Data privacy
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is all data that can be used to identify you personally.
Data collection on this website
This privacy policy applies to the website of CORKANA GmbH (https://www.corkana.com) and to the personal data collected via this website. For websites of other providers to which reference is made, e.g. via links, the data protection notices and declarations there apply.
Name and contact details of the controller
CORKANA GmbH
Larisa Gstöhl
Schützenplatz 4
9492 Eschen
Liechtenstein
E-Mail: hello@corkana.com
Categories of personal data collected
Our system automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
– Browser type and browser version
– Operating system used
– referrer URL
– Host name of the accessing computer
– Time of the server request
– IP address
This data is not merged with other data sources.
If you contact us via the contact form, we also record your:
– Salutation
– first name
– Last name
– Your e-mail address
– Your subject
– Your message
If you contact us via the “Order” form, we will also record your:
– first name
– Surname
– Company name
– Country / Region
– Street address
– Postal code
– City / Town
– Phone number
– E-mail address
– Comment on the order
Purposes of processing
The processing of personal data on our website is limited to the data required to provide a technically error-free display and to optimize our website.
If you contact us via
– contact form
– Order” form
Your details from the aforementioned forms, including the contact details you provide there, will be stored by us for the purpose of processing the request and in the event of follow-up questions.
Legal basis
a) The processing of personal data in connection with our website is carried out in accordance with Art. 6 para. 1 letter f GDPR on the basis of our legitimate interests in ensuring the stability and operational security of the system.
b) The processing of personal data in connection with the
– contact form
– Order” form
is carried out in accordance with Art. 6 para. 1 let. b GDPR (contract or pre-contractual measures).
c) If you send us an e-mail that is not aimed at concluding a contract, we consider your disclosure of data to be your consent in accordance with Art. 6 para. 1 let. a GDPR.
Cookies
We use session cookies on our website to make our offering more user-friendly. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website.
If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you allow them in individual cases. However, we would like to point out that deactivation will mean that you will not be able to use all the functions of our website.
The legal basis for the data processed by cookies is Art. 6 para. 1 lit. f GDPR.
Storage period
We store the personal data collected each time our website is accessed and files are transferred for a period of 180 days. The data is stored for reasons of data security – in particular to defend against attempted attacks on our web server – and to ensure the stability and operational security of our system.
We process your personal data in connection with the forms as long as the contractual relationship remains in place. If no contract is concluded, we will delete the data after responding to your request.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If there is an obligation to provide us with your payment details (e.g. account number for direct debit authorization) after the conclusion of a fee-based contract, this data is required for payment processing.
Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
With encrypted communication, the payment data you transmit to us cannot be read by third parties.
Consent with Usercentrics
This website uses Usercentrics’ consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).
When you visit our website, the following personal data is transmitted to Usercentrics:
– Your consent(s) or the revocation of your consent(s)
– Your IP address
– Information about your browser
– Information about your end device
– Time of your visit to the website
– Geolocation
Usercentrics also stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
The Usercentrics banner on this website was configured with the help of eRecht24. You can recognize this by the fact that the eRecht24 logo appears in the banner. In order to display the eRecht24 logo in the banner, a connection to the eRecht24 image server is established. The IP address is also transmitted, but this is only stored in anonymized form in the server logs. The eRecht24 image server is located in Germany with a German provider. The banner itself is provided exclusively by Usercentrics.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Registration on this website
You can register on this website in order to use additional functions on the site. We will only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.
In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR).
The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user’s end device. It is not assigned to a user ID.
Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
IP anonymization
Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Mailchimp
This website uses the services of Mailchimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Mailchimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), this data is stored on Mailchimp’s servers in the USA.
With the help of Mailchimp, we can analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (known as a web beacon) connects to Mailchimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.
If you do not wish to be analyzed by Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more information, please refer to Mailchimp’s privacy policy at: https://mailchimp.com/legal/terms/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TXVKAA4&status=Active
YouTube
This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
Furthermore, YouTube can store various cookies on your device or use comparable technologies to recognize you (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
Further information on the handling of user data can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Fonts
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This informs Google that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
If your browser does not support Google Fonts, a standard font will be used by your computer. Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Processing of customer and contract data
We collect, process and use personal customer and contract data to establish, structure the content of and amend our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable or charge the user for the use of the service. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
The customer data collected will be deleted after completion of the order or termination of the business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.
Data transmission upon conclusion of contract for online stores, retailers and shipping of goods
When you order goods from us, we pass on your personal data to the transport company responsible for delivery and to the payment service provider responsible for processing payments. Only the data required by the respective service provider to fulfill its task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will pass on your e-mail address to the transport company entrusted with the delivery so that it can inform you by e-mail about the shipping status of your order; you can revoke your consent at any time.
Payment services
We integrate third-party payment services on our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time for the future.
We use the following payment services / payment service providers on this website:
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as “Mastercard”).
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
VISA
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as “VISA”).
The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that corresponds to the level of data protection in the European Union.
VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
Further information can be found in VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
According to the EU General Data Protection Regulation, you have the following rights:
– to obtain information about the personal data processed or the categories of personal data processed, the purposes of processing, the categories of recipients to whom your data has been or will be disclosed, the intention to transfer data to a third country or an international organization, including suitable guarantees, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
– to request the rectification, completion or erasure of your personal data that is incorrect or not processed in accordance with the law
– require us to restrict the processing of your personal data;
– in certain circumstances, to object to the processing of your personal data or to withdraw the consent previously given for the processing;
– to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
Right to withdraw consent
If you have consented to the processing of your personal data by the controller with a corresponding declaration, you can revoke this consent at any time for the future. However, this does not affect the lawfulness of the data processing carried out on the basis of the consent until revocation.
Competent supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy. The complaints authority responsible for this website is:
Datenschutzstelle Fürstentum Liechtenstein
Städtle 38
Postfach 684
FL-9490 Vaduz
Telefon: +423 236 60 90
E-Mail: info.dss@llv.li
Webseite: www.datenschutzstelle.li
Status of the privacy policy
29.03.2024