EEA PRIVACY NOTICE

This Privacy Notice is intended to provide information about our organisation and our practices with respect to the personal data of individuals in the EEA.

 

1. Introduction

 

In respect of personal data collected or otherwise processed by using our website and/or by using our webshop, Voyetra Turtle Beach Inc. and Turtle Beach Europe Limited will be joint ‘controllers’ (Article 26 GDPR). As described below, there are specific situations where only one of the two companies will be the sole controller.

 

Contact information:

 

Voyetra Turtle Beach, Inc.

44 South Broadway, 4th Floor

White Plains, NY 10601, USA

e-mail: privacy@turtlebeach.com

 

and

 

Turtle Beach Europe Limited

First Floor Matrix House

Basing View, Basingstoke

RG21 4DZ, UK

e-mail: privacy@turtlebeach.com

 

A data controller is responsible for deciding the ways in which and purposes for which personal data about you is processed. We may process your personal data ourselves or through others acting as data processors on our behalf.

 

Throughout this notice, ‘we’ and ‘us’ means Voyetra Turtle Beach, Inc. and Turtle Beach Europe Ltd., if not otherwise stated in this Policy.

 

Our representative in the EEA is:

 

TB Germany GmbH

Otto von Bahrenpark

Gasstrasse 4

22761 Hamburg, Germany

Fax: +49 (0)40 30 99 495 123

Email: privacy@turtlebeach.com

 

The Data Protection Officer for our representative is:

Dr. Christian Rauda

GRAEF Rechtsanwälte Digital PartG mbB

Jungfrauenthal 8
E-Mail: datenschutzbeauftragter@TBGermany.de

Website: www.graef.eu

 

‘Personal data’ means any information relating to you, such as your name and contact details, but does not include data where you can no longer be identified from it such as anonymised, aggregated data.

 

If you have any questions about this Privacy Notice, you can contact us using the details set out in the ‘Contact Us’ section below.

 

2. What personal data may we process about you and what do we use it for?

 

The EU General Data Protection Regulation (“GDPR”) specifies certain ‘legal bases’ for the processing of your personal data . The personal data that we may collect about you and the purposes for which such personal data will be used, as well as the legal basis for such processing are explained in this section.

 

This website is not targeted at users under the age of 18. If you are under the age of 18, you should not visit this site and, in particular, should not submit any personal data to us.

 

    • If you place an order through our website (webshop)

 

As mentioned, we (Voyetra Turtle Beach Inc. and Turtle Beach Europe Ltd.), process the data collected when using the webshop as joint controllers within the meaning of Art. 26 GDPR. For this purpose, we have concluded a joint controllership agreement.

 

When you place an order with us on our website we will request certain information from you. This information is likely to include your name, email address, payment card details, billing address, shipping address and telephone number. This information will be used to process your order, arrange delivery of your order and correspond with you in relation to your order. Our legal basis for using your personal data in this way is to perform the contract we enter into with you and to execute the customer service in respect of your order (Art. 6 (1) (b) GDPR).

 

This personal data is required in order to place an order with us. If you do not provide this information, we may not be able to accept your order or fulfil your order.

 

If you buy a Turtle Beach or a Roccat product, we may also use your contact details to ask you if you would like to review the product that you purchased. You do not need to submit a review, but if you do, we may process the personal data that you provide in your review or in connection with your review to publish your review on our website. We will provide you with further information about how we may use your review and associated data when we contact you to ask you to provide a review. Our legal basis for this processing is your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time by editing or deleting your review.

 

    • If you sign up to receive e-mail marketing from us (note that the controller will only be Voyetra Turtle Beach, Inc.)

 

Our e-mail communications are not targeted at children. By opting in to receive e-mail marketing from us, you confirm that you are aged 18 or over.

 

When you sign up to receive e-mails from us (for example, by ticking a box or clicking a link) we will collect your e-mail address. We will use your e-mail address to send you e-mails with our latest new releases, deals, events, promotions, gaming articles and other promotional material and information about Turtle Beach or Roccat products. Our legal basis for processing your e-mail address for this purpose is your consent. If you do not provide your e-mail address, we will not be able to send you the e-mails that you request.

