The protection of your personal data is an important concern for us. When processing this data, VIKING PADEL will strictly observe the applicable provisions of data protection law in the European Union, and of data protection law in the Spain.

By means of this Data Privacy Statement, we are informing you of what data we collect on our websites, for what purposes we process this data, and to which recipients we may possibly transfer this data, and of the legal bases for the data processing, the period for which the data will be stored, the controllers responsible for the processing, as well as your rights.

1. Controller responsible for the data processing

The controller responsible for the data processing within the meaning of Article 13 (1) a) of the General Data Protection Regulation (GDPR) is:

ILO Applications SL
Calle Artemisa 4
29640 Fuengirola, Spain
Email: contact at iloapps.es

If you wish to contact our data protection officer, please use the following contact details:

ILO APPLICATIONS SL
Data Protection Office
Calle Artemisa 4
29640 Fuengirola, Spain
Email: contact at iloapps.es

2. Specific details relating to the data processing

2.1. Personal data

Article 4 (1) GDPR defines personal data as any information relating to an identified or identifiable natural person. Personal data includes, for example, name, address, telephone number, email address, bank account details, credit card number.

2.2. Data processing for the performance of a contract

If you place an order with VIKING PADEL, we shall need personal data for the purposes of processing the purchase, including shipping the goods that you have ordered, handling returns or dealing with complaints. Specifically, we shall need details relating to your name, postal address, phone number, email address and, if applicable, essential payment details. It is essential that you provide your email address so that we can send you confirmation of receipt of your order, notify you of the shipment of your goods and/or contact you. Therefore, this data processing will take place for the purpose of performing the contract.

Even before a contract is concluded, you may have already contacted VIKING PADEL and, for example, sent us an email enquiry requesting our advice. In this case, the data received from you, such as your email address and possibly your name, will be processed by us for the purpose of carrying out precontractual measures.

Article 6 (1) b) GDPR is the legal basis for data processing for the purpose of performing a contract or for carrying out precontractual measures as a result of an enquiry from the data subject.

For handling your order, VIKING PADEL will pass on personal data to service partners such as payment service providers (including, but not limited to, banks, Paypal, Amazon Pay, credit card companies) and shipping service providers (including, but not limited to, DHL, UPS, Fedex, forwarders), insofar as this is necessary for the performance of your contract. It is also possible that your personal data will be passed on to a supplier delivering the goods directly to you. The recipient must use the transferred data only for the performance of its task. Any use beyond this is not permitted.

Personal data processed for the performance of the contract will be stored by us for the statutory period of limitation.

The data necessary under commercial law or fiscal law will be stored by us for the retention periods.

Personal data processed for carrying out precontractual measures will be erased within 12 months if no contract is concluded.

2.3. Newsletter

You may be able to subscribe to the VIKING PADEL newsletter in the course of the ordering process or separately via our shop website. In any event, we shall use the double opt-in procedure.

Following registration, VIKING PADEL will use your submitted data for marketing purposes. We may then regularly inform you of, for example, new products, activities or sales campaigns.  We store your e-mail address and the language in which you are using the VIKING PADEL webshop.

Article 6 (1) a) GDPR is the legal basis for this data processing. The data processing will take place only according to express consent.

In addition, we store the data of the application under the double opt-in procedure. Article 6 (1) f) GDPR is the legal basis for this data processing. The essential justified interest lies in proving an existing consent.

You may revoke your consent at any time with effect for the future. Each newsletter will contain an unsubscribe link. If you use that link, the unsubscribe of your e-mail adress will be executed immediately. Apart from that you can revoke your consent at any time by sending an e-mail to support at iloapps.e
For reasons of proof and for defence against legal claims the dataset concerning your e-mail address can be stored for up to 3 years after you have unsubscribed. The dataset in question will then be deleted automatically. Article 6 (1) f) GDPR is the legal basis for this data processing.

2.5. Customer account

You have the possibility of creating a VIKING PADEL customer account. This password-protected, personal access offers you a series of useful features, including, but not limited to, viewing of the orders that you have placed in the near history or  management of personal customer data.

Article 6 (1) a) GDPR is the legal basis for this data processing. The data processing will take place only according to express consent. The data submitted to the customer account will be stored as long as your consent exists. You may revoke this consent at any time with effect for the future. An informal notification using the contact details stated under Section 1 will suffice for this. If your consent is revoked, your customer account, including the data submitted to it, will be deleted.

3. Cookies

3.1. What are cookies?

“Cookies” are small text files that are stored on your data carrier and contain certain settings and data. We use cookies on our websites to provide you with an optimal user experience, to compile statistics on the use of our websites and to facilitate marketing activities.

