Privacy Policy of Leica Camera AG
Using the website leica-camera.com involves the processing of personal data (hereinafter simply “data”). Because the protection of our users’ privacy is important to us, we would like to inform you which personal data we collect when you use the website and the associated services as well as the purposes for which we process the data.
With a view to protecting the privacy of your end devices (computer or mobile device), we will also provide you with information about storage and access to information on your end device via cookies or similar technologies.
1. Controller / Contact Details
Leica Camera AG
Am Leitz-Park 5
35578 Wetzlar
Germany
Email: data-protection@leica-camera.com
Should you have any questions or suggestions regarding data protection or this Privacy Policy, or if you would like to contact us to assert your rights, please use the above-mentioned contact details when submitting your query.
2. Data Protection Officer
You can contact our data protection officer at: DPO@leica-camera.com.
3. Automated Data Processing
When accessing our website, your end device automatically transmits certain data for technical reasons, which is required to establish the connection and access the queried and embedded contents (e.g., shopping cart, texts, images, videos and product information as well as data provided for downloading). This comprises:
- the IP address or device ID allocated to the respective end device
- the type of end device in question
- browser type/version
- the operating system used
- the visited website
- the previously visited website (referrer URL)
- the date and time of the server query
- the HTTP status code
The collection and subsequent processing is intended to deliver the contents of our website and make the functions and services associated with our website available to you.
We store this data for the following purposes:
- to ensure the security of our IT systems, e.g., to defend against specific attacks on our systems and to detect attack patterns
- to ensure the proper operation of our IT systems, e.g., when faults occur which we can only resolve by storing the IP address
- for law enforcement, hazard prevention or prosecution if there is specific evidence of crimes
The data is processed on the basis of our overriding legitimate interests specified above; Art. 6 para. 1(f) of the General Data Protection Regulation (GDPR).
We store this data for a period of 14 days. We then delete or anonymize this data, including the IP addresses.
The data is only stored for a longer period when there are specific indications to warrant a justified suspicion of unlawful use which necessitates an additional review and processing of the data for this reason.
4. Hosting
We use the services provided by Amazon Web Services EMEA S.a.r.l., 38 avenue John F. Kennedy, L-1855 (“AWS”) based in Luxembourg and Profihost GmbH, Expo Plaza 1, 30539 Hannover, Germany (“Profihost”) for the hosting and operation of our website. AWS and Profihost process your personal data on our behalf, i.e., exclusively in accordance with our instructions (see Art. 4 no. 8 and Art. 28 GDPR).
5. Data Processing When Visiting the Website and the Related Functions and Services
We process your personal data to provide the functions available when using the website and the associated functions and services.
When you use specific functions in connection with the website or define any settings such as search and filter functions, place products in the shopping cart or select a language, we will process the information you provided and the settings you defined in order to provide these functions.
The processing is required in order to provide you with the requested functions. The legal basis for the respective data processing is Art. 6 para. 1(b) GDPR.
You can create an account in order to use additional functions of the website and associated services such as product registration.
6.1 Registration/Login
When registering your account, you must provide the following information:
- country and language
- your first and last name
- your email address
- your chosen password
You can also specify your preferred salutation (optional).
We process mandatory information:
- to create and manage your account for you
- to provide you with the functions and services associated with the account
- to prevent and uncover cases of fraud in connection with the account
You will neither be able to create an account nor use the functions and services associated with the account if you do not provide this information. The legal basis for the processing is Art. 6 para. 1(b) GDPR. Processing is required to execute the contractual relationship with you.
We process the information you provide on a voluntary basis so that we can use your preferred salutation when responding to queries you submit. This also constitutes our legitimate interest as per Art. 6 para. 1(f) GDPR.
We also process the data related to the login to authenticate your login. We have a legitimate interest in ensuring that only authorized persons have access to the respective account, Art. 6 para. 1(f) GDPR.
6.2 Using and Managing the Account
You can also provide additional information in your account. For example, you can supplement, amend and manage:
- your profile (title, address, date of birth, (mobile) phone number, professional ties to photography and alternative [delivery] addresses)
- your interests regarding specific topics, such as photography interests, Leica products and events as well as Leica Camera Stores and their events for which you would like to receive related information
- information regarding products you use that were made by other companies
- your preferences and consent settings for receiving advertising communication and the corresponding processing (item 19)
We process your personal data to manage your account for you, provide the full range of functions available with your account and store the consent settings you provide. This also constitutes our legitimate interest as per Art. 6 para. 1(f) GDPR.
6.3 Product Registration
You can also register and manage your Leica products in your account to make it easier to retrieve firmware updates, instructions and supplemental information on your product.
To register a product, you have to:
- select the product you wish to register (model designation)
- enter the product’s serial number
Optionally, you can add the date of purchase and include a comment.
The processing of mandatory information is required to register the product. Moreover, we process this data, including the optional information provided, to provide you with a comprehensive overview of your camera and sport optics portfolio and to allow you to manage your account, Art. 6 para. 1(b) GDPR.
6.4 Erasing Your Data
We generally save your personal data for the duration of the usage relationship. The data is deleted when you delete your account.
If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31), it will continue to be stored.
If you submit an order to us or book tickets for a Leica Akademie event, we will process your data for the receipt and processing of your order or booking.
7.1 Order or Booking as a New Customer / Registration
You must provide the following information in order to submit an order to us or book a ticket for a Leica Akademie event:
- your salutation
- your first and last name
- your address including country
- your phone number
- your email address
You must also select a password if you also wish to create a Leica customer account along with your order or booking. However, you do not need an account to place the order.
