The Zentrum für Europäischen Verbraucherschutz e. V. (Centre for European Consumer Protection in Europe- ZEV) takes the protection of your data seriously. Our non-profit organisation aims at raising awareness of and to promote consumers’ rights in Europe. Your data are exclusively collected, stored and used to respond to your inquiries and complaints and to defend your interests.
You will find information on how we handle your data.
The responsible body for the storage and processing of your data is the
Zentrum für Europäischen Verbraucherschutz e. V.
Phone: +49 7851 99148-0
Fax: +49 7851 99148-11
You can also contact our data protection representatives at: firstname.lastname@example.org.
The Centre for Consumer Protection in Europe (ZEV) processes your data in accordance with the General Data Protection Regulation (GDPR), Germany’s new Federal Data Protection Act (BDSG) and the Telemedia Act taking into account the principles of legitimacy, purpose limitation and data minimisation (Article 5(1) GDPR).
According to the General Data Protection Regulation and Germany’s Federal Data Protection Act all information related to your person is subject to special protection (OR: Your data). These can be your:
- phone number
- e-mail address
- home address
- information in relation to the case and attached documents
This information can only be processed, if authorised by law or if the person concerned has given his consent (Article 4(1) GDPR).
Sensitive information related to you is subject to an even stronger protection. These can be information on your:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- sex life
- sexual orientation
This data can only be processed with your explicit consent (Article 9 GDPR).
Any operation performed on your personal data, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available otherwise, alignment or combination, restriction, erasure or destruction (Article 4(2) GDPR).
When you submit an information request or a complaint against a company, the submitted data is automatically transferred into the data processing tool (IT-Tool) of the European Commission: the ‘ECC-Net 2’.
For this transfer, we are working together with an external service provider based in the Netherlands. In addition to the automatic transfer, a backup of the data you have submitted is created. This backup is necessary as a safety measure in case that an error occurs during the automatic transfer of the data into the IT-Tool ‘ECC-Net 2’. The data is solely being stored on servers based in the Netherlands. All backups are furthermore deleted after no more than 14 days.
We store your data on the basis of Article 6(1)(b) GDPR. The storage is necessary to answer your information request or handle your complaint.
We protect your data against unauthorised access. For that, we implemented access controls, passwords, firewalls etc. In addition, our websites are all . Respecting the principle of data minimisation we only grant access to your data to those departments entrusted with your case (see ‘Responsible body’).
Prior to processing sensitive data, we ask for your explicit consent. The information is processed on the basis of Article 9(2) GDPR.
I. Information requests filed at the European Consumer Centres Germany/ France
If you submit an information request to the European Consumer Centres Germany or France, your data will also be stored (mostly anonymised) in a data processing tool (IT-Tool) of the European Commission: the ‘ECC-Net 2’. The European Commission provides us with this tool. Your data is stored so that we can analyse your query and answer it.
This storage is justified by Article 6(1)(b) GDPR. The use of this system is necessary, to handle your query effectively and to evaluate it statistically.
With the help of the IT-Tool: ‘ECC-Net 2’ we are able to transfer your information requests to other European Consumer Centres. Please find an interactive map with all centres. We only act in this way, if we need the expertise of our European colleagues to answer your request. Before that, we ask you for your consent. The legal basis for the transfer is, hence, Article 6(1)(a) GDPR.
How your data is processed and protected there, you can learn from the privacy statement of the EU-Commission on the IT-Tool ‘ECC-Net 2’.
II. Complaints against companies in other EU-countries, Island and Norway
If your complaint addresses a company based in another EU-country, Island or Norway, we will forward your data to the European Consumer Centre of this country. Regularly the centre will use your date to analyse your complaint and contact the company with the aim to solve your complaint amicably. Please find an interactive map with all centres.
To this end, your data will also be stored in a data processing tool (IT-Tool) of the EU-Commission: the ‘ECC-Net 2’. The use of this tool is necessary to transfer your complaint to another European Consumer Centre and to communicate with our European colleagues.
