Free Shipping within Europe
Menu
Search Search Basket
0
Cart

Data Protection Declaration

1. Information about the collection of personal data and contact details by the responsible party

1.1 We are pleased that you are visiting our website and thank you for your interest. Here, we will provide you with information on how we will handle your personal data when you use our website. In this context, personal data is data with which you can be personally identified.
1.2 The data controller on this website under the General Data Protection Regulation (GDPR) is Maris Swim S.L.U., Carrer de Pujades 182, 08005 Barcelona, Spain, Phone: 0034663932322, email: info@maris-swim.com. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2.Data collection during the visit to the website

2.1 When using the website for information purposes only, i.e., if you do not register or otherwise provide us with information, we will only collect the data that your browser transmits to our server (server log files). When you visit our website, we collect the following data, which is technically necessary for us to display the website:

  • The visited website
  • The date and time at the time of access
  • The amount of data sent in bytes
  • Source/reference from which you came to the site
  • Browser used
  • Operating system used
  • IP address used (if necessary, in anonymized form)

The processing is carried out in accordance with Art. 6 Para. 1 letter f of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses an SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock icon in your browser line.

3.Hosting & Content Delivery Network

3.1 Shopify
For the hosting of our website and the presentation of the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

The data may also be transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the servers of the provider.

We have concluded a contract for order processing with the provider, which guarantees the protection of the data of our website visitors and prohibits unauthorized transmission to third parties.

For the transfer of data to Canada, an adequate level of data protection is guaranteed by a decision of adequacy by the European Commission.

3.2 Cloudflare
We use a content delivery network from the following provider: Cloudflare Inc., headquartered at 101 Townsend St. San Francisco, CA 94107, USA.

This service allows us to distribute large multimedia files such as graphics, page content, or scripts more quickly through a network of regionally organized servers. The data processing is carried out according to Art. 6 Para. 1 letter f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website.

We have concluded a contract for order processing with the provider, which guarantees the protection of the data of our website visitors and prohibits unauthorized transmission to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on a decision of adequacy by the European Commission.

4.Cookies

To make visiting our website appealing and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some cookies are deleted after closing the browser (session cookies), while others remain on your device to allow your settings or preferences to be recognized the next time you visit (persistent cookies). In the latter case, you can find out the storage duration in the cookie settings of your browser.

If certain cookies we use also process personal data, the processing will be carried out according to Art. 6 Para. 1 letter b) of the GDPR for the execution of the contract; with Art. 6 Para. 1 letter a) of the GDPR if the user has given us consent; or with Art. 6 Para. 1 letter f) of the GDPR to fulfill our legitimate interests in ensuring the best possible functionality of the website as well as a user-friendly and efficient design of the site visit.

Furthermore, the user can configure his browser to be informed about the setting of cookies and to decide individually about their acceptance, or to exclude the acceptance of cookies for specific cases or in general.

If cookies are not accepted, the functionality of our website may be limited

5.Contacting us

When contacting us (e.g., via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.

The legal basis for processing the data is our legitimate interests in responding to your request according to Art. 6 Para. 1 letter f of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 letter b of the GDPR. After your request has been dealt with, your data will be deleted, provided there are no legal retention obligations to the contrary.

 

6.Processing of data when opening a customer account and for contract execution

According to Art. 6 Para. 1 letter b of the GDPR, personal data will continue to be collected and processed if you provide them to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deleting the customer account is possible at any time and can be done by sending a message to the above-mentioned address of the person responsible. We store and use the data provided by you for contract execution. After complete execution of the contract or deletion of your customer account, your data will be blocked in accordance with tax and commercial retention periods and deleted after these periods expire, provided that you have not consented to further processing and use of your data or a legally permitted further data use from our side which we will inform you about accordingly below.

7.Use of your data for direct advertising

MailChimp

Our email newsletters are sent via the provider: The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Based on our legitimate interest in an efficient and easy-to-use newsletter marketing, we transmit the data you provided when registering for the newsletter to this provider, according to Art. 6 Para. 1 letter f of the GDPR, so that the newsletter can be sent on our behalf.

Subject to your explicit consent according to Art. 6 Para. 1 letter a of the GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels that are embedded in the emails sent, which can measure the opening rates and specific interactions with the content of the newsletter. In the process, device information (e.g., time of call, IP address, browser type, and operating system) is also collected and evaluated, but it is not merged with other data records.

You can revoke your consent to the tracking of the newsletter at any time with effect for the future.

We have concluded a contract for order processing with the provider, which guarantees the protection of the data of our website visitors and prohibits unauthorized transmission to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on a decision of adequacy by the European Commission.

8.Processing of data for order processing

8.1 We transmit the personal data we collect for contract processing to the transport companies commissioned with the delivery, insofar as this is necessary for the delivery of the goods. We transmit your payment data to the commissioned credit institution as part of the payment processing, if this is necessary for payment handling. If payment service providers are used, we will explicitly inform you about this below. The legal basis for the transmission of data is Art. 6 Para. 1 letter b of the GDPR.