If you want your order to be delivered to a different delivery address, we will also need additional information about the recipient:
- salutation
- first and last name
- address including country
You can also add the company and department.
In addition, you have the option of providing your date of birth and the name of your company, including VAT ID (sales tax number).
7.2 Order or Booking as a Current Customer
If you are already registered as a customer of ours, we use the information provided in your account to fulfill the order or booking you place.
7.3 Data Collection from a Third Party
Your personal data will be provided to us by the orderer in the event that you are the recipient of a product but did not place the order, or if tickets for a Leica Akademie event are for you but were booked by a third party.
7.4 Reservation and Pick-up (Click & Collect) in a Leica Store
You can also designate your order for pick-up at a Leica Store. To do so, you must also select the Leica store at which you want to reserve and pick up your product.
For this purpose, we transfer the data provided during your reservation to the store you selected. This comprises:
- your first and last name
- your address
- your email address
- your phone number
- your reservation data: product, price, quantity and item number
7.5 Using and Managing the Leica Customer Account
You can also provide additional information in your account and use the functions and services provided there. For example, you can:
- supplement, amend and manage your delivery and invoice address and your preferred payment method
- manage your e-shop vouchers
- view your order history and the status of your current orders
- download booked Leica Akademie tickets
7.6 Purposes and Legal Basis for Processing
To fulfill the contract, it is necessary to process mandatory information, including the processing of data collected for the product order concerning deviating delivery addresses and optional address supplements, as well as of data required for the reservation. We will also process the corresponding data related to your order or booking for this purpose. In particular, this includes invoice, product and booking data as well as the customer and order number. The above-mentioned data is also processed for managing returned items as well as contract terminations and withdrawals. The legal basis for this is Art. 6 para. 1(b) GDPR.
In the event that you decide to sign up for a Leica customer account when making an order or booking, we process the above-mentioned data:
- to create and manage your account for you
- to provide you with the functions and services associated with the account
- to prevent and uncover cases of fraud in connection with the account
The legal basis for the processing is Art. 6 para. 1(b) GDPR. Processing is required to execute the contractual relationship with you.
Your date of birth is processed to verify your legal capacity and this processing is based on our legitimate interest in verifying your legal capacity (Art. 6 para. 1(f) GDPR).
We process data related to a recipient other than the orderer or deviating participants of Leica Akademie events that we collect for product orders or ticket bookings in order to execute the order as instructed. This also constitutes our legitimate interest as per Art. 6 para. 1(f) GDPR.
7.7 Erasing Your Data
Where the data is processed for the fulfillment and processing of orders or bookings and/or the provision of the account, the data is erased following the complete fulfillment of the contract and/or following the expiration of the statutory warranty obligations or contractual guarantee or, with respect to the Leica customer account, when you delete this account.
If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31), it will continue to be stored.
8. Payments
You have the option of choosing between several payment methods for orders and bookings of Leica Akademie events. We use the services provided by various payment service providers to process payments.
The respective service providers are responsible for processing your data and may forward your data to credit agencies in order to verify your identity and perform a credit check; they may also pass on your data to other third parties or service providers for their own purposes. Further information on the processing of your data can be found in the privacy policies issued by the various service providers, which we link to below.
8.1 Payments via PayPal
“Direct to PayPal” is a service of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). You can find the PayPal Privacy Statement at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_en.
If you use the “Direct to PayPal” function, your data that is required for the forwarding to your PayPal account and the execution of the payment process is automatically transmitted to PayPal. This data is:
- your IP address
- the total amount of your order and/or booking
- reference to the PayPal account
If you have entered your PayPal account, your email address assigned to the PayPal account can also be accessed via PayPal. PayPal will then transmit the required data regarding your order and/or booking to us for processing. Therefore, PayPal provides us with the following data:
- your first and last name
- your invoice and/or delivery address, as needed
Moreover, PayPal will inform us whether the payment has been completed properly.
8.2 Payments via Google Pay
“Pay with Google Pay” is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). You can find Google’s Privacy Policy for Google Pay at https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en.
When you use the “Pay with Google Pay” function, we will transfer the data required for forwarding to your Google Pay account to Google. This data includes:
- your IP address
- the date, time and amount of the transaction
- the dealer’s location and description
- a description of the purchased products and/or booked Leica Akademie events or test drives
- your email address, as needed
When you make a payment via Google Pay, Google provides us with the following data:
- your email address
- information on the payment method
- your first and last name
- your delivery address
Moreover, Google will inform us whether the payment has been completed properly.
8.3 Payments via Credit Card, ONEY and Apple Pay
If you choose to pay for your orders and/or bookings by credit card, or where available via ONEY (Oney Bank S.A. RSC Lille Metropole 546 380 197; BP6 - 59895 Lille cedex 9, France) or Apple Pay (Apple, Inc., 1 Apple Park Way, Cupertino, CA 95014, USA), we will use the services provided by our payment service provider Adyen B.V., Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, Netherlands (“Adyen”) for payment processing and to credit any refunds to your account.
You can find further information on the processing of your data in Adyen’s Privacy Statement at https://www.adyen.com/policies-and-disclaimer/privacy-policy. The privacy policies for Apple Pay is available at https://www.apple.com/legal/privacy/data/en/apple-pay/.
Adyen collects and processes your payment data in order to process the payment. For this purpose, we automatically forward the data required for the payment method you have selected to Adyen. For payment via ONEY and Apple Pay, these are:
- your salutation
- your first and last name
- your billing and delivery address
- your telephone number
- products purchased
- purchase amount and currency
- time of login and
- your IP address
If you have opted to pay via credit card, we transmit the following data to Adyen:
- your IP address
- purchase amount
- payment ID
- your credit card data – this is encrypted during collection by Adyen so that we do not have access to this data at any time
- your customer number and
- your email address
Adyen will inform us whether the payment has been completed properly.
8.4 Payments via Findomestic
If available in the checkout process, you have the option to make your payment via Findomestic (financing IT), a service of Findomestic Banca S.p.A. Firenze via Jacopo da Diacce-to 48, 50129, Firenze, Italy ("Findomestic"). Findomestic's privacy notice can be found at https://www.findomestic.it/servizi/privacy.shtml
We will transfer the following data to Findomestic:
- your first and last name
- your Tax ID
- your email address and
- your date of birth
Findomestic will inform us whether the payment has been completed properly.
8.5 Payments via Scalapay (“pay in 3 installments”)
If available in the checkout process, you have the option to make your payment via Scalapay, a service of Scalapay S.r.l, Via Giuseppe Mazzini 9, 20123 Milano, Italy (“Scalapay”). Scalapay’s privacy policy is available at https://www.scalapay.com/privacy?country=EN.
We will transfer the following data to Scalapay:
- your first and last name
- your billing and delivery address
- product purchased
- purchase amount and currency and
- your IP address
Scalapay will inform us whether the payment has been completed properly.
8.6 Purposes and Legal Basis
The data must be processed for the purpose of contract fulfillment, in particular payment processing, including the processing of any chargebacks, Art. 6 para. 1(b) GDPR.
8.7 Erasing Your Data
Data that is processed for the fulfillment and processing of orders and/or bookings (including payment processing) is erased following the complete fulfillment of the contract or following the expiry of the statutory warranty obligations or contractual guarantee.
If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31), it will continue to be stored.
9. Financing
If you have opted for purchase price financing when ordering, we will forward your:
- first and last name
- address including country
- the purchase price details
to our financing partner, Novuna Personal Finance, which trades under the name Mitsubishi HC Capital UK PLC, Thorpe Road, Staines-upon-Thames, Surrey, TW18 3HP, United Kingdom (“Novuna”) in order to verify and process your financing application. The European Commission has adopted an adequacy decision for the UK in line with Art. 45 para. 1 GDPR, which states that the United Kingdom ensures an adequate level of data protection.
Novuna processes your data on its own responsibility and may forward your data to credit agencies in order to verify your identity and perform a credit check; it may also pass on your data to other third parties or service providers for its own purposes. Further information on the processing of your data is available in Novuna’s Privacy Policy at https://www.novuna.co.uk/privacy-policy/.
The data must be processed in order to execute the order in connection with financing of the purchase price, Art. 6 para. 1(b) GDPR.
Data that is processed for the fulfillment and processing of orders is erased following the complete fulfillment of the contract or following the expiry of the statutory warranty obligations or contractual guarantee.
If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31), it will continue to be stored.
10. Fraud Prevention
We analyze the information provided by our customers during the booking as well as the technical information transferred from your end device to protect ourselves against fraudulent bookings.
When doing so, we use the services provided by Adyen B.V., Simon Carmiggeltstraat 6 – 50, 1011 DJ Amsterdam, Netherlands (“Adyen”). Adyen processes your personal data on our behalf and in accordance with our instructions (see Art. 4 no. 8 and Art. 28 GDPR).
The processing is required to safeguard our legitimate interest in preventing and uncovering fraud, Art. 6 para. 1(f) GDPR.
We will erase this data following the complete fulfillment of the contract or following the expiry of the statutory warranty obligations or contractual guarantee. If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31), it will continue to be stored.
11. Personal Consultation (Speak to Leica Experts) and Test Drive
You have the opportunity to book a personal consultation with one of our Leica Experts and / or to participate in our test drive covering various Leica systems.
11.1 Personal Consultation, including Test Drive Consultation
You must provide the following information if you wish to book a personal consultation with one of our Leica Experts:
• your preferred time slot (date and time)
• your first and last name
• your email address
• the desired type of contact (via Microsoft Teams, by phone or in person in one of our Leica stores)
• if you wish to be contacted by telephone, your telephone number; in other cases, the tele-phone number is optional,
• the planned purpose of consultation
• your level of experience in photography
In addition, you can provide optional information on the camera or camera system you are currently using.
We use the Calendly service provided by Calendly LLC, 271 17th St NW Ste 1000, Atlanta, Georgia, 30363, USA (“Calendly”) for booking the appointment. Calendly processes your personal data on our behalf and in accordance with our instructions (see Art. 4 no. 8 and Art. 28 GDPR).
Your personal data are processed in the US. The European Commission has adopted an adequacy decision in line with Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the US. Calendly is a certified company under the Data Privacy Framework.
The processing of your personal data is required to book the personal consultation, Art. 6 para. 1(b) GDPR.
11.2 Forwarding of Data to Leica National Subsidiaries and Leica Stores
We transfer the personal data necessary to book and conduct the personal consultation that you have requested to the respective Leica national subsidiary or Leica stores that are responsible for the performance of the personal consultation. Such transfer of your personal data is necessary for the booking and performance of your personal consultation, Art. 6 para. 1(b) GDPR.
