Privacy Notice

This Privacy Notice is effective from 6 December, 2024

The previous version of Privacy Notice can be found here.

 

SCOPE AND LEGAL BASIS

 

(1) In Pocketbook we respect your privacy and are committed to protecting your personal data while you running the website https://pocketbook.de (sometimes referred to as “website”, “online shop” or “online offer”). This Privacy Notice (“Notice” or “Privacy Notice”) will help you to understand who we are, how and what for we collect, use and store your personal data, how we keep your data secured, as well as your privacy rights and our commitments to comply with them. This Notice is provided in a layered format so you can click through to the specific areas set out below.

 

(2) This Notice does NOT apply to:

 

• Personal data that we process about you if you interact with other websites, our branded social media pages, and other non-career websites which we operate, or other ways you may interact with us as a user of our products and services. In such cases, the relevant privacy notice of each product our service you interact with will apply;
• Personal data that we process about you if you are an employee/business contractor with us.

 

(3) We will notify you whenever we update this Notice by posting a new version on this page and identifying the date of update. In the event of substantial changes to this Notice, we will take additional steps to ensure you are aware of them. We also ensure the visibility and accessibility of this Notice by publishing and communicating it on all communication channels.

 

(4) Our services are not aimed at children under 16 years. We do not knowingly collect information from children under the age of 16. If you have not reached the age limit, do not use the services and do not provide us with your personal data. If you are a parent or guardian of a child below the age limit and you learn that your child has provided Pocketbook personal data, please contact us at [email protected] or [email protected] and insist on exercising your rights of access, correction, cancellation and/or opposition.

 

(5) This Privacy Notice was drafted in accordance with the Federal Data Protection Act (BDSG) of 30 June 2017 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

 

(6) With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions from Article 4 of the General Data Protection Regulation (GDPR).

 

(7) The term “user” includes all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offering. The terms used, such as “user”, are to be understood as gender-neutral.

 

1. IMPORTANT INFORMATION AND WHO WE ARE

2. THE DATA WE COLLECT ABOUT YOU

3. HOW IS YOUR DATA COLLECTED

4. HOW WE USE YOUR DATA AND LEGAL GROUNDS WE RELY ON

5. DISCLOSURES AND INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

6. HOW WE SECURE YOUR DATA

7. HOW LONG SHALL WE RETAIN YOUR DATA

8. WHAT RIGHTS DO YOU HAVE

9. POCKETBOOK JOINT PROCESSING STATEMENT

 

 

1. IMPORTANT INFORMATION AND WHO WE ARE

 

POCKETBOOK JOINT PROCESSING STATEMENT

 

(1) This Notice applies to ultimate holding Swiss company Pocketbook International SA and subsidiary Pocketbook Readers GmbH, as well as business units (sometimes may be referred to as either “Pocketbook”, “Group”, “us,” “we,” or “our”).

 

(2) Pocketbook Readers GmbH and Pocketbook International SA are both companies in the Pocketbook Group of companies and work together to provide you with online offer https://pocketbook.de, purchasing and delivering of Pocketbook’s products and services, providing you with partnering services and content, providing guarantee and repairment services for our products, as well as responding to your requests when you exercise your data protection rights and submit DSARs. This is achieved, in part, by sharing your personal information with us when you run this website and share your personal data.

 

(3) We have prepared a Pocketbook Joint Processing Statement as the integral part hereof. To find more, please navigate to section Section 9 Pocketbook Joint Processing Statement below (“Statement”). This Statement describes the relationship between Pocketbook Readers GmbH and Pocketbook International SA, our roles and responsibilities in connection with the processing of your information and our data protection responsibilities for your personal data that is shared between us.

 

(4) For the purposes of data protection laws, Pocketbook Readers GmbH and Pocketbook International SA are “joint controllers” of the processing of your personal information described in Statement below. This means that both businesses work together to decide why and how your personal information is processed. It also means that we are jointly responsible to you under the GDPR.

 

JOINT CONTROLLERS

 

Pocketbook Readers GmbH Richard-Wagner-Strasse 11 01445 Radebeul   Dresden District Court, HRB 29866 Managing Director: Enrico Müller Telephone: +49 (0) 351 79556300 Fax: +49 (0) 351 79556320 Email: [email protected]

Pocketbook International SA Crocicchio Cortogna, 6, 6900 Lugano, Switzerland   Reg.No: CHE-416.098.857 Tel/fax: +41 91 922 07 05 pocketbook.ch Email: [email protected]

 

We have a dedicated communication channel with which you can request more information about processing of your personal data. If you have any questions, comments or complaints regarding how we handle information about you, or if you want to assert any of your rights under the General Data Protection Regulation (“GDPR”), please send an email to [email protected].

 

2. THE DATA WE COLLECT ABOUT YOU

 

(1) Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

 

(2) The users' personal data processed includes:

 

• Inventory data (e.g. names and addresses of customers)
• Contact details (e.g. email address, telephone number)
• Contract data (e.g. services used or products purchased, contract content, contractual communication and payment information)
• Usage data (e.g. access times and the websites of our online offering visited, data gathered from cookie files)
• Content data (e.g. information on forms or in emails)
• Technical data (e.g. device information).

 

Hereinafter, sometimes referred to as “personal information”, “data”.

 

(3) The processing of users’ personal data takes place in particular for the following purposes:

 

• Provision of the online offer, its content and functions
• Provision of our contractual services and services available on this online offer
• Customer service
• After-sales services
• Replying to data subjects’ access requests and communicating with users
• Marketing and analytics
• Security and functionality of the online offer

 

(4) We only process users’ personal data in compliance with the relevant data protection regulations. This means that user data will only be processed if there is legal permission. This is particularly the case if data processing is necessary or required by law to fulfill our contractual services (e.g. to process orders and orders) as well as our online services, if the user has given their consent or is based on our legitimate interests. The legitimate interests include analysis, optimization, security and the economical and user-friendly operation of our online offering.

