Privacy

Data Protection Declaration

A. Privacy statement for website

B. Privacy statement for social media appearances

Status 09/2018

A. Privacy statement for website

We only process users’ personal data (hereinafter known as “data”) to the extent that is is necessary to provide an effective and convenient website, along with its contents and services.

“Processing“ means the collection, use, transmission and/or storage. According to the General Data Protection Regulation (hereinafter called as GDPR) “personal data” is basically all data with which a natural person can be identified. The exact definitions of the terminology are laid down in Art. 4 of the GDPR.

The following explanations are to provide you with information about the type, purpose, duration and legal basis of the processing of personal data, about the intentions and means of processing decided by us alone or with others, as well as about the components of third parties, processing data at their own responsibility, which we adopt for purposes of optimisation and quality of use:

I. Information about the person/party responsible (controller)

II. Rights of the user

III. Information about data processing

I. Information about the person/party responsible (controller)

The controller (hereafter referred to as “supplier”) for the purpose of the GDPR and other national data protection laws of the member states, as well as any other legal data protection regulations is:

  • JBL GmbH & Co. KG
  • Dieselstraße 3
  • D-67141 Neuhofen
  • Tel.: +49/ (0)6236/ 4180-0
  • Fax: +49/ (0)6236/ 4180-999
  • E-Mail: info@jbl.de

The data protection officer of the responsible party is:

  • Killian Hedrich
  • c/o DatCQ GbR
  • Alexander F. Bräuer, Killian Hedrich
  • and Frank Weiß
  • Katharinenstraße 16
  • 73728 Esslingen
  • Tel.: +49 (0)711/ 93277955
  • Fax: +49 (0)711/ 93277956
  • E-Mail: dsb@datcq.de

II. Rights of the user

In relation to the processing of their personal data by the supplier, expressed below, the user has the right

  1. to request confirmation as to whether any data concerning them is being processed, to get precise information about this data and any further information and copies of this data according to Art. 15 GDPR; to request the immediate rectification of any inaccurate data concerning them or the correction of this data according to Art. 16 GDPR;
  2. to request that their data is promptly deleted according to Art. 17 GDPR, or, alternatively, if, for example, further processing according to Art. 17(3) GDPR is required, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR;
  3. to receive the data concerning them and supplied by them according to Art. 20 GDPR and to demand the transmission of their data to other persons/parties responsible;
  4. to file a complaint with the supervisory authority in accordance with Art. 77 GDPR, if the user believes that the processing of their data by the provider is in breach of the GDPR.
  5. In principle, the user is entitled at any time to object to the future processing of the data concerning them, which is processed by a person/party responsible on the basis of Art. 6(1) point f GDPR in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes. The provider is also obliged to inform any recipient of the data to whom the data was disclosed, of any correction or deletion of the personal data or of any restriction of the processing that takes place on the basis of Article 16 GDPR, Article 17(1) GDPR and Article 18 GDPR. The obligation does not exist in the event that this communication proves to be impossible or involves a disproportionate effort. The user has the right to receive information regarding these recipients.

III. Information about data processing

If no detailed information is given about data after processing, the user’s data will be deleted or blocked, once processed by the supplier. This will happen as soon as the purpose of the storage ceases to apply, and provided its deletion is not in conflict with statutory storage obligations.

Server data

For communication and security reasons the following data, amongst others, which the web browser of the user submits to the supplier or their webspace supplier (so-called server log files) are collected during their visit to the website:

  • Browser type and version;
  • operating system used;
  • website, from where the user has visited the supplier’s website (referrer URL);
  • website visited by the user;
  • date and time of the access;
  • internet protocol (IP) address of the user.

In addition the data is temporarily stored. The storage of this data together with other personal data of the user does not take place. Legal basis for the temporary storage is Art. 6(1) point f GDPR, based on the legitimate interest to improve the stability, statistics, functionality and the security of the website.

The data will be deleted after seven days at the latest. Data stored beyond this for purposes of evidence is exempt from deletion until the incident has been finally clarified.

Cookies

1. “Session” cookies

The suppliers use so-called cookies on their websites. Cookies are small text files or other storage technologies which the user’s internet browser places and saves on the end device. These cookies to a specific extent process certain user information, such as browser and location data and IP address information.

The processing allows the supplier to render their website more user-friendly, effective and reliable. Thus processing enables a viewing of the content in different languages or, if required, the use of a shopping cart function. If these cookies process personal data for the purpose of the initiation and execution of a contract, the legal basis of the processing is Art. 6(1) point b GDPR.