For personal consultations in the United Kingdom, Ireland, and the Channel Islands, we forward your data to Leica Camera Ltd., 6–8 James Street, 4th floor, London, W1U 1ED, United Kingdom. The European Commission has adopted an adequacy decision for the UK in line with Art. 45 para. 1 GDPR, which states that the United Kingdom ensures an adequate level of data protection.
11.3 Performance of the Personal Consultation
If you book a consultation via phone or an in-person consultation in one of our Leica stores, we will process your personal data to contact you and conduct the consultation.
For online consultation, we use Microsoft Teams, a service provided by Microsoft Ireland Operations Ltd., One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ire-land („Microsoft”). Microsoft transfers personal data to the US, in particular to the Microsoft Corpora-tion, and to third countries not covered by an adequacy decision of the European Commission. The European Commission has adopted an adequacy decision in line with Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified compa-nies and organizations in the US. Microsoft Corporation is a certified company under the Data Priva-cy Framework. In other cases, Microsoft will use standard data protection clauses approved by the European Commission as per Art. 46 para. 2(c) GDPR to ensure an adequate level of data protec-tion.
When using Microsoft Teams, we process:
• your first and last name,
• your email address,
• your password,
• your IP address,
• other information about your end device,
• the meeting ID and, as needed, other access data,
• the start and end times of your participation as well as
• the topic of the online meeting
In addition, you have the option of providing further data, including a profile image.
If you use the chat or questions function during the consultation, we will process the text you input to display the text during the consultation. The data from your end device’s microphone and, if applica-ble, the images from the video camera of your end device will be processed for the duration of the consultation in order to allow the display of videos and the playback of audio. However, you can turn off or mute the camera or microphone yourself at any time via the applications provided by Microsoft Teams.
Reports on the online meetings (meeting metadata) and chat protocols will be stored for up to one month.
The legal basis for the processing for the purpose of conducting the personal consultation, including the performance via online-meeting tools is Art. 6 para. 1(b) GDPR.
11.4 Test Drive
When participating in a test drive, you can decide whether you wish to have the desired Leica sys-tem delivered to you for a weekend test drive, or if you prefer to take part in a test drive at a Leica store.
To participate in a test drive, you must reserve an appointment via Eventbrite, an event booking por-tal provided by Eventbrite, Inc, 535 Mission Street, 8th Floor, San Francisco, CA 94105, USA (“Eventbrite”).
Eventbrite processes your personal data in connection with the reservation on our behalf and in ac-cordance with our instructions (see Art. 4 no. 8 and Art. 28 GDPR). Eventbrite also processes data at its own discretion, for example when you register with Eventbrite. Furthermore, Eventbrite evalu-ates your usage data on its own responsibility. You can find further information in the Eventbrite Pri-vacy Policy at https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_US.
Your personal data are processed in the US. The European Commission has adopted an adequacy decision in line with Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the US. Eventbrite is a certi-fied company under the Data Privacy Framework.
The following information is required for the reservation:
• selected Leica system
• your booked appointment for receiving the Leica system
• your first and last name
• your email address
• your phone number
Moreover, we receive the confirmation from Eventbrite that your payment has been completed properly.
Following your reservation, we receive an order confirmation from Eventbrite containing the above-mentioned data to confirm your reservation.
The legal basis for the processing is Art. 6 para. 1(b) GDPR. The processing is required to fulfill the contractual relationship with you.
We will delete your personal data following the complete fulfillment of the contract.
If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31 ), it will continue to be stored.
12. Account Security and Troubleshooting
We also process technical data such as internal identifiers, the time of your registration or changes tied to your account. This processing is based on our legitimate interest in logging specific activities to ensure and track the security of your account.
We also process technical data, such as time stamps and activities, to identify and eliminate technical malfunctions or faults as well as to continuously improve the application. We have a legitimate interest in ensuring the functionality and security of our applications as well as continuously improving them.
The legal basis for processing is Art. 6 para. 1(f) GDPR.
13. Forwarding of Data to Leica National Subsidiaries for Executing the Order
We pass on your personal data, which we process in connection with your order, to the respective Leica national subsidiary responsible for the country in which you have placed your order. This is required to ensure the complete processing and delivery of your order.
For orders from the United Kingdom, Ireland and the Channel Islands, we forward your data to Leica Camera Ltd., 6–8 James Street, 4th floor, London, W1U 1ED, United Kingdom. The European Commission has adopted an adequacy decision for the UK in line with Art. 45 para. 1 GDPR, which states that the United Kingdom ensures an adequate level of data protection.
The legal basis for this processing is Art. 6 para. 1(b) GDPR. We also have a legitimate business interest in maintaining an effective sales organization, Art. 6 para. 1(f) GDPR.
14. Logistics Companies
We forward your address data to the respectively commissioned logistics company in order to deliver your order, Art. 6 para. 1(b) GDPR.
If you have provided us with your telephone number for this purpose, we will also transmit this number to the logistics company hired to transport your shipment. Providing the telephone number allows the logistics company to contact you to ensure delivery, for example, in cases where the delivery person cannot find the specified address or cannot immediately locate you. For this purpose, your telephone number is printed on the shipping label where it may be read by third parties, e.g., if the item is dropped off at a parcel shop or left with a neighbor. The data is processed on the basis of our legitimate interest in ensuring proper delivery, Art. 6 para. 1(f) GDPR.
