data protection
Data protection
With this privacy policy we inform you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Thai Oase Gbr (hereinafter referred to as "we" or "us") is responsible for data processing.
1. General information
1.1 Contact
If you have any questions or suggestions regarding this information or if you would like to contact us to assert your rights, please send your request to.
Thai Oase Gbr
Great Freedom 38-40
22767 Hamburg
Mail: team@thai-oase.com
1.2 Legal basis
The term “personal data” in data protection law refers to all information that relates to a specific or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. We only process data on the basis of legal permission. We only process personal data with your consent (Section 15 Para. 3 TMG or Art. 6 Para. 1 Letter a GDPR), to fulfill a contract to which you are a party, or at your request to carry out pre-contractual measures (Art. 6 Para. 1 Letter b GDPR), to fulfill a legal obligation (Art. 6 Para. 1 Letter c GDPR) or if processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data prevail (Art. 6 Para. 1 Letter f GDPR).
If you apply for a vacant position in our company, we will also process your personal data to decide whether to establish an employment relationship (Section 26 Paragraph 1 Sentence 1 BDSG).
1.3 Duration of storage
Unless otherwise stated in the following information, we only store the data for as long as it is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention periods can arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will store such personal data contained in our accounting data for ten years and personal data contained in commercial letters and contracts for six years. In addition, we will store data in connection with consents that require proof and with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
1.4 Categories of data recipients
We use contract processors to process your data. The processing operations carried out by such contract processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing and fulfillment, accounting and billing, marketing measures or file and data storage destruction. A contract processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller. Contract processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller and are contractually obliged to ensure suitable technical and organizational measures for data protection.
In addition, we may transfer your personal data to third parties under their own responsibility, such as postal and delivery services, house banks, tax consultants/auditors, financial authorities and payment services. Other recipients may be identified in the following information.
1.5 Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is offered in such a third country. If such an adequacy decision by the European Commission is not available, personal data will only be transferred to a third country if suitable guarantees are in place in accordance with Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.
Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate guarantees: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087 . If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Art. 49 Para. 1 Letter a of GDPR.
1.6 Processing when exercising your rights
If you exercise your rights in accordance with Articles 15 to 22 of the GDPR, we will process the personal data transmitted for the purpose of implementing these rights by us and in order to be able to provide evidence of this. We will only process data stored for the purpose of providing information and preparing it for this purpose and for the purposes of data protection control and will otherwise restrict processing in accordance with Article 18 of the GDPR. This processing is based on the legal basis of Article 6 (1) (c) of the GDPR in conjunction with Articles 15 to 22 of the GDPR and Section 34 (2) of the Federal Data Protection Act.
1.7 Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not we process personal data concerning you and, if so, to what extent.
- You have the right to request that we correct your data in accordance with Art. 16 GDPR.
- You have the right to request that we delete your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
- In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transmit this data to another controller.
- If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 Paragraph 3 GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent up to the revocation.
- If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
1.8 Right of objection
In accordance with Art. 21 Para. 1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 Para. 1 Letter e or f GDPR for reasons arising from your particular situation. If we process personal data about you for the purpose of direct advertising, you can object to this processing in accordance with Art. 21 Para. 2 and Para. 3 GDPR.
1.9 Data Protection Officer
You can reach our data protection officer using the following contact details:
Thai Oase Gbr
c/o Max Tolsdorff
Great Freedom 38-40
22767 Hamburg
Mail: team@thai-oase.com
2. Data processing on our website
When you use the website, we collect information that you provide yourself. In addition, when you visit the website, we automatically collect certain information about your use of the website. In data protection law, the IP address is also generally considered personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
2.1 Processing of server log files
When using our website for purely informational purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes as standard: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code and firewall log files. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 Paragraph 1 Letter f GDPR. This processing serves the technical administration and security of the website. The stored data is deleted after 14 days unless there is reasonable suspicion of illegal use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not in a position to identify you as the data subject based on the stored information. Art. 15 to 22 GDPR therefore do not apply in accordance with Art. 11 Paragraph 2 GDPR, unless you provide additional information that enables your identification in order to exercise your rights set out in these articles.
2.2 Cookies
We use cookies and similar technologies ("cookies") on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies in general or for specific cases through your browser settings. The Federal Office for Information Security provides further information on this: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/ EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html
The use of cookies is partly technically necessary for the operation of our website and is therefore permitted without the consent of the user. We may also use cookies to offer special functions and content as well as for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with Art. 6 Para. 1 Letter a of GDPR. Information on the purposes, providers, technologies used, stored data and the storage period of individual cookies can be found in the settings of our Consent Management Tool.
2.3 Consent Management Tool
This website uses a consent management banner to control cookies and similar technologies. The consent banner enables users of our website to give consent to certain data processing procedures or to revoke consent given. By clicking the "OK" button or by saving individual settings, you agree to the use of the associated cookies. The legal basis for data protection is your consent within the meaning of Art. 6 Para. 1 Letter a of GDPR.
