Data Protection

Information

We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. Our data protection provisions comply with applicable statutory regulations on the protection of personal data, in particular with the provisions of the EU General Data Protection Regulation (EU GDPR), and are in line with the country-specific data protection provisions that apply to MGA Zapf Creation GmbH. Therefore, please take a moment to familiarise yourself with our data protection information. It explains which data we collect on our website, what we use it for and what options are available to you.

Responsibility in terms of data protection law lies with MGA Zapf Creation GmbH, postal address:
Mönchrödener Str. 13, 96472 Rödental, Germany.

Contact information:
Telephone: +49 9563 725-0
Fax: +49 9563 725-116
Email: info@zapf-creation.com

Data protection contact:
datenschutz@zapf-creation.de

 

Subject of data protection

Subject of data protection is personal data. In accordance with Art. 4 Para. 1 GDPR, personal data encompasses any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes information such as name, postal address, email address or telephone number, but also usage data such as your IP address.

Data that does not enable the personal identification of the user is anonymous data.

 

Purposes and legal basis of the data processing

When processing your personal data, the provisions of EU GDPR and all other applicable requirements according to data protection law are adhered to. The legal bases for data processing are derived from Art. 6 EU GDPR in particular.

We use your data for initiating business contact, fulfilling contractual and legal obligations, conducting the contractual relationship, offering the products and services and strengthening the customer relationship, which can also entail analyses for marketing purposes and direct marketing.

Your consent to data processing can also a represent an authorising provision under data protection law. Before you give your consent, we inform you of the purpose of the data processing and of your right to withdraw consent.

 

Data collection: categories and origin of data

The data we process is determined by the respective context: this depends on whether you submit queries using our contact form or take part in one of our competitions, for example.

 

During your visit to our website, we collect and process the following data:

  • Name of the internet service provider
  • Details of the website from which you are visiting us
  • Web browser and operating system used
  • The IP address assigned by your internet service provider
  • Requested files, transmitted data quantity, downloads
  • Details of our websites visited by you, including date and time

For reasons relating to technical security (in particular to defend against attempted attacks on our web server), this data is stored in accordance with Art. 6 Para. 1 lit. f EU GDPR. This data will be deleted after seven days at the latest.

 

Within the scope of a contact request and depending on the type of request, we collect and process the following data:

  • Last name, first name
  • Contact details
  • Address
  • Title
  • Message

 

Depending on the type of inquiry, we collect and process the following data in the context of product-related contact (Art. 6 para. 1 lit. a, b EU GDPR):

There are two types of forms on our website that are intended for product-related electronic contact. These are spare parts inquiries and complaints. If you write to us using these forms, we will process the data you provide in the form to contact you and answer your questions and requests.

The principle of data minimization and data avoidance is observed in that you only have to provide the data that we absolutely need to contact you. These are your first name, surname, country, e-mail address as well as the message field and the subject itself. These fields must be filled in according to the product-specific categories. Your IP address is also processed for technical reasons and for legal protection. All other data are voluntary fields and can be provided optionally (e.g. for a more personalized response to your questions).

If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your request.

 

Within the scope of competitions, we collect and process the following data:

  • Last name, first name
  • Last name and first name of the legal guardian
  • Address

As the data is currently transferred in unencrypted form, it cannot be ruled out that unauthorised third parties also read this data during transmission. However, it is possible to use alternative forms of communication (e.g. post or fax), which offer more security than an unencrypted email.

 

Obligation to provide access to the data

A variety of personal data is required in order to establish, perform and terminate the contractual relationship and to fulfil the contractual and legal obligations involved. The same applies for the use of our website and the various functions that this provides.

We have summarised the details of this in the aforementioned item. In certain cases, data must also be collected or made available due to legal provisions. Please note that it is not possible to process your request or execute the contractual relationship on which this is based without providing this data.

 

Contact form / Contacting us via email (Art. 6 Para. 1 lit. a, b GDPR)

Our website contains a contact form that can be used to contact us electronically. When you use the contact form to write us, we shall process your data provided in the contact form in order to contact you and respond to your questions and wishes. 

In doing so, we observe the principle of data economy and data avoidance by requiring you to provide only the data we require for contacting you.