15. Contact, Support, Service and Other Queries
15.1 Queries via Our Contact Form and Availability Notifications
If you submit a query regarding our products and services via our contact form (e.g., in case of questions regarding specific products, the Leica Akademie program or spare parts), or if you wish to be notified when specific products are in stock again, we process the data provided by you, for example:
- your first and last name
- your email address
- the information required in order to process and respond to your request (e.g., information related to your request, the product name, item number and invoice numbers)
- the time and date of your query, as well as further information you provide in your query
15.2 Support Queries and Other Queries
If you contact us via the contact data provided on our website, e.g., for support queries, or contact us via our general contact details provided under item 1, we will process:
- your name
- the time and date of your query, as well as further information you provide in your query
Depending on the contact method chosen by you or the contact details you have provided, we also process:
- your email address
- your phone number
- your address
15.3 Purposes and Legal Basis
For queries in connection with contracts, e.g., in connection with products and services or support queries, data is processed in order to initiate or execute the respective contractual relationship, Art. 6 para. 1(b) GDPR. We process information you provide voluntarily via our contact forms on the basis of our legitimate interest in the effective and proper processing of your queries, Art. 6 para. 1(f) GDPR.
For other queries, processing is based on our legitimate interest in receiving and processing your query, Art. 6 para. 1 (f) GDPR.
15.4 Erasing your Data
We store queries related to contracts for the duration of the contractual relationship, Art. 6 para. 1(b) GDPR. In all other cases, we delete your query three years after the expiration of the calendar year in which we completed the processing of your query.
If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31), it will continue to be stored.
16. Shared Management of Customer Data and Analysis for Market Research Purposes
16.1 Shared Management of Customer Data
We process your data, which we have collected in connection with your account (item 6) and orders (item 7), or your personal consultation (item 11) in our customer database for the purpose of managing our customer relationships. This enables us to manage your data and provide relevant, targeted answers to any questions.
If you are a Leica store customer, we also manage your data – which has been collected in the Leica store in connection with a purchase or an order – in our customer database for the aforementioned purposes. This data includes, without limitation:
- your first and last name
- your address
- your email address
- your phone number
- country
- the customer and bill-to party, which may also be the Leica company or Leica store that places your order in the Leica store
- name and address of the Leica store where you made your purchase or placed your order
- invoice number
- product and item number
- quantity
- purchase date
- purchase price and currency
If you also use our services offered on our website and have registered for a Leica account or Leica customer account, or have submitted orders, we will merge this data with your data that we have collected in connection with your account and your submitted orders in our customer database.
The associated processing is conducted on the basis of our legitimate interests in managing our customer relationships and the efficient design of our processes, Art. 6 para. 1(f) GDPR.
16.2 Data Processing for Market Research Purposes
We also process the data stored or combined in our customer database for statistical analysis and market research purposes. This allows us to better understand our customers’ interests and purchasing habits and adapt and optimize our advertising and sales activities accordingly. We anonymize your data before processing it for this purpose.
If anonymization is not possible in individual cases, we pseudonymize your data before processing it for the aforementioned purposes. We do not engage in individual profiling.
Processing is based on our legitimate economic interest in optimizing our advertising and sales activities, Art. 6 para. 1(f) GDPR.
Whenever your data is pseudonymized for statistical analysis purposes, it is deleted immediately after the analysis has been carried out.
17. Zoho Chat Function
We have embedded a live chat function on our website, which is provided by Zoho Corporation B.V, Beneluxlaan 4B, 3527 HT Utrecht, Netherlands. Zoho processes your personal data on our behalf, i.e., exclusively in accordance with our instructions (see Art. 4 no. 8 and Art. 28 GDPR).
When you use the chat function, we will initially process:
- your name
- your email address
- your phone number (optional)
- the time and date of your query, as well as further information you voluntarily provide in relation to your query
If you have already contacted us via the chat function, have logged into your Leica account or have entered your name and contact data in an order or booking process, we will process this data in order to contact you in a personalized manner via the chat function.
For queries in connection with contracts, e.g., in connection with products and services or support queries, data is processed in order to initiate or execute the respective contractual relationship, Art. 6 para. 1(b) GDPR. In all other cases, we process your data based on our legitimate interest in the effective and proper processing of your query, Art. 6 para. 1(f) GDPR.
Zoho uses cookies and similar technologies. We use these cookies and similar technologies to assist in clearly identifying you as a visitor to our website and to analyze and track your personal behavior on our website. We use the data generated and collected on the basis of the cookies and similar technologies as well as other types of data (IP address, browser type, version and language) to evaluate and optimize the use of our website and the chat function.
Furthermore, these cookies and similar technologies assist us in identifying you as a user when you return to our website, thus allowing us to exploit the chat function in a targeted manner and personalize our communication with you via the chat function.
We use cookies and similar technologies based on your consent, Art. 6 para. 1(a) GDPR. This legal basis also covers the processing of your personal data for analysis and optimization purposes as well as enabling personalized communication.
You can withdraw your consent with effect for the future at any time by making the corresponding change to your. Additional information on the use of cookies and similar technologies as well as on your withdrawal options can be found in item 22.
We store queries related to contracts for the duration of the contractual relationship, Art. 6 para. 1(b) GDPR. In all other cases, we delete your query three years after the expiration of the calendar year in which we completed the processing of your query.