 

(5) We would like to point out that the legal basis for the consent is Article 6 Paragraph 1 Sentence 1 Letter a) and Article 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual or pre-contractual measures Art. 6 Paragraph 1 Sentence 1 Letter b) GDPR, the legal basis for processing to fulfill our legal obligations Art. 6 Paragraph 1 Sentence 1 Letter c) GDPR and the legal basis for safeguarding our legitimate interests is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. By following this Notice in details, you will find out all processing activities we carry out, what personal information we collect, use and store, what are the purposes of collection and legal basis we rely on, with whom we share your personal data and legitimacy of transferring your data, as well as what rights do you have towards your personal data and how to exercise them.

 

(6) You are not legally obliged to provide us with your personal data. However, if you do not provide this information, we will not be able to provide you with certain services, including our online offer. Note that we do not request and collect any sensitive data (such as information about your health, religion, etc.), unless you voluntarily provide us with. If you believe you have unintentionally provided with sensitive data, please request us and we will remove your sensitive data.

 

It is essential to provide us with complete and accurate information when you purchase products on this website or requests other related services, it is your responsibility to ensure that information you submit does not violate any third party’s rights. You should keep your data up to date and inform us of any significant changes to it.

 

(7) While interacting with our online offer, we also collect, store and use your cookies data, meaning usage and technical data, identification and identifiable data. We have strong commitments to ensure compliance with privacy laws, hence we have integrated and placed Cookie Consent Management Tool by EU provider. To find out more, please jump into Sections 3 and 4 below.

 

3. HOW IS YOUR DATA COLLECTED

 

(1) Collection of access data and log files. Based on our legitimate interests within the meaning of Article 6 Paragraph 1 Sentence 1 Letter f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). This data is technically necessary to display the respective website to you and to ensure stability and security. The access data includes, in particular, the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, the website previously visited and the IP address.

 

Log file information is stored for security reasons (e.g. to investigate acts of abuse or fraud) for a maximum of ninety days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

 

(2) Registration and provision of contractual services. The use of our products and services, in particular our e-readers and digital content (eBooks and audiobooks), requires the user to register in our online shop. This can be revoked at any time by notifying us, for example by email.

 

As part of the registration process, the required mandatory information (name, email address and password) is collected and stored in the customer account. As part of the login process, the user's email address and password are collected. Furthermore, the date and time as well as the user's IP address are stored at the time of registration and login.

 

If necessary, when purchasing the product, the user's address and, if applicable, their credit card details (in pseudonymous form, see section 3 paragraph 2 of this privacy notice) are collected and the customer account is stored. Furthermore, other voluntarily provided data, such as the user's telephone number or different delivery addresses, may also be stored there.

 

In the customer account, the user can view and manage their orders, the devices they use or, if they add products from our online offering to their wish list, their wish list. The same applies to his personal data.

 

If the user is not yet registered for our Pocketbook Cloud service, a customer account will be created for them when they first purchase digital content via our online shop so that the purchased digital content can be made available to the user. The operator of the cloud service is Pocketbook International SA. The terms of use published there apply to the use of the cloud service, which the user must confirm when logging in for the first time. The same applies to the information on data protection. To find out more, visit Pocketbook Cloud website https://cloud.pocketbook.digital/browser/de.

 

In addition, the user has the option of using the “Send-to-Pocketbook” service available on our e-readers using their access data for our online shop (email address and password) to send the information on the e-readers to send stored digital content via email.

 

(3) We process the user's data for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) GDPR. The legal basis for registering in our online shop is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. The storage of the technical and usage data when registering and logging in is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use as well as for any support requests in accordance with Art. 6 Para. 1 Sentence 1 lit. f) GDPR.

 

(4) The above-mentioned data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. If users have canceled their customer account, the data relating to the customer account will be deleted, unless their retention is required for legal reasons (Art. 6 Para. 1 S. 1 lit. c) GDPR). It is the user's responsibility to secure their data if the customer account is terminated. Furthermore, we delete the data on the occasion of the initiation and fulfillment of the contract after the expiry of statutory warranty and comparable obligations, ie, generally after 3 years, unless the data is stored in the user's customer account or for legal reasons of archiving must be retained (e.g. for tax purposes usually 10 years, Art. 6 Para. 1 Sentence 1 Letter c) GDPR). The technical and usage data during registration and login are stored for a maximum of 90 days for security reasons and for support requests and then deleted.

 

WHAT COOKIES DO WE USE

 

(1) We use certain technologies, including so-called cookies, on various pages for our online offering. Cookies are small text files or other storage notes that store information on the user's device and read information from the device. This is primarily information about a user during or after a visit to our online offering. The information stored may include, for example, the language settings, login status, shopping cart contents or the user's wish list. Cookies can also be used for the purposes of the functionality, security and comfort of our online offering, to create analyzes of visitor flows or for marketing purposes.

 

(2) Types of cookies: Cookies are categorized according to the storage period (session cookies or permanent cookies), the provider (first-party or third-party cookies) and the purpose of use. Users can find further information about the categories mentioned and the respective assignment of the cookies we use in the Cookie Consent Management Tool we use.

