person responsible
Collection and storage of personal data and the type and purpose of their use when you visit our websitewww.efly-amz.com) and our services in the area of Amazon PPC consulting and management are offered by eFLY Marketplace Services GmbH, with its registered business address at Neckarstraße 189-191, 70190 Stuttgart and registered in the commercial register of the Stuttgart Local Court under HRB 792163 ("eFLY", "we", "us", and "our").
The following information is intended to provide you with a clear and simple overview of what happens to your personal data when you visit our website or otherwise contact us. We would also like to explain how we process your personal data and how we ensure the protection of your data.
For any questions in this regard, you can contact our Data Protection Office by post at the address stated above or by email at (datenschutz@efly-amz.com).
We process personal data in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR). The terms defined in the GDPR therefore have the same meaning in this privacy notice.
These privacy notices replace all previous versions. We may amend them at any time to reflect legal developments or changes in our processes. Any amendments will only apply to the future processing of your data. You can view the current version of our privacy notices at any time on our website(www.efly-amz.com).
Sharing data
We would like to point out that we will also forward your data to third parties (e.g. contract processors, tax authorities) insofar as this is necessary to fulfill the mandate agreement or we are otherwise legally obliged to do so. All service providers who receive your personal data have previously committed themselves, as part of an order processing agreement, to comply with the level of data protection set by the GDPR.
We may process the following categories of personal data:
- Contact details (e.g. first and last name, email and postal addresses, and telephone numbers);
- Professional data (e.g. job title, role and employer, as well as, in the case of applications, CV and cover letter with references, such as information on school and university qualifications, professional experience and skills, and—if relevant—information on previous employment);
- Communication data (e.g. personal data used for or embedded in any type of communication and interaction, including contact forms, calls, chats, emails or attachments to such communications, or calendar entries);
- Marketing data (e.g. personal data including contact and communication preferences, or webinar/event registrations, attendance, and participation information);
- Technical traffic data (e.g. personal data relating to the device or browser, operating system, data volume, date, time and duration of access, as well as references to the specific service used).
2.1. Application process
We offer you the opportunity to apply for a position with the eFLY team (e.g. by email). In this context, contact, professional, and communication data of applicants are processed as necessary (e.g. together with the respective employment and educational history, certificates, or references).
2.2. Contact form; inquiries by post, email, or telephone
When you communicate or interact with us, including via our contact form on the website, by email, or by telephone, we may process contact, professional, and communication data.
2.3. Contract initiation and performance
In the preparation and planning of our agency services and in connection with our Amazon PPC consulting and management, we process the contact and professional data of the data subject and, in individual cases, additional communication, marketing, and technical traffic data.
2.4. Marketing and newsletter
We may process marketing and technical traffic data in connection with your consent for the purpose of receiving marketing communications or, for example, when you request marketing materials from eFLY. Personal data is also processed when you register for one of our webinars.
If you subscribe to our newsletters, we process contact data as well as professional, communication, and technical traffic data. To verify the email address provided and confirm that you consent, we will send you an automatic confirmation email (double opt-in) after receiving your subscription request. Once verified, your contact data will be added to our internal newsletter distribution list.
2.5. Hosting of the eFLY website
Our website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider. This primarily includes technical traffic data. However, it may also include contact or communication data generated via our website. Our hosting provider will only process your data to the extent necessary to fulfill its contractual obligations.
2.6. Use of Cookies
When you visit or browse our website, we may collect technical traffic data. In this context, we may use cookies and similar technologies, such as pixel tags, web beacons, mobile identifiers, or JavaScripts ("cookies"). Cookies are small data files that are stored on your device to recognize it during future visits. There are two types of cookies: session cookies, which expire once you leave our website, and persistent cookies, which remain on your device and can be managed through your browser settings.
There is also a distinction between first-party cookies, which are set by us as the website operator, and third-party cookies, which originate from external providers. The latter may enable certain functions on our website, such as advertising, interactive content, or social sharing. These cookies may also recognize your device when you visit other websites that cooperate with these third-party providers.
The cookies we use are exclusively technically necessary and serve the secure and proper operation of our website. The cookies used are required to provide essential website functions and to detect and prevent disruptions or security incidents, such as cyberattacks. No processing takes place for analytics, marketing, or advertising purposes. As we do not use any cookies that require consent, cookies are neither categorized into consent-free and consent-required categories nor do we use a consent management platform.
You can configure your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to block certain cookies, or to automatically delete all cookies when closing the browser. Please note that the functionality of our website may be restricted if cookies are completely disabled.