The data collected here differs according to the type of request; for example, it is sufficient to specify your name and email address when making a general request. If you are interested in a catalogue, we also ask for your address in order to send you the catalogue.

Your IP address will also be processed, as this is a technical necessity and required for legal protection. All other data submitted is optional (e.g. for a more individual response to your questions). 

Should you contact us by email, we will use the personal data communicated in the email solely for the purpose of processing your request.

 

Competition (Art. 6 Para. 1 lit. a, b EU GDPR)

On our website, you have the option of entering our competition. When you fill in the competition screen, we process the data specified there solely for the purpose of executing the competition.

In doing so, we observe the principle of data economy and data avoidance by requiring you to provide only the data that is absolutely necessary for executing the competition and notifying you in the event that you win a prize. For example, this can be your name and address.

Without the mandatory fields, we unfortunately cannot execute the competition. Participation is not possible in this case.

 

Birth certificate

Our website offers the chance to create a birth certificate for your BABY born. To do this, the name, date of birth and place of birth selected for your BABY born and the name of the child (doll mummy/daddy) can be entered on the entry screen. The birth certificate with the data entered is then generated as a PDF, which you can save locally on your device. We do not save the data entered in our database. It is merely saved briefly in order to create the PDF. The data is deleted again after one hour.

 

Wish list

Our website offers the chance to create a wish list. This involves saving the name entered, the time the list is created, and the products added to the wish list. You also have the option of adding various comments to the individual products. If you use this option, the data entered there is also saved. We save this data in our database and as a PDF. The purpose of this data processing is to enable you to generate the wish list as a PDF file that you can save locally. All data is deleted after 180 days at the latest.

 

Cookies (Art. 6 Para. 1 lit. f EU GDPR, Art. 6 Para. 1 lit. a EU GDPR, Art. 6 Para 1 lit c EU GDPR)

Cookies only contain pseudonymous, usually even anonymous data. Some cookies remain in place for the duration of a browser session (so-called session cookies), others are stored for longer periods (so-called persistent cookies, e.g. consent settings). The latter are automatically deleted after the specified time (usually 6 months). In addition to our own cookies, we also use cookies that are controlled by third-party providers. These use the information contained in the cookies, e.g. to show you content or to record the pages you have visited.
 
On the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f EU GDPR), we set technically necessary cookies, which are absolutely necessary for the operation of the website and to ensure its functionality. Furthermore, we use cookies without your consent if their sole purpose is to store or access information stored in the terminal device for the transmission of messages or if they are absolutely necessary to provide the service you have expressly requested, Section 25 (2) TDDDG. 

Subject to your consent, other cookies are used to enable us or third parties to analyze how our services are used, for example. This enables us to tailor the content to user needs. Cookies also enable us to measure the effectiveness of a particular advertisement and to place it according to the thematic interests of the user, for example. The legal basis for this is your express consent (Art. 6 para. 1 sentence 1 lit. a EU GDPR, Section 25 para. 1 TDDDG). 

If you have accounts with the third-party providers we use and are logged in there, your data may be linked to the respective account. You can avoid such a combination by not giving or revoking your consent to the relevant cookies or by logging out of the respective third-party providers in advance. 

Most browsers accept cookies automatically. You can also deactivate, restrict or delete cookies on your end device manually via your browser settings or with the help of software. If you deactivate the setting of cookies, you will not be able to use our website to its full extent or only to a limited extent. 

Please also note our information in the section of the respective service that uses cookies. 
You can revoke your consent via the link below or via our consent banner at any time with effect for the future and change the cookie settings. Please note that changes must be made separately for each end device.

Google Analytics 4 (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG)

We use Google Analytics 4 from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website. By using Google Analytics 4, we can analyse the behaviour of website visitors and thereby improve the user-friendliness of our website. For example, the click paths of users are analysed in order to gain insights into the usage patterns of the website.

The following data is therefore collected with your consent:

  • Page views

  • Length of visit

  • Operating system used

  • Location data

  • Device data

This data is assigned to the user's end device. This allows individual users to be recognised.