 

(3) Consent: Unless unnecessary in exceptional cases, we obtain users' consent before using cookies. However, consent is not necessary if the storage and reading of the information is absolutely necessary in order to provide users with a telemedia service they have expressly requested (our online offering). These cookies are categorized as “strictly necessary” cookies in the Cookie Consent Management Tool, appearing on the website.

 

(4) Data protection legal basis: The data protection legal basis on which we process personal data using cookies depends on whether we ask the user for consent. If this applies and consent is given, the legal basis for processing the data is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. Unless the user has given the necessary consent, cookies that are absolutely necessary for the operation of our online offering are used. We clarify the purposes for which we process cookies in this privacy notice.

 

(5) Revocation/objection: If users have consented to the use of the technologies in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR, they can change and revoke their consent at any time using the cookie icon on the home page: Cookie Consent Management Tool. Users can also object to the processing in accordance with the legal requirements of Article 21 GDPR. Users can also declare their objection using their browser settings.

 

(6) Cookie Consent Management Tool: We use the CookieScript tool for our online offering to inform users about the use of cookies and other technologies and to obtain their consent, if necessary, to their use and to the processing of their personal data through these technologies, to manage and document. This is necessary in accordance with Article 6 Paragraph 1 Sentence 1 Letter c) GDPR in order to fulfill our legal obligation in accordance with Article 7 Paragraph 1 GDPR to be able to prove the consent of the users. CookieScript is an offer from the provider Objectis Ltd. (Laisves st. 60, LT-05120 Vilnius, Lithuania, Company registration number:304037472). CookieScript stores information about the categories of cookies used within our online offering and whether users have given or withdrawn their consent to the use of the individual categories. The data is stored in a cookie (so-called opt-in cookie) in order to be able to assign the consent to a user or their device. The duration of storage of the consent is 1 year. Here, a pseudonymous user identifier is created and stored with the time of consent, information about the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used.

 

(7) Specific cookies used: Users can find details about the cookies used within our online offering, in particular information about the type and functionality of the cookies, the storage period and the respective provider, in the Cookie Consent Management Tool we use.

 

4. HOW WE USE YOUR DATA AND LEGAL GROUNDS WE RELY ON

 

(1) Product Reviews. You can submit product reviews in our online shop. Your review will be published with your specified name for the respective product. We recommend using a pseudonym instead of your real name. Providing your username and your review is required; all other information is voluntary. If you leave a review, we continue to store your Contact and Usage data, which we delete after 90 days. The storage is necessary for us to be able to defend ourselves against liability claims in the event of possible publication of illegal content. The legal basis is Article 6 Paragraph 1 Sentence 1 Letters b) and f) GDPR. Reviews are checked before publication. We reserve the right to delete comments if they are criticized by third parties as being unlawful. Otherwise, the personal information provided as part of the evaluation and the content details remain permanently stored until the user objects.

 

(2) Newsletters and reminders. With the following information we will inform you about the contents of our newsletter as well as the registration and shipping process as well as your rights to object. By subscribing to our newsletter, you agree to its receipt and the procedures described.

 

We only send our email newsletter with promotional information with the consent of the recipient. Our newsletters contain information about our products and services, promotions and our company.

 

Registration for our newsletter takes place in a so-called double opt-in process. This means that after you register you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with someone else's email address. Registrations for the newsletter are logged in order to be able to provide evidence of the registration process in accordance with legal requirements. This includes storing the registration and confirmation times as well as the IP address. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any misuse of your personal data.

 

Based on and in line with paragraph 2 Article 13 of the Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, we may send you reminders about your cart left abandoned in our shop to invite you to complete your purchase.

 

The newsletter and reminder are sent via CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as “shipping service provider” (website: https://www.cleverreach.com/de; data protection declaration: https://www.cleverreach.com/de/datenschutz/). The email addresses of our newsletter and/or reminder recipients as well as their other technical data described in this information are stored on the shipping service provider's servers. The shipping service provider uses this information to send and evaluate the newsletter on our behalf. Furthermore, the shipping service provider can, according to its own information, use this data in pseudonymous form, ie without assigning it to a user, to optimize or improve its own services, e.g. to technically optimize the shipping and presentation of the newsletter or reminder or for statistical purposes, e.g. to determine which countries the recipients come from. However, the shipping service provider does not use the data of our newsletter or reminder recipients to write to them themselves or to pass them on to third parties. We trust in the reliability and IT and data security of the shipping service provider. For this purpose, we have concluded an order processing contract with the shipping service provider. This is an agreement in which the shipping service provider undertakes to protect our users' data, to process it in accordance with the data protection provisions in our contract and, in particular, not to pass it on to third parties.

 

To register for the newsletter and/or reminder, it is sufficient to provide your email address. We save your email address for the purpose of sending the newsletter and/or reminder (if applicable).

 

(3) Push Notifications: From time to time, we will send push notifications about our marketing and advertising campaigns that will appear on this online offer and Pocketbook Readers mobile application. When sending you push notifications, we rely on your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) or so called “opt-in”. You can manage your consent preferences directly in push notification icon, or opt-out of receiving push notifications by going to your device “Settings” and clicking on “Notifications,” and then changing those settings for some or all of the apps on your device, depending on device and its configurations. If you do not consent to receive push notifications, we will not send them to you. Push Notifications are send by our service provider OneSignal. OneSignal, Inc. is a U.S. company located at 201 S. B Street, San Mateo, CA 94401.

 

Your personal data is hosted and stored in Europe and accessed in the United States. OneSignal complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. OneSignal has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“ EU-U.S. DPF Principles ”) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF. OneSignal has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the DPF principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification page, please visit https://www.dataprivacyframework.gov/list. If you have any question about data transfers, please refer to [email protected]

 

You can learn more about OneSignal privacy and data protection commitments by following OneSignal Privacy Policy.