2.7. Social media presence
We maintain publicly accessible profiles on social networks such as LinkedIn. These networks may comprehensively analyze your user behavior when you visit their websites or websites with integrated social media content (e.g. like buttons or advertising banners). If you are logged into your social media account and visit our profiles, the operator of the network may associate this activity with your profile. Even if you are not logged in or do not have an account, technical traffic data may still be collected.
Using this data, the operators of social media networks create user profiles in order to display personalized advertising to you both within and outside the networks. If you have a social media account, this interest-based advertising may appear on all devices on which you are or have been logged in. However, we do not have full insight into all processing activities of the social media networks. For further information on their data processing, please refer to the respective providers’ privacy policies and terms of use.
3. Purpose and legal basis of processing
We process your personal data for the following purposes:
3.1. Provision of our services and website
We process all categories of personal data in order to provide our services and offerings properly and in response to your request. In this context, we primarily enable you to use our Amazon PPC consulting and management services. The processing is based on Article 6(1)(b) GDPR for the purpose of fulfilling a contract with our prospective and existing customers (contract initiation and performance) and on our legitimate interests (Article 6(1)(f) GDPR). We also recognize the legitimate interest of our prospective and existing customers (Article 6(1)(f) GDPR) in being able to obtain information about our services on our website in a secure, fast, and efficient manner.
To the extent that the processing of personal data is based on legitimate interests pursuant to Article 6(1)(f) GDPR, we have carried out and documented a corresponding balancing of interests. This is conducted in accordance with the case law of the Court of Justice of the European Union (CJEU) as well as Recital 47 GDPR and includes, in particular, (i) the legitimate interests pursued by eFLY, (ii) the necessity of the processing in compliance with the principle of data minimization, and (iii) a balancing of these interests against the fundamental rights and freedoms of the respective data subjects.
3.2. Improvement of our services and website
In addition, we optimize our services and offerings and aim to better tailor our offering, not only on the website, to the needs of our prospective and existing customers. In doing so, we rely on our legitimate interest in the development, promotion, and improvement of the services offered, as well as in identifying future business opportunities (Article 6(1)(f) GDPR). In this context, your consent may also serve as the legal basis for data processing (Article 6(1)(a) GDPR).
3.3. Security and availability of our systems
We secure our systems and ensure their functionality. In doing so, we rely on our legitimate interest in ensuring the security of our IT systems, particularly in connection with our contractual relationships with our customers (Article 6(1)(b) and (f) GDPR).
3.4. Customer communication
We communicate with you and process personal data in the context of correspondence (e.g. via our contact form or in order to respond to your inquiries). The legal basis for processing personal data in connection with communication with you is the joint contract initiation and performance and/or our legitimate interests (Article 6(1)(b) and (f) GDPR). In this context, your consent may also serve as the legal basis for data processing (Article 6(1)(a) GDPR).
3.5. Marketing and social media
We inform you about new content, webinars, and relevant offers from eFLY. The legal basis for our marketing activities is our legitimate interest (Article 6(1)(f) GDPR) in promoting our services. We also rely on your consent (Article 6(1)(a) GDPR) for specific marketing communications. The same applies to our social media presence, which is intended to ensure the most comprehensive possible presence on the internet. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. Any analysis processes initiated by social networks may be based on different legal bases, which must be specified by the operators of the respective social networks (e.g. consent within the meaning of Article 6(1)(a) GDPR).
3.6. Consent
We may process personal data with your consent (Article 6(1)(a) GDPR; Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on your device). You may withdraw your consent at any time without affecting the lawfulness of any processing of personal data carried out prior to the withdrawal. For this purpose, we provide an unsubscribe link in emails and newsletters. If the storage of your consent is necessary for the processing of your personal data, the legal basis is Article 6(1)(c) GDPR.
3.7. Establishment of an employment relationship
If you submit an application to us, we process the associated personal data to the extent necessary to make a decision on the establishment of an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) GDPR (contract initiation), and, if you have given your consent, Article 6(1)(a) GDPR. If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG and Article 6(1)(b) GDPR for the purpose of carrying out the employment relationship.
4. Storage and deletion
Your personal data will be stored for as long as necessary to fulfill the stated purposes, until the legal basis for processing no longer applies, and until the applicable retention periods (in particular under tax, commercial, and civil law) have expired. After termination of the contractual relationship or after the expiry of statutory retention periods, your data will be deleted, unless you have consented to longer storage (Article 6(1)(a) GDPR) or further legal retention obligations apply (Article 6(1)(c) GDPR). Until personal data is fully deleted, it will be pseudonymized or anonymized to the extent possible, and access will be restricted.