 

If you have signed up to receive communications using one of our websites, we will automatically record which Turtle Beach website you used to join our mailing list. We will use this information to ensure that our communications to you are in the same language as the website that you have used. Our legal basis for processing this information is our legitimate interest (Art. 6 (1) (f) GDPR) in ensuring that the communications we send you are in an appropriate language.

 

We also collect information about whether you open e-mails sent by us to evaluate the effectiveness of our communication, as well as the effectiveness of time and days of our communications. Our legal basis for this processing is our legitimate interest (Art. 6 (1) (f) GDPR) in evaluating the effectiveness of our communications and our marketing strategy.

 

    • Text Marketing and notifications

 

We are using a text messaging platform based in the US operated by SMSBump, a Yotpo company which is US based at Lafayette Street, New York, NY 10003, USA. It provides an app on the Shopify platform for marketing via text messaging. You will find SMSBump’s Privacy Policy and GDPR-related disclosures here: https://smsbump.com/page/privacy-policy. By opting-in for our text marketing and notifications during the ordering process , you agree with this data processing.

 

By entering your phone number in the checkout and initializing a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. You acknowledge that consent is not a condition for any purchase.

 

Your phone number, name and purchase information will be processed on the platform operated by SMSBump. Our data processor SMSBump will use your data sets only for sending you targeted marketing messages and notifications. Upon sending the text messages, your phone number will be passed to a text messages operator to fulfill their delivery.

 

Voyetra Turtle Beach will have access to the data after your opt-in only in the following cases:

    • To respond to your reply messages to us or
    • To send you the text marketing messages.

Our legal basis for processing your personal data for these purposes is your consent (Art. 6 (1) lit a) GDPR) to the text marketing. Voyetra Turtle Beach has entered into EU Standard Contractual Clauses with SMSBump as the data exporter and takes appropriate measures to comply with the GDPR’s provisions for data transfers out of the EU.

 

If you wish to unsubscribe from receiving text marketing messages and notifications reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you with in any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message and data rates may apply.

 

If you unsubscribe, SMSBump will continue to store your phone number as required by law. Specifically, this means that SMSBump will then store your phone number on a separate list (blacklist) on its server to ensure that SMSBump no longer contacts this phone number for marketing purposes. SMSBump does not share this phone number. We have access to this list and can add or remove individual entries. The legal basis for this storage is our legitimate interest according to Article 6 Paragraph 1 lit. f DSGVO. As long as the phone number is stored there, you can easily log back in by sending an SMS with "UNSTOP" from this number. You can contact us at any time to have SMSBump delete your phone number from the blacklist. However, it will then no longer be possible to reply with "UNSTOP".

 

For any questions please text "HELP" to the number you received the messages from. You can also contact us for more information.

 

    • If you win a prize

 

From time to time we may engage third parties to conduct social media giveaways and prize promotions or similar activities. If you engage in such activities, the operator of the giveaway or promotion will generally be a data controller in respect of your personal data. If you win a prize and we are responsible for fulfilling your prize, the operator may pass certain personal data that you provided to them (such as your name, address and contact details) on to us so that we can give you your prize. We will only use such personal data to give you your prize but might not be able to do so if we do not receive the relevant information. Our legal basis for this use of your personal data is our legitimate interest (Art. 6 (1) (f) GDPR) in providing prizes to winners in these kinds of promotions.

 

As part of a social media giveaway or prize promotion, you may be asked to sign up to receive emails from us. Information about signing up to our mailing list is provided above.

 

When you enter a sweepstake If you enter a sweepstake, we will process your personal data in connection with registration for participation in a sweepstake, the drawing of a winner, the notification of the winner, and the mailing of the prize. We will process the following categories of data: first and last name, address and e-mail address . The data processing is based on Art. 6 para. 1 lit. b) GDPR (the sweepstake agreement). The publication of the winner in advertising media and the transfer and use of such data for advertising purposes is based on Art. 6 para. 1 lit. a) GDPR (consent). The data will be stored by us until a winner has been determined and the prize has been successfully delivered. If you have consented to a transfer of the data for advertising purposes, the data will be stored by us for as long as the consent is valid.