This service is only activated if you have given us your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG). You can revoke your consent at any time with effect for the future via our consent banner - the direct link can be found in the next section, on the Puppenfinder website it can also be accessed by clicking on the blue ‘fingerprint symbol’ in the left-hand corner of the website - and change the cookie settings. Please note that changes must be made separately for each end device.

The data collected is stored for 14 months and then automatically deleted.

Google is an active participant in the EU-U.S. Data Privacy Framework, which regulates the correct and secure transfer of personal data.

You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311141511

Further information on data protection can be found here: 

Google Tag Manager (Art. 6 Abs. 1 lit. a DS-GVO, § 25 Abs. 1 TDDDG)

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website. Google Tag Manager can be used to centrally integrate and manage tags from various tracking tools that we use on our website. Tags are individual sections of code that record your activities on our website. Google Tag Manager can be used to integrate tags from Google products, such as Google Analytics, or from other providers. Various tracking tools, such as Google Analytics, are integrated to make our website as appealing as possible for website visitors. We use the Google Tag Manager to integrate these.

Although no cookies are set via the Google Tag Manager itself, website visitor data is transmitted to the tools integrated via the Google Tag Manager after consent has been given.

This service only becomes active if you have given us your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG). You can revoke your consent at any time with effect for the future via our consent banner - the direct link can be found in the next section - and change the cookie settings. Please note that changes must be made separately for each end device.

The data collected is stored for 14 months and then automatically deleted.

Google is an active participant in the EU-U.S. Data Privacy Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311141511.

Further information on data protection at can be found here:

Privacy Policy - Privacy Policy & Terms of Use - Google

 

Google Signals (Art. 6 Abs. 1 lit. a DS-GVO, § 25 Abs. 1 TDDDG)

We use Google Signals on our website. This is a function of Google Analytics 4 that links the visit data collected by our website with Google information from accounts of registered users of the Google account who have consented to this link for the purpose of ad personalisation. Granular location and device data is collected at country level. As part of Google Signals, cross-device tracking also takes place across different websites and apps, provided you are logged into your Google account and have activated personalised advertising. We may also receive information about your interests and demographic characteristics, such as your age, language, place of residence or gender. By using Google Signals, we can gain aggregated and anonymised insights into cross-device behaviour, which we use, for example, to create remarketing lists in Google Analytics 4.

The following data is collected with your consent:

  • Location data
  • Search history
  • YouTube history
  • Other data from websites that work with Google

This data is assigned to the user's end device. This allows individual users to be recognised.

This service only becomes active if you have given us your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG). You can revoke your consent at any time with effect for the future via our consent banner - the direct link can be found in the next section - and change the cookie settings. Please note that changes must be made separately for each end device.

The data collected is generally stored for a period of 26 months and then automatically deleted.

Google is an active participant in the EU-U.S. Data Privacy Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311141511.

Further information on data protection at can be found here:

Privacy Policy - Privacy Policy & Terms of Use - Google

Google Ads (Art. 6 Abs. 1 lit. a DS-GVO, § 25 Abs. 1 TDDDG)

We use Google Ads Conversion Tracking on our website to draw attention to our offers. For this purpose, we place adverts in the Google search network and advertising banners in the Google display network (banners on third-party websites) and use Google Ads remarketing. We can combine adverts with search terms or use individual adverts to promote our products that you have viewed on our site. Ads remarketing lists allow us to optimise search and display campaigns if you have visited our site before.

If you have reached our website via an advert placed by Google, Google Ads will set a cookie on your computer. The cookie for conversion tracking is set when a user clicks on an advert placed by Google. We and Google then receive information that you have clicked on an advert and have been redirected to us. Based on these evaluations, we can recognise which of the advertising measures used are particularly effective and can optimise them as a result.

The statistics that Google provides us with include the number of users who have clicked on one of our adverts and show which of our websites you have been redirected to. We can also target you better if you have already visited our website. We can also track which search terms have been clicked on particularly often and which adverts lead to the purchase of one of our products, for example.

Depending on the browser used, these cookies lose their validity after a maximum of 90 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page.

The legal basis is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of Ads Advertising, Google receives the information that you have accessed the corresponding part of our website or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.