How your data is processed and protected there, you can learn from the privacy statement of the EU-Commission on the IT-Tool ‘ECC-Net 2’.
To handle your complaint effectively and free of charge, it can also be an advantage for you, that we forward your complaint to an European alternative dispute resolution body as set up by Directive 2013/11/EU or another out-of-court dispute resolution body that complies with high quality standards. You find an overview of all bodies on our website.
Finally, it can be an advantage for you, that we forward your complaint to an European authority responsible for enforcing EU consumer protection laws as set up under Regulation (EU) 2017/2394. These authorities are responsible to enforce consumer rights towards companies, when the collective interest of consumers was infringed.
In all three cases, we ask for your consent. Legal basis for the transfer of your data is, hence, Article 6(1)(a) GDPR.
III. Complaints against traders from Denmark, Finland, Norway and Sweden
In some countries ECC are obliged by law to make complaints accessible to the public upon demand. This is the case for all data shared with ECC Denmark, Finland, Norway and Sweden (information on the Swedish legislation is available on the website of the Swedish government).
IV. Complaint / information requests of consumers from other European countries
When we receive complaints via the IT-Tool ‚ECC-Net 2’ against a company based in Germany or France, we save your data also on our server and use them to contact the trader. Sometimes we also transfer your complaint to an alternative dispute resolution body or an authority responsible to enforce consumer rights.
We store your data also on our server, if another European consumer centre transfers it to use via the IT-Tool: ‘ECC-Net 2’ in the framework of an information request.
This IT-Tool is a data processing system provided by the EU-Commission. How your data is processed and protected while being stored in this tool, you can learn from the corresponding data protection declaration.
Legal basis for the data processing is Article 6(1)(a) GDPR. We are not authorised to store your data or take one of the abovementioned measures, if you did not consent to it towards the European consumer centre of your resident country.
If you file a complaint using the online complaint form on our website, we ask you to give your consent to the forwarding of your complaint to the European Consumer Centre of that country where the trader comes from and/ or to a competent alternative dispute resolution body. You give your active consent by ticking a box.
If you file your complaint via e-mail, phone, letter or personally, you will receive consecutively a document that asks you to give your consent to the abovementioned measures.
In all other cases, we will ask for your consent individually.
You have the right to withdraw your consent at any time (see the category ‘your rights’).
We do not store your personal data longer than three years on our server after the final answer to your query or the closure of your complaint procedure. The legal basis for the storage of the data is Article 6(1)(f) GDPR. We have a legitimate interest in storing your data. It enables us to document our performed services as long as claims may not be time-barred.
1. What you should know about cookies
Our website uses session-cookies. When you, for example, enter information in our online complaint form or log in to our complaint management system, these data are stored (on your computer) and sent to us. Without these cookies this would not work; they are automatically deleted when you leave our website. Since the processing of your complaint is not possible without this function, the legal basis for the data processing is Article 6(1)(b) GDPR.
3. Analytics tool: Matomo
We employ the Open-Source Software: Matomo (more information on Matomo you find here) to learn how consumers use our website. However, we only use this tool when you gave use your explicit consent beforehand by clicking on our cookies-banner on our website (real opt-in). Legal basis is, hence, Article 6(1)(a) GDPR.
Matomo analyses and evaluates your surfing behaviour. For example, it informs us of the topics most frequently clicked on our website and the information material most frequently downloaded by consumers. We configured Matomo in a way that your data is kept anonymous (the IP address is shortened).
If you want to disable Matomo, just deactivate it at the end of this page.
4. Disable our cookies
You can disable our cookies. To do so, click on the appropriate field. You will find it on our cookies-banner at the bottom of the screen each time you visit our website.
5. Third-party cookies
Our website uses plug-ins of the Website YouTube operated by Goolge. The website is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our websites providing for a YouTube plug-in, a connection with the servers of YouTube will be established. The YouTube server is informed, which websites you visit (for example with the help of your IP-address).
