Privacy policy

You are in the US? Please refer to our US Privacy Policy.

Data protection at a glance:

As part of the EDURINO app, we've made data protection a priority! In fact, we only process IP addresses and device information that is really necessary to run the EDURINO app so that your child has a wonderful learning time. As far as we request information of names, it is voluntary information. The EDURINO App adapts the learning objectives and content to the age of your child. Although the age information is also voluntary, it would still be important to ensure optimal game operation.

If you send us a request, you will receive a response from us. Don't worry: neither the data about your child's game use nor your personal data will be passed on to third parties.

Name and contact details of the controller:

The following entity is responsible for this website pursuant to Article 4 No. 7 of the UK GDPR (hereinafter: "Controller"):

EDURINO UK LIMITED

Franziska Meyer and Irene Klemm

c/o Rödl & Partner Legal Ltd

170 Edmund Street

Birmingham B3 2HB

United Kingdom

Represented by:

Franziska Meyer and Irene Klemm

Contact:

E-Mail: support_uk@edurino.com

Data processing via the EDURINO App

Scope of processing:
Within the scope of the EDURINO App (henceforth: "App"), the controller only collects a first name, whereby the user can choose whether the real first name or a fantasy name can be entered. The age of the user is also collected.
If you write a message via the contact form of the collector, he collects the personal data entered by you (first name, last name, e-mail address, message content). In addition, he collects your IP address and log files about the date and time of sending the message.

Purpose of processing
The name of the user is collected in order to address it by name within the framework of the app or to present the media content in a personalised manner. It is up to the user whether he wants to save the first name or a fantasy name in the app.
The age information is processed in order to adapt and present the learning methods and media content to specific target groups.
The data collected via the contact form is used exclusively to assign your request to a sender and to answer it.

Legal basis of the processing
If you have created a user with a first name in the app, you have thereby given your consent to the controller to store the user (e.g. your child) with a first name pursuant to Article 6 (1) (a) of the UK GDPR.
The processing of personal data may also be based on the legitimate interests of the controller pursuant to Article 6 (1) (f) of the UK GDPR.
Legitimate interests
The controller has a legitimate economic interest in being reachable via his contact forms and (electronic) means of communication for processing and responding to inquiries with interest in his products and to respond to your inquiries. He also has a legitimate interest in shielding his app as best as possible against misuse, fraud and attacks on IT security.

Recipients or categories of recipients
As a rule, your personal data will be processed by the data controller. The latter will only pass on your personal data, which it has received via electronic means of communication, to external recipients to the extent that this is necessary in individual cases in order to process your request.
Transfer to third countries 
The controller will not transfer your personal data abroad unless you agree to this.

Duration of storage
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and as soon as they are no longer required due to retention obligations under contract law, commercial law or tax law. Application documents are kept for at least two months after receipt of the rejection. Invoice documents are kept for 10 years, commercial letters for 6 years.

Obligation to provide
Your personal data such as title, first name, last name, e-mail address are required to transmit the request via the contact form to the controller. Otherwise, the provision of your personal data is voluntary. In the event that you do not provide your personal data, the controller may not be able to process or respond to your inquiries, requests or wishes. However, if you do not provide the controller with your e-mail address in the contact form or provide it incorrectly, the controller will not be able to respond to you.

Data processing via Playfab / Microsoft

Scope of processing
To provide the App, the controller uses services provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 USA (formerly "Playfab Services Inc.". More information on data protection law can be found here: https://privacy.microsoft.com/de-de/privacystatement.
For this purpose, a number of technically necessary data is collected about the IT end device on which you have installed the app: Model type (e.g. Samsung A7, iPhone XS) Device type (handheld, desktop PC) Unique ID number, graphics card data: ID, Name, Memory, Operating System, Persistent Data, CPU Information, Continent Code, Country Code, Latitude and Longitude (location data), Player ID, Error Data.
During gameplay, the following data is collected, which may be associated with a user: Minigame: time to complete the game, number of games played, Wrong actions per minigame; Cutscene: number of views, total number of touches per cutscene (indicates whether the user wants to skip the scene), Graphomotor accuracy; Progress: in minigames, badges, avatar; Usage: average game time per week, average session length.

Purpose of the processing
PlayFab is a complete backend platform for live games with managed game services, real-time analytics and LiveOps. The controller uses Playfab to enable and maintain the game operation of the app.
The processing of the IP address is used to receive and send data packets and enables a user to retrieve the app or downloads. The temporary storage of the IP address on the controller's server is necessary to transmit the page content to the user's computer system after calling up this app, so that the user can perceive the content.
The processing of the MAC address as well as the data mentioned in point (1) about the IT terminal and the user are necessary to provide the game flow and to detect and eliminate errors.
The storage in log files takes place in order to ensure the functionality of the app and downloads and to be able to detect any transmission errors that may occur. In addition, this data is used by the controller to optimise the app and to ensure the security of its information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Legal basis of the processing
The processing of the IP address, MAC address, device data and metadata serves to provide the gameplay of the app. The processing of this data is necessary for the performance of the contract to which you are a party or for the implementation of pre-contractual measures that are carried out at your request pursuant to Article 6 (1) (b) of the UK GDPR.
The processing is based on the legitimate interests of the controller pursuant to Article 6 (1) (f) of the UK GDPR.

Legitimate interests
The controller has a legitimate economic interest in processing the above-mentioned personal data for the above-mentioned purposes in order to ensure that its app and related products are provided or can be accessed online. He also has a legitimate interest in shielding his app against misuse, fraud and attacks on IT security as best as possible.

Recipients or categories of recipients
Your personal data will be disclosed to the controller's IT department and to its contractors who are commissioned to host and provide the IT resources for the operation of the website, as well as to the service provider named in point 1.

Transfer to third countries
Personal data is partly transferred to the USA. There is no adequate level of data protection in the USA. This means that users' rights, e.g. the right to information or deletion, cannot be asserted as effectively as in the EU.
However, the data processing by the service provider mentioned in point 1. for the purposes mentioned in point 2. is necessary in order to operate the app and offer the gaming service. For this reason, the transfer is necessary for the performance of a contract between the data subject and the controller or for the performance of pre-contractual measures at the request of the data subject. The associated transfer of personal data is therefore based on the legal basis of Article  49 (1) (b) of the UK GDPR.

Duration of storage
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The user's IP address must remain stored for the duration of the session in order to enable the use of the website.
In the case of storage of your data in the log file, the data collected therein will be stored indefinitely.

Possibility of objection and removal
As a user, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) of the UK GDPR  pursuant to Article 21 (1) of the UK GDPR. In this case, the controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a user, or the processing serves the purpose of asserting, exercising or defending legal claims.
The processing of personal data to provide the website and to create the log file is absolutely necessary for the operation of the website. Therefore, the user cannot object to this type of processing.
Obligation to provide
The processing of the data mentioned in point 1. is necessary to display the App correctly.

Data processing via Unity

Scope of processing
In order to provide the App, the controller uses services from Unity Technologies, Inc, https://unity.com/addresses. More information on data protection law can be found here: https://unity3d.com/legal/privacy-policy
For this purpose, a number of technically necessary data is collected, e.g. IP addresses, MAC/IMEI/MEID addresses, IDs and technical information about the terminal device: Unique device identifier generated from the device's MAC/IMEI/MEID, which we modify to limit the ability to identify the device in question in the future; An advertising ID, such as the Apple IDFA or Android Ad ID; IP address; Device manufacturer and model; The operating system and version running on your system or device; Browser type; Language; Make of CPU and number of CPUs present; Graphics card information, such as type, manufacturer, and driver name, version, and graphics API; amount of system and video RAM present; current screen resolution; versions of Unity Player and Unity Editor; operating system identifier (e.g., Mac, Windows, etc.); a checksum of all data sent to verify that it was transferred correctly; and the app ID of the installed game.

Purpose of processing
The controller uses the following products of the service provider mentioned in point 1. for the following purposes:
"Unity Cloud Build": The entire learning worlds of the EDURINO App are built in the "Unity Game Engine". The Unity Cloud Build allows the controller to access the software versions (so-called builds) and control different versions. The builds are automatically tested for potential errors. In this way, the controller can test the release readiness of his app to ensure trouble-free gameplay.
"Unity Analytics": the controller's games adaptively adjust to the user's usage actions. Unity Analytics are used to ensure this adaptive part and to respond individually to the user. For example, after a certain number of solution attempts, the gameplay within the app is simplified in relation to the difficulty level to ensure learning success.
"Unity Asset Store": In the Unity Asset Store, creations, including sections of code, graphics or pieces of music are offered for free or for purchase for other projects. The controller uses this offer to be able to provide its app.
The processing of the IP address is used to receive and send data packets and enables a user to retrieve the app or downloads. The temporary storage of the IP address on the server of the controller is necessary in order to transmit the page content to the user's computer system after calling up this content, so that the user can perceive the content.
The processing of the MAC address as well as the data mentioned in point 1. about the IT terminal and the user are necessary to provide the game process and to detect and eliminate errors.
The storage in log files takes place in order to ensure the functionality of the app and downloads and to be able to detect any transmission errors that may occur. In addition, this data is used by the controller to optimise the app and to ensure the security of its information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Legal basis of processing
The processing of the IP address, MAC address, device data and metadata serves to provide the gameplay of the app. The processing of this data is necessary for the performance of the contract to which you are a party or for the implementation of pre-contractual measures that are carried out at your request, pursuant to Article 6 (1) (b) of the UK GDPR.
The processing is based on the legitimate interests of the controller according to Article 6 (1) (f) of the UK GDPR.

Obligation to provide
The processing of the data mentioned in point 1. is necessary to display the App correctly.

Data processing via Amplitude

Scope of processing
To provide the app, the controller uses services provided by Amplitude Inc, 201 3rd Street, Suite 200. San Francisco, CA 94103. United States. More information on data protection law can be found here: https://amplitude.com/legal
For this purpose, a number of technically necessary data is collected about the IT end device on which you have installed the app: Model type (e.g. Samsung A7, iPhone XS) Device type (handheld, desktop PC) Unique ID number, Graphics card data: ID, Name, Memory, Operating System, Persistent Data, CPU Information, Continent Code, Country Code, Latitude and Longitude (location data), Player ID, Error Data.
During gameplay, the following data is collected, which may be associated with a user: Minigame: time to complete the game, number of games played, incorrect actions per minigame; Cutscene: number of views, total number of touches per cutscene (indicates whether the user wants to skip the scene), graphomotor accuracy; Progress: in minigames, badges, avatar; Usage: average game time per week, average session length.

Purpose of processing
Amplitude is a secure platform to analyse usage data while taking into account all relevant legal, industry and regulatory concerns. The controller uses Amplitude to enable and maintain the game operation of the app.
The processing of the IP address is used to receive and send data packets and enables a user to retrieve the app or downloads. The temporary storage of the IP address on the controller's server is necessary to transmit the page content to the user's computer system after calling up this app, so that the user can perceive the content.
The processing of the MAC address as well as the data mentioned in point 1. about the IT terminal and the user are necessary to provide the game flow and to detect and eliminate errors.
The storage in log files takes place in order to ensure the functionality of the app and downloads and to be able to detect any transmission errors that may occur. In addition, this data is used by the controller to optimise the app and to ensure the security of its information technology systems. The usage behaviour is also evaluated in order to address the user of the EDURINO app individually, insofar as he can be identified by an email address, and to inform him about new and similar goods or services by email.

Duration of storage
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The user's IP address must remain stored for the duration of the session in order to enable the use of the website.
In the case of storage of your data in the log file, the data collected therein will be stored indefinitely.

Possibility of objection and removal
As a user, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) of the UK GDPR  pursuant to Article 21 (1) of the UK GDPR. In this case, the controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a user, or the processing serves the purpose of asserting, exercising or defending legal claims.
The processing of personal data to provide the website and to create the log file is absolutely necessary for the operation of the website. Therefore, the user cannot object to this type of processing.
Obligation to provide
The processing of the data referred to in point 1. is necessary in order to display the App correctly.

Data processing by Google Workspace

Scope of processing
The controller uses services provided by Google. The company responsible for this is Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Tel: +353 1 543 1000, Fax: +353 1 686 5660

Purposes of processing
The Controller uses Workspace to send emails and respond to contact requests.
Legal basis of processing
The processing of personal data is based on your consent pursuant to Article 6 (1) (a) of the UK GDPR or for entering into and fulfilling contracts pursuant to Article 6 (1) (b) of the UK GDPR.
Recipients or categories of recipients
Your personal data will be transferred to the order processor, Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Transfer to third countries
Personal data may be transferred to the USA. There is no adequate level of data protection in the USA. This means that users' rights, e.g. the right to information or deletion, cannot be asserted as effectively as in the EU.
However, the data processing by the service provider mentioned in point 1. for the purposes mentioned in point 2. is necessary to offer contact requests or recovery of forgotten passwords in the context of the game operation. For this reason, the transfer is necessary for the performance of a contract between the data subject and the controller or for the performance of pre-contractual measures at the request of the data subject. The associated transfer of personal data is therefore based on the legal basis of Article 49 (1) (b) of the UK GDPR.

Duration of storage
The Controller does not store any personal data beyond the evaluations, reports or functions created by the aforementioned services.
Obligation to provide (pursuant to Article 13 (2) (e) of the UK GDPR).
The provision of your data for the processing of Google Analytics is voluntary. In case of non-provision of your data, no impairments occur.

Rights of the data subject:

Right to withdraw consent:
The data subject has the right to revoke his or her consent, once given, at any time vis-à-vis the Controller in accordance with Article 7 (3) of the UK GDPR. This has the consequence that the data processing, which was based on this consent, may no longer be continued for the future.

Right to access:
Pursuant to Article 15 of the UK GDPR, the data subject has the right to request information about his or her personal data processed by the Controller. In particular, he or she may request information about the processing purposes, the category of personal data, the categories of recipients to whom his or her data have been or will be disclosed, the planned storage period, about the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of his or her data if this has not been collected by the Controller, and about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.

Right to rectification:
The data subject has the right, pursuant to Article 16 of the UK GDPR, to request without undue delay the rectification of inaccurate or incomplete personal data stored by the Controller.
Right to erasure and to be forgotten:
The data subject has the right, pursuant to Article 17 of the UK GDPR, to request the erasure of his or her personal data stored by the Controller, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
Right to restriction of processing:
The data subject has the right pursuant to Article 18 of the UK GDPR the right to request the Controller to restrict processing if one of the following conditions is met: The accuracy of the personal data is contested by the data subject for a period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data; the Controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims; or the data subject objects to the processing pursuant to Article 21 (1) of the UK GDPR as long as it has not yet been determined whether the legitimate grounds of the Controller override those of the data subject.
Right to data portability:
Pursuant to Article 20 of the UK GDPR, the data subject shall have the right to receive the personal data concerning him or her that he or she has provided to a Controller in a structured, commonly used and machine-readable format, and shall have the right to transmit such data to another Controller without hindrance from the Controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the UK GDPR or Article 9(2)(a) of the UK GDPR or on a contract pursuant to Article 6(1)(b) of the UK GDPR and the processing is carried out with the help of automated procedures. When exercising his or her right to data portability, the data subject shall have the right to obtain that the personal data be transferred directly from one Controller to another Controller, where technically feasible.
Right to lodge a complaint:
Any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, pursuant to Article 77 of the UK GDPR, without prejudice to any other administrative or judicial remedy, if the data subject considers that the processing of personal data concerning him or her infringes this Regulation.You can find your relevant supervisory authority at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Right to object:
As a user, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) of the UK GDPR  pursuant to Article 21 (1) of the UK GDPR. 

Contact person for data protection issues: 

To assert data subject rights, simply send an email to the Controller.

Name and contact details of the controller:

The following entity is responsible for this website pursuant to Article 4 No. 7 of the General Data Protection Regulation (hereinafter: "Controller"):

EDURINO UK LIMITED

Franziska Meyer and Irene Klemm

c/o Rödl & Partner Legal Ltd

170 Edmund Street

Birmingham B3 2HB

United Kingdom

Represented by:

Franziska Meyer and Irene Klemm

Contact:

E-Mail: support_uk@edurino.com

Data processing via communication means

Scope of processing
The Controller can be reached by mail, email, contact form if necessary, telephone or via social networks for your inquiries. Simple requests that do not require your identification can be made anonymously. Insofar as your identification should be necessary, e.g. in order to answer you or call you back, the Controller collects your contact data.
If you write a message via the contact form of the Controller, he collects the personal data you entered (first name, last name, e-mail address, message content). In addition, he collects your IP address and log files about the date and time of sending the message.

Purpose of processing
Your personal data is processed in order to identify you, to assign your message to an existing contract, a job advertisement, a job application process or any other business relationship, if applicable, to store it, to answer it or to forward it, if applicable.

Legal basis of processing
If you have given the Controller consent on the occasion of correspondence with you, e.g. within the framework of the contact form, the Controller may process your data within the framework of your consent pursuant to Article 6 (1) (a) of the UK GDPR.
In individual cases, the processing of your data may be necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures that are carried out at your request, pursuant to Article 6 (1) (b) of the UK GDPR.
The processing of personal data may also be based on the legitimate interests of the Controller pursuant to Article 6 (f) of the UK GDPR.

Legitimate interests
The Controller has a legitimate economic interest in being reachable via its contact forms and (electronic) means of communication to process and respond to inquiries with interest in its products and to respond to your inquiries. In addition, he has a legitimate interest in processing your data insofar as you are, for example, a director, employee, job applicant, customer, potential customer or other representative of a contractual partner of the Controller. The Controller also collects information in order to review your job application. He also processes your data for the purpose of contract performance, assertion or defence of claims.

Recipients or categories of recipients
As a rule, your personal data will be processed by the Controller. The latter will only pass on your personal data, which it has received via electronic means of communication, to external recipients to the extent that this is necessary in individual cases in order to process your request.

Transfer to third countries
The Controller will not transfer your personal data abroad unless you agree to this.

Duration of storage
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and due to retention obligations under contract law, commercial law or tax law. Application documents are kept for at least two months after receipt of the rejection. Invoice documents are kept for 10 years, commercial letters for 6 years.
Possibility of objection and removal
As a user, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) of the UK GDPR  pursuant to Article 21 (1) of the UK GDPR. 
Insofar as the Controller bases the processing of your data on your consent or on a contract, you do not have the right to object.

Obligation to provide
Your personal data such as title, first name, last name, e-mail address are required to transmit the request to the Controller via the contact form. Otherwise, the provision of your personal data is voluntary. In the event that you do not provide your personal data, the Controller may not be able to process or respond to your inquiries, requests or wishes. However, if you do not provide the Controller with your e-mail address in the contact form or provide it incorrectly, the Controller will not be able to respond to you.

Data processing through log files

Scope of processing
Each time the Controller's website is called up, its system automatically collects data and information from the computer system with which you as a user call up the Controller's website. This data is stored and processed on the Controller's server in a log file (so-called log files).
Log files store, among other things, the IP address, the browser used, time and date and the system used by a site visitor. The IP address is a string of numbers that uniquely assigns your computer system for the time of calling the above website. Only anonymized IP addresses of visitors to the website are stored at the Controller. At the web server level, this is done by storing an IP address 123.123.123.XXX in the log file by default instead of the actual IP address of the visitor, e.g. 123.123.123, where XXX is a random value between 1 and 254. It is no longer possible to establish a personal reference.

Purpose of processing
The IP address is used to receive and send data packets and enables a user to access a website. The temporary storage of the IP address on the Controller's server is necessary in order to transmit the page content to the user's computer system after calling up this website, so that the user can perceive the content.
The storage in log files takes place in order to ensure the functionality of the website and to be able to detect any transmission errors that may occur. In addition, this data is used by the Controller to optimise the website and to ensure the security of its information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Legal basis of processing
The processing is carried out on the basis of the Controller's legitimate interests pursuant to Article 6 (1) (f) of the UK GDPR.

Legitimate interests
The Controller has a legitimate interest in processing the above personal data for the above purposes in order to ensure that its product and service information is available online.
Recipients or categories of recipients
Your personal data will be disclosed to the Controller's IT department and to its contractors contracted to host and provide IT resources for the operation of the website.

Transfer to third countries
The Controller will not transfer your personal data abroad unless you agree to it.

Duration of storage
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The user's IP address must remain stored for the duration of the session in order to enable the use of the website.
In the event that your data is stored in the log file, the data collected therein will be stored indefinitely.

Obligation to provide
The processing of log files is necessary to properly display the website. In the event that you do not provide an IP address, the page retrieval is excluded for technical reasons.

Data processing through cookies

Scope of processing
On its website, the Controller uses so-called cookies. Cookies are text files that are stored on the user's IT system as soon as he or she calls up the Controller's website. Cookies contain characteristic character strings that enable the browser to be uniquely identified when the website is called up again.
The Controller uses cookies to make its website more user-friendly. Some page elements of the website require that the calling Internet browser can be identified even after a page change within the website.

Purpose of processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of the controller's website cannot be offered without the use of cookies. For these, it is necessary that the Internet browser is recognized even after a page change. With these technically necessary cookies, data is collected, stored and transmitted to the controller to enable the retrieval of its website. The user data collected by technically necessary cookies are not used to create user profiles.
Cookies that are not technically necessary are used by the controller to get to know its target groups better, to evaluate their interests and to draw their attention to its products and company by means of direct marketing.

Legal basis of processing
If you have given the controller your consent via the cookie banner for cookies that are not technically necessary, the controller may process your data within the scope of your consent pursuant to Article 6 (a) of the UK GDPR. For cookies that are technically necessary to operate this website, the processing is based on the legitimate interests of the controller pursuant to Article 6 (1) (f) of the UK GDPR.

Legitimate interests
The controller has a legitimate economic interest in the external presentation of his company and in advertising his products. Technically necessary cookies help the controller to optimally present the website. 
Recipients or categories of recipients
The cookie data is passed on to internal departments of the controller and to its contractors who are commissioned to host and provide IT resources (1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur and STRATO AG, Pascalstraße 10, 10587 Berlin).

Transfer to third countries
In principle, information stored in cookies is not transmitted to third countries, unless it is necessary to identify users for third-party service providers.
Duration of storage
Personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the processing of data to provide the website, this is the case when the respective session has ended. Cookies are stored on the user's IT system and transmitted by it to the controller's server. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the storage of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

Possibility of objection and removal
As a user, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) of the UK GDPR  pursuant to Article 21 (1) of the UK GDPR. In this case, the controller will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user, or the processing serves the purpose of asserting, exercising or defending legal claims. If cookies are disabled for the controller's website, it may no longer be possible to fully use all functions of the website, e.g. the shopping cart of the store. The processing of personal data for the provision of the website by technically required cookies is mandatory for the operation of the website. The user can therefore not object to this type of processing.
Obligation to provide
The provision of your data for the processing of cookies is voluntary. In the event that you do not provide your data, the controller may not be able to address your IT system and you may not be able to use its website or not be able to use it to its full extent.

The cookies used are described in more detail below:

Absolutely necessary cookies.
The purpose of using strictly technically necessary cookies is to simplify the use of websites for users. Some functions of the Controller's website cannot be offered without the use of cookies. For these, it is necessary that the Internet browser is recognized even after a page change. With these technically necessary cookies, data is collected, stored and transmitted to the Controller to enable the retrieval of their website. The user data collected by technically necessary cookies are not used to create user profiles.

Cookie Name

Desciption

Domain

Duration

cart_currency

This cookie contains information about the currency in which the website visitor wants to pay.
www.edurino.co.uk
2 weeks

_tracking_consent

This cookie is used to track settings.
.edurino.co.uk
1 year

_shopify_d

This cookie is set in relation to Shopify Analytics.
.edurino.co.uk
Session

_orig_referrer

This cookie is usually provided by Shopify and used in conjunction with a shopping section.
.edurino.co.uk
Session

Cookiefirst-id

This cookie contains your unique ID so that CookieFirst can identify unique visitors to this website.
www.edurino.co.uk
11 months
3 weeks
5 days

cookiefirst-consent

This cookie stores your cookie settings for this website. You can change these at any time or revoke your consent.
app.cookiefirst.com
11 months
3 weeks
5 days

x-pp-s

This cookie is provided by PayPal and supports the payment services on the website.
.paypal.com
Session

tsrce

This cookie is set by PayPal to enable payments on this website.
PayPal also uses cookies on its website to recognize its customers and shorten the time it takes the user to log in to their PayPal account by retrieving their email in the PayPal database.
.paypal.com
3 days

ts_c

This cookie is set by PayPal to enable payments on this website.
PayPal also uses cookies on its website to recognize its customers and shorten the time it takes the user to log in to their PayPal account by retrieving their email in the PayPal database.
.paypal.com
2 years
- 11 months
- 4 weeks
- 2 days
- 7 seconds

This cookie is set by PayPal to enable payments on this website.
PayPal also uses cookies on its website to recognize its customers and shorten the time it takes the user to log in to their PayPal account by retrieving their email in the PayPal database.
.paypal.com
2 years
- 11 months
- 4 weeks
- 2 days

nsid

This cookie is set by PayPal to enable payments on this website.
PayPal also uses cookies on its website to recognize its customers and shorten the time it takes the user to log in to their PayPal account by retrieving their email in the PayPal database.
www.paypal.com
Session

enforce_policy

This is a cookie that is set by PayPal. PayPal uses cookies to recognize its customers and shorten the time it takes the user to log in to their PayPal account by checking their emails in the PayPal database.
.paypal.com
1 year
- 7 seconds

secure_customer_sig

This cookie is used to identify a user after they sign into a shop as a customer so they do not need to log in again.
www.edurino.co.uk
1 year

Functional cookies

Functional cookies are used to store personalised data, such as your language preference, anonymously so that it can be automatically retrieved the next time you visit. Functional cookies can also be used to enable

Cookie Name

Domain

Duration

LANG

There are many different types of cookies associated with this name,and it is generally recommended to take a closer look at how they are used on a particular website. However, in most cases, it is probably used to store language settings, possibly to provide content in the stored language.
.paypal.com
8 hours
- 46 minutes
- 3 seconds

_shopify_tw

This cookie is used to manage the customer's privacy settings.
.edurino.co.uk
2 weeks

_shopify_tm

This cookie is used to manage the customer's privacy settings.
.edurino.co.uk
30 minutes
- 29 seconds

_shopify_m

This cookie is used to manage the customer's privacy settings.
.edurino.co.uk
1 year

x-csrf-jwt

This cookie is usually provided by PayPal and supports payment services within the website.
.paypal.com
1 week

l7_az

This cookie is set by PayPal to enable payments on this website.
PayPal also uses cookies on its website to recognize its customers and reduce the time it takes users to log in to their PayPal account by retrieving their emails from the PayPal database.
.paypal.com
30 minutes
- 7 seconds

shopifyPaypalAcceleration

This cookie is required for secure checkout and payment function on the website. This function is provided by shopify.com
edurino.co.uk
No time limit

Marketing & other 3rd party cookies
Cookies for marketing and cookies from third parties (third-party cookies) are used by the Controller to measure the success of marketing measures, e.g. whether a website has been visited. They can also be used to subsequently control these accordingly, e.g. to limit the frequency of a displayed advertisement. It is possible that this information is shared with third parties, such as advertisers. Often, these cookies are also linked to third-party site functionalities.

Cookie Name

Domain

Duration

localization

This cookie is used to monitor the localisation of users.
www.edurino.co.uk
2 weeks
- 29 seconds

_shopify_evids

This cookie is set by Shopify and is used for analytics related to marketing and recommendations.
www.edurino.co.uk
Session

_shopify_evids

This cookie is set by Shopify and is used for analytics related to marketing and recommendations.
.edurino.co.uk
Session

This cookie is used for Shopify Analytics.
.edurino.co.uk
Session

_shopify_y

This cookie is used for Shopify Analytics.
.edurino.co.uk
Session

_shopify_sa_t

Shopify Analytics in relation to marketing and recommendations.
.edurino.co.uk
Session

_shopify_sa_p

Shopify Analytics in relation to marketing and recommendations.
.edurino.co.uk
Session

_shopify_s

This cookie is used for Shopify Analytics.
.edurino.co.uk
Session

This cookie is linked to Shopify's analytics suite.
.edurino.co.uk
Session

_landing_page

This cookie is used to track, report and analyze landing pages.
.edurino.com
Session

_gid

Registers a unique ID for a website visitor that logs how the visitor uses the website. The data is used for statistics.
.pay.google.com
1 day
- 7 seconds

_gat_*****

Set by Google Analytics to control the request rate.
.pay.google.com
1 minute

_ga

Registers a unique ID for a website visitor that logs how the visitor uses the website. The data is used for statistics.
.pay.google.com
2 years
- 7 seconds

OTZ

Aggregated analysis of website visitors. Set by Google
.pay.google.com
Session

cto_bundle

Collection of anonymized data on browsing behavior for marketing purposes.
edurino.co.uk
1 year

_pk_ses.689.9642

To measure the effectiveness of TV campaigns.
edurino.co.uk
1 day

_pk_id.689.9642

Measuring the effectiveness of TV campaigns.
edurino.co.uk
1 year

__kla_id

This cookie is used to collect information about the visitor's behavior. This information is used to optimize the web pages or to register if the visitor has subscribed to a newsletter.
edurino.co.uk
400 days

__kla_viewed

Collects information about the user's navigation and preferences on the website - this is used to send potential newsletters based on this information.
edurino.com
No time limit

_gcl_au

Used by Google AdSense to test the effectiveness of advertising on websites that use their services.
edurino.com
90 days

IDE

Used by Google DoubleClick to record and report the website user's actions after viewing or clicking on an advertiser's ad in order to measure the effectiveness of an ad and present targeted ads to the user.
edurino.com
390 days

NID

Registers a unique ID that identifies a returning user's device. The ID is used for targeted advertising.
edurino.com
183 days

VISITOR_INFO1_LIVE

This cookie is set and used by Youtube to track the information of the embedded Youtube videos on a website.
edurino.com
180 days

YSC

This cookie is set by YouTube and is used to track views of embedded videos. Registers a unique ID to keep statistics about which videos from YouTube the user has watched.
edurino.com
Session

Uid

Identify users for remarketing.
edurino.com
390 days

Data processing through cookie banner

Scope of processing
Through the use of a cookie banner, cookies and IP addresses are processed.

Purpose of processing
With the help of the cookie banner, you give your consent to the controller regarding the data processing through cookies and regarding further processing.

Legal basis of processing
This processing is based on the exercise of legitimate interests pursuant to Article 6 (1) (f) of the UK GDPR.

Legitimate interests
The cookie banner is used because the controller has a legitimate economic interest in asking you to allow him to process data also regarding analytics and marketing applications so that the controller can optimise his website.

Recipients or categories of recipients
Your personal data is usually collected by the controller.

Transfer to third countries
The controller will not transfer your personal data abroad unless you agree to this.

Duration of storage
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and due to contractual, commercial or tax retention obligations.

Possibility of objection and removal
You have the right to object to the storage of the cookie banner cookie.
Obligation to provide (pursuant to Article 13 (2) (e) of the UK GDPR)
The provision of your personal data is voluntary. In case of non-provision, you may not be able to click away the cookie banners.

Data processing by Shopify

Scope of processing
The Controller's website is hosted by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Personal data collected on the controller's website is stored on Shopify's servers. This data may include, for example, IP addresses, contact requests, meta and communication data, contact details, names, and website accesses. Shopify's privacy policy is available at: https://help.shopify.com/manual/your-account/privacy/GDPR

Purpose of processing.
The controller uses Shopify as a hoster in order to be able to provide its online store securely, quickly and efficiently.
Legal basis of processing
The data processing is based on the exercise of legitimate interests pursuant to Article 6 (1) (f) of the UK GDPR.

Legitimate interests
The controller has a legitimate interest in operating a secure and functional website.

Recipients or categories of recipients
Your personal data will be shared with the controller's contractors who are contracted to provide IT resources and hosting (Shopify).
In the event that you pay via one of the payment service providers offered, your data will be transmitted to the payment providers named in our terms of service.

Transfer to third countries
Personal data may be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc.
Personal data is transferred in part to the USA or Canada. There is no adequate level of data protection in the USA. This means that users' rights, e.g. the right to information or deletion, cannot be asserted as effectively as in the EU.
However, the data processing by the service provider mentioned in point 1. is necessary for the conclusion of the contract, insofar as you want to order goods via the online store of the controller pursuant to Article 49 (1) (b) of the UK GDPR.
The controller has concluded an order processing contract pursuant to Article 28 (3) of the UK GDPR with the service provider.

Obligation to provide
The provision of your personal data is voluntary. In the event that you do not provide your personal data, you may not be able to make full use of the controller's website.

Data processing via payment service provider PayPal

Scope of processing
The controller uses the following services to process orders: 'PayPal', 'credit card via PayPal', 'direct debit via PayPal' or 'instalment payment via PayPal'. The controller of the service is PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
The following data will be processed: Name, postal address, telephone number, e-mail address and identification data, device information, technical usage data and geolocation data, information in connection with the order, invoice or with the recipient of the transaction, as well as information in connection with a credit rating.
PayPal's privacy information is available at: https://www.paypal.com/de/legalhub/privacy-full.
The data protection officer of PayPal can be contacted at: https://www.paypal.com/us/smarthelp/contact-us/privacy.
Purpose of processing
The payment service provider is used to offer the user standard payment processing via the Internet and to process the transaction through it.

Legal basis of the processing
The legal basis for this data processing is the conclusion and fulfilment of contracts pursuant to Article 6 (1) (b) of the UK GDPR.
Insofar as a credit assessment is made, this data processing is based on the perception of legitimate economic interests of the controller, pursuant to Article 6 (1) (f) of the UK GDPR.

Legitimate interests
The controller has a legitimate interest in protecting itself from non-payment and identity theft and data theft. Statistical probability values are used for the credit rating evaluation, which are based, among other things, on the address of the data subject. Other data is also included.

Recipients or categories of recipients
The data will be forwarded to PayPal and may be transmitted by PayPal to credit agencies. The purpose of this transmission is an identity and credit check. The result of the check is used by PayPal, taking into account the statistical probability of non-payment, for the purpose of deciding whether to provide the respective payment method.

Transfer to third countries
Personal data is transmitted to the Netherlands. If and to what extent PayPal transmits personal data to third countries, please refer to the provider's data protection information.

Possibility of objection and removal
You have the option to revoke your consent to the processing of your personal data at any time vis-à-vis PayPal. However, the revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation, provided that the personal data must be processed, used or transmitted for payment processing in accordance with the contract.

Obligation to provide
The provision of your data is voluntary.

Data processing on Instagram and Facebook

Scope of processing
The controller processes personal data by setting up and using the profile he maintains on Instagram https://www.instagram.com/edurino_uk/?hl=de and on his fan page on Facebook, https://www.facebook.com/edurino_de. Instagram and Facebook are services operated by Facebook Ireland Ltd.
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for the processing of personal data of its users and other persons visiting the profile operated by the controller, as Facebook primarily determines the purposes and means of the processing.
Facebook's privacy policy is available at: https://www.facebook.com/about/privacy/.
Instagram's privacy policy is available at: https://privacycenter.instagram.com/policy.
The provider provides the controller with functions that display anonymized statistical data about the users and other visitors to its profile. This data is collected with the help of so-called cookies, each of which contains a unique user code that is active during specified periods of time and which the aforementioned provider stores on the hard drive of the profile visitors' end devices.
The user code, which can be linked to the login data of such users who are registered with the above-mentioned provider, is collected and processed when the profile is called up. From your usage behaviour, i.e. how you use the profiles of the above-mentioned provider, the latter can create usage profiles in order to offer and carry out the placement of advertisements ("promotions") on its services or on partner sites. Beyond its privacy policy and cookie guidelines, the above-mentioned provider does not provide any information about the extent to which it collects or processes personal data from you.
In the case of the integration of plugins, your IP address is transmitted to the plugin provider. In addition, it may be that in the case of using a plugin, e.g. by playing a video, the provider stores cookies on your end device.
In the context of the use of their Instagram profile, the controller processes the following personal data outside the profile: All of your data that you have provided within the services of the above-mentioned providers in a publicly visible manner, in particular your first and last names, biographical information, age, username, user URL, profile picture, information from profile pages, e.g. chronicle, comments or user interactions on his profile, message content (e.g. in messengers or comments) or other media content that you have communicated, shared or otherwise disclosed to the controller. Through the application functions, the controller also receives aggregated, anonymized statistical data about the users of these profiles, e.g., access numbers, countries of origin, or information about whether you liked or disliked content.

Purpose of processing
The above-mentioned provider generally processes your personal data for market research and advertising purposes and, if applicable, to fulfil the user contract concluded with you in order to provide and maintain the services.

Legal basis of processing
If you are a user of the services of the above-mentioned provider, you have given this provider consent to the processing of your personal data for one or more specific purposes as part of your user contract pursuant to Article 6 (1) (a) of the UK GDPR. The above-mentioned provider may also process your personal data to the extent necessary to enter into and fulfil your user contract pursuant to Article 6 (1) (b) of the UK GDPR.

Recipients or categories of recipients
Please refer to the provider's data protection information to find out whether and to what extent Facebook passes on personal data. Your personal data processed by the controller as part of its Instagram profile will be processed within the controller's marketing department and shared externally with the provider mentioned in point 1. or with other Internet users who take note of the publicly visible content of the controller's Instagram profile.

Transfer to third countries
If and to what extent the above-mentioned provider transfers personal data to third countries, please refer to the provider's data protection information.

Duration of storage
The personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and no retention obligations need to be observed. The controller has no influence on the storage of your personal data by the aforementioned provider. However, the cookies of this provider are stored on your end devices. Therefore, you have full control over the use of these cookies. By changing the settings in your Internet browser, you can disable or restrict the receipt of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. The controller will store your personal data received as part of your request only for as long as is necessary to respond to your request, unless your data must be kept longer due to retention obligations.

Obligation to provide
The use of social media profiles and channels is voluntary. In the event that your data is not provided, it may no longer be possible to fully use all the functions of the website.

Data Processing in Email Marketing by Klaviyo

Scope of processing
If you want to stay updated on the offers from the controller, they will be happy to send you their email newsletter, information about new products, or offers regularly. To do this, you need to register via email. Only your name or company name and your email address are required for this. Your IP address and a timestamp are collected during registration.
The newsletter is sent using the so-called double opt-in procedure. After signing up for the newsletter, you will receive a confirmation email that requires you to confirm your registration by clicking on a corresponding link.
Furthermore, interesting information and offers are sent via email to existing customers.
The controller uses Klaviyo for email marketing and customer relationship management. The provider is Klaviyo, Inc., 125 Summer St, Floor 6 Boston, MA 02111, USA. The provider processes email addresses and meta/communication data (e.g., device information, IP addresses).

Purpose of processing
Your personal data is exclusively used by the controller for their own advertising purposes. The IP address and timestamp are collected to protect the controller's IT systems from misuse.

Legal basis of processing
For sending the newsletter via the contact form, the controller obtains your consent pursuant to Article 6 (1) (a) of the UK GDPR during registration and, if applicable, through the double opt-in procedure. The declaration of consent is voluntary and can be revoked at any time with effect for the future without giving reasons. To do so, please click on "Unsubscribe" or "Objection" in the newsletter email.
If you are an existing customer, and your email address was already collected during the purchase of a figurine or the opening of a user account, you will automatically receive our newsletter with information and offers. The controller uses information about usage behaviour related to the EDURINO app, as far as this can be attributed to a user as the owner of an email address. This data processing is based on Article 6 (1) (b) and (f) of the UK GDPR. The controller has a legitimate economic interest in sending targeted advertising emails to existing customers to draw attention to their goods and services.

Recipients or categories of recipients
Your personal data is generally processed by the controller.

Transfer to third countries
The service provider Klaviyo processes meta/communication data (e.g., device information, IP addresses) in the USA. Suitable safeguards have been agreed upon for this data transfer. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured through standard data protection clauses (pursuant to Article 46 (2) (c) of the UK GDPR), which we have agreed with the provider.
Furthermore, data processing (sending registration emails, recovery emails, receiving emails) is necessary to enter into and fulfil the user agreement, including the user account (pursuant to Article 49 (1) (b) of the UK GDPR).

Duration of storage
Your personal data will be deleted as soon as it is no longer necessary for the purpose of its collection and due to contractual, commercial, or tax retention obligations.

Possibility of objection and removal
Since the processing of your data is based on consent pursuant to Article 6 (1) (a) of the UK GDPR, you do not have the right to object. However, you can unsubscribe from the newsletter at any time using the provided link in the newsletter or by notifying the controller accordingly. After unsubscribing, the controller will promptly delete your email address from its newsletter distribution list.
Obligation to provide (pursuant to Article 13 (2) (e) of the UK GDPR)
Your personal data is required to send you the newsletter. Otherwise, the provision of your personal data is voluntary. In the event of non-provision or incorrect provision of your personal data, the controller may not be able to include you in the distribution list.

Data Processing in Customer Accounts

Scope of processing
When you create a customer account, the following personal data is collected: first name, last name, email address, password; delivery address (street, house number, additional address, postal code, city, country) may also be stored. The email address is verified through the Double Opt-In process. After registering a customer account, you will receive a confirmation email that requires you to confirm your registration by clicking on a corresponding link.

Purpose of processing
Your personal data is processed by the controller to identify you as the account holder, for password recovery, storage of delivery addresses, and analysing customer order history.

Legal basis of processing
The data processing for registering a customer account and related data processing is based on your consent pursuant to Article 6 (1) (a) of the UK GDPR.

Recipients or categories of recipients
Your personal data is generally processed by the controller and may be transmitted to payment service providers and online shop operators (in this case, Shopify).

Transfer to third countries
The controller does not transfer your personal data abroad.

Duration of storage
Your personal data will be deleted as soon as it is no longer necessary for the purpose of its collection and no longer required due to contractual, commercial, or tax retention obligations.
Possibility of objection and removal
Since the processing of your data is based on consent pursuant to Article 6 (1) (a) of the UK GDPR, you do not have the right to object.
Obligation to provide (pursuant to Article 13 (2) (e) of the UK GDPR)
Providing your personal data is necessary to create a customer account. Otherwise, the provision of your personal data is voluntary. In the event of non-provision or incorrect provision of your personal data, a customer account cannot be opened.

Data Processing by Google reCAPTCHA

Scope of processing
The controller uses services (Google reCAPTCHA) from Google. The responsible company is Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Google reCAPTCHA is used to check whether data entry on the controller's website is done by a human or by an automated program. Google reCAPTCHA analyses user behaviour based on various characteristics.
The following data is processed: IP address, duration of stay on the website, and mouse movements made by the user.
Google's privacy policy is available at: http://policies.google.com/privacy
You can contact Google's data protection officer at: https://support.google.com/policies/contact/general_privacy_form

Purpose of processing
The controller uses the Google reCAPTCHA service to verify whether visitors to their website are real people and to protect against abusive automated data collection and spam.
Legal basis for processing
The data processing is based on your consent pursuant to Article 6 (1) (a) of the UK GDPR.
Recipients or categories of recipients
The data collected during the analysis is forwarded to Google.

Transfer to third countries
Some personal data is transferred to the USA. In the USA, there is no adequate level of data protection. This means that the rights of users, such as the right to access or deletion, may not be as effectively enforced as in the EU. The user acknowledges that they are aware of these circumstances and expressly agrees that the controller may transmit their personal data to this contractor. This transfer is based on Article 49 (1) (a) of the UK GDPR.

Possibility of objection and removal, provision
As a user, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) of the UK GDPR  pursuant to Article 21 (1) of the UK GDPR. The provision of your personal data is voluntary.

Data Processing by Criteo

Scope of processing
Our website also uses the remarketing technology of Criteo GmbH, Unterer Anger 3, 80331 Munich ("Criteo"). Criteo uses cookies ("marketing cookies") and similar technologies to collect data in purely anonymized form about the surfing behaviour of website visitors for marketing purposes.
Criteo can analyse surfing behaviour and then display targeted product recommendations as suitable advertising banners when visiting other websites. In no case can the anonymized data be used to personally identify website visitors.
You can find more information on this in Criteo's privacy policy, where you can also object to the anonymous analysis of your surfing behaviour.

Purpose of processing
The above-mentioned provider usually processes your personal data for market research and advertising purposes. The data collected by Criteo is only used to improve the advertising offer. Each displayed banner has a small "i" (for information) in the lower right corner that opens when you hover over it and leads to a page explaining the system.

Legal basis of processing
The processing is based on the consent given as part of the cookie banner pursuant to Article 6 (1) (a) of the UK GDPR.
Recipients or categories of recipients
Your personal data is generally processed by the controller.

Transfer to third countries
Whether and to what extent the above-mentioned provider transmits personal data to third countries can be found in the provider's data protection information: https://www.criteo.com/privacy/how-we-use-your-data/

Duration of storage
Personal data will be deleted as soon as it is no longer required for the purpose of its collection and no longer required due to contractual, commercial, or tax retention obligations. The controller has no influence on the storage of your personal data by the mentioned provider. However, this provider's cookies are stored on your end devices. Therefore, you have full control over the use of these cookies. You can disable or restrict the receipt of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. The controller only stores your personal data received as part of your request for as long as necessary to respond to your request, unless your data must be retained due to legal retention obligations.
Obligation to provide
The provision of personal data is voluntary.

Data Processing by Spoteffects

Scope of processing
We use the "Spoteffects" service from XAD spoteffects GmbH (Saarstr. 7, 80797 Munich) on our website to measure the effectiveness of our TV advertising campaigns. Spoteffects uses the analysis tool Matomo (formerly known as "Piwik") for the analysis of interactions. Subsequently, data on website traffic and the number of orders are combined with information on TV broadcasts. This allows us to evaluate and optimise our TV campaigns.
Matomo is an analytics tool provided by InnoCraft Ltd., 150 Willis St, 6011, Wellington, New Zealand ("Matomo"). Matomo uses a cookie ("Analytics Cookies") to analyse your user behaviour on our website. The cookie that is placed on your computer when you visit our website also stores and transmits your anonymized IP address. This means that when transmitting data to our server, the IP address is truncated so that we, as visitors to our website, can no longer identify you. In addition, the time of the website visit, page views, the browser used, browser settings, the operating system used, screen resolution of the used device, referrer of entry into the website, search terms of website entry, and cookie ID are recorded. The evaluation is solely for the purpose of optimising and further developing our TV campaigns.
Further information can be found in Matomo's privacy notice.

Purpose of processing
The above-mentioned provider usually processes your personal data for market research and analysis purposes. This tool allows us to optimise our websites and offers.

Legal basis of processing
Processing is based on the consent given as part of the cookie banner pursuant to Article 6 (1) (a) of the UK GDPR.
Recipients or categories of recipients
Your personal data is generally processed by the controller.

Transfer to third countries
No personal data is transferred to third countries.

Duration of storage
Personal data will be deleted as soon as it is no longer required for the purpose of its collection and no longer required due to contractual, commercial, or tax retention obligations. The controller has no influence on the storage of your personal data by the mentioned provider. However, this provider's cookies are stored on your end devices. Therefore, you have full control over the use of these cookies. By changing the settings in your internet browser, you can disable or restrict the receipt of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. The controller stores your personal data that it has received as part of your request only for as long as necessary to respond to your request, unless your data must be retained due to legal retention obligations.

Obligation to provide
The provision of personal data is voluntary.

Data Subject Rights

Right to withdraw consent: The user has the right to withdraw their consent pursuant to Article 7 (3) of the UK GDPR at any time by notifying the controller. This will result in the data processing based on this consent not being continued in the future.
Right to information: The user has the right pursuant to Article 15 of the UK GDPR to request information about their personal data processed by the controller. In particular, they can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom their data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of their data, if it has not been collected from the controller, as well as the existence of automated decision-making, including profiling, and, where appropriate, meaningful information about its details.
Right to rectification: The user has the right to demand the immediate correction of inaccurate or incomplete personal data stored by the controller pursuant to Article 16 of the UK GDPR.
Right to erasure and to be forgotten: The user has the right, pursuant to Article 17 of the UK GDPR, to request the deletion of their personal data stored by the controller, provided that processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
Right to restriction of processing: The user has the right pursuant to Article 18 of the UK GDPR to request the restriction of the processing of their personal data, provided that the accuracy of the data is disputed by them, processing is unlawful, but they oppose its erasure and the controller no longer needs the data, but the user needs it to assert, exercise or defend legal claims or the user has objected to processing pursuant to Article 21 of the UK GDPR.
Right to data portability: The user has the right pursuant to Article 20 of the UK GDPR. to receive their personal data that they have provided to the controller in a structured, common and machine-readable format or to request the transfer to another controller.
Right to Complain: The user has the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the UK GDPR. In general, they can contact the supervisory authority at their usual place of residence or work or at the registered office of the controller.
Right to object: If the user's personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) (f) of the UK GDPR., they have the right to object to the processing of their personal data for reasons arising from their particular situation pursuant to Article 21 of the UK GDPR. The provision of personal data is voluntary.

Data Processing for Business Customers (B2B)

Scope of processing
Personal data of business customers is processed in Shopify (see above). To do this, we transmit your company, business address, contact details, website, names of contact persons, VAT ID or business registration, and other information that you have provided about your industry, emails, or free-text fields to Shopify International Limited, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, Dublin. More information about data processing at Shopify can be found above in this privacy policy.
New customers can apply for access to the EDURINO partner portal via a form to be filled out by email.

Purpose of processing
To the extent that the above-mentioned data is personal data, it is processed to register your company as our business customer with Shopify so that you can take advantage of all the benefits of modern, automated order processes.

Legal basis of processing
Processing is based on consent given as part of emails or application forms pursuant to Article 6 (1) (a) of the UK GDPR and for the conclusion and performance of B2B contracts, pursuant to Article 6 (1) (b) of the UK GDPR. To the extent that you have agreed to receive future personalised information about new products, promotions, and marketing messages, this data processing is also pursuant to Article 6 (1) (a) of the UK GDPR.
Recipients or categories of recipients
Your personal data is generally processed by us.

Transfer to third countries
Personal data is partially transferred to the USA. In the USA, there is no adequate level of data protection. This means that the rights of the data subject, such as the right to information or deletion, cannot be enforced as effectively as in the EU. The user acknowledges that they are aware of these circumstances and expressly agrees that the controller may transmit their personal data to this contractor. This transfer is pursuant to Article 49 (1) (a) of the UK GDPR.

Obligation to provide
The provision of personal data is voluntary.

To exercise the right to object, an email to the controller is sufficient.

As of: August 2, 2023

Privacy policy

Data protection at a glance:

Any questions? We're happy to help!

New Learning Worlds are on their way!