You can prevent this technology by disabling the use of cookies via your browser settings, deselecting individual types of ads in Google's ad settings, disabling interest-based ads on Google or disabling cookies from advertising providers with the help of the respective deactivation help of the Network Advertising Initiative. We and Google will then only receive statistical information on how many users have visited a page and when. This can only be prevented by appropriate browser extensions.

Please note that you must not delete the opt-out cookies as long as you do not want measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

Google is an active participant in the EU-U.S. Data Privacy Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311141511.   

Further information on data protection at can be found here:

Privacy Policy - Privacy Policy & Terms of Use - Google

 

 

Meta Pixel (Art. 6 Abs. 1 lit. a DS-GVO, § 25 Abs. 1 TDDDG)

We have implemented the Meta pixel from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, on our websites.

With your consent, data on your user behaviour from our website is collected and analysed. Provided you have given your consent, a cookie is set for this purpose, which can be used to analyse the target groups on Facebook and track the customer journey. This serves to optimise our campaigns. This means that the effectiveness of Facebook adverts can be analysed for statistical and market research purposes and future web measures can be improved as a result.

The data collected is also linked to any existing Instagram or Facebook account.

 The following information about website visitors is collected for this purpose

- Activity and information provided

- Friends, subscribers and other contacts

- App, browser and device information

- Information from partners, providers and other third parties

This service is only active if you have given us your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG). You can revoke your consent at any time with effect for the future via our consent banner - the direct link can be found in the next section - and change the cookie settings. Please note that changes must be made separately for each end device.

The data collected is stored for 14 months and then automatically deleted.

Meta is an active participant in the EU-U.S. Data Privacy Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.facebook.com/privacy/policies/data_privacy_framework

Further information on data protection at Meta can be found here:

Pinterest Pixel (Art. 6 Abs. 1 lit. a DS-GVO, § 25 Abs. 1 TDDDG)

We have implemented the pixel of Pinterest, Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, on our website.

With your consent, we use the Pinterest pixel on our website to analyse target groups and play out corresponding campaigns. The analysis of the user data is used to display targeted ads on Pinterest and thus optimise the advertising campaigns.

The following data is collected from website visitors for this purpose

  • Account data
  • Content data
  • Precise location data
  • Communication with Pinterest
  • contacts
  • Device data
  • Log data
  • Data from cookies
  • Usage data and inferences
  • User decisions

This service is only active if you have given us your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG). You can revoke your consent at any time with effect for the future via our consent banner - the direct link can be found in the next section - and change the cookie settings. Please note that changes must be made separately for each end device.

The data collected is stored for 14 months and then automatically deleted.

Further information on data protection can be found here: Privacy Policy | Pinterest Policy

YouTube (Art. 6 Abs. 1 lit. a EU-DS-GVO, § 25 Abs. 1 TDDDG)

We have integrated YouTube videos from the provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) into our online offering, which are stored on www.youtube.com and can be played directly from our website. These are all integrated in ‘extended data protection mode’, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. However, the extended data protection mode only refers to the recording of user behaviour, not to the provision of ads, as well as the reloading of further third-party content, font transfer and possible links to your user account on YouTube. When you start the video, this triggers further data processing operations. We have no influence on this. The legal basis is your consent, Art. 6 para. 1 sentence 1 lit. a EU GDPR.

You can revoke your consent at any time in our cookie settings.

This service may transfer the data collected to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse. However, we take the possible measures required under data protection law in accordance with Art. 44 et seq. EU-GDPR to ensure the level of data protection in the third country.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. Data is transferred regardless of whether YouTube provides a user account that you are logged in to or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores the data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

You can find further information on data protection at: https://policies.google.com/privacy

 

 

Google reCAPTCHA(Art. 6 Abs. 1 lit. f)

On this website, we use the reCAPTCHA function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This function is primarily used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing.

The legal basis for the processing is Art. 6 para. 1 lit. f EU-GDPR based on our legitimate interest in the security of our website and the prevention of misuse and spam.

The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there.

This service may forward the data collected to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse. However, we take the possible measures required under data protection law in accordance with Art. 44 et seq. EU GDPR to ensure the level of data protection in the third country.