Should the processing not aim to achieve the initiation and execution of a contract, it serves the supplier’s legitimate interest for the improvement of the website functionality and is derived by the legal basis of Art. 6(1) point f GDPR.

These cookies will be deleted once the user closes the browser.

2. Cookies of third-party suppliers

Cookies from third-party suppliers may also be used on the website of the supplier. These third-party suppliers are partner companies which co-operate with the supplier for the purposes of advertising, analysis or the functionalities of the website. If this is the case the purposes and the legal basis of the corresponding processing are described in the following explanations.

3. Deletion options

The user can prevent or limit the installation of the cookies with their browser setting. Cookies that are already stored can also be deleted at any time. The settings required here are dependent on the respective browser. Flash cookies cannot be prevented with the browser setting, but through the respective setting of the Flash Player. If the user prevents or limits the installation of the cookies this can mean that not all functions of the website are fully usable.

Contract processing

1. Processing

The supplier processes the user’s personal data, provided for the purpose of purchasing goods or a service, in order to fulfil a contract. The contents of the data are required to fulfil a contract. Without them the contract cannot be concluded. The legal basis of the processing is Art. 6(1) point b GDPR. After the contract has been concluded in full the user data is deleted in accordance with the corresponding retention periods of fiscal and commercial law.

2. Transferring to service suppliers

As far as this is required for the delivery or payment of the merchandise, the personal data of the user is transmitted to the forwarding company commissioned with delivery or to the financial services supplier as a part of the completion of the contract. The legal basis for the transfer of data is Art. 6(1) point b GDPR.

Customer account/registration

With each registration, the IP address, the date and the time of the registration will be saved. Legal basis here is Art. 6(1) point f GDPR. The legitimate interest of the supplier is the proof of a data protection compliant registration. The data is not passed on to third parties.

1. General registration

In addition to the registration purposes detailed below, the supplier offers additional services which are accessible after registration. The user data entered on this occasion during registration, which can vary on the basis of the purpose of registration (name, email address and when appropriate, additional address and telephone number), are only processed by the supplier for the purpose selected by the user.

The legal basis for this is Art. 6(1) point a GDPR. In the consent wording the user is told the respective purpose of the processing. Based on Art. 7(3) GDPR the user can withdraw their given consent to this with a notification at any time.

2. Contract processing

If the user registers for the purpose of ordering goods, the data entered in the course of this registration (name, address, email address, telephone number) will in the first instance be used to form part of the contract processing.

The legal basis for this is Art. 6(1) point b GDPR. The user data processed for this purpose will be deleted upon the expiry of the deadline in accordance with the corresponding retention periods of fiscal and commercial law.

At the same time the data will be used to conclude future contracts and for general customer relations management (e.g. access to previous orders or memo function).

The legal basis for this is Art. 6(1) point a GDPR. Based on Art. 7(3) GDPR the user can withdraw their given consent to have a customer account with a notification at any time.

3. Product registration/guarantee extension

If the user registers for the purpose of a guarantee extension, the data entered in the course of this registration (name, address, email address, telephone number, type of device, date of acquisition, vendor) will in the first instance be used for the future processing of a guarantee claim.

The legal basis for this is Art. 6(1) point b GDPR. The user data processed for this purpose will be deleted upon the expiry of the guarantee in accordance with the corresponding retention periods of fiscal and commercial law.

4. Newsletter

If the user subscribes to the supplier’s free newsletter, the data (email address and name), requested in the registration mask, will be processed by the supplier in order to deliver the user’s chosen topic. In addition the IP address, the date and the time of registration will be saved. During the registration procedure the user's permission will be requested, and the contents will be clearly described. At the same time reference will be made to the data protection policy. The data collected this way will be exclusively used to dispatch the newsletter. The data will not be passed on to third parties.

The legal basis for this is Art. 6(1) point a GDPR. In accordance with Art. 7(3) GDPR the user can withdraw their future consent through a notification to the supplier or use of the unsubscribe link in the newsletter at any time.

5. Contact/ticket

If the customer registers for the purpose of contacting the supplier or making a service request, the personal data of the user entered on this occasion (name, address, email address, telephone number) will be used to process the request. The data is required to reply to the request. Without it a reply is not, or only to a limited extent, possible. The legal basis for this use is Art. 6(1) point b GDPR. The user data will be deleted, provided that the user request has been answered conclusively and as long as statutory storage obligations or guarantee/defect claims do not require otherwise.