The banner also helps us to provide proof of the declaration of consent. To do this, we process information about the declaration of consent and other log data related to this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 Para. 1 Letter c in conjunction with Art. 7 Para. 1 GDPR).
2.4 Online-Shop
2.4.1 Data processing for purchase processing
If you order a product via our website, we process personal data exclusively for the purpose of processing the contract or to provide you with the product you have ordered. As part of the booking or ordering process, we only process the data that you have entered in the input mask and, if applicable, payment information if you pay by advance bank transfer. Payments are processed by our fulfillment service provider, who works on our behalf. We also transmit your data required for delivery to one of our shipping service providers as specified in the order. The legal basis for processing is Art. 6 Paragraph 1 Letter b GDPR. All data fields marked as mandatory are required to process your booking or order. Failure to provide this information means that we cannot process your booking or order. The provision of further data is voluntary.
2.4.2 Payment provider Shopify Payments
On our website you have the option of making payments via the payment service provider Shopify International Limited (Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland). The payment data you provide during the ordering process will be transmitted to Shopify, Paypal or Amazon if this transmission is necessary to carry out the payment transaction. The legal basis for this transmission is Art. 6 Para. 1 Letter b GDPR.
The respective payment provider is solely responsible for the processing of payment data during the subsequent payment processing. Further information on data protection can be found here: https://www.shopify.com/de/legal/datenschutz .
2.4.3 Payment via PayPal
You also have the option of paying directly via PayPal. Please note that the relevant payment information is collected and processed independently by PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal L-2449, Luxembourg. PayPal sends us your address data stored with PayPal, which we process exclusively for the purpose of processing the contract. The legal basis is Art. 6 Para. 1 Letter b GDPR.
Further information on data protection at PayPal can be found at: https://www.paypal.com/de/webapps/mpp/gdpr-readiness-requirements
2.5 Newsletter
2.5.1 Registration and deregistration
On our website we offer the option of signing up for our Thai Oase newsletter. After registration, we will regularly inform you about the latest news on our offers. A valid email address is required to register for the newsletter. To verify your email address, you will first receive a registration email, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your email address and your name on the basis of the consent you have given. The processing is based on the legal basis of Art. 6 Paragraph 1 Letter a of GDPR. You can revoke your consent at any time with effect for the future, for example via the "Unsubscribe" link in the newsletter or by contacting us via email at team@thai-oase.com. The legality of the data processing operations that have already taken place remains unaffected by the revocation. When you register for the newsletter, we also save the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 Para. 1 Letter c in conjunction with Art. 7 Para. 1 GDPR).
2.5.3 Service providers
We use the Mailchimp service to manage subscribers, send the newsletter and analyze data. We will therefore send your email address to Mailchimp. The processing is carried out on our behalf and is based on the legal basis of Art. 6 Paragraph 1 Letter f GDPR and serves our legitimate interest in optimizing and economically sending our newsletter. If you do not want your data to be processed by Mailchimp, you should not subscribe to the newsletter or unsubscribe from it. The newsletter service offers statistical evaluation options for usage data. This includes information on whether an email has reached the recipient or whether it was rejected by the server.
2.6 Google Analytics
We use the Google Analytics service provided by Google Ireland Limited (Google Ireland/EU) on our website.
Google Analytics is a web analytics service that helps us collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies to analyze the use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers, and information about interaction with our website is processed.
Some of this data is information that is stored on the device you are using. In addition, other information is also stored on the device you are using via the cookies used. Such storage of information by Google Analytics or access to information that is already stored on your device only takes place with your consent.
Google Ireland will process the data collected in this way on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with other services related to the use of our website and the internet. Pseudonymous user profiles of the users may be created from the processed data.
Cookies are set and personal data is processed further as described here with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Art. 6 (1) (a) GDPR. You can revoke this consent at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland's subcontractors maintain facilities. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to Art. 46 Para. 2 Letter c GDPR.
We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google Ireland within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data.
You can also prevent the collection of information generated by cookies by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout . If you visit our website via a mobile device, you can deactivate Google Analytics by clicking on this link .
2.7 Third-party services and content
We use services and content provided by third parties on our website (hereinafter referred to collectively as "content"). We use a two-click solution for integration. When using the two-click solution, no connection is initially established to the third-party provider, but a placeholder is loaded from our own server. This can be a preview image of the embedded maps or videos. Contact with the "third-party server" is only established after another click on the respective placeholder. The IP address is therefore only transmitted when you confirm this by clicking. The data processing takes place with your consent and is based on Art. 6 Para. 1 Letter a of GDPR.
We have integrated content from the following third-party services into our website:
“Spotify” by Spotify AB (Sweden) for embedding audio content.
We use additional services and content from third parties on our website that are technically necessary for the proper operation of the website and the provision of specific page functions. For this integration, processing of your IP address is necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to the respective third-party providers. This data processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 Paragraph 1 Letter f GDPR. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may lead to functional restrictions on the website.
3. Data processing on our social media pages
We have a company page on several social media platforms. We would like to offer further opportunities to provide information about our company and to exchange ideas. Our company has company pages on the following social media platforms: