We have detected a browser version (Internet Explorer 9 or older) that is not supported by our application (starting from Internet Explorer 11). This can lead to erroneuous representations of individual components of the internet site.
Privacy Policy
Processing (personal) data by the online shop operator (asknet)
1. General information
asknet Solutions AG, hereinafter referred to as 'asknet', is a company based in Germany that offers e-commerce and global payment solutions as well as software procurement platforms. This privacy policy describes how 'asknet' handles personal data when you visit its online shops or order a product.
asknet processes e-commerce payment transactions, hereinafter referred to as 'transaction', in the online shops; it operates as a personal data controller to create, verify and execute transactions.
In the transaction, asknet receives customer and payment information from the buyer/end customer and uses fraud prevention services for this purpose and passes on personal data (including payment data) to a payment processor.
2. Responsible person
Responsible for processing in the sense of data protection law is:
asknet Solutions AG
Vincenz-Prießnitz-Str. 3
76131 Karlsruhe, Germany.
Phone: +49(0)721/96458-0
Fax: +49(0)721/96458-99
E-mail: gmac@support-asknet.com
You can also contact our data protection team directly by writing to privacy@asknet.com.
Our data protection officer is:
Mr. Markus Strauss
tacticx Consulting GmbH
Walbecker Straße 53
47608 Geldern, Germany
E-mail: asknet@extern.tacticx.com
We process your data in strict confidence and only for the purpose we informed you of when collecting the data. Our standards for processing your data are the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and the other applicable data protection regulations.
3. Data processing when using our online shop systems
The personal data you provide to us will be used by us to provide you with the products you have ordered, to process payments, to respond to your enquiries, for registration (if required) and to provide you with additional information, facilities and features about the products you have ordered. We also use this information to prevent or detect fraud and abuse of our online shops, to customise the features, performance and support of the online shops to our customers' needs, and to perform technical, logistical and other functions or improvements.
3.1. Website visit
Each time you visit our online shops and their websites, a number of general data and information, including personal data, are collected by our systems. The following data is stored:
- IP address (if applicable, in anonymised, shortened form)
- Date and time of the request (timestamp)
- Request details and destination address (protocol version, HTTP method, referrer, UserAgent string)
- Name of the retrieved file and amount of data transferred (requested URL incl. query string, size in bytes)
- Message indicating whether the request was successful (HTTP status code)
- Website from which the request came
- Browser type or app used
- Operating system and its interface
- Language and version of the browser software
When processing this data, we do not draw any conclusions about your person. There is neither a personal evaluation nor an evaluation of the data for marketing purposes or profiling.
The legal basis for processing the data is Art. 6 para. 1 lit. f GDPR. The processing of the data is technically mandatory to provide our websites and ensure the stability and security of our systems. This is also our legitimate interest. There is no possibility to use our websites without such processing of data, i.e. you have no possibility to object.
3.2. Order processing and contract fulfilment
When you shop in our online shop, we process the following personal data from you to process your order:
- Last name, first name
- Address (billing and delivery address)
- E-mail address
- Your telephone number
- Customer number
- Payment data (e.g. credit card number, card verification code, account number, account name, invoice postcode)
Within the scope of what is legally permissible, we pass on your data to our subsidiaries that support us in properly fulfilling the contract. In turn, these companies are obliged to comply with the applicable data protection regulations. In particular, these companies may only process the data to fulfil their tasks on our behalf and only in accordance with our instructions. Data processing in connection with the ordering process is based on Art. 6 (1) lit. b GDPR.
We collect your address as a basis for tax calculation, transaction processing and support, as well as for statistical purposes. We transmit your address to logistics service providers solely to fulfil your order via our online shop and for statistical purposes. We do not sell your address and contact details in conjunction with other information, combine them with non-transactional records or use them for promotional purposes.
In certain online shops, we give users the option to provide us with account registration information. This information may include but is not limited to name, address, email address and password.
Without your express prior consent, we will only send you product-related announcements of a non-promotional nature (such as announcements related to your purchase of products or subscription renewal information) and only if we deem it necessary.
3.3. Contact
If you contact us by email, fax or telephone, or if you use one of the customer service contact forms provided in the online shops, we will collect any personal data you provide to us in connection with that communication. Unless your request relates to the performance of a contract, the legal basis for processing your request is Art. 6 (1) lit. f GDPR. Our legitimate interest is the processing of your request.
Unless otherwise stated above, the legal basis for all processing activities mentioned in this section is Art. 6 (1) (b) GDPR and - with regard to processing for the purpose of complying with a legal obligation to which we are subject - Art. 6 (1) (c) GDPR.
3.4. Preventing fraud and combating money laundering
asknet collects and processes personal data for the following purposes:
- Validation of the legitimacy of a transaction under applicable anti-money laundering laws through the use of internal tools and external providers (under Art. 6(1) lit. c GDPR),
- Confirmation that the intended transaction is not fraudulent in nature through the use of internal tools and external providers (under Art. 6(1)(f) GDPR), and
- Execution of the transaction (under Art. 6 para. 1 lit. b GDPR).
3.5. Personal data from other sources
We may receive personal data about you from other sources, such as product suppliers or third parties who provide services to us in connection with the website or online shop. We may aggregate this information with the personal data we collect from you through the Website or Online Store to prevent or detect fraud or misuse of our Website or Online Stores, to fulfil your order and to contact you regarding your product order. We do not process this data for marketing purposes.
The legal bases for these processing activities are Art. 6 (1) lit. b GDPR, insofar as the data is necessary for the performance of the contract, and Art. 6 (1) lit. f GDPR for the prevention and detection of fraud and abuse.
In order to prevent late payment, we reserve the right to obtain information about your creditworthiness (for example, based on mathematical-statistical processes) from third parties for certain payment methods (for example, direct debit and purchase orders) in accordance with Art. 6 (1) f GDPR.
3.6. Data protection for minors
asknet's online shops, website and product purchases are intended exclusively for adults. asknet does not knowingly collect information from children under the age of 18. If you are under 18, please do not submit any personal information through the platform. We encourage parents and guardians to monitor their children's Internet use and to help enforce our privacy policy by instructing their children never to provide personal information on our platform without their permission.
If you have reason to believe that a child under the age of 18 has provided asknet with personal information through the Platform, please contact privacy@asknet.com, and we will endeavour to delete that information from our databases.
Additional notice to the residents of the United States:
We do not specifically collect or store information from visitors to the Website or online shops who are under the age of thirteen (13).
3.7. Law enforcement, disclosure to public authorities and departments
We may disclose your personal data to recipients if such disclosure is necessary to:
- comply with applicable laws or comply with subpoenas or warrants served on us (Art. 6 (1) (c) GDPR),
- enforce our terms and conditions (Art. 6 para. 1 lit. b GDPR),
- protect and defend our rights or property or the rights or property of visitors to our online shops and website, our customers, our suppliers or other third parties (Art. 6 para. 1 lit. f GDPR), or
- in certain situations, to comply with lawful requests by public authorities to disclose personal data, in particular, to comply with national security or law enforcement regulations (Art. 6 (1) (c) GDPR).
In the case of tax-exempt orders from certain EU countries your address data may be forwarded to the relevant tax authorities to check whether your value added tax identification number (VAT ID) is correct (Art. 6 para. 1 lit. c GDPR).
4. External service providers
We transmit your personal data to external service providers who support us in communication as well as in the operation of the website and the online shops and who act on our behalf to provide you with the website, the online shops and the products as well as the associated customer support. Where we use third parties to perform our services, we process personal data in accordance with the provisions of the GDPR, the CCPA and other applicable laws and regulations. Categories of service providers that assist us in providing our services to you include, for example, services to communicate with you via email, process transactions, perform customer authentication, ship products, screen orders for fraudulent activity, provide customer service or fulfilment services to us and/or maintain consistent compliance with applicable laws and regulations. However, external service providers who process data on our behalf do not have the right to use your personal data unless it is necessary to assist us in providing the online shops, related processes and products. Transfers to downstream third parties are subject to the provisions of this Privacy Policy regarding notice and choice and the agreements with our external service providers and the supplier.
| Third-Party Service/Vendor | Entity Country | Nature Of Services |
|---|---|---|
| Sift Science Inc. | USA, UK | Fraud Prevention |
| ecovium Holding GmbH | Germany | SDN Screening |
| Paypal Holdings Inc. | USA | Payment processing |
| Global Collect Services B.V. | Netherlands | Payment processing |
| Chase Paymentech, LLC | USA | Payment processing |
| DG Financial Technology Inc. | Japan | Payment processing |
| Unzer GmbH | Germany | Payment processing |
| Avalara, Inc. | USA | Commercial support |
| Amazon Web Services, Inc. (AWS) | USA, Ireland, Germany, Japan | Technical Support Services |
| Freshworks Inc. | USA, UK, EU, Australia | Technical support services |
We provide analytical data to analytics and tracking technology providers as described under "Cookies and Tracking Technologies".
5. Cookies and tracking technologies
So-called cookies are used in online shops. These are small text files that are stored on the device with which you access the website. Different categories of cookies are used: essential cookies, analysis cookies, cookies for the provision of external media and marketing cookies.
- Essential cookies are required to ensure the core functionality of the website.
- Analysis cookies are cookies used to track user behaviour on our website so that the website's functionality can be improved.
- Marketing cookies are cookies that we use to serve interest-based advertising.
The legal basis for the use of essential cookies is Art. 6 (1) lit. f GDPR - a legitimate interest. Our legitimate interest in using essential cookies is to be able to provide a functioning website.
The legal basis for the other cookies is Art. 6 (1) lit. a GDPR - your consent. No non-essential cookies will be set without your permission. You can revoke your permission at any time with effect for the future. You can withdraw your permission here.
You can also determine whether you wish to allow cookies via your browser settings. Please note that deactivating cookies may result in the website's limited or completely disabled functionality.
You can configure the handling of cookies in your browser yourself. By changing the settings in your browser, you can deactivate or restrict the transmission of cookies. You can delete cookies that have already been saved at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to use all functions to their full extent. You can find more information on the websites of your respective browser provider:
- Google Chrome
- Mozilla Firefox
- Safari
- Internet Explorer
- Opera
We use cookies on our websites. If a user access one of our web pages, a cookie may be stored on the user's operating system. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when our web pages are called up again. Among other things, the following data is stored and transmitted in the cookies:
- Language settings
- Log-in information
- Shopping cart information
The purpose of the use of cookies is the user-friendly design of our websites. The processing of personal data using cookies is generally based on Art. 6 (1) lit. f DS-GVO, for some cookies and tools consent is obtained via a consent management tool (Art. 6 (1) lit. a DS-GVO). Cookies are stored on the user's computer and transmitted from there to our websites. Users can deactivate or restrict the transmission of cookies by changing the settings of their internet browser. Cookies that have already been stored can be deleted at any time. If cookies are deactivated for our websites, it may no longer be possible to use all the functions of our websites to their full extent.
6.1. UserCentrics Consent Management Platform
Service description
This is a consent management service. Usercentrics GmbH is used as a processor on the website for the purpose of consent management.
Processing company
Usercentrics GmbH
Sendlinger Str. 7, 80331 Munich, Germany
Below you can find the e-mail address of the data protection officer of the processing company:
datenschutz@usercentrics.com
Data processing purposes
This list contains all (personal) data collected by or through the use of this service:
- Einhaltung der gesetzlichen Verpflichtungen
- Einwilligungsspeicherung
Technologies used
This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser.
- Local Storage
Collected data
This list contains all (personal) data collected by or through the use of this service
- Opt-in and opt-out data
- Referrer URL
- User Agent
- User settings
- Consent ID
- Time of consent
- Consent type
- Template version
- Banner language
Legal basis
The required legal basis for the processing of data is::
- Art. 6 para. 1 p. 1 lit. f GDPR.
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the
specified processing purposes.
The consent data (consent and revocation of consent) is stored for three years.
Data recipients
This list contains all recipients of the data collected:
- Usercentrics GmbH
Click here to read the privacy policy of the data processor
UserCentrics Privacy Policy
6.2 mba.com Store
Service description
Online shop for purchase of mba.com products.
Processing company
living-c eCommerce Solutions GmbH
Am Pfad 11
69469 Weinheim
Germany
Below you can find the e-mail address of the data protection officer of the processing company:
privacy@living-c.de
Data processing purposes
This list contains all (personal) data collected by or through the use of this service:
- Purchase
- Delivery
- Support
Technologies used
This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser.
- Cookies
Collected data
This list contains all (personal) data collected by or through the use of this service
- Session data for user recognition
Legal basis
The required legal basis for the processing of data is::
- Art. 6 para. 1 p. 1 lit. f GDPR.
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- Germany
Retention period
The retention period is the time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.
Data recipients
This list contains all recipients of the data collected:
- living-c eCommerce Solutions GmbH
- asknet Solutions AG
Click here to read the privacy policy of the data processor
mba.com Store Privacy Policy
Stored information
- Name: shopsc Session Cookie; Stores a reference to the user's session; Type: cookie; Duration: 1 year; Domain: store.mba.com;
- Name: shoplc Login Cookie; Stores a reference to the user's login status; Type: cookie; Duration: 1 year; Domain: store.mba.com;
6.3. Adobe Analytics
Service description
Service description
Adobe Analytics is a web analytics service used by living-c eCommerce Solutions GmbH, a reseller of mba.com Store and your contractual partner for all orders in our online shop. The analytics service is used exclusively on the online shop pages (store.mba.com).
Processing company
Adobe Systems Software Ireland Limited
4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland
Below you can find the e-mail address of the data protection officer of the processing company:
DPO@adobe.com
Data processing purposes
This list contains all (personal) data collected by or through the use of this service:
- Analysis
Technologies used
This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser.
- Cookies
Collected data
This list contains all (personal) data collected by or through the use of this service
- Ad Campaign success rates
- Browser information
- Click path
- Clicked ads
- Cookie ID
- Date and time of access
- Device information
- Information provided by users in forms on this site
- IP address
- Connection speed
- Items placed in the shopping cart
- Website name
- Personal information that users provide outside of the services
- Product information such as colors, prices, styles, and photos
- Purchase activity
- Referrer URL
- Search query when the user clicks on the link to this page
- Usage data
- Whether the user clicked on a link, image or text
- Whether the user downloaded a file, image, or something else
Legal basis
The required legal basis for the processing of data is::
- Art. 6 Abs. 1 p. 1 lit. a GDPR
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the period during which the collected data is stored for processing. The data will be deleted as soon as it is no longer necessary for the processing purposes.
Data recipients
This list contains all recipients of the data collected:
- Adobe Inc.
- Adobe Systems Software Ireland Limited
Click here to read the privacy policy of the data processor
Adobe Privacy Policy
Click here to opt-out on all domains of the processing company
Adobe Opt-Out
Storage information
Maximum limit for the storage of cookies: 2 yearsStored information
- Name: AMCV_##@AdobeOrg; Identifies the same visitor in different Marketing Cloud solutions; Type: cookie; Duration: 2 years; Domain: Current Website;
- Name: AMCVS_###@Adobe.Org; Cookie used to recognize new sessions to retrieve visitor ID; Type: cookie; Duration: session;
- Name: demdex; The demdex cookie contains the demdex ID generated by the DCS; Type: cookie; Duration: 5 months, 27 days; Domain: demdex.net;
- Name: s_cc; This cookie is set and read by the JavaScript code to determine if cookies are enabled (simply set to "True"); Type: cookie; Duration: Session;
- Name: s_sq; This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous link the user clicked; Type: cookie; Duration: session;
6.4. Google AdWords Conversion
Service description
This is a conversion marketing service. This service helps websites measure the success of their Google Ads campaigns.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Below you can find the contact form of the data protection officer of the processing company:
Google Data Privacy Contact Form
Data processing purposes
This list contains all (personal) data collected by or through the use of this service:
- Advertising
- Analysis
- Conversion tracking
Technologies used
This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser.
- Cookies
Collected data
This list contains all (personal) data collected by or through the use of this service
- Ad Campaign success rates
- Browser language
- Browser type
- Clicked ads
- Cookie ID
- IP address
- Number of purchases made through advertisements
- Web request
Legal basis
The required legal basis for the processing of data is::
- Art. 6 Abs. 1 p. 1 lit. a GDPR
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.
Data recipients
This list contains all recipients of the data collected:
- Google LLC
- Google Ireland Limited/li>
Google Privacy Policy
Click here to opt-out on all domains of the processing company
Google Privacy Controls
Storage information
Maximum limit for the storage of cookies: 1 yearStored information
- Name: test_cookie; Set as a test to check if the browser allows cookies to be set. Does not contain any identifiers; Type: cookie; Duration: 15 minutes; Domain: doubleclick.net;
- Name: IDE; Contains a randomly generated user ID. This ID allows Google to recognize the user across different websites and display personalized advertising; Type: cookie; Duration: 1 year; Domain: doubleclick.net;
6.5. Google Analytics
Service description
This is a web analytics service. It allows the user to measure advertising ROI and track Flash, video, and social networking sites and applications.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Below you can find the e-mail address of the data protection officer of the processing company.
Google Data Privacy Contact Form
Data processing purposes
This list contains all (personal) data collected by or through the use of this service:
- Marketing
- Analysis
Technologies used
This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser.
- Cookies
- Pixel
Collected data
This list contains all (personal) data collected by or through the use of this service
- App updates
- Click path
- Date and time of access
- Device information
- Downloads
- Flash version
- Location information
- IP Address
- JavaScript support
- Visited pages
- Purchase activity
- Referrer URL
- Usage data
- Widget interactions
- Browser information
Legal basis
The required legal basis for the processing of data is::
- Art. 6 Abs. 1 p. 1 lit. a GDPR
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
- European Union
Retention period
The retention period is the time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes. The retention period depends on the type of data stored. Each customer can define how long Google Analytics retains data before it is automatically deleted.
Transfer to third countries
This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you potentially having any legal recourse. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
- USA
- Singapore
- Chile
- Taiwan
Data recipients
This list contains all recipients of the data collected:
- Google LLC
- Alphabet Inc.
- Google Ireland Limited
Click here to read the privacy policy of the data processor
Google Privacy Policy
Click here to read the cookie policy of the data processor
Google Cookie Policy
Click here to opt-out on all domains of the processing company
Google Privacy Controls
Storage information
Maximum limit for the storage of cookies: 2 years
Stored information
- Name: _ga; This is used to distinguish users; Type: cookie; Duration: 2 years;
- Name: _gid; This is used to distinguish users; Type: cookie; Duration: 1 day;
- Name: _gat ; Used to throttle the request rate; Type: cookie; Duration: 1 minute;
- Name: _dc_gtm_xxx; This is used to distinguish users; Type: cookie; Duration: 1 minute;
- Name: _gat_gtag_xxx; This is used to distinguish users; Type: cookie; Duration: 1 minute;
- Name: _gac_xx; This contains information about which ad was clicked; Type: cookie; Duration: 2 months, 29 days;
- Name: IDE; Using this ID, Google can recognize the user on various websites and domains and display personalized advertising; Type: cookie; Duration: 1 year;
6. Data subject rights
If personal data is processed by asknet as the data controller, you as the data subject have, depending on the legal basis and purpose of the processing, certain rights from Chapter III GDPR, in particular the right to information (Art. 15 GDPR), the right to correction (Art. 16 GDPR), the right to deletion (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR), the right to object (Art. 21 GDPR). If the processing of personal data is based on your consent, you have the right to revoke your consent under data protection law in accordance with Art. 7 III GDPR.
To exercise your data subject rights about the data processed for the operation of this website, please contact us using the contact details provided in Section 2.
6.1. Right of complaint
You have the right to complain to a data protection supervisory authority. To do so, you can contact the data protection supervisory authority responsible for your place of residence or federal state or the data protection supervisory authority responsible for us.
This is:
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.
Address:
Lautenschlagerstraße 2070173 Stuttgart GERMANY
Postal address:
PO Box 10 29 32
70025 Stuttgart GERMANY
Phone: +49 711 6155 41-0
Fax: +49 711 6155 41-15
E-mail: poststelle@lfdi.bwl.de
6.2. Right of objection
If we process your personal data based on our legitimate interests, you have the right to object to such processing on grounds relating to your particular situation. This applies equally to profiling. If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, to the extent that profiling is involved in connection with such direct marketing.
6.3. Additional rights under the CCPA (USA)
In addition to the above information, you have the right to instruct asknet not to sell your data as defined in the CCPA. To this end, you may send your instructions to privacy@asknet.com. asknet will not discriminate against you for exercising any of your applicable rights under the CCPA.
If you would like more information about your rights as a data subject and/or how to exercise these rights, please contact our Data Protection Officer or privacy@asknet.com. Please note that the exercise of these rights is generally free of charge. If requests are manifestly unfounded or disproportionate, in particular, due to a certain level of repetition, we may charge a reasonable fee (not exceeding our actual costs) by applicable legal requirements or refuse to process the request.
7. Security
We use commercially reasonable and appropriate physical, technical and organisational measures and procedures to secure and protect your personal data during processing – in particular – collection, transmission and storage. Your personal data is only accessible to authorised employees who are familiar with asknet's privacy policy.
7.1. Automated decision making
With the exception of automated controls to prevent payment fraud and to avoid breaches of government sanctions lists (e.g. OFAC), we do not process your personal data for any other automated decision-making, including profiling, as addressed in Article 22(1) and (4) GDPR.
8. Data retention
asknet retains personal data for as long as necessary to enable product sales, comply with legal obligations (statutory retention obligations), settle disputes, and enforce our agreements.
In principle, we delete your personal data as soon as it is no longer required for the aforementioned purposes unless temporary storage is still necessary. We store your personal data based on legal obligations to provide proof and to retain records, which result, among other things, from the German Commercial Code and the German Tax Act, under which retention periods of up to ten full years are provided. In addition, we retain your data for the period when claims can be asserted against our company.
Upon your request, we will restrict the processing of your personal data on the basis of applicable law. Once the legal retention periods have expired, the data will be removed from our operational systems.
9. Final provisions
asknet reserves the right to adapt this privacy policy at any time to ensure that it always complies with current legal requirements or to implement changes to the services in the privacy policy, e.g. when new services are introduced or changes are made to the online shops. The new data protection declaration will apply when you call this website again.
Version: December 2022
