automatically deleted when you leave our website.

In addition, we also deploy temporary cookies to optimise user-friendliness. These are saved on your device for a specific period of time. If you visit our website once again in order to use our services, the system will automatically recognise that you visited us on a previous occasion and will know which entries and settings you used, in order to prevent you having to enter these again.

On the other hand, we use cookies in order to obtain statistics about the use of our website and for the purpose of optimising our services for you (see Fig. 2.1.2). If you visit our website again, these cookies enable us to recognise automatically that you had visited us on a previous occasion. These cookies are automatically deleted after a particular period of time has elapsed.

Data processed by cookies is required for the aforementioned purposes to safeguard our legitimate interests as well as those of the third party for the technical flawless and optimises provision of its services pursuant to Art. 6 Para. 1 p. 1 lit. f GDPR.

Most browsers automatically accept cookies. You may, however, configure your browser in such a way that no cookies are saved on your computer or that a notice is always flagged up before a new cookie is saved. Complete deactivation of cookies may, however, mean that you are unable to use all of the functions of our website.

2.1.2. Analysis and Tracking Tools
2.1.2.1. Google Analytics
To implement a customised design and to keep improving our website, we use Google Analytics, a web analysis service from Google Inc. (https://www.google.com/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – hereinafter: “Google”). This involves creating pseudonymised user profiles and the use of cookies (see clause 4). Certain information is created by the cookie about your use of this website and of

  • your browser type and version,
  • your operating system
  • the referrer URL (the site visited immediately before ours),
  • the host name of the computer making the call (the IP address),
  • and the time of your server request.

This information is sent to a Google server in the United States, where it is stored. These data serve to analyse your use of the website, to set up reports on website activities and to provide us with other services associated with website and internet use. This is for the purpose of market research and to allow the needs-focused design of our website. The data may also be passed on to third parties in cases where this is required by law or where third parties process those data in their capacity as contractors. However, Google will never amalgamate your IP address with other Google data. IP addresses are anonymised, making it impossible to establish any associations (this is called IP masking).

You have the option of preventing the installation of cookies through suitable browser settings; please note, however, that this may prevent you from using all the functions of this website to their full potential.

Furthermore, should you wish to prevent the collection of data generated by cookies and relating to your usage of the website (including your IP address) and if you want to opt out of such data being processed by Google, you can download and install a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

Some further details on data protection in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=en).

2.2. When using our contact form
In the event of questions of all kinds, we offer you the opportunity to contact us using a form that is provided on the website. For this purpose, you will need to enter your first name and last name, your telephone number as well as a valid e-mail address, to enable us to know who sent the enquiry and whether this may be answered either by telephone or by e-mail. It is not necessary to provide any further details.

Data processing for the purpose of contacting us is performed in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR on the basis of your voluntary consent. The data collected for the purpose of using the contact form or call-back form is automatically erased once the enquiry you submitted has been dealt with.

3. Transfer of data
Your personal data shall not be transferred to any third party for reasons other than those specified above. We transfer your personal data to third parties only:

  • if you have expressly given us your consent to do this pursuant to Art. 6 Para. 1 p. 1 lit. a GDPR,
  • this is permitted by law and is required pursuant to Art. 6 Para. 1 p. 1 lit. b GDPR to settle contractual relationships with you (e.g. postal/package services, payment settlements), as well as
  • in the event that a statutory obligation to transfer this data exists pursuant to Art. 6 Para. 1 p. 1 lit. c GDPR, or
  • transfer pursuant to Art. 6 Para. 1 p. 1 lit. f GDPR is necessary to assert, exercise or defend against legal claims, including against contracting parties, or the ongoing analysis and improvement of our service as well as to maintain the attractiveness of our offers (e.g. updating customer lists, analysing databases, advertising measures, offering state-of-the-art technical solutions) and there are no grounds to assume that you have a prevailing interest in the non-transfer of your data that is worthy of protection.
    Insofar as we use the contracted services of third parties within the meaning of the GDPR for our processing activities, we maintain the necessary contractual relationships with these within the meaning of Art. 28 GDPR.
    A transfer of data to third parties in countries outside the EU (third party states) takes place only if and to the extent that you have consented to this or if we have a prevailing legitimate in this. If a data transfer of this nature takes place, then we contractually ensure that the respective processors adhere to a level of data protection that corresponds to that of the European Union.

4. Rights of the data subject
You have the right

  • pursuant to Art. 15 GDPR to demand information from us about the personal data we process relating to you. In particular, you may demand information about the purposes of the processing, the category of the personal data that is being processed, the categories of the recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to correction, erasure, limited processing or objection, the existence of a right to complain, the origin of your data, insofar as this were not gathered by us, as well as the existence of an automated decision-making procedure including profiling, and if necessary significant information about the relevant details.
  • pursuant to Art 16 GDPR, to demand the correction of your incorrect data saved by us or the completion of incomplete data without delay.
  • pursuant to Art 17 GDPR, to demand that the erasure of your personal data saved by us, insofar as the processing is not required to exercise the right to free speech and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • pursuant to Art. 18 GFPR, to demand the limited processing of your personal data insofar as you contest the accuracy of the data, the processing is unlawful, although you reject the erasure thereof and we no longer require the data, while you require this to assert, to exercise or to defend against legal claims or have objected to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art 20 GDPR, to demand that the personal data you made available to the us be returned to you in a structured, accessible and machine-readable format, or to demand the transfer thereof to another data controller;
  • pursuant to Art. 7 Para. 3 GDPR, to revoke at any time the consent you originally gave us. This will mean that in future we are not able to continue the processing that was based on this consent, and
  • pursuant to Art. 77 GDPR file a complaint before a supervisory authority. As a rule, you may contact the supervisory authority of your normal place of residence or place of work or the domicile of our association.

5. Right to appeal
Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art 6 Para 1 P. 1 lit f GDPR, you have the right pursuant to Art 21 GDPR to object to the processing of your personal data, provided there are reasons for this arising out of your particular situation or if the objection concerns direct marketing. In the latter case, you have a general right to object, which will be implemented by us without your need to specify a particular situation. If you wish to make use of your right to revoke or object, simply send an e-mail to <info(at)edfa.eu>.

6. Data security
We use the widely-used SSL process (Secure Socket Layer) in conjunction with the respective highest encryption level that is supported by your browser within the context of website visits (Secure Socket Layer) in conjunction with the respective highest encryption level that is supported by your browser. As a rule, this involves 256 bit encryption. If your browser does not support 256 bit encryption, we use 128 bit v3 technology instead. You can identify whether an individual section of our website is being transmitted in encrypted format by the key or closed padlock symbol in the lower menu bar of your browser.

In other respects, we use appropriate technical and organisational security measures to protect your data from accidental or wilful manipulation, partial or complete loss, destruction or from being accessed by unauthorised third parties (e.g. firewall system). Our security measures are improved on an ongoing basis in accordance with technological developments.

7. Topicality and amendment of this Data Protection Declaration
This Data Protection Declaration is currently valid and its version is May 2018.
Due to the continued development of our website and associated services, or on the grounds of amended statutory or official provisions, it may be necessary to amend this Data Protection Declaration. You can retrieve and print out the respective current Data Protection Declaration from the website at any time under https://www.downafresh.com/en/data-protection/.