 

    • If you register your product

 

If you buy a Turtle Beach or Roccat product, you can register the product with us.

 

Product registration is carried out by submitting certain information on our applicable online form. This information is likely to include your name, email address, postal address, details about your product (such as the model, serial number, product platform) and information about your purchase (such as where you purchased the product and the date of purchase).

 

Product registration is optional. If you choose to register your product, we will use the information that you provided to assist you with technical support or dealing with problems with your product (such as administering warranty claims), if you request. Our legal basis for processing this information for these purposes is our legitimate interest (Art. 6 (1) (f) GDPR) in assisting you efficiently with issues relating to Turtle Beach and Roccat products where you have chosen to register your product with us. If you do not provide these personal data, we may not be able to assist you in these ways or it may be more difficult for us to do so.

 

    • If you contact us for technical support

 

If you contact us for technical support, we may collect certain information from you such as your name, email address, postal address, details about your product (such as the model, serial number, product platform), information about your purchase (such as where you purchased the product and the date of purchase) and other information you provide us in connection with your technical support request. We may also generate certain information such as records of the technical issues with your product and our correspondence with respect to your enquiry.

 

We use this personal data in order to assist you with technical support, to deal with problems with your product (such as administering warranty claims) and to respond to your enquiry. The legal basis for this processing is that it is in our legitimate interest (Art. 6 (1) (f) GDPR) to assist you efficiently with issues relating to Turtle Beach or Roccat products when you request. If you do not provide this personal data, we may not be able to assist you in these ways.

 

    • If you contact us in relation to other matters

 

If you contact us through our website or otherwise, you may provide personal data to us in the course of your correspondence with us. This may include your name, address, email address, other contact details and your opinions. We may also generate personal data about you in connection with the correspondence, such as correspondence records and opinions.

 

We may process this personal data to correspond with you, respond to your enquiry or address matters raised by your correspondence. We may not be able to do so if you do not provide this personal data. The legal basis for this processing is our legitimate interests in responding to or addressing your enquiry or otherwise communicating with you in the course of our business.

 

    • Cookies (controller only Voyetra Turtle Beach Inc.)

 

Our website uses cookies. These cookies collect information about how you use our website, your previous interactions with our website and technical data (such as your IP address, browser type and version, time zone setting and location). Further information about our use of cookies is set out in our Cookie Policy below.

 

Other purposes of the data processing

 

In addition to the uses above, we may also process your personal data where required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

 

We may also process personal data for purposes other than those for which the personal data was originally collected where permitted by applicable data protection laws. Where this is the case, we will provide you with information about that further processing.

 

Special categories of personal data

 

There are more limited bases for processing special category personal data. This is personal data which reveals or contains racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life and sexual orientation.

 

We do not intend to actively collect such special categories of personal data about you. Whilst we will use reasonable efforts to limit our holding of such data, please be aware that we may hold such data incidentally - for example, where you voluntarily send such special category data in an email to us.

 

  1. 3. With whom will we share your information?
  2.  

We may share your personal data with a third party where this is required by law or where we have another legitimate interest (Art. 6 (1) (f) GDPR) in doing so.

 

We may also need to share your personal data with:

 

    • other entities within our group, namely Turtle Beach Germany GmbH as our representative, as part of our regular reporting activities, in the context of a business reorganisation or group restructuring exercise, for assistance in relation to marketing and business development or in connection with the operation of group-wide functions and services;
    • professional advisers, including lawyers, bankers, auditors and insurers to the extent such information is relevant to their performance of their services;
    • regulators and government bodies;
    • IT service providers (such as cloud services providers, IT consultants and software-as-a-service providers); and
    • any of our service providers where such information is relevant to their performance of such services.

 

Examples of who may process your personal data in different scenarios are set out below.

