Data Protection

1. Responsible person and data protection officer

1.1 The person responsible within the meaning of Art. 4 No. 7 EU GDPR is:

WMC Technologies AS
Tollbodallmenningen 1B
NO 5004 Bergen, Norwegen

The authorized representative is Ronny Kausland.

The responsible person is located in Bergen, Norway (Organization number 984 653 689)

1.2 Data protection office

Please contact our data protection officer if you have any questions regarding data protection relating to our website and our range of services or if you wish to exercise your personal rights:

Prof. Dr. Thomas Jäschke
Datatree AG Heubesstraße 10
DE 40597 Düsseldorf

E-Mail: dsb@datatree.eu

T +49 211 93190-798
F +49 211 93190-799

This Privacy Policy informs the users of this website about the nature, scope and purpose of the collection and use of personal data by the operator of this website www.wmc-card.com
We take your data protection very seriously and will always treat your personal data confidentially and according to the legal regulations.
Due to new technologies and the constant further development of this website changes may be made to this data protection declaration and we therefore recommend that you visit our data protection declaration at regular intervals.

Status of the data protection declaration: 22.01.2019

.


2. Right of the affected persons

You can exercise your data protection rights and are free of charge at any time. Our data protection officer checks and answers each request individually. You will find his contact details under point 1.2.

2.1 Right of access by the data subject, Art. 15 EU GDPR

You have the right and are free of charge to receive information on whether we process data relating to your person at any time.

2.2 Right to rectification (Art. 16 EU GDPR), Right to erasure (Art. 17 EU GDPR), Right to restriction of processing (Art. 18 EU GDPR), Right to data portability(Art. 20 EU GDPR) and Right to object(Art. 21 EU GDPR)

You also have the possibility to exercise your rights of rectification, cancellation or limitation of the processing. You can also object to the processing of your data at any time.

2.3 Revocation in case of consent (Art. 7 §3 EU GDPR)

If you have provided your personal data on the basis of a consent, you have the right to revoke the consent at any time for the future. We would like to point out that the revocation of your consent does not affect the lawfulness of the processing, which was carried out on the basis of your consent until the revocation.

2.4 Your right to complain to the supervisory authority

If you think that the processing of your personal data by WMC Technologies AS is not lawful, you have the right to address your complaint to any data protection supervisory authority at any time. The responsible supervisory authority pursuant to Art. 55 EU GDPR is the

Datatilsynet
P.O. Box 458 Sentrum
NO-0105 Oslo

Org.no 974 761 467

postkasse@datatilsynet.no

Further information and current contact details can be found on the website
http:///www.datatilsynet.no/.

.


3. Processing of your data when using this website

3.1 Full Logging

If you visit our website, the browser used on your terminal device automatically transmits information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be stored without your intervention:

IP address of the requesting computer,

  • Website from which access is made (so-called referrer URL)
  • Browser type and version and other information transmitted by the browser (e.g. your computer’s operating system) and language
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Access status / HTTP status code
  • the amount of data transferred in each case

This data processing is carried out in accordance with Art. 6 I f) EU GDPR in order to ensure trouble-free operation of our pages and to evaluate system security and stability. The collected data will not be used to draw conclusions about your person.

The stored data is stored in the log files for a maximum of 15 days and will then be deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.

.


4. General part of the privacy policy

4.1 Cookies

4.1.1 Definition: Temporary and permanent cookies

Cookies are small text files that are stored on your computer by a web server. The next time you visit the site, the cookie will allow the site to recognize your web browser. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective.

There are various types of cookies which scope and functionality we would now like to explain:

  • There are so-called temporary or transient cookies which are automatically deleted when you close your browser. These include session cookies. They store a so-called session ID which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close your web browser.
  • On the other hand, there are the permanent or persistent Cookies which remain stored after closing the browser but are automatically deleted after a specified period. The duration varies depending on the cookie but we would like to point out that you can delete cookies at any time using the security settings of your web browser.
  • Third party cookies are cookies that are offered by providers other than the person responsible for operating the online service.