Data processed on the basis of your consent will be deleted when you withdraw your consent, or at an earlier point in time when the data we collected is no longer required for the purpose for which it was collected.
If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31), it will continue to be stored.
18. reCAPTCHA
We use reCAPTCHA v2, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). reCAPTCHA v2 assists us in preventing the automatic, computer-controlled completion of registration forms and thus improper behavior on our website and in connection with our services. In addition, captchas – tasks which can be easily solved by humans but not by bots – are displayed (e.g., by clicking a check box and providing additional information as needed).
Google will collect your device and personal data when you access the registration screen on our website to subscribe to the newsletter. reCAPTCHA v2 tracks your interactions with our website, including mouse movements, keystrokes and time spent on the website. In addition, we will process your IP address, the referrer URL (the address of the previously visited website), information on your operating system and the settings on your end device, in particular your language settings and location-related data.
reCAPTCHA v2 uses this data to conduct a risk analysis and uses a probability value to calculate whether a human user or a bot is accessing our website. We receive this evaluation from Google in order for us to evaluate the corresponding interaction on our website.
Google deposits a cookie in your browser to provide the risk analysis. Additional information on cookies is available under item 22.
Please note that Google shares the aforementioned data on your use of the website (including the information generated by the cookie) within the Google group of companies and with other third parties. This leads to a transfer of personal data to the US, in particular to the Google LLC, and to third countries not covered by an adequacy decision of the European Commission. The European Commission has adopted an adequacy decision in line with Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the US. Google LLC is a certified company under the Data Privacy Framework. In other cases, Google will use standard data protection clauses approved by the European Commission as per Art. 46 para. 2(c) GDPR to ensure an adequate level of data protection.
Additional information can be found in Google’s Privacy Policy at https://policies.google.com/privacy?hl=en.
The forwarding of data to Google and any storage of information on your end device or access to such information necessary for this are essential in order for us to provide you with your expressly requested telemedia service, i.e., the use of our website. Consent for this is therefore not required in accordance with the laws of the EU member states on the implementation of EU Directive 2002/58/EC governing the protection of your privacy and electronic communication, amended by EU Directive 2009/136/EC (for example, Section 25 para. 2 no. 1 of the German Telecommunications-Telemedia Data Protection Act (TTDSG)). The associated processing of personal data is based on our legitimate interest in protecting our users from spam, fraud and other improper behavior on our website and in connection with the services we offer, Art. 6 para. 1(f) GDPR.
19.1 Consent to Receiving Advertising Information and to Data Processing for Advertising Purposes
If you have given us your consent to receiving advertising information, we will use the information you have disclosed to us (including data that you may have saved in your account and that we may have received through your interactions with us) on the basis of your consent (Art. 6 para. 1(a) GDPR) to send you advertising information about Leica Camera products, services, events and advertising campaigns in accordance with your chosen preferences – by email, telephone, push notification via Leica Camera mobile apps and social media (Facebook, Instagram and YouTube).
The consent is deemed to be granted to the Leica Camera Group.
To enable us to adapt the communications to your interests and behavior and offer you an optimally personalized experience, we may analyze and combine more of your personal data. This can include the following data:
1. Data that you actively provided us with, e.g.:
- name
- date of birth
- age
- a further email address
- mailing address
- gender
- telephone number
- the data you have provided us with via social networks
- personal interests, e.g., photography, professional imaging, hunting, nature observation
- product registration
2. Data that we obtain through your interactions with us:
Data on your interactions, such as purchases in Leica Camera stores (POS) and Leica Camera online shops, Customer Care inquiries, your use of the digital Leica Camera channels such as social media, websites, emails, Leica Camera apps and your use of networked Leica Camera products. This data can include the following:
- IP address
- cookies
- device information
- information you have clicked on
- location information
- websites you have visited
- Leica Camera apps you have used
- your purchases (products)
- your inquiries to Leica Camera Customer Care
The provision of this data is voluntary. However, without this data we are unable to provide you with the corresponding information.
19.2 Newsletter Tracking
Newsletters and other advertising information that we provide you with via email in accordance with the areas of interest previously selected by you contain what are known as web beacons. Web beacons are pixel-sized files which are downloaded from the server of the sender when the email is opened. Technical information about you is initially collected together with this request, such as:
- delivery of the newsletter
- browser information
- information on the system used
- IP address
- time of retrieval
We also collect the following data about you:
- location of retrieval, which we determine on the basis of your IP address
- information on whether you have opened the email
- information on which of the links in the email you have clicked on.
This information will be used for statistical purposes in order to bring about a technical improvement in the services on the basis of the technical data or the target groups and their reading behavior. Although this information can be assigned to the individual recipients for technical reasons, the analyses are merely for the purposes of recognizing the reading behavior of our users and adapting our content accordingly, improving it or sending different content in accordance with the interests of our users.
The legal basis for the processing of your data for the aforementioned purposes is the consent you have provided (Art. 6 para. 1(a) GDPR).
19.3 Forwarding of Your Data to Leica Camera Group Companies for Marketing Purposes
If it is necessary in order to fulfill the aforementioned purposes, the data specified above will be forwarded between the companies of the Leica Camera Group.
The legal basis for the transmitting of the data and its further processing by the companies of the Leica Camera Group is the consent you have provided (Art. 6 para. 1(a) GDPR).
Should we forward your data to companies of the Leica Camera Group or other recipients outside the European Union or the European Economic Area for the purposes specified in item 19.3 and on the basis of your consent, it shall only be forwarded in harmony with the requirements of the GDPR.