 

(4) Statistical collection and analysis: The newsletters contain a so-called “web beacon”, ie a pixel-sized file that is retrieved from the shipping service provider's server when the newsletter is opened. As part of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their access locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the shipping service provider to monitor individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

 

The newsletter is sent and the associated measurement of success (statistical survey and analyses) is based on the consent of the recipient in accordance with Article 6 Paragraph 1 Sentence 1 Letter a). The use of the shipping service provider and the logging of the registration process are based on our legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR. Our interest is in using a user-friendly and secure newsletter system that meets our business interests, meets the expectations of users and enables us to provide evidence of users' consent.

 

You can revoke your consent to receive our newsletter at any time. You will find a link to exercise your right of withdrawal at the end of each newsletter. Registered users can also unsubscribe from the newsletter via their personal settings in their customer account. Unfortunately, it is not possible to revoke the success measurement separately. In this case, you must unsubscribe from the newsletter altogether.

 

We can store the unsubscribed email addresses for up to three years based on our legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) and f) GDPR to be able to prove consent. The processing of the data is limited to the purpose of possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the event of obligations to permanently observe contradictions, we reserve the right to store the email address in a blocking list (so-called “blacklist”) solely for this purpose.

 

(5) Google Services. We use Google Analytics and Google Ads, web analysis and advertising services respectively, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

 

Google Analytics and Google Ads also uses cookies, i.e. text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. On our behalf, Google will use your personal data to evaluate your use of the website, to compile reports on website activity and to provide us as website operator with other services related to website activity and internet usage.

 

Please note, Google Services do not store and process your IP address. To find out more, please visit Data privacy and security page of Google Analytics service.

 

Consent and objection: The Google Analytics cookies are stored and thus your usage behavior is only tracked if you have previously consented to this tracking. You can revoke this consent at any time with future effect. Users can find details about the cookies used within our online offering, in particular information about the type and functionality of the cookies, the storage period and the respective provider, in the Cookie Consent Management Tool we use. You can also prevent the storage of cookies by setting your browser software accordingly. In addition, you can prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de. You can find Google's privacy policy here: https://www.google.com/policies/privacy/partners/?hl=de.

 

The processing of your data using Google Analytics takes place on the legal basis of Article 6 Paragraph 1 Sentence 1 Letter a) GDPR in conjunction with the consent you have given. Your data generated by Google Analytics will be deleted after 24 months at the latest.

 

(6) Online marketing/Meta pixel: We process personal data (in particular usage data and technical data) for the purposes of online marketing via the Meta platforms, which includes in particular the marketing of advertising space based on the potential interests of users and the measurement of their effectiveness. For this purpose, user profiles are created and stored in a file, with the help of which the user information relevant to the display of the advertising content is recorded. This information includes, for example, the content viewed, websites visited, online networks used and technical information such as the browser used, the computer system used and information about times of use. Please note, Meta does not store and process your IP address.

 

The information stored in the profiles is usually stored in cookies or using similar technical means for a period of 2 years, unless other term is defined in the banner of our Cookie Consent Management Tool. These cookies can also be read on other websites that use the same online marketing process and analyzed for the purpose of displaying advertising content, as well as supplemented with further data and stored on the server of the online marketing process provider. In exceptional cases, clear data can also be assigned to the profiles. This is the case if the users are members of the Facebook social network and Facebook and Meta connects the users' profiles with the aforementioned information. However, the user can make additional agreements with Meta, for example by giving consent during registration. We generally only receive access to aggregated information about the success of our advertisements.

 

With the help of the Meta pixel we are able to determine the visitors to our online offering as a target group for the display of advertisements (so-called “Meta Ads”). Accordingly, we use the Meta pixel to display the Meta ads we place only to those users on Facebook and, if necessary, within the services of partners cooperating with Meta who have also shown an interest in our online offering or who have certain characteristics (e.g Interest in certain content or products) that we transmit to Meta (so-called "Custom Audiences"). At the same time, we want to ensure that our Meta ads correspond to the potential interest of the users and do not appear annoying based on the Meta pixel. Finally, it allows us to track the effectiveness of Meta ads for statistical purposes. This allows us to see whether users were redirected to our website after clicking on a Meta ad.

 

Furthermore, when using the Meta pixel, we use the additional function “advanced matching”. Here, data such as email addresses or Facebook IDs of the users are sent to Meta to form target groups (“Custom Audiences” or “Look Alike Audiences”) transmitted (encrypted). Further information on “advanced matching” can be found in Custom Audience Privacy Information and About advanced matching for web.

 

We also use the “Custom Audiences from File” procedure. In this case, the email addresses of the newsletter recipients are uploaded to Meta. The upload process is encrypted. The upload is used solely to determine recipients of our Meta ads. We want to ensure that the ads are only shown to users who are interested in our information and services.

 

The service provider of the Meta Pixel is: Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland), parent company: Meta Platforms, Inc. (Willow Road 1601, Menlo Park, California, 94025, USA; Website: https://about.meta.com/); Data protection declaration by following this link.

 

The processing of your data in connection with the use of the Meta Pixel takes place on the legal basis of Article 6 Paragraph 1 Sentence 1 Letter a) GDPR in conjunction with the consent you have given, which you can revoke at any time with effect for can be revoked in the future, in particular for expanded data comparison and target group formation via data upload. You can also object to the collection by the Meta pixel and the use of your data to display Meta ads at any time. To set which types of advertisements are shown to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/help/247395082112892. The settings are platform-independent, meaning they are applied to all devices, such as desktop computers or mobile devices. You also have the option of switching off cookies in your browser settings. However, this may limit the functions of our online offering. For more information, see the section on the use of cookies above.