3.2. Personal cookie settings

When you visit the VIKING PADEL shop/website for the first time or if you have deleted your browser data, we ask you with our cookie consent tool whether we may use cookies. We require cookies and your express consent to store them to improve our website and provide you best services. Following cookies can/may be stored:

Essential cookies:

Comfort cookies

Marketing and statistis cookies:

We use web analysis tools to generate data about the use of our websites in order to improve our shop in a targeted manner and ultimately to achieve a better user experience. We use the web analysis tools Google Analytics and Google Tag Manager from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. These tools also set cookies if you have given your explicit consent.

You can find more about Google Analytics under no. 4.

Essential cookies from third-party providers:

If you select certain payment methods such as Amazon Pay or Paypal, cookies enabling payment using the respective payment method will be placed. In all these cases, cookies are not initially set when the respective page is called up. Cookies are only set as a result of an action by you, e.g. when you select the payment method Paypal active or when you play an embedded YouTube video.

3.3. Legal basis for the use of cookies

Article 6 (1) f) GDPR is the legal basis for the use of technically essential cookies. The essential justified interest lies in securing the functionality of the VIKING PADEL shop.

Article 6 (1) a) GDPR is the legal basis for the use of comfort cookies (nr. 3.4.) and marketing and statistics cookies (nr. 3.5.). You have given your explicit consent by unsing our cookie consent tool. More about the cookie consent tool and personal cookie settings can be found under nr. 3.2.

3.4. Revocation of consent and deletion of cookies

You can revoke your consent to the use of cookies at any time with effect for the future.

You can also delete all existing cookies in your browser settings. The next time you visit the VIKING PADEL website you will be asked to make a new decision about your personal cookie settings using our cookie consent tool.

4. Google Analytics and Google Tag Manager

VIKING PADEL uses Google Analytics and Google Tag Manager, web analysis services from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses tracking cookies to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.

If IP anonymisation has been activated on this website, Google will however, within Member States of the European Union or the European Economic Area, truncate your IP address beforehand. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and be truncated there. IP anonymisation is active on this website. Google will, on behalf of the operator of this website, use this information to evaluate your usage of the website, put together reports on website activities and provide the website operator with other services relating to website and Internet usage.

The IP address transmitted by your browser within the framework of Google Analytics will not be combined with other Google data. You can prevent the storage of cookies by setting your browser software accordingly. Please note, however, that you may then possibly be unable to fully use all features of this website. By downloading and installing the browser plugin available at the following link, you can, furthermore, prevent data (including your IP address) generated by such cookie relating to your use of the website from being collected and transmitted to Google and being processed by Google: browser add-on for deactivating Google Analytics.

VIKING PADEL uses Google Analytics with the setting “anonymizeIP”. As a result, IP addresses are further processed by Google Analytics only in truncated form in order to rule out the possibility of persons being directly individualised.

5. Google reCAPTCHA

VIKING PADEL uses the service “Google reCAPTCHA” on this website. Provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. We use Google reCAPTCHA to prevent misuse through automated data entry. This applies in particular to pages on which users enter certain form data and transmit it to our servers. Google reCAPTCHA makes it possible to distinguish between data input by humans and automatic data input.

The service analyses the behaviour of the user on the website in the background. Google reCAPTCHA uses certain characteristics to determine whether the website is naturally operated. Google reCAPTCHA transmits your IP address and possibly other data (e.g. about the device you are using) to Google.

Article 6 (1) f) GDPR is the legal basis for this data processing. The essential justified interest lies in in the prevention of abuse and/or spying on our web page as well as in the prevention of SPAM.

You can find more information about Google reCAPTCHA and Google’s privacy statement at: https://www.google.com/intl/en/policies/privacy/

6. Log files

When you visit the VIKING PADEL website, your Internet browser will send usage data to our servers. Usage data is logged in so-called log files by our servers. In this respect, the following will be stored: the data and time, the type of request, the log type and access status, the size and name of the file, the IP address from which the request originated, the referrer URL (information on the website from which you have arrived at our website), information on the Internet browser used (e.g. which browser is used, the version number of this browser and the type of encryption).

We use log files to monitor the functionality and performance of our shop and to further develop and improve the VIKING PADEL shop. As a result, any malfunctioning of the shop, for example, will be recorded and subsequently remedied by us. Furthermore, the storage of data in log files takes place for security reasons to ensure secure operation of our system.