We use YouTube to provide you with an appealing presentation of our information. That constitutes a legitimate interest and is, hence, justified by Article 6(1)(f) GDPR.
Information on how YouTube processes your data is available at YouTube under: https://policies.google.com/privacy?hl=en
Via an API our website uses the service: google maps. Operator is the Google Inc., 1600 Amphitheatre Parkway, Montain View, CA 94043, USA.
To enable you to use google maps, it is necessary to store your IP address. Regularly, this information is forwarded to and stored on google servers in the USA. We cannot influence this data transfer.
We use YouTube to provide you with an appealing presentation of our information and to enable you to find locations in a simple way that are indicated on our website. That constitutes a legitimate interest and is, hence, justified by Article 6(1)(f) GDPR.
c) Social media plug-ins
We disabled in the default settings of our website social media plug-ins to share content through Facebook, Twitter and Google+.
This aims at preventing companies from accessing your data (IP address, surfing behaviour etc.). To ensure this, we use the freeware tool: c’t Shariff. In order to use these plug-ins you have to enable them first.
We are not to be held responsible for the information collected by these companies and how they protect your data. You can learn more about their cookies policies on their websites.
You can order our newsletter by including your e-mail address in the mailing list on our website. You will receive a confirmation e-mail. Only if you confirm your order, we will send you a newsletter. Legal basis is, hence, Article 6(1)(a) GDP.
Each newsletter contains a link with the help of which you can cancel it. After the cancelation, your e-mail address will be immediately erased.
Data protection information ZOOM according to Art. 13 DSGVO
In this privacy notice, we explain our use of the video communication software "Zoom". In particular, we point out that we do not record any data of the communication and use "Zoom" with end-to-end encryption. This ensures the confidentiality of the communication content. You can recognize the activation of end-to-end encryption in the current meeting by a green sign with a locked padlock in the upper left corner.
The Zentrum für Europäischen Verbraucherschutz e. V. (Centre for European Consumer Protection in Europe - ZEV) is responsible for processing your personal data in connection with the use of Zoom.
Description of data processing, purposes and types of data
To conduct online meetings, video conferences and webinars (hereinafter: "Online Meetings"), we use the tool "Zoom".
Depending on the type and scope of the use of "Zoom", different types of data are collected or processed. These include in particular:
- Personal data (e.g. first and last name, email address, profile picture).
- Meeting metadata (e.g. date, time and duration of communication, name of the meeting, participant IP address)
- Device/hardware data
- Text, audio, and video data
- Connection data (e.g., phone numbers, country names, start and end times, IP addresses)
Below we would like to inform you in more detail about the scope of data processing.
Required data and functions
If you participate in an online meeting as an external participant, you will receive an access link from the host by e-mail. When you register for the online meeting, you must then enter your name and, if applicable, your e-mail address.
In addition, the tool collects user data that is required for the provision of the service. This includes in particular technical data about your devices, network and Internet connection, such as IP address, device type, operating system type and version, client version, camera type, microphone or speaker, type of connection.
Voluntary information and functions
You can provide additional information about yourself, but you do not have to. You are also free to use the chat function during the online meeting. You can also switch your camera and microphone on, off or mute yourself. By default, the camera and microphone are disabled at the beginning of a meeting.
When you use the chat function, the text entries you make are processed to display them in the "online meeting". There is no logging of the chat. If you turn on your camera or microphone, data from your end device's microphone and any end device video camera will be processed for the duration of the meeting.
Please note that any information you or others upload, provide, or create during an online meeting will be processed at least for the duration of the meeting. This includes, but is not limited to, chat/instant messages, files, whiteboards, and other information shared while using the service. Recordings will not be made.