In the case of applications for which we are unfortunately unable to offer you a position, if you decline a job offer, or if you withdraw your application, we reserve the right to retain the data you submitted on the basis of our legitimate interests (Article 6(1)(f) GDPR) for up to six months after the conclusion of the application process. After that, the data will be deleted and any physical application documents will be destroyed. The retention primarily serves evidentiary purposes. If it is apparent that the data will be required after the expiry of the six-month period (e.g. due to a pending or anticipated legal dispute), deletion will only take place once the purpose for the extended retention no longer applies. Longer retention may also occur if you have given your consent (Article 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.
In connection with our newsletter, your contact data will only be stored for the period during which the newsletter is actively sent. If you unsubscribe or if we discontinue the newsletter, your data will be deleted from the relevant systems without undue delay.
Technical traffic data is generally deleted or anonymized within a short period after your visit to the eFLY website, typically within 7 to 30 days, unless longer storage is required for technical, legal, or security-related reasons.
5. Disclosure of data to recipients or third parties
We treat personal data as strictly confidential and only disclose it to the extent necessary for the provision of our services, the fulfillment of legal obligations, or on the basis of your consent. Internally, only those eFLY employees who require access to personal data in order to perform their duties are granted such access. In addition, we use carefully selected external service providers, for example for hosting and IT infrastructure, customer support software, marketing and analytics tools, or recruiting solutions. We conclude data processing agreements with all service providers in accordance with Article 28 GDPR, ensuring that processing is carried out solely in accordance with our instructions and in compliance with high data protection standards.
6. Data processing in the EU/EEA; exception
Your personal data is generally processed within the member states of the EU/EEA. In exceptional cases, it may be necessary to transfer personal data to recipients outside the EU/EEA (e.g. if this is necessary to provide or perform our services or if required by law). Such transfers are carried out exclusively subject to an adequacy decision by the European Commission or where standard contractual clauses and, where applicable, additional appropriate safeguards are in place. Upon request, we will provide the data subject with a copy of these standard contractual clauses.In the case of explicit consent to the transfer of personal data to third countries, the data processing may be carried out on the basis of Article 49(1)(a) GDPR. However, we would like to point out that countries outside the EU/EEA may not guarantee a level of data protection comparable to that within the EU/EEA (for example, US companies may be required to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this).
7. No automated processing
We do not make any decisions based solely on automated individual decision-making, including profiling, within the meaning of Article 22 GDPR. Should we use such procedures, we will inform you separately and as required by law.
8. Protection of your personal data
We implement comprehensive technical and organizational measures to protect your data against unauthorized access, loss, or misuse. In particular, we store personal data in secure networks and use encryption technologies. Access to personal data within our company is strictly regulated and granted only to those employees who are directly responsible for handling the respective matter (e.g. for planning and carrying out your project or processing your application). All members of the eFLY team are expressly bound to confidentiality, are subject to our data protection policies, and are informed and trained accordingly.
In the event of a personal data breach, we will inform you and the competent supervisory authority without undue delay, as required by law. Each incident will be documented, including all relevant information regarding the causes, effects, and the corrective measures taken.
9. Overview of your rights
In addition to the right to withdraw your consent at any time (Article 7(3) GDPR), you have the following rights, provided that the respective legal requirements are met:
- Right of access (Article 15 GDPR);
- Right to rectification (Article 16 GDPR);
- Right to erasure ("right to be forgotten") (Article 17 GDPR);
- Right to restriction of processing (Article 18 GDPR);
- Right to data portability (Article 20 GDPR);
- Right to object (Article 21 GDPR).
You may contact our Data Protection Office at the address provided above at any time to exercise your rights. You also have the right to lodge a complaint with the competent supervisory authority (Article 77 GDPR).
If you visit one of our social media presences (e.g. LinkedIn), we may be jointly responsible with the operator of the social media platform for the data processing activities triggered by your visit. You may exercise the above-mentioned rights both against us and against the operator of the social media platform. Please note that, despite the joint responsibility, we do not have full control over the data processing activities of the respective social media platforms. Our ability to influence such processing is primarily determined by the corporate policies of the respective platform operator.
Please note, finally, that we may continue to process personal data even after receiving your request, if this serves our legitimate interests and is necessary to fulfill our legal obligations. These purposes may include the resolution of disputes, the enforcement of our contractual rights, and compliance with statutory retention obligations.