8.2 Use of payment service providers

  • Apple Pay

If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your iOS, watchOS, or macOS operated terminal device by charging a payment card deposited with "Apple Pay". Apple Pay uses security features built into the hardware and software of your device to protect your transactions. To release a payment, you must enter a code previously defined by you and verify it using the "Face ID" or "Touch ID" function of your terminal device.

For the purposes of payment processing, the data you provide during the ordering process, along with information about the order, is transmitted to Apple in encrypted form. Apple then encrypts these data again with a key specific to the developer before transmitting them to the payment service provider of the payment card stored in Apple Pay for payment execution. The encryption ensures that only the website from which the purchase was made can access the payment data. After the payment is made, Apple sends your device's account number and a dynamic security code specific to the transaction to the original website to confirm the success of the payment.

If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of processing the payment according to Art. 6 para. 1 lit. b RGPD.

Apple stores anonymous transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. The anonymization completely eliminates the possibility of any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

When using Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this data in a format that can personally identify you. You can deactivate the possibility of using Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and uncheck "Allow Payments on Mac".

  • Paypal

On this website, one or more means of payment from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

For the choice of one of the means of payment from the provider corresponding to a payment in advance, your payment data will be transmitted within the scope of the order (including name, address, bank and payment card information, currency, and transaction number), as well as information relating to the content of the order based on Art. 6 Para. 1 letter b), of the GDPR. The transmission of your data, in this case, is carried out exclusively for the purpose of making the payment with the provider and only to the extent necessary for this purpose.

For the choice of the means of payment in which a payment in advance occurs, you will also be required to provide certain personal data (name and surname, street, house number, postal code, locality, date of birth, email address, phone number or, if applicable, data from an alternative means of payment).

To safeguard our legitimate interest in determining the creditworthiness of our customers, these data will be transmitted to the provider within the scope of the provisions of Art. 6 Para. 1 letter f), of the GDPR, with the objective of performing a credit assessment. The provider will evaluate, based on the personal data you have provided, as well as other data (such as the shopping cart, the invoiced amount, order history, or previous payment experiences), whether the payment facility you have chosen can be granted, in light of your credit risk and payment risk.

  • Shopify Payments

On this website, one or more means of payment from the following provider are available: Shopify Payments, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2, Ireland

For the choice of one of the means of payment from the provider corresponding to a payment in advance (for example, a payment by credit card), your payment data will be transmitted within the scope of the order (including name, address, bank and payment card information, currency, and transaction number), as well as information relating to the content of the order based on Art. 6 Para. 1 letter b), of the GDPR. The transmission of your data, in this case, is carried out exclusively for the purpose of making the payment with the provider and only to the extent necessary for this purpose.

9.Web analytics services

9.1 Google Analytics 4

This website uses Google Analytics 4, a service of the company Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland («Google»), with which the use of websites can be analyzed.

By using Google Analytics 4, cookies are installed by default. Cookies are text files that are stored on the user's terminal and allow an analysis of the use of the website by the user. The information generated by the cookies about the use of the website (including the IP address transmitted by the terminal with the last digits removed; more information about this below) is generally transferred to a Google server, where it is stored and processed. In this case, information may also be transmitted to servers of the company Google LLC, based in the USA, where further processing of the information may occur.

With the use of Google Analytics 4, the IP address transmitted by the user's terminal while using the website is always collected and processed automatically by default, but only in an anonymized form, so that it cannot be related to any specific person. This automatic anonymization is carried out by Google by deleting the last digits of the IP address within the member states of the European Union (EU) or other signatory states to the agreement on the European Economic Area (EEA).

Google uses this and other information at our request to evaluate the use of the website by the user, compile reports on the activities carried out on the website or about its usage behavior, and provide us with other services related to the use of the website and the internet. The IP address transmitted by the user's terminal and abbreviated in the context of Google Analytics 4 will not be combined with other data from Google. The data collected in the context of Google Analytics 4 will be stored for two months and then deleted.

Through the special function "demographic data", Google Analytics 4 also allows statistics to be created with data about the age, gender, and interests of the website users based on an evaluation of interest-based advertising and consulting information from third-party providers. This allows the determination and distinction of user circles of the website to optimally target marketing campaigns to target groups. However, the data collected through demographic data cannot be assigned to a specific person nor, therefore, to the user personally. The data collected through the demographic data function will be stored for two months and then deleted.

All the treatments described above, particularly the installation of Google Analytics cookies for the storage and reading of information on the terminal used by the user to use the website, only take place if the user has given us their explicit consent according to Art. 6 Para. 1 letter a of the GDPR. Without their consent, Google Analytics 4 is not used during the use of the website. The user can withdraw their consent at any time with prospective effect. To do so, they only have to deactivate this service through the cookie consent tool we provide on the website.