We are affiliated with Meta Platforms Ireland Limited. We are jointly responsible for the collection and transmission of the data that Meta collects or transmits using the Meta pixel and comparable functions that are carried out within our online offering for the following purposes: a) the creation of individualized or suitable advertisements, as well as for their optimization; b) the delivery of commercial and transaction-related messages (e.g. contacting users via Facebook Messenger); c) improving ads delivery and personalization of features and content (e.g. improving detection of which content or advertising information is likely to match users' interests). However, the processing that occurs after collection and transmission is the sole responsibility of Meta.

 

We have concluded a special agreement with Meta (“Controller Addendum”), which regulates in particular which security measures Meta must observe, including those listed in Meta Data Security Terms, and in which Meta has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Meta).

 

The creation of reports and analyzes in aggregated and anonymized form does not take place within the framework of joint responsibility, but rather on the basis of an order processing contract and therefore under our responsibility (data processing conditions: https://www.facebook.com/legal/terms/dataprocessing). When transferring personal data outside EU and EEA, Meta relies on EU-U.S. Data Privacy Framework, and data transfer supplement Meta European Data Transfer Addendum. The Meta EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here.

 

The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Meta.

 

(7). Econda Analytics: We use Econda Analytics, a web analytics service provided by econda GmbH (Zimmerstraße 6, 76137 Karlsruhe, Germany; +49 721 663 035-0, [email protected]) (‘Econda’).

 

Econda Analytics also uses cookies, i.e., text files which are stored on your computer and which enable an analysis of your use of the website. The following data are recorded: information on the device used; information about pages viewed during the website visit; information as part of the ordering process; information about access data; your data when logging in or entering. The information generated by the cookie about your use of this website is usually transferred to a Econda server in the EU and saved there.

 

Econda will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide further services related to website and Internet use to us as a website operator. The IP address transmitted by your browser within the scope of Econda Analytics is not cross-linked with other data from Econda.

 

Consent and objection: Econda Analytics cookies are saved only and thus your usage behavior is tracked only if you have previously consented to such tracking. You can revoke this consent at any time by adjusting preferences in Cookie Management Tool.

 

Econda Analytics has strong security and privacy commitments that can be found by following their Data protection statement.

 

The processing of your data by means of Econda Analytics takes place on the legal basis of Art. 6 para. 1 clause 1 lit. a) GDPR in connection with the consent you have given. Your data collected by Econda Analytics will be deleted after 12 months at the latest.

 

(8) FACT-Finder: We use FACT-Finder search platform that assists businesses across the retail sector with conducting a search, navigation, personalization, merchandising and recommendations. Service is provided by Omikron Data Quality GmbH, Habermehlstr. 17, 75172 Pforzheim, Germany.

 

FACT-Finder also uses cookies, i.e., text files which are stored on your computer and which enable an analysis of your use of the website. The following data are recorded: information on the device used; information about pages viewed during the website visit; information as part of the ordering process; information about access data; your data when logging in or entering. The analysis of your surfing behavior is usually anonymous, i.e. FACT-Finder will not be able to identify you from this data. The information generated by the cookie about your use of this online offer shall be transferred to a Fact Finder in Germany server in the EU and be saved there.

 

FACT-Finder will use this information on our behalf to accept and validate orders you put with online offer, to analyze your customer activity, evaluate your use of the online offer, to compile reports on activity of online offer, and to provide further services related to website and Internet use to us as an operator of our online offer.

 

Consent and objection: FACT-Finder cookies are saved only and thus your usage behavior is tracked only if you have previously consented to such tracking. You can revoke this consent at any time by adjusting preferences in Cookie Management Tool.

 

5. DISCLOSURES AND INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

 

(1) If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this only takes place on the basis of legal permission. This applies, for example, if the data is transmitted to third parties, such as to the shipping service providers and after-sales services in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) GDPR, as this is necessary to fulfill the contract if you have consented to this, a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

 

(2) Within the framework of contractual relationships, in particular for the fulfilment of a user’s payment obligations, we use payment service providers (MultiSafepay) on the basis of Art. 6 para. 1 clause 1 lit. b) GDPR, which process the data required for the payment process (inventory data, bank data as well as contract, aggregate and recipient-related data). With one exception, however, these data are only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with the payment confirmation or a payments failure information. Only in the case of payment by credit card (via MultiSafepay), when the user’s credit card data is collected for the first time, we will store it pseudonymously (by means of a hash function) in the user account for future order transactions. The user may object to this processing at any time by deleting his credit card in the personal area of the user account. Under certain circumstances, the user’s data may be transmitted by the payment service providers to credit agencies. Such transmission serves check identity and creditworthiness. For this purpose, we refer to the Terms and Conditions and the data protection information of the respective payment service providers, which can be accessed within the respective websites or transaction applications. To find more, visit Security and Legal following this link https://docs.multisafepay.com/docs/security-and-legal. There you will also find further information as well as notes on the assertion of rights of revocation, information and other data subject’s rights.

 

In addition to paragraph (2) of Section 5 hereof, MultiSafepay provides with ‘one click payment’, meaning that you as a cardholder can initiate a transaction where you don’t need to enter your card details as you have previously agreed to store your card details. At the checkout, you will have the option to store your debit or credit card details for future purchases, particularly in your account with us. In the event you select this option, the card information will be stored at the secure servers of MultiSafepay on behalf of us. You hereby authorize MultiSafepay to collect and store your debit or credit card information. In case you want to delete the debit or credit card details from account, you can log in to your customer account, go to Payment Details and delete the saved card.