Article 6 (1), f) GDPR is the legal basis for this data processing. The essential justified interest lies in securing the functionality of the shop and ensuring secure operation of our shop servers. The users’ IP addresses will be deleted or anonymised after a maximum of 10 days.

7. Content Delivery Network (CDN)

VIKING PADEL may use external service provider, which will, on our behalf, deliver certain content from the VIKING PADEL shop website to you or your browser. This content includes, but is not limited to, product images. On the one hand, this service provider enables, by means of its infrastructure, speedy delivery of this data to you. In parallel, the service provider will deliver the data from a server situated as physically close to you as possible. Both these services will minimise loading times and improve the user experience for you.

The CDN service provider will necessarily receive your IP address.

Generally, no log data will be recorded. Only in the case of faults log data will be recorded by the CDN service provider for fault analysis. In this respect, the IP address will be stored only in anonymised form; the log file will be deleted after a maximum of 10 days.

Article 6 (1), f) GDPR is the legal basis for this data processing.

8. Cloudflare

VIKING PADEL may use Cloudflare application from Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107 USA on this website to make our website faster and more secure. Cloudflare offers a worldwide distributed content delivery network with DNS. Cloudflare creates copies of our website and places them on their own servers. This ensures that when you visit our website, it is delivered from the server that can display our website the fastest. Cloudflare simultaneously blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources or try to attack our systems in other ways. 

In order to provide this service, the entire data transfer between your browser and our websites flows through the infrastructure of Cloudflare. Cloudflare delivers the content of our website and analyzes the data stream to fend off attacks.

For this purpose Cloudflare receives information about IP addresses and DNS protocol data. For additional security reasons Cloudflare also uses a cookie. The cookie is absolutely necessary for Cloudflare’s security functions and cannot be deactivated. 

Guaranteeing the security and availability of our website represents a legitimate interest on our part in accordance with Article 6 (1), f) GDPR. Regarding the passing on of data, we have concluded a corresponding agreement with Cloudflare for contractually agreed upon data processing according to Article 28 GDPR. 

Under normal circumstances Cloudflare stores your data for up to seven days. However, if your IP address triggers a security warning at Cloudflare, exceptions to the above mentioned storage period may occur.

Since Cloudflare stores personal data on servers in the USA as well as in the European economic area, we have also concluded EU standard contract clauses with Cloudflare regarding the transfer of personal data to the USA. A resolution by the European Commission on the adequacy of data protection levels in the USA is currently not available. You can request a copy of the EU standard contract clauses from us. Cloudflare only receives anonymized data with the IP address. This is an additional protective measure in the event of access to your data by security services based in the USA.

9. Empty

This section is left empty on purpose.

10. Social Media

On the VIKING PADEL website you will find links to social media platforms from Facebook, Youtube, Instagram and Twitter where VIKING PADEL is represented and offers content. These are static links. VIKING PADEL does not use social media plugins.

VIKING PADEL is represented in social media in order to get in touch with our customers, interested parties and other users and to inform them about products, events or competitions. We would like to point out that personal data is collected and processed by the respective provider when you visit the corresponding pages. The legal basis for the processing of users’ personal data is Art. 6 (1), f) GDPR. The essential justified interest of VIKING PADEL lies in the optimal design and improvement of the company presentation. 

If you use our offers in the respective social network as a logged-in member, your consent to data processing pursuant to Art. 6 (1), a) GDPR is given to the social media platform. In order to understand and improve our activities, we use corresponding evaluations in the form of statistics provided by the respective provider.

11. Your rights as a user

Below, we would like to summarise for you your rights under the General Data Protection Regulation.

11.1. Right to revoke your declaration of consent under data protection law (Article 7 (3) GDPR)

You have the right time to revoke your consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out on the basis of your consent up to the time of revocation. Before you give your consent, you will be informed hereof.

11.2. Right of access (Article 15 GDPR)

Under Article 15 GDPR, you have the right to demand from us confirmation of whether we process personal data concerning you. If this is the case, you have the right to access this personal data and the following information:

• the purposes for which we process this data;
• the categories of personal data processed by us;
• to whom this personal data has been disclosed, or is yet to be disclosed, particularly in the case of disclosure to recipients in third countries or at international organisations;
• if possible, the envisaged period of storage of the personal data, or, if this is not possible, the criteria used to determine this period;
• the existence of a right to rectification or erasure of the personal data concerning you, or a right to restriction of processing by us, or a right to object to processing by us;
• the existence of a right to lodge a complaint with a supervisory authority;
• in cases where the personal data is not collected from you, all available information concerning the origin of the data;
• whether automated decision-making, including profiling, as referred to in Article 22 (1) and (4) GDPR, takes place, and, if so, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.
• If personal data is transferred to a third country or to an international organisation, you will have the right to be informed of what suitable safeguards have been put in place to ensure that these recipients also comply with the provisions of the GDPR.