6. Competition

If the user takes part in a competition organised by the supplier and registers for this purpose, the data entered for participation by the user (name, address, email address, telephone number) will be used by the supplier without further consent for the sole purpose of conducting and concluding the competition/raffle.

As part of the competition the user’s personal data will be transmitted to the forwarding company commissioned to deliver or to a financial service supplier, as far as this is necessary for the delivery or the payment of a prize.

The legal basis for processing participation data is Art. 6(1) point b GDPR.

The user data stored to participate in the competition will be deleted fourteen days after the draw, except the data of the winners, which will only be deleted upon the expiry of the deadline in accordance with the corresponding retention periods of fiscal and commercial law.

If the participation takes place through “Facebook”, Facebook will also process certain data and the supplier’s and user’s member accounts will be linked. For that purpose we refer to Facebook’s privacy policy here: https://de-de.facebook.com/about/privacy

7. Comments/posts

Through the evaluation or comment function (posts) of the website, which is available after registration, the users have the opportunity to publish their requests, replies or opinions.

In doing so the post, the post submission date and the name, stated by the user, will be processed and published by the supplier.

The legal basis is Art. 6(1) point a GDPR. Based on Art. 7(3) GDPR the user can withdraw their future consent with a notification to the supplier at any time.

In addition the IP address and the email address of the user will also be processed. The processing of the IP address takes place because of the legitimate interest of the supplier in the event that the contribution of the user interferes with the rights of third parties and/or that illegal contents are distributed.

The legal basis is Art. 6(1) point f GDPR. The supplier’s legitimate interest arises from any necessary legal defence.

Contact requests via email

While contacting of the user by email, the supplier uses the personal user data entered on this occasion to process the request. The data is required to reply to the request. Without it a reply is not, or only to a limited extent, possible. The legal basis for this is Art. 6(1) point b GDPR. The user data will be deleted, provided that the user request has been answered conclusively and as long as statutory storage obligations, such as a subsequent contract implementation etc., require otherwise.

Google Maps

The dealer uses the component „Google Maps“ of the company Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”, to present the locations of the supplier’s dealers.

Google is certified according to “EU-US Privacy Shield“ and guarantees its compliance with the EU data protection guidelines for the data processed in USA.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

When you visit the „Google Maps“ component, Google sets cookies to handle your user preferences and data while viewing its page and any additional features which are integrated into the component “Google Maps.” It cannot be ruled out that Google will then use external servers, situated in USA.

The legal basis for this is Art. 6(1) point f GDPR. The legitimate interest of the supplier is the optimisation of its website functions.

Through the connection Google can recognise which website a request has been sent from and which IP address the route map has been sent to.

If the user does not agree with this processing, it is possible to prevent the installation of the cookies by setting the browser accordingly. More information about this can be found under “Cookies”.

The use of “Google Maps“ and data obtained from the “Google Maps“ service is subject to Google's terms of use and the additional terms and conditions for Google Maps .

Google has further information, especially about how to prevent your data being used, under the following links:

https://policies.google.com/privacy

https://adssettings.google.com/authenticated

Job applications

With digital job applications we collect and process the application data electronically for the purpose of conducting the application procedure.

The legal basis for the processing is § 26(1) sentence 1 BDSG (Bundesdatenschutzgesetz = German privacy law) in conjunction with Art. 88(1) GDPR.

If your application leads to an employment contract, the data submitted can be stored in the personnel file for the purpose of the usual organisational and administrative processes, in compliance with the relevant legal regulations.

The legal basis for the processing is § 26(1) sentence 1 BDSG (Bundesdatenschutzgesetz = German privacy law) in conjunction with Art. 88(1) GDPR.

The deletion of the data submitted will occur automatically with the rejection of the job application two months after notification of the rejection. This does not apply if legal requirements (burden of proof under German general equal treatment law (AGG)) require a longer storage period of up to four months or until any legal proceedings are concluded.

The legal basis for this is Art. 6(1) point f GDPR and § 24(1) no. 2 BDSG (Bundesdatenschutzgesetz = German privacy law). The legitimate interest of the supplier is the legal defence.

If consent has explicitly been given to store the data longer in a database for interested parties, the data will be processed on the basis of the consent.

The legal basis for this is Art. 6(1) point a GDPR. In accordance with Art. 7(3) GDPR any future consent given to this can be withdrawn at any time through a notification to the supplier.

Youtube

The supplier uses on its website a tool for the display of video sequences of the company YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”. YouTube is part of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

YouTube, a subsidiary company of Google, is certified with the “EU-US Privacy Shield“ and thus guarantees compliance with EU data protection guidelines for any data processed in the USA.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The legal basis for this is Art. 6(1) point f GDPR. The legitimate interest of the supplier is the improvement of the quality of use on the website. The supplier uses YouTube with YouTube’s “enhanced privacy mode” option.