 

(3) Trusted Shops Trustbadge / other Widgets. Provided that you have given your consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR, Trusted Shops widgets are integrated on this online offer to display the Trusted Shops services (e.g. Trustmark, collected reviews) and to offer you Trusted Shops products after you have placed an order. The Trustbadge and the services advertised with it are an offer of Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with whom we are jointly responsible for data protection according to Art. 26 GDPR. Within the scope of this data protection notice, we inform you in the following about the essential contractual contents in accordance with Article 26 GDPR. Within the framework of the joint responsibility existing between us and Trusted Shops AG, please preferably contact Trusted Shops using the contact options provided in the Trusted Shops Privacy Policy, if you have any data protection questions and wish to assert your rights. Irrespective of this, however, you can always contact the person responsible of your choice. Your enquiry will then, if necessary, be passed on to the other person responsible for a response.

 

Data processing when integrating the Trustbadge / other widgets. The Trustbadge is provided by a US-American CDN provider (content delivery network). An adequate level of data protection is ensured by an adequacy decision of the EU Commission, which can be accessed here for the USA. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available here. Where service providers are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee. When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and the call-up. Immediately after the data collection the IP address is anonymised so that the stored data cannot be assigned to you personally. The anonymised data are used in particular for statistical purposes and for error analysis.

 

Data processing after order completion. Provided you have given your consent, the Trustbadge accesses order information stored in your terminal equipment (order total, order number, product purchased if applicable) and your e-mail address after the order has been completed. Your e-mail address is hashed using a cryptological one-way function. The hash value is then transmitted to Trusted Shops with the order information in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR. This serves to verify whether you are already registered for Trusted Shops services. If this is the case, further processing will take place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will subsequently be given the opportunity to register manually for the use of the services or to conclude the insurance as part of your possibly already existing user contract.

For this purpose, the Trustbadge accesses the following information stored in the terminal equipment you use after you have completed your order: Order total, order number and email address. This is necessary so that we can offer you buyer protection. The data is only transmitted to Trusted Shops if you explicitly decide to take out buyer protection by clicking on the correspondingly designated button in the so-called Trustcard. If you decide to use the services, further processing is based on the contractual agreement with Trusted Shops in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) GDPR, in order to be able to complete your registration for buyer protection and insure the order, as well as to be able to subsequently send you rating invitations by e-mail if necessary.

 

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel).

An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed here for the USA and here for Israel. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available here. Where service providers are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

 

(4) In most cases, your data is processed within the territory of the European Economic Area (EEA). If we process data in a third country (i.e. outside the European Union or the European Economic Area) or if this occurs as part of the use of third-party services or the disclosure or transmission of data to third parties, this will only take place if the special requirements of Art. 44 ff. GDPR are met. The European Commission certifies that some third countries have an adequate level of data protection through so-called adequacy decisions. In other third countries, we ensure that data protection is sufficiently guaranteed. This is possible through binding corporate regulations, European Commission standard contractual clauses for the protection of personal data, EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification mechanism, and certificates or recognized codes of conduct.

 

If we authorize third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

 

When this is permitted by law and is necessary for the purposes outlined in Sections 3 and 4 above, we share your data with the following recipients outside the EEA:

• Meta Platforms, Inc. – Social media provider. Your data is protected by the service provider entering into the Standard Contractual Clauses as approved by the European Commission (EU-US DPF). EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here. EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here.
• Google LLC (USA)– Communication service provider. your data is protected by the service provider entering into the Standard Contractual Clauses as approved by the European Commission (EU-US DPF). EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here. EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here.
• Microsoft Corporation - Hosted Cloud Server provided by One Microsoft Way, Redmond, Washington, 98052, United States. Your data is protected by the service provider entering into the Standard Contractual Clauses as approved by the European Commission (EU-US DPF). EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here. EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here.
• Adobe Inc. – Provider of the services of activation and creating ADOBE ID account with your bookstore account. The company is incorporated in the US, 345 Park Avenue, San Jose, California 95110-2704, U.S.A. (“Adobe US”), with its EU subsidiary Adobe Systems Software Ireland, a company incorporated in Ireland, 4-6 Riverwalk, City West Business Campus, Saggart, Dublin 24, Ireland. Adobe Inc. stores EU customers data primary within EU-EEA region (i.e. Ireland), but may share your data with its headquarters located in USA. Your data is protected by the service provider entering into the Standard Contractual Clauses as approved by the European Commission (EU-US DPF). EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here. EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here.

 

At Pocketbook, we are a united Group of companies, jointly responsible for compliance with data protection laws. We work together to ensure an effective and sufficient online offering of our products and services. As part of this collaborative effort, we may transmit your data to the employees within group departments of software development, IT services, and customer support (i.e., intra-group data sharing). Please note that certain of our departments are located outside the EU and EEA region. When we transmit your personal data for these purposes within the Pocketbook Group, we rely on Standard Contractual Clauses as approved by the European Commission (EU-US DPF) and confidentiality obligations, ensuring your data is handled with care and responsibility.

 

We will disclose your Data with third-party processors working on our behalf and who will only use your personal data in accordance with our instructions (i.e., outside sharing). Any processors to whom your data is disclosed are legally and contractually required to take reasonable measures to protect the confidentiality and security of your data and may only use your data in compliance with applicable data privacy laws.

 

If required by law, we may have an obligation to disclose your data to law enforcement, supervisory and other public authorities (i.e., obligatory disclosures). However, we undertake to reliably verify the legality, basis, competence, jurisdiction of such requests, containing any requirements regarding your data and your legal rights.