 

If you place an order through our website

 

Our website is currently operated by us and uses the Shopify online e-commerce platform. When you place an order, Shopify will process your payment details on our behalf. We neither store credit card details nor do we share financial details with any third parties. Please note that for purposes of processing your transaction for goods and services provided by us, we may share your name, physical and IP address with Shopify. You find Shopify’s Privacy Policy at https://www.shopify.com/legal/privacy. In addition, please note Shopify’s White Paper on its international data transfers (https://help.shopify.com/pdf/cross-border-whitepaper.pdf). As stated in this White Paper, Shopify’s global platform, Shopify International Ltd. (an Irish entity) may transfer EEA personal data to Shopify Inc. (a Canadian entity) that may then share such data sets with sub-processors in Canada and other countries, such as the United States. For these transfers Shopify does not rely on EU Standard Contractual Clauses. Instead, Shopify transfers the relevant data sets pursuant to the requirements of PIPEDA (the Canadian privacy law), which the European Commission has determined provides adequate data protection under the GDPR, and subject to specific contractual agreements. Please consult the mentioned White Paper that also includes FAQ and a diagram illustrating the flow of data of European residents, and how Shopify ensures protection for each step. Please also note that to the extent that you open your own account with Shopify, Shopify may act as its own independent data controller for your personal data and may use such data for other or additional purposes based on their Privacy Policy.

 

If you sign up to receive e-mail marketing from us (controller only Voyetra Turtle Beach, Inc.)

 

When you sign up for our e-mail communications, your personal data is processed by Bronto , an email service provider and subsidiary of Oracle Netsuite, with its corporate address at 2300 Oracle Way, Austin, Texas 78741, United States. Bronto (www.bronto.com) acts as data processor on our behalf and processes your personal data on our instructions. Bronto has implemented EU Standard Contractual Clauses and other appropriate measures to comply with the EU data transfer rules (Art. 46 GDPR). The European Commission has certified that the EU Standard Contractual Clauses, in addition with other measures to safeguard the data, provide an adequate level of protection in respect of personal data.

We may also share your personal data with third parties in the context of the possible sale or restructuring of our business. We may also need to share your personal data with a regulator or to otherwise comply with applicable law or judicial process or if we reasonably believe that disclosure is necessary to protection our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal inquiries.

 

  1. 4. Where your personal data may be processed.
  2.  

We are based in the USA (Voyetra Turtle Beach, Inc.) and in the UK (Turtle Beach Europe Ltd.). Your personal data may be held by us or our service providers in the USA or in the UK. Sometimes we may also transfer your personal data to other jurisdictions outside the European Economic Area (‘EEA’). For example, we may use cloud service providers who store personal data on servers in jurisdictions outside the EEA.

 

The European Commission has not finally determined that the laws of the USA and of the UK generally provide an adequate level of protection in respect of personal data. Other non-EEA jurisdictions may similarly not provide the same level of protection in respect of personal data as in the EEA. Where required by the GDPR, we will (or will require a processor to) put in place appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission. We also use EU Standard Contractual Clauses to protect your personal data that Turtle Beach Germany may share with Turtle Beach Europe after BREXIT.

 

  1. 5. Right to withdraw your consent
  2.  

As indicated above, we rely on your consent as our legal basis to send you e-mail marketing. You have the right to withdraw your consent to this processing at any time.

 

To withdraw your consent where you have previously consented to direct marketing, you can unsubscribe from direct marketing communications from us by:

 

    • clicking the ‘unsubscribe’ link in any e-mail communication that we send you; or
    • contacting us using the contact details listed below.

 

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose to which you originally consented unless we now have an alternative legal basis for doing so.

 

  1. 6. How long will we retain your information?
  2.  

We will retain your personal data and other information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements and our legitimate interests in maintaining such personal information in our records. For this we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

For example, we may retain the personal data we use for sending direct marketing email to you for so long as you subscribe to our e-mail mailing list. You can unsubscribe from direct marketing communications from us at any time as explained in Section 5 above. We may also remove such personal data in circumstances where you have not unsubscribed, such as where our e-mails to you are failing to deliver to your e-mail address or if you consistently do not open the e-mails that we send.

 

Once we no longer require your personal data for the purposes for which it was collected, we will securely destroy your personal data or anonymize them in accordance with applicable laws and regulations. Alternatively, the information may be anonymised so that it can no longer be associated with you, in which case it is no longer personal data.