4.1.2 We use the following cookies on our website:

Name Valid Range Storage Period Explanation
1P_JAR wmc-card.com 30 days Support of googles web services
CONSENT wmc-card.com 1 year JavaScript plugin for notifying users about the use of cookies on your website
PHPSESSID wmc-card.com Browser session Cookie for storing a simple message when submitting a form that can be displayed on a separate page
__ssid wmc-card.com 6 months Google features
__utma wmc-card.com 2 years Cookie to evaluate visitor statistics
__utmc wmc-card.com 30 minutes Information on the length of stay of the visitor
__utmv wmc-card.com 2 years Control of user-defined analyses
__utmz wmc-card.com 6 months Analysis of the user
_fbp wmc-card.com 1 day Facebook cookie for displaying advertising products
_ga wmc-card.com 2 years Cookie to evaluate visitor statistics
_gat wmc-card.com 1 day Limitation of the requirement rate
_gid wmc-card.com 1 day Cookie to evaluate visitor statistics
ajs_anonymous_id wmc-card.com 1 year Statistics on the number of web visitors
ajs_group_id wmc-card.com 1 year Segmentation of visitor behavior
ajs_user_id wmc-card.com 1 year Analysis of user behavior
pll_language wmc-card.com 1 day Storage of preferred language
scroll wmc-card.com Browser session Allows good scrolling during navigation

Member Mouse / Word-Press Cookies

Member Mouse uses WordPress authentication, so WordPress session cookies are used, to capture the currently logged on user. Member Mouse sets a session cookie for the currently logged in member. In addition, temporary cookies are set to store information about online transactions. Payment services can also set cookies during transaction processing. The legal basis is Art. 6 I f) GDPR. These cookies are used to analyze the user behavior on the website, so that it is possible to analyze and optimize the operation and to design the website more in line with the interests of the user. If you want to delete or change Member Mouse Cookies, you can visit the following link https://membermouse.com/privacy-policy/ For more information you can visit https://support.membermouse.com/support/solu-tions/articles/9000146559-how-can-membermouse-help-with-gdpr-compliance-

4.1.3 Restriction and deletion of cookies

You have the right and the possibility to restrict or prevent the installation of cookies via the settings of your browser. You can also delete cookies that have already been saved at any time. You must be aware that the steps and measures you take to delete cookies depend on the type of Internet browser you are using.

4.2 Usage of our web shop

4.2.1 Usage of our web shop with registration

You can also place orders via our web shop. You must create a customer account through which we can store your data for later purchases. In this case we will save and collect the data entered by you (e.g. name, address, e-mail address) during registration solely for the purposes of precontractual services, contract fulfilment or customer care. In addition, the IP address and the date of registration are stored. Your data will not be passed on to third parties.

The legal basis for the processing of your data for the purpose of precontractual measures or for the purpose of fulfilling the contract results from Art. 6 I b) EU GDPR.

Your permission to the processing of your data will also be obtained during registration and reference will be made to our data protection declaration.

The legal basis for the processing of your data is based on your consent pursuant to Art. 6 I a) EU GDPR. We would like to point out to you that you can revoke the consent given to us for the registration and maintenance of your customer account at any time with effect for the future in accordance with Art. 7 III EU GDPR. For this purpose, you must inform us of your informal revocation.

Finally, the data collected will be deleted when the processing is no longer necessary, or the purpose no longer applies. However, we are obliged by commercial and tax law to store your address, payment and order data for a period of 10 years. However, after 2 years we will restrict the processing (i.e. your data will only be used to comply with legal obligations).

To prevent unauthorized access by third parties to your personal data (in particular financial data) the order process is encrypted using TLS technology.

4.3 External payment service providers

We use external payment service providers on which platforms, users and us can carry out payment transactions. In our case:

  • Visa (https://www.visa.co.uk/legal/privacy-policy.html),
  • Mastercard (mastercard.us/en-us/about-mastercard/what-we-do/privacy.html),
  • American Express (https://www.americanexpress.com/uk/legal/online-privacy-statement.html)

We use the payment service providers based on Art. 6 I 1 b) EU GDPR to fulfil our obligations under the contracts. In addition, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6 I 1 f) EU GDPR to offer effective and secure payment options.