You can view Google's terms of use at http://www.google.de/intl/de/policies/terms/regional.html, additional information on data protection can be found on the web page of Goole ("Google Privacy Policy"): http://www.google.de/intl/de/policies/privacy/

Opt-Out: https://adssettings.google.com/authenticated.

 

Cloudfront (Art. 6 Abs. 1 lit. f EU-DS-GVO)

This website uses the CloudFront content delivery network (CDN). This is a service offered by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The CloudFront CDN makes duplicates of website data available on various Amazon Web Services (AWS) servers located all over the world. This results in faster website loading times, greater reliability and increased protection against data loss. Some of the images and videos embedded in this website are obtained from the CloudFront CDN when calling up the site. By making this request, information about your use of our website (e.g. your IP address) is transferred to Amazon servers in other EU states and saved there. This takes place as soon as you enter our website. Amazon Web Services and the Amazon CloudFront CDN are used in the interests of improving the reliability of the website, increasing protection against data loss and improving loading speeds on this website. This is a legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. Information on the data protection measures and the current privacy notice of Amazon Web Services can be found at: https://aws.amazon.com/privacy/
This service can forward the collected data to a different country. Please note that this service can transmit data outside the European Union and the European Economic Area and to a country without an adequate level of data protection. If the data is transmitted to the USA, there is a risk of your data being processed by US public authorities for control and inspection purposes without you having the possibility of legal redress. However, we take the possible measures that are necessary from the perspective of data protection law in line with Art. 44 et seq. EU GDPR in order to ensure an adequate level of data protection in the third country.

 

Social Media Links

On our website you will find links to the social media services of Facebook, Instagram and YouTube. You can recognise links to the websites of the social media services by the respective company logo. If you follow these links, you will reach the company website of MGA Zapf Creation GmbH on the respective social media service. When you click on a link to a social media service, a connection is established to the servers of the social media service. This tells the servers of the social media service that you have visited our website. In addition, further data is transferred to the provider of the social media service. These are, for example:

  • Address of the website on which the activated link is located
  • Date and time of accessing the website or activating the link
  • Information about the browser and operating system used
  • IP address

If you are already logged in to the relevant social media service at the time the link is activated, the provider of the social media service may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account on the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand.

The servers of the social media services are located in the USA and other countries outside the European Union. The data can therefore also be processed by the provider of the social media service in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as is the case in the member states of the European Union.

Please note that we have no influence on the scope, type and purpose of data processing by the provider of the social media service. Further information on the use of your data by the social media services integrated into our website can be found in the data protection policy of the respective social media service.

 

Use and disclosure of personal data/purpose limitation

We will only collect, process and use any personal data that we receive from you when you use the MGA Zapf Creation GmbH website for the stated purpose. We note that this will only be done within the framework of the applicable legal provisions or only with your consent.
We will not publish, sell or otherwise pass on to third parties the personal data collected. This data will not be used for advertising purposes.

 

Recipients of the data/categories of recipients

Within our company, we ensure that only those people who need your data to fulfill their contractual and legal obligations receive it.

In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection contracts have been concluded with all service providers.
These are the following categories of service providers:

  • IT
  • Credit Check
  • Marketing
  • Payment services
  • Shipping
  • Service providers to answer our complaints.

 

Third country transfer / Third country transfer intention

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary to perform the contractual relationship, is required by law or if you have given us your consent.
 
We do not transfer your personal data to any service provider outside the European Economic Area.

 

Rights of data subjects Art. 15 - 22 EU-DS-GVO

You have the right to receive information about the personal data concerning you, as well as the right to rectification or erasure, provided that there are no statutory retention periods to the contrary. You also have the right to request that MGA Zapf Creation GmbH restrict processing, to object to processing and to exercise the right to data portability. You also have the right to lodge a complaint with the supervisory authority.

To assert these rights, please contact: Datenschutz@zapf-creation.de or by post to MGA Zapf Creation GmbH, password “Datenschutz”, Mönchrödener Str. 13, 96472 Rödental, Germany.

 

Routine deletion and blocking of personal data

 

MGA Zapf Creation GmbH processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage or as long as a statutory retention period exists. After the purpose has been achieved or the period has expired, the corresponding data is routinely deleted unless it is no longer required to fulfill or initiate a contract.