On this website, the service "Google Signals" can also be used as an extension of Google Analytics. With Google Signals, Google can create reports between devices (the so-called "cross-device tracking"). If you have activated "personalized ads" in the settings of your Google account and have linked your internet access devices to your Google account, Google can analyze the behavior of users across different devices and create database models based on it, provided you have given your consent to the use of Google Analytics according to Art. 6 Para. 1 letter a of the GDPR (see above). The logins and types of device of all page visitors who have logged in to a Google account and have completed a conversion are taken into account. The data show, among other things, on which device an ad was first clicked and on which device the associated conversion took place. To the extent that Google Signals is used, we do not receive any personal data from Google, but only statistics compiled based on Google Signals. You have the possibility to deactivate the "personalized ads" function in the settings of your Google account, and thus deactivate cross-device analysis.

For this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en More information here: https://support.google.com/analytics/answer/7532985?hl=en

As an extension of Google Analytics, the "UserIDs" function can also be used on this website. By assigning individual UserIDs, we can make Google create cross-device reports (the so-called "cross-device tracking"). This means that your usage behavior can also be analyzed across devices if you have given your corresponding consent to the use of Google Analytics according to Art. 6 Para. 1 letter a of the GDPR, if you have created a personal account by registering on this website and have logged in to your personal account on different end devices with your corresponding access data. The data collected in this way show, among other things, on which end device an ad was first clicked and on which end device the corresponding conversion took place.

We have concluded a contract for order processing with Google for the use of Google Analytics, which obliges Google to protect the data of the visitors of our website and not to transmit it to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on a decision of adequacy by the European Commission.

In the following link, you can consult more legal mentions about Google Analytics 4: https://policies.google.com/privacy?hl=en&gl=es

Here you can consult detailed information about the treatments carried out through Google Analytics 4 and about the treatment by Google of the data from websites: https://policies.google.com/technologies/partner-sites?hl=en

9.2 Google Tag Manager

This website uses Google Tag Manager, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter, "Google"). Google Tag Manager allows grouping various web applications, including tracking and analysis services, and calibrating them, controlling them, and linking them to certain conditions through a single user interface.

Google Tag Manager does not store or read any kind of information on users' terminals. Nor does it carry out data analysis autonomously.

However, when visiting the website, Google Tag Manager transmits the user's IP address to Google, where it is stored. It is also possible that it may be transmitted to servers of Google LLC. in the USA.

This treatment only takes place if the user has given us their explicit consent according to Art. 6 Para. 1 letter a of the GDPR. Without this consent, the use of Google Tag Manager does not occur during the visit to the page.

Users can withdraw their consent at any time with prospective effect. To do so, they only have to deactivate this service in the cookie consent tool we provide on the website. We have formalized a data processing contract with Google under which Google undertakes to protect the data of the visitors of our website and not to communicate it to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which guarantees compliance with the European level of data protection based on a decision of adequacy by the European Commission.

More information about privacy and Google Tag Manager at: https://support.google.com/tagmanager/answer/9323295?hl=en

In this data protection declaration, in the corresponding sections, you can consult specific information about the services and applications relevant to data protection that are encompassed in Google Tag Manager.


10.Retargeting, remarketing, and advertising by recommendations

Meta Pixel without extended data synchronization

Within our online offer, we use the service "Meta Pixel" of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Meta")

If a user clicks on an ad published by us on Facebook and/or Instagram, the "Meta Pixel" is used to add a parameter to the URL of our linked page. This URL parameter is entered into the user's browser after redirection via a cookie that sets our own linked page.

This allows Meta to determine the visitors of our online offer as a target group for the display of ads. Consequently, we use the service to display the Facebook and/or Instagram ads placed by us only to those users who have also shown interest in our online offer or who have certain characteristics (for example, interests in certain topics or products determined based on the websites visited), which we transmit to Meta (the so-called "Custom Audiences").

Furthermore, the "Meta Pixel" can be used to track whether users have been redirected to our website after clicking on an ad and what actions they take there (the so-called "conversion tracking").

The data collected are anonymous to us and, therefore, do not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Meta so that it is possible to connect with the respective user profile and Meta can use the data for its own advertising purposes.

All the treatments described above, particularly the installation of cookies for reading information on the terminal device used, will only take place if you have given us your explicit consent for it according to Art. 6 Para. 1 letter a of the GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website.

We have signed a contract for order processing with the provider, which guarantees the protection of the data of the visitors of our website and prohibits its unauthorized disclosure to third parties.

The information generated by Meta is normally transferred to a Meta server and stored there; in this context, it may also be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which guarantees compliance with the European level of data protection based on a decision of adequacy by the European Commission.

