September 21, 2013
Without prejudice to compelling legal regulations and the provisions of the Terms, the PP govern the handling of data made available on HEADSTORE by Users, or which arise as a result of the use of HEADSTORE. With registra-tion and on each login to HEADSTORE, the User declares his express consent to the processing of his data according to the principles stated hereinafter.
1. The services of HEADSTORE are described and defined in the Terms (“Services”).
2. HEADSTORE implements reasonable technical and organizational security measures in order to protect data from unintentional or malicious manipulation, loss, destruction or access by unauthorized persons. Passwords are stored in encrypted form, and the security measures are periodically examined and continually improved in line with technological developments. At HEADSTORE, data is saved on servers in such a way that the HEADSTORE can administer the process and access controls in line with the legal requirements. Although the data encryption at HEADSTORE is in line with state-of-the-art technology, the User is solely responsible for the transfer of the data over the internet, in particular when using mobile end equipment.
3. In order to be able to use the Services, HEADSTORE captures the following data (and combinations thereof):
1. Personal data can be used to identify the User, and to enable the core functions of HEADSTORE. HEAD-STORE will only capture personal data if it is provided by the User or, by means of the use of single-sign-on services (“SSO”) like «Facebook Connect» or «Sign in with Twitter», or by the use of connectors to social media networks, is indirectly retrieved via such services. By using a SSO-service or social media connector, the User accepts the general terms and conditions of business and data protection provisions of such service provider. To the extent that this is legally permissible, the User releases HEADSTORE from all liability and guarantee in this respect. Examples of personal data which the User may place on HEADSTORE as part of his profile and which HEADSTORE may capture include name, address, nationality, date of birth, profile pictures, status, e-mail address, telephone number and contact details.
2. As stated in the Terms, HEADSTORE relies on the fact that the User will only use HEADSTORE with data aggregated from third-party sources if entitled to do so.
3. Demographical data that may be accumulated through the use of HEADSTORE relates not only to the User, but to specific population characteristics, such as post code, age, preferences, gender, national-ity, status, interests, etc.
4. Behavioral data is collected by HEADSTORE on how the User uses HEADSTORE, the areas of the website he visits, the services he selects and the details available from the browser of his computer hardware and software, including IP address, browser, operating system, domain names, access times and the ad-dresses of websites referring to HEADSTORE. This data is required to analyze the use of resources, to find and rectify errors, to fight misuse and to improve the services.
5. In addition, HEADSTORE may collect indirect data on the User (e.g. geographical analysis of IP ad-dresses).
4. When registering, the User’s first name, surname, e-mail address and a password will be recorded, and the e-mail address will be verified. The data recorded in the profile might be called up individually by other users, but not by any third parties outside of the group of HEADSORE Users, and will only be used subject to the pro-visions of the PP. By activating the relevant function in his profile, the User accepts the sending of e-mail notifications at the intervals defined and the periodic sending of information on new services from HEAD-STORE. The type and intervals of e-mail notifications may be changed at any time.
5. HEADSTORE aggregates various data generated by Users in a database and employs the aggregated content to support, facilitate and suggest feeds, according to certain criteria, to other Users or to any third party (“Sys-tem Data”). It is not possible, however, to deduce from externally employed System Data the identity and the preference of a User. Furthermore, HEADSTORE might temporarily store (cache) certain third-party data in order to provide for an improved user experience.
6. In order to facilitate the user experience, particularly the mashup with social media networks or other third party services, HEADSTORE employs embedded code snippets (widgets, codelets, iFrames etc.) and other technical means which might relay certain static and behavioral data of the User (visited web pages, refer-ences etc.) to third-party web servers without HEADSTORE’s control or involvement.
7. HEADSTORE may provide the Services based on different subscription models, part of which might be free of charge to the User and supported by commercial advertisement or embedment of the Services in third-party sites which might be targeted to the User based on data collected by HEADSTORE or by third-party-services. If a subscription fee is paid by credit card or other form of payment, the payment is made via a link to the website of the financial service provider in question. HEADSTORE does not become aware of or save any pay-ment data, but is notified by the financial services provider of the payment status, so that HEADSTORE ser-vices requested by the User can be activated. By choosing a payment form, the User accepts any general terms and conditions of business and data protection provisions of the financial services provider in question and, to the extent that this is legally permissible, releases HEADSTORE from all liability and guarantee.