 

6. HOW WE SECURE YOUR DATA

 

 

(1) We take your security seriously and take reasonable steps to protect and secure your personal information. Following provisions of Art. 32 GDPR and taking into account state of the art, the implementation costs and the type, scope, circumstances, and purposes of the processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, we have implemented adequate technical and organizational measures to protect your data against unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, access, and other unlawful forms of processing.

(2) We have joint obligations to secure your data. We have established the Group’s data management policies to commit to privacy and security controls, as well as IT security policy and confidentiality statement; we also constantly monitor our data inventory to keep it updated. We have accurately performed and documented privacy impact assessments concerning certain operations and processing activities of our online offer to analyze and detect privacy risks towards your personal data. From time to time and when needed so, we perform security training and awareness sessions for the Group’s employees and contractors.

(3) The security measures include the encrypted data transmission between your browser and our server. In addition, we have set up procedures that ensure the exercise of the rights of those affected, the deletion of data, and a response to threats to the data.

(4) We limit access to your personal data to a genuine business need-to-know basis. Our personnel accessing your data act under our internal data protection rules and policies. Third parties will only process your personal information in an authorized manner, following our instructions and subject to a confidentiality duty.

(5) Unfortunately, information transmitted via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted online. Therefore, any transmission remains at your own risk.

 

7. HOW LONG SHALL WE RETAIN YOUR DATA

 

We have developed and implemented an internal Data Retention and Destruction Policy that governs processing activities and scenarios we have carefully developed for each specific activity, specific terms for keeping your data, the legal basis we rely on, and justifications, as well as data destruction methods when retention periods expire. Herewith, we are providing you with several examples of retention periods according to the purposes for which we collect, use, and store your personal data, as well as a legal basis we rely on:

• For the fulfillment of our contractual obligations and services in accordance with Article 6 Paragraph 1 Sentence 1 Letter b) GDPR, we are keeping your data during the term of a contract. To find out more, please refer to the Terms and Conditions of our online offer.
• For the purpose of sending you newsletters in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR, we are keeping your data for as long as you consented us. You may revoke your consent at any time by clicking “unsubscribe” in e-mail footer.
• For the fulfilment of tax and accounting obligations in accordance with Art. 6 Para. 1 Sentence 1 Letter c) GDPR, we will retain your personal data usually for 10 years (depends on the applicable law).
• Cookies data and other log files will be stored until the relevant cookies expire. To find out more, go to Sections 3 and 4 above. You can always check the duration of cookies storage in our Consent Management Tool.
• When we process your data for the purposes of exercising your privacy rights and respond to your access requests, we will retain your data for 5 years.
• When we process your data for the purpose of establishing, exercising, or defending against legal claims, we will keep the data for as long as it is necessary to defend our specific rights and interests, and, in the case of a dispute, until the final execution of the binding decision of the competent supervisory authority.

Upon expiration of data storage, we will securely destroy your data in accordance with Data Retention and Destruction Policy and applicable laws and regulations.

If we seek to retain your personal data on file on the basis that a further opportunity may arise in future, we will inform you with the notice, seeking your explicit consent to retain your personal data for a fixed period on that basis.

If you believe that we keep your data illegally, please send the respective notice request to [email protected]. We will review your request at the earliest convenience and delete your data, unless we are required by law to keep it for a longer period, or unless we can demonstrate legitimate grounds for the processing which override the interests, rights and freedoms of you. If deletion is impossible, we will securely store your personal data and isolate it from any further processing until deletion is permitted.

 

8. WHAT RIGHTS DO YOU HAVE

 

To the extent the respective legal requirements are met, you have the following rights:

(1) You have the right to obtain confirmation from us as to whether personal data concerning you is being processed; if this is the case, you have the right to be informed of this personal data and the information specified in Art. 15 GDPR.

(2) You have the right to ask us for correction of incorrect personal data concerning you and, if necessary, for completion of incomplete personal data (Art. 16 GDPR).

(3) You have the right to request us for deletion of personal data relating to you immediately if one of the reasons listed in Art. 17 GDPR applies, for example, if the data is no longer needed for the purposes for which it was collected (right to deletion).

(4) You have the right to request us for the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, for example, if you have lodged an objection to processing, for the duration of the examination by us.

(5) You have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing. You also have the right to object at any time to processing operations carried out pursuant to Art. 6 (1) clause 1 lit. e) or f) GDPR for reasons arising from your particular situation (Art. 21 GDPR).

We will then no longer process the personal data for the purposes of direct advertising and otherwise only if we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

(6) You have the right to revoke a given consent at any time with effect for the future (right of revocation), where the legal ground for processing your personal data is consent.

(7) You have the right to data portability, meaning that you can request to receive from us the data concerning you which you have provided us with in a structured, common and machine-readable format. You may also transmit this data to other entities or have it transmitted by us (right to data transferability).

(8) Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority if you consider that the processing of personal data relating to you is in breach of the GDPR (Art. 77 GDPR).You may file a complaint with a supervisory authority in your country of residence or Pocketbook headquarters, if you believe the collection and use of your data infringe this Notice or applicable law. The list of German protection officers and their contact details can be found by following To lodge a complaint with German Supervisory Authority. You may also file a complaint with Swiss data protection authority by following The Federal Data Protection and Information Commissioner (FDPIC).