11.3. Right to rectification (Article 16 GDPR)

You may demand that we rectify, without delay, inaccurate data concerning you. With due regard being given to the purposes of the processing, you will, additionally, have the right to demand that incomplete personal data be completed, also by means of a supplementary statement.

11.4. Right to erasure or “right to be forgotten” (Article 17 GDPR)

You have the right that we erase data without delay if one of the following grounds applies:

• The data is no longer needed for the purposes for which it was collected or otherwise processed.
• You revoke your consent on which the processing was based, and there is no other legal basis for the processing.
• In accordance with Article 21 (1) GDPR, you lodge an objection to the processing for reasons ensuing from your particular situation, and there are no overriding legitimate reasons for the processing.
• In accordance with Article 21 (2) GDPR, you lodge an objection to processing for direct marketing purposes.
• The data has been unlawfully processed.
• It is necessary to erase the data in order to fulfil a legal obligation under European or German law.
• The data has been collected in relation to an offer of information society services in accordance with Article 8 (1) GDPR.

If we have made your data public and are obliged to erase it, we shall, with due regard being given to the available technology and the implementation costs, take appropriate measures to inform the controllers that you have requested the erasure of your data.

11.5. Right to restriction of processing (Article 18 GDPR)

According to Article 18 GDPR, we must restrict the processing of your data in the following cases, namely if:

• you dispute the accuracy of your data, in which case the processing will be restricted until we have been able to check the accuracy;
• the processing is unlawful, and you decline to have your data erased and demand instead that use of your personal data be restricted;
• we no longer need the data for the purposes of the processing, but you need this data for asserting, exercising or defending legal claims, or
• you lodge, in accordance with Article 21 (1) GDPR, an objection to the processing for reasons ensuing from your particular situation, as long as it has not yet been established whether the legitimate reasons for the processing by us outweigh your interests.

If processing is restricted, we shall merely be permitted to store this data. Any processing beyond this will then be permissible only with your consent or for the purpose of asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or for reasons of an important public interest of the Union or a Member State.

You may at any time revoke your consent given in this connection.

You will be notified by us before the restriction is lifted.

11.6. Notification obligation (Article 19 GDPR)

All recipients to whom your data has been disclosed must be informed by us of any rectification or erasure of your data, or of any restriction of processing. This will be inapplicable only insofar as this proves to be impossible or is associated with disproportionate expense. We shall inform you of these recipients if you so request.

11.7. Right to data portability (Article 20 GDPR)

You have the right to receive in a structured, commonly used and machine-readable format the data concerning you that has been provided to us. Additionally, you have the right that we transfer this data to a third party insofar as

• the processing of the data is based on your consent or on a contract, and
• the processing takes place by automated means.

In this respect, you may demand that we transfer your data directly to such third party insofar as this is technically feasible. This right must not impair the rights and freedoms of other persons.

11.8. Automated decision-making in individual cases, including profiling (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or that impairs you in a similar manner. This will not apply if:

• you have given your express prior consent thereto, or
• the decision is necessary for the conclusion or performance of a contract between us, or
• applicable legal provisions permit this, and these provisions contain appropriate measures for protecting your rights and freedoms as well as your legitimate interests.

In the first two cases, we shall take appropriate measures to protect your rights and freedoms as well as your legitimate interests. This includes your right to state your own point of view, your right to challenge the automated decision and your right to intervention by one of our employees.

11.9. Right to object (Article 21 GDPR)

If we process your data on the basis of a legitimate interest (Article 6 (1) f GDPR), you will have the right to lodge an objection thereto if the grounds for this ensue from your particular situation. This also applies to any profiling based on these provisions. In this case, we shall no longer process your data, unless we can prove that the reasons for the processing are compelling and worthy of protection. This must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.

Insofar as we process your data in order to engage in direct marketing, you may lodge an objection to the processing of your data. This also applies to profiling insofar as profiling is related to such direct marketing.

Following your objection, your data will no longer be processed for these purposes.

To lodge an objection, merely send a corresponding informal notification using the contact details given in Section 1.

11.10. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside or work or where the alleged breach took place, if you are of the opinion that the processing of the data concerning you breaches the General Data Protection Regulation. Further legal remedies under administrative law, or judicial remedies, to which you may possibly be entitled will remain unaffected hereby.