Further information on third-country transfers and how you can request additional information is available in item 30.
19.4 Forwarding of Your Data to Facebook, Instagram and YouTube for Marketing Purposes
In order for us to send you advertising information, we process your email address, country and language and, if necessary, forward them to the following companies on the basis of your consent (Art. 6 para. 1(a) GDPR):
a) Facebook and Instagram
Information to Be Forwarded to Facebook
We want to ensure that the ads are only shown to users who are interested in our advertising information. This is why we use Facebook services to show you personalized advertising. For users outside the US and Canada, the operator of Facebook and Instagram is Meta Platforms Ireland Limited., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For users in the US and Canada, the operator is Meta Platforms Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA.
If you have a Facebook profile, Meta Platforms Ireland Limited can match this data with the information Facebook has already stored about you. Where applicable, Meta Platforms Ireland Limited may also merge this data with other data.
Meta Platforms Ireland Limited may share your information within the Meta group of companies or with other third parties. This may lead to a transfer of personal data to the US, in particular to the Meta Platforms, Inc., and to third countries not covered by an adequacy decision of the European Commission. The European Commission has adopted an adequacy decision in line with Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the US. Meta Platforms, Inc. is a certified company under the Data Privacy Framework. In other cases, Meta Platforms Ireland Limited will use standard data protection clauses approved by the European Commission as per Art. 46 para. 2(c) GDPR to ensure an adequate level of data protection.
You can find general information on the further processing and use of your data by Meta Platforms Ireland Limited and your configuration options for protecting your privacy when you use Facebook in the Meta Privacy Policy at https://www.facebook.com/about/privacy/
Custom Audiences
We use the “Custom Audiences from File” process. If you have given your consent, we will transfer your email address or telephone number that we have on file to Meta Platforms Ireland Limited in hashed form. Meta Platforms Ireland Limited will compare this information with the information stored by it in connection with the Facebook platform. If Meta Platforms Ireland Limited detects a match, it will deliver personalized advertising.
Information on how Meta Platforms Ireland Limited processes your personal data is available in the Meta Privacy Policy at: https://www.facebook.com/about/privacy/.
- YouTube
We also transfer the aforementioned data to YouTube. For users in the European Union, the European Economic Area or Switzerland, the operator of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For users outside the European Economic Area and Switzerland, the operator is Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA.
If you have a Google account, Google can match this data with the information Google has already stored about you. Where applicable, Google will also combine this data with other data.
Google may share your information with other Google companies or other third parties. This may lead to a transfer of personal data to the US, in particular to the Google LLC, and to third countries not covered by an adequacy decision of the European Commission. The European Commission has adopted an adequacy decision in line with Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the US. Google LLC is a certified company under the Data Privacy Framework. In other cases, Google will use standard data protection clauses approved by the European Commission as per Art. 46 para. 2(c) GDPR to ensure an adequate level of data protection.
You can find general information about the processing of your personal data by Google at: https://policies.google.com/privacy?hl=en.
19.5 Right of Withdrawal
You can withdraw your consent with effect for the future, either in full or partially, at any time by sending an email to data-protection@leica-camera.com. The withdrawal of your consent does not affect the lawfulness of the processing performed on the basis of your consent prior to its withdrawal. Should you withdraw your consent, we will no longer use this data to send you advertising information.
You can also set your preferences in your Leica account under your profile and thereby change the communication channels through which you wish to receive advertising information.
19.6 Verification of Consent
We verify your consent using what is known as a double opt-in process: This means that we initially request the active confirmation of your consent via an email sent to the email address you provided. We use the information on the confirmation as well as the time and date of this confirmation to document and verify your consent.
The legal basis for processing your personal data for double-opt-in purposes or for the verification of your consent is Art. 6 para. 1(c) GDPR in conjunction with Art. 7 para. 1 sentence 3 GDPR. We are legally obliged to verify your consent.
19.7 Erasing Your Data
Your data is processed in this context until the purpose of the processing is no longer given or when you withdraw your consent. We store the data verifying your consent for a period of three years.
If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31), it will continue to be stored.
20. Integration of Third-Party Contents
We have also embedded contents from third-party providers on our website. These contents are loaded from the servers of the respective service provider, meaning that your end device transfers specific technically necessary data, including your IP address, to these third-party service providers. Using this data, the third-party service providers can track your surfing behavior and can process your IP address along with additional technical information (including browser type and version, operating system used, the previously visited website, the host name of the accessing device and the time of access, as well as additional information on the use of our online offering). Further information on the processing of your personal data by these third-party service providers is available in the respective privacy policies issued by the various service providers, which we link to below.
We integrate this content on the basis of our legitimate interests in providing our users with the corresponding contents and functions and operating our website in a commercially viable manner, Art. 6 para. 1(f) GDPR.
The services we embed use cookies and similar technologies. The legal basis for the use of these cookies and similar technologies is your consent, Art. 6 para. 1(a) GDPR. This legal basis also covers processing of your personal data for analysis and optimization purposes.
You can withdraw your consent with effect for the future at any time by making the corresponding changes to your. Additional information on the use of cookies and similar technologies as well as on your withdrawal options is available in item 22.
Specifically, we embed the following third-party contents:
20.1 YouTube
YouTube is a service provided for users in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and provided for other users by Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA.
When you access a (sub)page of our website on which a YouTube video is embedded, a connection with Google’s servers is established in order to load the video preview. During the process, Google collects, for example, information on which of our websites or (sub)pages you are currently visiting.