For more information on the processing of your data when using "Zoom", a detailed list of the data collected and processed by "Zoom", and the "Zoom" privacy notice, please visit: https://zoom.us/privacy
Legal basis for data processing
If you participate in an online meeting as an external participant, the processing of your data is based on Art. 6 para. 1 p. lit. b. DSGVO, provided that your participation in the online meeting is necessary for the performance of a contract concluded with you. The same applies if the implementation of the online meeting is necessary for the implementation of pre-contractual measures, which are carried out at your request.
If data processing in connection with the use of "Zoom" is not necessary for the fulfillment of a contract concluded with you or for the implementation of pre-contractual measures, it is carried out on the basis of Art. 6 (1) sentence 1 lit. f DSGVO. Our legitimate interest here is the maintenance of location-independent communication, the maintenance of business contacts and the provision of services owed.
If you also voluntarily provide personal information when using the tool or voluntarily use functions that are not mandatory, the associated data processing is based on your revocable consent pursuant to Art. 6 (1) sentence 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. Please note that processing that took place before the revocation is not affected by this.
Disclosure of your data
As a matter of principle, we do not pass on your data to third parties. Data will only be passed on if it is intended to be passed on, if you have expressly consented to the transfer in advance or if we are obliged or entitled to do so by law.
When processing your data, Zoom Video Communications Inc. supports us as an external service provider and processor within the meaning of Art. 28 DSGVO. As a processor, Zoom Video Communications Inc. processes your data strictly in accordance with instructions and on the basis of a separately concluded order processing agreement. In this context, the data processing may also take place outside the EU or the EEA. With regard to Zoom Video Communications Inc., an adequate level of data protection pursuant to Art. 46 (2) lit. c DSGVO can be assumed through the use of EU standard contractual clauses as well as other appropriate measures (establishment of end-to-end encryption and through the use of the data routing function; This is understood to mean the ability to determine for yourself through which data centers the data should flow during meetings and webinars.). We will gladly provide the concluded EU standard contractual clauses upon request.
Deletion of your data
As a matter of principle, we process your data only as long as it is necessary for the purposes for which it was collected. We do not record anything. Therefore, your data will not be stored.
Your rights as a data subject
In accordance with Art. 15 of the GDPR, you have the right to obtain information from the controller about the personal data concerning you, as well as the right to have inaccurate data corrected in accordance with Art. 16 of the GDPR, or to have it deleted if one of the reasons listed in Art. 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued. You also have the right to restriction of processing if one of the conditions set out in Art. 18 DSGVO applies and, in cases covered by Art. 20 DSGVO, the right to data portability.
In cases where we process your personal data on the legal basis of Art. 6 (1) p. 1 lit. f DSGVO, you also have the right to object at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You also have the right to lodge a complaint with a supervisory authority if you believe that the processing of the data concerning you violates data protection regulations. The right to lodge a complaint may in particular be asserted before a supervisory authority in the Member State of the data subject's place of residence or the place of the alleged infringement.
Contact details of the data protection officer
In fulfilling our obligations under data protection law, we are supported by our data protection officer. The contact details of our data protection officer are:
I. Access, deletion, rectification, restriction of processing, portability, withdrawal of consent
On demand, we will inform you of personal data we store. You can also ask us to erase or rectify your data. At the same time, you can require us to process your data for certain purposes only. Finally, we will provide you with the data set received from you in a machine-readable format.
At any time, you can contact us and withdraw your given consents with effect for the future.
To make use of your rights, you can turn to the Zentrum für Europäischen Verbraucherschutz e.V. (email@example.com) or our external data protection officer (firstname.lastname@example.org). The complete contact information you find in the categories: ‘Responsible body’ and ‘External data protection officer’.
II. Supervisory authority
If you have the opinion that we did not protect your data sufficiently, you have the right to turn to the competent data protection authority, the Landesbeauftragten für Datenschutz und Informationsfreiheit in Baden-Württemberg (regional data protection authority of Baden-Württemberg). You find the contact information on his website.