 

  1. 7. Your rights in relation to your personal data
  2.  

To the extent your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights:

 

  1. a) Right of access

You have the right to obtain a confirmation from us whether we process personal data concerning you , and, where that is the case, access to the personal data and the following information:

 

  • (1) the purposes of the processing;

  •  
  • (2) the categories of personal data concerned;

  •  

    (3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

  •  

    (4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

  •  

    (5) the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;

  •  

    (6) the right to lodge a complaint with a supervisory authority;

  •  

    (7) where the personal data are not collected from you, any available information as to their source;

  •  

    (8) the existence of automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

 

You have the right to request information whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR for such data transfer.

 

  1. b) Right of rectification

It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data which we process change during your relationship with us.

 

  1. c) Right to restriction of processing

You shall have the right to obtain from us restriction of processing where one of the following applies:

 

  • (1) the accuracy of the personal data is contested by yourself, for a period enabling us to verify the accuracy of the personal data;

  •  

    (2) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

  •  

    (3) we no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;

  •  

    (4) You have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds override those of the data subject.

 

Where the processing has been restricted, such personal data shall, with the exception of storage, will only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of an EU Member State.

 

  1. d) Right to erasure (‘right to be forgotten’)

You shall have the right to obtain from us the erasure of personal data concerning you. In this case, we have the obligation to erase your personal data without undue delay where one of the following grounds applies:

 

  • (1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  •  

    (2) you withdraw consent on which the processing is based according to Art. 6 para.1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for the processing;

  •  

    (3) you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para 2 GDPR;

  •  

    (4) the personal data have been unlawfully processed;

  •  

    (5) the personal data must be erased for compliance with a legal obligation in the European Union, or

  •  

    (6) the personal data have been collected in relation to the offer of information society services referred to in Article 8 para.1 GDPR.

 

The right to erasure shall not apply to the extent that processing is necessary:

 

  • (1)   for exercising the right of freedom of expression and information;

  •  

    (2)   for compliance with a legal obligation which requires processing by the European Union or for the performance of a task carried out in the public interest

  •  

    (3) for archiving, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to make it impossible or seriously impede the attainment of the objectives of such processing, or

     

    (4)   for the establishment, exercise or defense of legal claims.

 

  1. e) Notification regarding rectification or erasure of personal data or restriction of processing

We will communicate any rectification or erasure of personal data or restriction of processing carried to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort. We will inform you about those recipients if you request it.

 

  1. f) Right to data portability

You have the right to receive the personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

>

  • (1) the processing is based on consent pursuant to Art. 6 para 1 lit. a or Art. 6 para 1 lit. b or Art. 2 para 2 lit. a GDPR, or

  •  

    (2) the processing is carried out by automated means.

 

The right shall not adversely affect the rights and freedoms of others.

 

In exercising your right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

 

The exercise of this right shall be without prejudice to the right of erasure. That right shall not apply to any processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

  1. g) Right to object

You shall have the right to object, at any time to processing of your personal data under the GDPR. We will no longer process the personal data, unless there are legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

 

  1. h) Right to revoke the declaration of consent

You have the right to revoke your data protection declaration of consent at any time. Your revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until your revocation.

 

  1. i) Right of complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the European Member State where you reside, work or suspect an infringement if you believe that the processing of personal data concerning you is not in compliance with GDPR.

 

  1. 8. Changes to this Privacy Notice and additional privacy notices

Our practices with respect to personal data may vary from time to time and we may update this Privacy Notice at any time.

COOKIES POLICY - April 2021

When you visit our website, we collect and process information about your usage of our websites (for example, the pages you visit and how you have navigated through our website) using cookies and other similar technologies. This helps us to provide you with a good experience when you browse our website. It also allows us to improve our site.

 

A cookie is a small file of letters and numbers that is stored on a user’s device. This Cookies Policy describes the cookies we use on our website and what they are used for.