11.Page functions

Google Maps

On our website, we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Maps is a web service for displaying interactive maps that show geographical information. By using this service, you will be shown our location to facilitate your route to us.

When consulting the subpages in which the Google Maps map is integrated, information about the use of our website (such as, e.g., your IP address) is already transmitted to Google's server in the USA, where it is stored. In this case, personal data may also be transmitted to servers of Google LLC. in the USA. This happens regardless of whether Google provides a user account in which you have logged in or if there is no account. If you have logged in to Google, your data will be directly assigned to your account. If you do not want these data to be assigned to your profile on Google, you must log out before pressing the button. Google stores your data (even those of users who have not logged in) as usage profiles and evaluates them. Such evaluation takes place according to Art. 6 Para. 1 letter f of the GDPR based on Google's legitimate interests in displaying personalized advertising, conducting market studies, or configuring its website in a way that meets users' needs. You have the right to revoke the creation of these user profiles. To exercise it, you must contact Google.

If you do not agree with the transmission of your data to Google when using Google Maps, you also have the possibility to completely deactivate the Google Maps web service by disabling the JavaScript application in your browser. Google Maps and, consequently, the display of the map on this website will no longer be usable.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which guarantees compliance with the European level of data protection based on a decision of adequacy by the European Commission.

12.Tools and Miscellaneous

Cookie consent tool

This website uses a cookie consent tool to obtain the effective consent of users to the use of cookies that require such consent. The cookie consent tool is displayed to users when they open the website in the form of an interactive user interface where they can grant their consent to the use of certain cookies or cookie-based applications by marking the respective checkboxes. With the use of this tool, all cookies or services requiring consent are only loaded if the user has given the corresponding consent by marking the checkboxes in question. This ensures that these cookies are only installed on the user's terminal device if they have previously given their consent.

This tool installs cookies necessary at a technical level to save the selected cookie preferences. In general, no personal data is processed.

If it happens that personal data (e.g., the IP address) has to be processed to store, assign, or log cookie settings, this processing is carried out according to Art. 6 Para. 1 letter f of the GDPR based on our legitimate interest in a lawful, personalized, and intuitive management of cookie consents and, therefore, in a legally compliant design of our website.

Another legal basis for data processing is Art. 6 Para. 1 letter c of the GDPR. As data controllers, we are obliged to subject the use of cookies that are not necessary for technical reasons to the user's consent.

In the corresponding user interface of our website, you can consult more information about the operator and the adjustment options of the cookie consent tool.


13.Rights of the data subject

13.1 The applicable data protection laws grant you extensive rights against the controller regarding the processing of your personal data (rights of information and intervention), which we inform you about below:

  • Right of access according to Art. 15 of the GDPR
  • Right to rectification according to Art. 16 of the GDPR
  • Right to erasure according to Art. 17 of the GDPR
  • Right to restriction of processing according to Art. 18 of the GDPR
  • Right to information according to Art. 19 of the GDPR
  • Right to data portability according to Art. 20 of the GDPR
  • Right to revoke the given consents according to Art. 7, Para. 3 of the GDPR
  • Right to complain according to Art. 77 of the GDPR

 

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS BASED ON OUR LEGITIMATE INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING THEM IF WE CAN DEMONSTRATE THAT THERE ARE COMPELLING JUSTIFIABLE REASONS THAT PREVAIL OVER YOUR INTERESTS AND YOUR RIGHTS AND FUNDAMENTAL FREEDOMS, OR WHEN SUCH PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA TO MANAGE DIRECT ADVERTISING, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING OF THE PERSONAL DATA IN QUESTION FOR SUCH ADVERTISING PURPOSES. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE DATA IN QUESTION FOR DIRECT ADVERTISING PURPOSES.

14.Retention period of your personal data

The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing, and, if applicable, also based on the corresponding legal retention period (e.g., retention periods under commercial and tax law).

When personal data are processed based on explicit consent according to Art. 6, Para. 1, lit. a GDPR, these data are stored until the interested party revokes their consent.

If there are legal retention periods for data that are processed within the scope of legal or quasi-legal obligations based on Art. 6 Para. 1, lit. b GDPR, these data are routinely deleted after the expiration of the retention periods, provided they are no longer necessary for the fulfillment of the contract or the initiation of the contract and/or there is no justified interest on our part in their further storage.

When personal data are processed based on Art. 6, Para. 1, lit. f GDPR, such data will be stored until the interested party exercises their right of objection according to Art. 21, Para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that prevail over the interests, rights, and freedoms of the interested party, or that the processing serves to assert, exercise, or defend legal claims.

When personal data are processed for direct marketing purposes based on Art. 6, Para. 1, lit. f GDPR, such data will be stored until the interested party exercises their right of objection according to Art. 21, Para. 2 GDPR.

Unless otherwise indicated in the rest of the information in this statement about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

×