 

Data Security

We have taken appropriate technical and organizational measures to protect the data of our employees/customers/suppliers stored with us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security levels are continuously checked in cooperation with security experts and adapted to new security standards.

The data exchange to and from our website is always encrypted. We offer HTTPS as a transmission protocol for our website, always using the latest encryption protocols. There is also the option of using alternative communication channels (e.g. by post).

 

Online offers for children

Persons under the age of 16 may not send us any personal data or give a declaration of consent without the consent of their legal guardian. We would like to encourage parents and legal guardians to actively participate in their children's online activities and interests.

 

Links to other providers

Our website also contains - clearly visible - links to the websites of other companies. As far as links to websites of other providers are available, we have no influence on their content. Therefore, no guarantee or liability can be accepted for this content. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognizable legal violations at the time of linking. Illegal content was not recognizable at the time of linking. However, permanent control of the content of the linked pages is not reasonable without concrete evidence of a legal violation. If legal violations become known, such links will be removed immediately.

 

Automated individual decisions

We do not use purely automated processing procedures to make a decision.

 

Data protection declaration / information on data protection in social media

MGA Zapf Creation GmbH maintains BABY born presences in the "social media", in this case on Facebook, Instagram, YouTube. To the extent that we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with.

Below you will find the most important information on data protection law with regard to our presences.

We would like to point out that you use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

 

Name and address of the person responsible for the operation

In addition to MGA Zapf Creation GmbH, the following companies are responsible for the company's presence within the meaning of the EU General Data Protection Regulation (EU GDPR) and other data protection regulations:

  • Facebook
    (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Instagram
    (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Youtube 
    (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)

However, you use these platforms and their functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

We would also like to point out that your data may be processed outside the European Union.

 

Purposes and legal basis

We ourselves maintain the fan pages in order to communicate with the visitors to these pages and to inform them about our offers in this way.

We also collect data for statistical purposes in order to be able to further develop and optimize the content and to make our offer more attractive. The data required for this (e.g. total number of page views, page activities and data provided by visitors, interactions) are prepared by the social networks and made available to us. We have no influence on the generation and presentation. In addition, your data can be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behavior and the resulting interests. This means that, for example, advertisements can be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Irrespective of this, data that is not collected directly from your end devices can also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them). As the provider of this information service, we collect and process data only to answer messages you send us. We do not use your data for any other purpose.

The processing of users' personal data is based on our legitimate interests in providing users with effective information and communicating with users in accordance with Art. 6 (1) (f) EU GDPR.

If Facebook asks you to consent to data processing (i.e. you give your consent, for example, by checking a box or clicking a button), the legal basis for processing is Art. 6 (1) (a) and Art. 7 EU GDPR.

 

Opportunity to object

If you are a member of Facebook and do not want the network to collect data about you via our website and link it to your saved member data on the respective network, you must

  • log out of the respective network before visiting our website, 
  • delete the cookies on your device and
  • close and restart your browser 

However, after logging in again, you will be recognizable to the network as a specific user.

For a detailed description of the respective processing and the options for objection (opt-out), please refer to the information linked below:

In general, you have the following rights regarding the processing of your personal data:

Right to information; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to complain about unlawful processing of your personal data to the competent data protection authority.

However, since MGA Zapf Creation GmbH does not have full access to your personal data, you should contact the social media providers directly when asserting your rights, as they each have access to the personal data of their users and can take appropriate measures and provide information.

If you still need help, we will of course try to support you. Please contact datenschutz@zapf-creation.de

 

Notes on Copyright and Art Copyright

If you want to publish images, texts, plans, videos, music, etc. on our website, you should be aware that you may be transferring all usage rights to the network, which could ultimately have legal consequences for you if you are not the author or rights holder yourself.

 

Questions about data protection?

If you have any questions about data protection, please contact: datenschutz@zapf-creation.de or by post to MGA Zapf Creation GmbH, password “Datenschutz”, Mönchrödener Str. 13, 96472 Rödental, Germany.

Dolls
Dolls
Accessories
Accessories
Theme Worlds
Theme Worlds
Play & Fun
Play & Fun
Service
Service