 

The cookies that are not “strictly necessary” will not be pre-enabled and will only be placed if you opt-in (where required under applicable data privacy and electronic communications laws). These cookies can be removed at any time by using the OneTrust Cookie Management tool on the site. The tool allows you to block or modify all non-essential cookies. Strictly necessary cookies (cookies that are essential for the operation of our website and for us to provide services requested by you) cannot be removed. They include, for example, cookies that enable you to log into certain areas of our website or enable products to be kept in your online basket.

 

The types of cookies we use are set out below.

I. STRICTLY NECESSARY COOKIES

We use so-called session or flash cookies on our website and in our application. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified the next time the website is accessed. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. The user data collected with those technically necessary cookies is not used to determine the identity of the user or to create user profiles. The legal basis for the processing of personal data by means of technically necessary cookies is Art. 6 para. 1 lit. f) GDPR.  

 

Shopify: We use strictly necessary cookies to distinguish users who visit our website or opt in for our service and for the Shopify online e-commerce platform of Shopify Inc., 151 O’Connor Street, Ground floor, Ottawa, Ontario, K2P 2L8, Canada so that our website runs smoothly. Please note the description on Shopify in our Privacy Policy.

 

Bronto: When you have registered for our newsletter, we use the e-mail marketing software Bronto of Oracle Netsuite, 2300 Oracle Way, Austin, Texas 78741, United States (“Bronto”). Bronto uses cookies for fulfilling their services. The information generated by a cookie is usually transferred to a server of Bronto in the USA and are stored there. Bronto processes the data in the USA on the basis of EU Standard Contractual Clauses pursuant to Art. 46 para. 1, para. 2 lit. c) GDPR. For more information about how Bronto processes personal data see https://www.oracle.com/legal/privacy/ and our Privacy Policy.

II. ANALYTICAL COOKIES

If you access our services, your behavior can be statistically evaluated with the help of certain analytics tools for advertising and market research purposes or to improve our services by the use of cookies When using external service providers, we have appropriate contracts with the service providers in place so that the data processing complies with European data protection standards. The data processing via analytic cookies and the use of those analysis tools is based on your consent (Art. 6 para. 1 lit. a) DSGVO). You can revoke your consent at any time by changing the cookie-settings in the box at the top of this privacy policy or by changing your Internet browser setting. If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

 

  1. 1. Shopify

We also use the analytical and performance recognition services of Shopify Inc. For this purpose, Shopify uses analytical cookies. Please note our Privacy Policy for more details on Shopify.

 

Shopify uses the following cookies:

Cookie Name Purpose Duration
_shopify_fs

This cookie is associated with Shopify's analytics suite.

Persistent

_shopify_sa_t

This cookie is associated with Shopify's analytics suite concerning marketing and referrals.

Persistent

_shopify_y

This cookie is associated with I(Shopify's analytics suite.

Persistent

_shopify_s

This cookie is associated with Shopify's analytics suite.

Persistent

_s

This cookie is associated with Shopify's analytics suite.

Persistent

_shopify_sa_p

This cookie is associated with Shopify's analytics suite concerning marketing and referrals.

Persistent

_y

This cookie is associated with Shopify's analytics suite.

Persistent

_shopify_sa_p

This cookie is associated with Shopify's analytics suite concerning marketing and referrals.

Persistent

_s

This cookie is associated with Shopify's analytics suite.

Persistent

_shopify_sa_t

This cookie is associated with Shopify's analytics suite concerning marketing and referrals.

Persistent

_y

This cookie is associated with Shopify's analytics suite.

Persistent

_shopify_y

This cookie is associated with Shopify's analytics suite.

Persistent

_shopify_fs

This cookie is associated with Shopify's analytics suite.

Persistent

_landing_page

This cookie is used to track, report, and analyze on landing pages.

Persistent

_shopify_s

This cookie is associated with Shopify's analytics suite.

Persistent

  1. 2. Google Analytics

 

Our website uses Google Analytics, which is a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses "cookies", which are text files placed on users' computers, to help the website analyze how users use the site. The information generated by the cookie about the use of the website by users is generally transferred to a Google server in the USA and stored there. IP anonymization has been activated on this website so that the IP addresses of users of Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area or UK are previously shortened. In some cases, the full IP address is transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by the users, to compile reports on the website activities and to provide us with further services associated with the use of the website and the Internet.