According to YouTube, when using the “Advanced Privacy Mode” any subsequent data is only sent to the YouTube server when a video is started.

If the user visits a page with an embedded video, a connection to the YouTube servers in the USA will be established and instructions issued to the user’s browser to enable the content to be shown on the website. For this purpose YouTube processes at least the IP address, the date, time and page visited by the user. This also leads to a connection to the Google “DoubleClick” network. If the user is logged in to YouTube at the same time, the connection information is assigned to the user’s YouTube member account.

If the user wishes to prevent YouTube from assigning the information it has collected directly to their member account, they need to log out of YouTube before they visit the website. In addition it is possible to configure the user account accordingly.

YouTube also uses permanent cookies for functionality and analysis.

Should a user not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Closer information about this can be found under “Cookies”.

For further information about the collection and use of data by Google and about the user’s corresponding rights and ways of protecting their privacy, please refer to Google’s Privacy Policy:

https://policies.google.com/privacy

JBL ProScan APP

Using application software (app) for mobile operating systems, the provider enables the user to analyse and diagnose their aquarium water. To do this the following data is collected from the provider and third parties:

1. Downloading the app

To use the app you need to install it on your mobile device. This can be done via the Google Play Store or the Apple App Store.

Google Play Store is a service of Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter "Google."

Google also collects, stores and processes data that may be required for the payment or function of the app. More about this: https://www.google.com/intl/en/policies/privacy/

App Store is a service of Apple Inc. One Apple Park Way, Cupertino, Calif. 95014 USA, hereinafter "Apple".

Apple also collects, stores and processes data that may be required for the payment or function of the app. More about this: https://www.apple.com/legal/privacy/en-ww/

2. Information about any access(es) required

For you to use its features, the app needs to access the following contents or features on your mobile device:

Accounts: To run the app, it needs to save and confirm a user account on the customer's device. To do this, the app accesses the account authentication features of the account manager.

Camera/photos: Access to the camera and photos also gives the app access to the memory of the mobile device while carrying out its functions. This allows the reading, saving, changing or deleting of photos in the memory. The contents are primarily images captured by the user via the app.

Access to or retrieval of network connections: The app requires partial access to existing networks so that it can retrieve data over the Internet. As part of this function, the app will also review which mobile networks, such as LTE or Wi-Fi, are available, in order to optimise the transmission.

The legal basis for the processing is Art. 6 para. 1 point b GDPR.

The user-approved app authorisations can be changed under "Settings" of the device at any time. If the permissions are deactivated you may not be able to use all the features of the app.

More information about the permissions of the settings:

https://support.google.com/googleplay/answer/6270602?hl=en&ref_topic=6046245

https://support.apple.com/en-en/HT207830

3. Server log files

For communication and security reasons, the following data on the mobile device is transmitted to the provider or their web space provider during use of the app (so-called server log files):

  • Smartphone type
  • App version
  • Operating system used
  • Date and time of access
  • User ID
  • Aquarium ID
  • Internet protocol (IP) address of the user or the device and card identifiers.

Your personal data will be stored in an anonymous form afterwards for analysis purposes.

4. Newsletter

If the user signs up for the provider’s free newsletter ProScan, the email address will be processed by the supplier in order to deliver the newsletter. As part of the installation of the APP, the consent of the user is obtained and reference will be made to this privacy policy. The data collected this way will be used exclusively to dispatch the newsletter. The data will not be passed on to third parties.

The legal basis for this is Art. 6(1) point a GDPR. In accordance with Art. 7(3) GDPR the user can withdraw their future consent through a notification to the supplier or use of the unsubscribe link in the newsletter at any time.

B. Privacy policy for social media appearances

To promote our products and services as well as to communicate with interested parties or customers, we use so-called social media platforms.

In particular, the details below will inform you of the nature, scope, purpose, duration and legal basis of the processing of personal data when you visit or contact one of our company presentations on a social media platform or contact us via this platform.

"Processing" is the collection, use, transfer and/or storage. According to the General Data Protection Regulation (hereinafter referred to as "GDPR"), "personal data" essentially includes all data with which a natural person can be identified. The exact definitions of the terms are defined in Art. 4 GDPR.