Google may share your information with other Google companies or other third parties. This may lead to a transfer of personal data to the US, in particular to the Google LLC, and to third countries not covered by an adequacy decision of the European Commission. The European Commission has adopted an adequacy decision in line with Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the US. Google LLC is a certified company under the Data Privacy Framework. In other cases, Google will use standard data protection clauses approved by the European Commission as per Art. 46 para. 2(c) GDPR to ensure an adequate level of data protection.
You can find the Google Privacy Policy here: https://policies.google.com/privacy?hl=en. Google’s Privacy Policy also contains information about the configuration options for your Google account. Please note that your Google account may be used for different Google services (e.g., Gmail, YouTube, Google Search) and that Google may combine personal data about the Google services you use according to your Google account settings.
20.2 Vimeo
We embed videos from Vimeo on our website. Vimeo is a service provided by Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA (“Vimeo”).
Your personal data are processed in the US. The European Commission has adopted an adequacy decision in line with Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the US. Vimeo is a certified company under the Data Privacy Framework.
We have embedded the Vimeo player on some of the (sub)pages of our website to make it possible for you to access specific Vimeo videos. When you access one of these subpages, your browser will transfer your personal data, e.g., your IP address and the websites or (sub)pages you used to access the Vimeo player, to servers provided by Vimeo.
If you have a Vimeo account and remain logged in to it when you access the subpage, Vimeo will link the transferred information with your account.
You can find the Vimeo Privacy Policy here: https://vimeo.com/privacy. The policy also provides you with information about the configuration options for your Vimeo account. Please note that Vimeo will be able to assign your surfing behavior directly to your personal profile when you are logged in to your Vimeo account.
20.3 Google Maps
We use Google Maps, an online map service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”), to provide interactive maps on our website. Google collects your usage data, such as the referrer URL or the IP address, when you access our website. Google will also process data for its own purposes, such as the provision or improvement of the service, and is thus the controller for the data processing.
You can find the Google Privacy Policy at https://policies.google.com/privacy?hl=en.
Your personal data are processed in the US. The European Commission has adopted an adequacy decision in line with Art. 45 para. 1 GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the US. Google is a certified company under the Data Privacy Framework.
We may ask you to grant us permission to use specific content (e.g., photos, audio and video recordings or posts) that you have posted on social media platforms. In addition, we offer you the opportunity to share certain content with us on our website or as part of special promotions (e.g., by uploading it to our website or via certain platforms).
In these cases, we process your personal data, including the content you have submitted, for the purposes and within the scope as outlined in the licensing terms you have agreed to.
The legal basis for the processing is Art. 6 para. 1(b) GDPR. The processing is necessary for the performance of the contract concluded with you.
21.2 Personal data that we have not obtained directly from the data subjects
To the extent that the aforementioned content also contains personal data of third parties (e.g., names, images, video and audio recordings), we collect these data from the user who provided us with the respective content (e.g., via our websites) or published the content on or via these social media platforms. We process these data for the purpose of advertising the products and services of the Leica Camera Group as well as for the promotional public representation of the companies of the Leica Camera Group.
The legal basis for the processing of third-party data is the consent provided by the third party to the respective user, Art. 6 para. 1(a) GDPR.
21.3 Recipients
The above-mentioned content is published for advertising purposes, including for public representation of the companies of the Leica Camera Group as well as their products and services. The content will be published inter alia
- on social media presences of the Leica Camera Group, in particular on Facebook, Instagram, TikTok, Pinterest, YouTube, Vimeo and LinkedIn (for further information on the operators of the social media platforms and the processing of your data, please refer to item 25);
- on television and in print media;
- on the websites of the Leica Camera Group;
- at trade fairs, exhibitions and in Leica Camera stores and galleries ; and
- in connection with online and offline marketing campaigns, competitions and promotions on the Internet as well as in form of print or electronic advertising (flyers, banners, billboards, advertisements).
For these purposes, your data will be transmitted to the respective operators and shared within the Leica Camera Group.
In addition, we use service providers to collect, evaluate, manage, edit, and publish the content. These service providers process your personal data on our behalf and in accordance with our instructions (see Art. 4 no. 8, Art. 28 GDPR).
Insofar as this involves the transfer of your data to a third country for which there is no adequacy decision of the EU Commission pursuant to Art. 45 GDPR, the standard data protection clauses approved by the EU Commission pursuant to Art. 46 para. 2(c) GDPR are concluded. Further information on third-country transfers and how you can request additional information is available in item 30.
21.4 Erasure of your personal data
We will erase your data in accordance with the provisions agreed in the licensing terms or prior to this if the purpose of the processing has ceased, e.g. the promotion has ended or the relevant content is no longer featured or you withdraw your consent. If you would like your content to be erased at an earlier point in time or you would like to withdraw your consent to the processing, you can contact us at social@leica-camera.com or the contact details provided in item 1.
If the data is required for a longer period for statutory reasons or for the (potential) safeguarding, asserting or enforcing of legal rights (see item 31), it will continue to be stored.
Please note that the visual and audio recordings can be accessed worldwide when published on the Internet or in social networks and can be found in particular by search engines, further use and / or modification by third parties cannot be excluded and it may not be possible to fully erase these recordings on the Internet.
22. Cookies and Similar Technologies
We use cookies to enhance the functionality of the website (strictly necessary cookies), to ana