(10) If you would like to exercise any of your rights, or if you would like more information about these rights or the rights which may apply in your country, send a respective request to:

Pocketbook Readers GmbH Richard-Wagner-Strasse 11 01445 Radebeul   Dresden District Court, HRB 29866 Managing Director: Enrico Müller Telephone: +49 (0) 351 79556300 Fax: +49 (0) 351 79556320 Email: [email protected]

Pocketbook International SA Crocicchio Cortogna, 6, 6900 Lugano, Switzerland   Reg.No: CHE-416.098.857 Tel/fax: +41 91 922 07 05 pocketbook.ch Email: [email protected]

 

Or use our dedicated channel for communication: [email protected]

 

We may need to request specific information from you to confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

 

You will not be expected to pay a fee to obtain your data unless we consider that your access request is unfounded or excessive. In these circumstances, we may charge you a reasonable fee or refuse to comply with your request. We may charge a reasonable fee if you request another copy of the information already provided to us.

 

9. POCKETBOOK JOINT PROCESSING STATEMENT

 

Date: 6 December 2024

 

This Pocketbook Joint Processing Statement complements the Privacy Notice of https://pocketbook.de online offer.

 

We, Pocketbook Readers GmbH and Pocketbook International SA work closely together to provide you with this online offer available on https://pocketbook.de. In particular, we offer you PocketBook e-readers and accessories, electronic reading content (ebooks and audiobooks), advertisement content, access to Pocketbook Cloud's state-of-the-art technology, and after-sales and customer support services. As a result of this cooperation, we process your personal data jointly and bear joint responsibility.

 

We do not perform all processing of your personal information as joint controllers, meaning that our business roles and responsibilities are distributed and depend on purposes, needs, influence, technical solutions, supply chain assurance, and allocation of duties among companies. Pocketbook Readers GmbH makes specific decisions regarding processing your personal information independently of Pocketbook International SA, for which Pocketbook Readers GmbH is solely responsible, and vice versa. Below, we provide specific business scenarios for allocating our responsibilities to clarify this statement.

 

We provide you with information on fundamental aspects to guarantee your rights and consider the requirements of the EU General Data Protection Regulation (GDPR).

 

Who are the data controllers?

 

Pocketbook Readers GmbH Richard-Wagner-Strasse 11 01445 Radebeul   Dresden District Court, HRB 29866 Managing Director: Enrico Müller Telephone: +49 (0) 351 79556300 Fax: +49 (0) 351 79556320 Email: [email protected]

Pocketbook International SA Crocicchio Cortogna, 6, 6900 Lugano, Switzerland   Reg.No: CHE-416.098.857 Tel/fax: +41 91 922 07 05 pocketbook.ch Email: [email protected]

 

How data controllers allocate their responsibilities towards my personal data?

 

When we provide you with this online offer and other services under the brand name “Pocketbook”, we rely on local legal and regulatory requirements, industry practices, accessibility of business supportive services, and, more importantly, when choosing reliable partners within EU/EEA establishment.

 

Pocketbook International SA is parent company and has primary responsibility for the development, administration and troubleshooting of the present online offer. In essentials, Pocketbook International SA:

 

• administrates the database (EU based hosting provider) with customers and shares with PB Readers GmbH;
• is hosting day-to-day handling of your personal information as it collects this information and has direct contact with you, due to your contractual relationship as a customer of online offer;
• is responsible for data governance and policies management, IT risks and security management, infrastructure and technologies, vendors’ assessments, as well as conducts trainings to raise awareness among employees and contractors.

 

Pocketbook’s International SA data protection responsibilities to you, therefore, include:

 

• making sure it has the legal grounds to use your personal data in the ways described in Privacy Notice;
• producing this statement jointly with PB Readers GmbH;
• responding to your requests when you exercise your data protection rights and submit such requests to PB Readers GmbH;
• updating of terms and conditions and policies of the present online offer;
• enforcing or protecting our legal rights or to establish, bringing, or defending legal claims according to applicable laws and regulations;
• ensuring that the personal information it stores is secured and retained in accordance with data protection laws and regulations.

 

PB Readers GmbH is an authorized distributor of products under the brand name “Pocketbook” within EU region. PB Readers GmbH:

• is responsible for logistics, warehouse, delivery of e-readers and accessories to its customers, as well as providing warranty support and repair services;
• has a duty to conclude agreements with book partners and aggregators and provide you with electronic content (ebooks and audiobooks);
• determines marketing strategy and chooses local marketing service providers;
• responsible for storage of personal data for audit, tax and accounting (invoices, purchase orders, and guarantees) purposes according to applicable EU laws and regulations;
• receives, manages and responds to your communication with us;

 

What personal data controllers collect about me and for what purposes?

To find out what data we collect, purposes of collection and what are legal grounds, please refer to Sections 2, 3, 4 of Privacy Notice.

 

For how long shall my personal data be processed?

Pocketbook Readers GmbH and Pocketbook International SA jointly envisage different scenarios and mechanics for determining data retention schedules. Both controllers have set the respective Data Retention and Destruction Policy. To find out more, please refer to Section 7 of the Privacy Notice.

 

Who is my contact person for rights such as information or deletion?

We have jointly agreed on how we will ensure your rights and specify in more detail which obligations each party will fulfill to comply with the GDPR. This relates to the exercise of data subjects' rights and fulfilling the information obligations under Articles 13-21 of the GDPR, as given in Section 8 of Privacy Notice.

 

You can address each company involved individually regarding the processing of your data and assert your rights.

 

You may request us by using contacts as given above, or you may also request us by using our dedicated channel for communication: [email protected].

 

We may need to request specific information from you to confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

 

How can I get more information on data processing by other service under the brand name “Pocketbook”?

We are international product company and provide our customers with comprehensive services’ portfolio. You can find more information by following SUPPORT CENTER, on the bottom of page.