I. Information about the jointly responsible persons/parties (controllers)

II. Rights of the user

III. Information about data processing

I. Information about the jointly responsible persons/parties

For all social media platforms listed below,

  • JBL GmbH & Co. KG
  • Dieselstraße 3
  • D-67141 Neuhofen
  • Phone: +49/ (0)6236/ 4180-0
  • Fax: +49/ (0)6236/ 4180-999
  • Email: info@jbl.de

- hereinafter referred to as "provider" -

is jointly responsible with the platform operator named below within the meaning of Art. 26 GDPR.

The external data protection officer of the provider is:

  • Killian Hedrich
  • c/o DatCQ GbR
  • Alexander F. Bräuer, Killian Hedrich
  • und Frank Weiß
  • Katharinenstraße 16
  • 73728 Esslingen
  • Phone: +49 (0)711/ 93277955
  • Fax: +49 (0)711/ 93277956
  • Email: dsb@datcq.de

Facebook

On the social media platform "facebook", the provider is jointly responsible with

  • Facebook Ireland Ltd.
  • 4 Grand Canal Square
  • Grand Canal Harbour
  • Dublin 2 Ireland

.

The data protection officer of facebook can be reached via a contact form: https://www.facebook.com/help/contact/540977946302970

The jointly responsible persons/parties have concluded an agreement on their respective obligations arising from the GDPR. This agreement can be accessed under the following link: https://www.facebook.com/legal/terms/page_controller_addendum

II. Rights of the user

Regardless of the details of the agreement, you may exercise your rights under the GDPR with and against each of the persons/parties responsible.

The user has the right, with respect to the processing of his personal data reproduced below by the controllers, to

  1. to request confirmation as to whether any data concerning them is being processed, to get precise information about this data and any further information and copies of this data according to Art. 15 GDPR;
  2. to request the immediate rectification of any inaccurate data concerning them or the correction of this data according to Art. 16 GDPR;
  3. to request that their data is promptly deleted according to Art. 17 GDPR, or, alternatively, if, for example, further processing according to Art. 17(3) GDPR is required, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR;
  4. to receive the data concerning them and supplied by them according to Art. 20 GDPR as well as the further right to demand their transmission to other persons/parties responsible;
  5. to file a complaint with the supervisory authority in accordance with Art. 77 GDPR, if the user believes that the processing of their data by the provider is in breach of the GDPR.
  6. In principle, the user is entitled at any time to object to the future processing of the data concerning them, which is processed by a person/party responsible on the basis of Art. 6(1) point f GDPR in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes. The person/party responsible is also obliged to inform any recipient of the data to whom the data was disclosed, of any correction or deletion of the personal data or of any restriction of the processing that takes place on the basis of Article 16 GDPR, Article 17(1) GDPR and Article 18 GDPR. The obligation does not exist in the event that this communication proves to be impossible or involves a disproportionate effort. The user has the right to receive information regarding these recipients.

III. Information about data processing

To advertise its products and services as well as to communicate with any interested persons/parties or customers, the provider operates a company presence on the following platform(s).

The legal basis for the processing of personal data resulting from this and subsequently reproduced for each platform is Article 6 (1) point f GDPR. The legitimate interest of the provider is in the analysis, communication, sales and promotion of its products and services.

Legal basis may also be a consent of the user to the platform operator in accordance with Art. 6(1) point a GDPR. According to Art. 7(3) GDPR, the user can revoke this consent at any time by sending a message to the platform operator.

Facebook

When calling up the provider's online presence on the facebook platform, facebook processes user data (e.g. personal information, IP address etc.).

This user data gives the provider statistical information about the use of its company presence on facebook. Facebook uses this data in particular for market research and advertising purposes as well as for the creation of user profiles. On the basis of these profiles, facebook is able, for example, to place advertising within and outside facebook in an interest-based manner for the user. If the users are logged in to their facebook account at the time, facebook can also link the data to the respective user account.

If the user contacts the provider through facebook, the personal data of the user entered on this occasion is used to process the request. The user's data will be deleted by the provider once the user's request has been concluded, provided that no legal storage obligations, such as for a subsequent contract, exist.

Facebook may also set cookies to process data.

If the user does not agree with this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented using the browser settings, but with the corresponding setting of the Flash Player. If the user prevents or restricts the installation of cookies, this may mean that not all facebook features are fully usable.

More details on the processing activities, their suppression and the deletion of the data processed by facebook can be found in the data policy of facebook:

https://www.facebook.com/privacy/explanation

It can not be ruled out that facebook’s processing will also take place in the USA.

Facebook has submitted to the "EU-US Privacy Shield", thereby complying with EU data protection regulations when processing data in the US.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active