8. The User has the option of saving certain data in his profile. The saving of objects with improper, indecent or prohibited content, or objects contaminated with computer viruses, trojans etc., is forbidden. HEADSTORE expressly reserves the right, if information is received of a breach of this provision, to inspect the objects saved on HEADSTORE, to delete them without warning, or to block the User accounts in question. HEADSTORE expressly draws attention to the fact that the User himself is responsible for ensuring reasonable protection of his computer systems against viruses, trojans, etc.
9. The records contributed by the User to the System Data are not removed if the User’s account and/or the User’s data is deleted. The User declares his express agreement to the continued use of such data even after the deletion of his account and/or his data.
10. HEADSTORE uses the data collected on HEADSTORE in order to provide the Services, to respond to enquiries from Users and to operate and improve the website. By registering with HEADSTORE, the User agrees to HEADSTORE using his data:
1. to enable him to set up an account;
2. to enable him to draw up profiles and to deliver commercial advertisement to him;
3. to inform him of updates to HEADSTORE, to send him information and service-related notifications, in-cluding important security updates;
4. to send him additional notifications and information and to inform him of offers and future services;
5. to put him in a position to give HEADSTORE feedback, to contact HEADSTORE and allow HEADSTORE to respond to him;
6. to provide and continually improve the System Data;
7. to carry out surveys, questionnaires, campaigns and competitions and present the results, such as suc-cess stories and competition winners;
8. to be able to compile internal reports on the use of HEADSTORE; and
9. to use combined, anonymized statistical data from HEADSTORE for academic, marketing and publicity purposes.
11. With the exception of System Data, the User has the opportunity at any time to delete, overwrite or deacti-vate data which he has actively entered. The User is aware that data which is deleted in the database is still present on backups. For technical reasons, certain data remains saved on the database, but is marked as de-leted. Subject to authentication in accordance with section 17 below, the User is free, insofar as technically feasible, to request the deletion or, where technically impossible, the anonymization of his data.
13. When accessing HEADSTORE, the general access data is saved in a log file which contains, among other data: IP address, date and time of access, User ID used, files called up, access status (OK, partial content, docu-ment not found, etc.), websites referred to, web browser used, operating system used. The OPER-ATOR uses this data for statistical and technical analyses and in anonymized form, for example to optimize the server infrastructure or to determine what days are particularly busy in terms of access, in order to be able to draw conclusions on possible improvements to the user interface and functionalities. No personal analyses of this data are undertaken.
14. Apart from cooperation with suppliers and other third parties who are contractually obliged to preserve confi-dentiality, HEADSTORE only allows third party access to user data if legally obliged to do so, or if obliged on the basis of an official order, as it sees fit following a request from an official body or if it believes in all good faith that this is necessary in order to: (1) comply with legal regulations or legal proceedings; (2) protect its rights or property; (3) expose or prevent an offence or a crime; or (4) protect the personal safety of Users or the general public. On the basis of a typical commercial confidentiality agreement, HEADSTORE is also enti-tled to allow reasonable inspection of the HEADSTORE database by third parties who wish to acquire part or all of the business of HEADSTORE in any form whatsoever. If HEADSTORE is subject to insolvency proceedings, it or its liquidator, administrator or receiver may sell, license or otherwise dispose of the HEADSTORE data-base in the course of a legal transaction authorized by a competent authority. Where appropriate, the User will be informed by e-mail or by means of a notification on HEADSTORE of any substantial changes in the own-ership of HEADSTORE.
15. HEADSTORE will never ask the User by e-mail for his login data, in particular his password. In the case of sup-port or other enquiries, HEADSTORE is entitled to use appropriate identification and authentication methods, suitable for the enquiry in question, to verify as far as possible whether the enquirer is entitled to be given information concerning the account and related data.
16. HEADSTORE data is stored, mirrored, and processed in a third-party data centers under various jurisdictions. The User gives is explicit consent to a data transfer abroad, even under the condition that such country might provide less data protection than his home country or the country of incorporation of HEADSTORE (Switzer-land).
17. A User is entitled at any time to request information from HEADSTORE Data Protection Officer in written or electronic form concerning the personal data held on him at HEADSTORE. The request will be responded to as quickly as possible in the form deemed most appropriate by HEADSTORE. The request for information may be refused, limited or postponed if necessary to comply with legal regulations or if HEADSTORE’s interests or those of a third party take precedence.
18. Requests for information or any other queries to the HEADSTORE data protection officer should be directed to: HEADSTORE GmbH attn. Data Protection Officer Technoparkstrasse 1, 8005 Zürich, firstname.lastname@example.org.