The data processed by the payment service providers include inventory data (name, address, bank details such as account and credit card numbers, passwords, TANs and recipient details) which are however necessary to carry out the transactions. We do not receive any account or credit card related information but only information confirming or adversely affecting the payment. In some cases, the data is transmitted by payment service providers to credit reports. The purpose of this transmission is to check identity and creditworthiness. Please refer to the general terms and conditions and data protection information of the above-mentioned payment service providers. Payment transactions are subject to the terms and conditions and data protection information of the respective payment service providers which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation information and other rights affected.

4.4 Newsletter

You have the possibility to register for our newsletter. To register all we need is your e-mail address which will not be passed on to third parties. Only the e-mail address is mandatory for sending the newsletter. The indication of further data is always voluntary. We send out newsletters with promotional information in particular our current and interesting offers.

The double opt-in procedure is used to register for the newsletter. This means that after your registration we will send you an e-mail to the given e-mail address in which we will ask you to confirm that you wish to receive the newsletter. This confirmation is necessary in order to avoid that someone can register with external e-mail addresses. If you do not confirm your registration within 24 hours, your information will be blocked and automatically de

addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and if necessary, to clarify a possible misuse of your personal data the logging of the registration procedure is our legitimate interest according to Art. 6 I f) EU GDPR.

The newsletter is sent based on your express consent in accordance with Art. 6 I a), 7 EU GDPR and § 7 II No. 3 UWG.

After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. You can revoke your consent to receive the newsletter at any time for the future and unsubscribe from the newsletter, Art. 7 III EU GDPR. You can declare your revocation by sending an e-mail to info@wmc-card.de or by sending a message to the contact details given in the imprint.

Our newsletter do not contain any tracking functions so-called tracking pixels and individualized links are not used.

4.5 Contact request / Contact form

When you contact us by e-mail or via a contact form the data you provide (your e-mail address and your name) will be stored by us in order to answer your questions. All information provided by you is voluntary. You must provide an e-mail address if you wish to receive an answer.

The legal basis for the processing of the contact request and its settlement is Art. 6 I b) EU GDPR in the case of a precontractual or already contractual relationship or Art. 6 I f) EU GDPR in the case of other requests.

The storage of your data takes place based on a consent in accordance with Art. 6 I a) EU GDPR. We delete the data occurring in this connection after the storage is no longer necessary and there are no legal storage obligations to prevent the deletion (e.g. in the case of a subsequent contract execution).

Since you have given your consent, we would like to inform you that you can revoke your consent at any time with effect for the future, Art. 7 III EU GDPR. If you wish to take advantage of this possibility of revocation, please contact us.

In order to prevent unauthorized access by third parties to your personal data it is encrypted during data transmission using TLS technology.

.

5. Third-party contents

5.1 Google Fonts

On our website we use Google Fonts to display external fonts. It is a service of the Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

Google’s certification under the EU-US Privacy Shield (https://www.priva-cyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ) ensures that the European Unions data protection requirements are met when data is processed in the United States.

In order to be able to correctly display the certain fonts on our website a connection to a Google server in the USA is established when our website is called up. This enables us to determine from which website your request was sent and to which IP address the font display is to be transmitted.

The legal basis is Art. 6 I f) EU GDPR. The justified interest is to be seen in the optimization and operation of our website.

Finally, Google offers further information in particular the possibility to prevent the use of this data. The links are: https://adssettings-google.com/authenticated and https://policies.google.com/privacy .

5.2 For web analysis we use

5.2.1 Google Analytics

On this website we use Google Analytics to analyze the usage behavior of our website. Google Analytics is an internet service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

Google guarantees by the certification after the EU-US data protection sign (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ) that the data protection defaults of the European Union are kept with the processing of data in the USA.

The usage and user-related information in particular the IP address, the location, the time or the frequency of the visit to our Internet presence are transferred and stored to a Google server in the USA. Google Analytics also uses the so-called anonymization function which already shortens the IP address within the EU or EEA.

The data collected this way is used by Google to provide us with an evaluation of the visit to our website and the usage activities.

The legal basis for the use of Google Analytics results from Art. 6 I f) EU GDPR. We see the justified interest in the analysis, optimization and operation of our website.

Finally, Google indicates that it will not associate your IP address with any other data. Google provides further data protection information for this purpose which you can call up at https://policies.google.com/technologies/partner-sites?hl=en. Google also provides a deactivation add-on that can be installed on standard Internet browsers. The link to the deactivation add-on can be found here: https://tools.google.com/dlpage/gaoptout?hl=en. This add-on ensures that the information about your visit to our website is not transmitted to Google Analytics.

5.2.2 Facebook Pixel

On this website the so-called “Facebook pixel” of the social network Facebook is used by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

This makes it possible for Facebook on the one hand to adapt the online offering to the target groups by displaying ads (so-called “Facebook ads”). The Facebook pixel is used to display the switched Facebook ads only to Facebook users who also have an interest in the online offer or who show certain characteristics (e.g. interest in certain topics or products that are determined on the basis of the websites visited) that are transmitted to Facebook (so-called “custom audiences”).The Facebook pixel ensures that the Facebook ads correspond to the potential interest of the users. This allows the effectiveness of Facebook ads to be used for statistical and market research purposes. The data is processed in accordance with Art. 6 I f) GDPR. Facebook processes the data in accordance with Facebook’s data usage policy.

Facebook is guaranteed by certification according to the EU-US data protection shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Ac-tive ), that the data protection requirements of the EU are adhered to when processing data in the USA.

Further information regarding the collection and use of data as well as your rights and protection options can be found on https://www.facebook.com/policy.php

.

6. Advertising / direct marketing

6.1 Google

6.1.1 AdWords with Tracking

On our website we use the advertising component Google AdWords and the so-called Conversion Tracking. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
Google guarantees by the certification after the EU-US data protection shield, (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) that the data protection guidelines of the European Union are kept with the processing of data in the USA.
Google AdWords is an Internet advertising service that allows advertisers to serve ads both in Google’s search engine results and on the Google advertising network.
Google AdWords allows an advertiser to pre-define keywords that will be used to display an ad in Google’s search engine results only when the user uses the search engine to retrieve a keyword relevant search result.
In the Google advertising network, the ads are distributed to topic-relevant websites using an automatic algorithm and considering the previously defined key-words.
The purpose of Google AdWords is to promote our website by displaying advertisements of interest on the websites of third parties and in the search results of the Google search engine and by displaying third-party advertisements on our website.
If a person concerned reaches our website via a Google advertisement, a so-called conversion cookie is stored on the information technology system of the person concerned by Google. What cookies are is explained above.
A conversion cookie loses its validity after 30 days and does not serve to identify the person concerned.
If the cookie has not yet expired, the conversion cookie is used to track whether certain subpages, such as the shopping cart of an online shop system, have been accessed on our website.
The conversion cookie enables both we and Google to track whether a person who came to our website via an AdWords ad generated sale, i.e. completed or cancelled a purchase.
The data and information collected using the conversion cookie is used by Google to compile visit statistics for our website.
These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future.
Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify the person concerned.
The conversion cookie is used to store personal information, such as the web pages visited by the person concerned.
Each time you visit our website, personal data, including the IP address of the Internet connection used by the person concerned, is transferred to Google in the USA and stored by Google in the USA. Google may pass on this personal data collected through the technical process to third parties.
The person concerned can prevent the setting of cookies by our website at any time by means of an appropriate setting of the browser used and thus permanently object to the setting of cookies.
Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
Furthermore, the person concerned has the opportunity to object to the interest related advertising by Google. To do this, the data subject must access the link https://www.google.de/settings/ads from any of the Internet browsers he or she uses and make the desired settings there.
The legal basis is Art. 6 I f) GDPR.
This service enables us to analyze user behavior on our website, enabling us to analyze and optimize our operations and to design our website more in line with interests.

Further information and the valid data security regulations of Google can be called up under https://policies.google.com/privacy?hl=en&gl=de.

Furthermore, there is the following information to this topic:

https://services.google.com/sitestats/en.html https://policies.google.com/technologies/ads?hl=en

.