 

This processing of user data by Google Analytics enables us to analyze the surfing behavior of our users. We are able to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

 

Besides the possibility to revoke your consent, you can also object to the collection of data described above at any time with effect for the future by using the deactivation add on for browsers from Google Analytics at http://tools.google.com/dlpage/gaoptout?hl=en There won't be data transferred to Google Universal Analytics anymore. For more information about how Google processes personal data see here: https://policies.google.com/

 

It may be that Google also process data on servers outside the European Economic Area or UK. By concluding EU Standard Contractual Clauses and undertaking other measures, the companies receiving the data guarantee an adequate level of data protection within the meaning of Article 44 et seq. GDPR. The legal basis for the processing outside the European Economic Area/UK in connection with the use of Google’s services is Art. 6 para. 1 lit. a) GDPR. You can also revoke this consent at any time in the settings. However, if you revoke only your consent for processing outside the European Economic Area/UK, further use of the marketing functions will no longer be possible.

 

Google uses the following cookies:

Cookie Name Purpose Duration
_ga

Used to distinguish users.

1 Minute
_gid

Used to distinguish users.

30 seconds to 1 year

_gat

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.

90 days

AMP_TOKEN
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.

30 days

_gac_
Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.

Persistent

AdsUserLocale

Tracks the consumer to measure conversion from an ad on google to the site

Persistent

test_cookie

This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange

Persistent

  1. 3. Youtube

 

Once you launch a YouTube video through the Website, a connection is established to the YouTube servers. This tells the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

 

Furthermore, YouTube can store various cookies on your device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to the Website. This information is used, among other things, to gather video statistics, improve the user experience and prevent fraud. The cookies remain on your terminal device until you delete them. The information generated by a cookie about the use of the website by the user is usually transferred to a server of Google LLC in the USA and stored there. The legal basis for the processing outside the European Economic Area/UK in connection with the use of YouTube’s services is Art. 6 para. 1 lit. a GDPR. You can also revoke this consent at any time in the settings. However, if you revoke only your consent for processing outside the European Economic Area/UK, further use of the cookie functions will no longer be possible.

 

It is in our legitimate interest to create a Website that provides easily accessible and visually appealing video content, and to enable the processing that YouTube requires to provide such service to us. The legal basis for the processing of data based on this legitimate interest is Art. 6 para. 1 lit. f GDPR.

 

After the start of a YouTube video, it is possible that further data processing processes may be triggered, over which we have no influence. The use of YouTube is based on your consent to YouTube (e.g. consent to the storage of cookies), Art. 6 para. 1 lit. a GDPR. Further information about data protection at YouTube can be found in their privacy policy at: policies.google.com/privacy?hl=en

 

YouTube uses the following cookies:

Cookie Name Purpose Duration
VISITOR_INFO1_LIVE

A cookie that YouTube sets that measures your bandwidth to determine whether you get the new player interface or the old.

8 months from set/update

PREF
This cookie stores your preferences and other information, in particular preferred language, how many search results you wish to be shown on your page, and whether or not you wish to have Google’s SafeSearch filter turned on

10 years from set/ update

use_hitbox

The use_hitbox cookie increments the ‘views’ counter on the YouTube video

At end of session

YSC

This cookie is set by the YouTube video service on pages with embedded YouTube video. It registers a unique ID to keep statistics of what videos from YouTube the user has seen.

At end of session

YouTube GPS     HTTP   GPS

Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

At end of session

III. Advertisement Cookies

  1. The legal basis for the setting of advertisement cookies and the associated processing of personal data is also Art. 6 para. 1 let. a) GDPR. You can also revoke this consent, which also includes an explicit consent for the transfer of the relevant personal data outside of the EEA (Art. 49 para. 1) let. a) GDPR) at any time by using the cookie setting tool on top of this Policy or by your browser setting, as described for the analytics cookies. However, if you revoke your consent for processing outside the European Economic Area/UK, further use of the marketing functions will no longer be possible.

     

    1. 1. BingAds

    Our website uses BingAds, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft uses cookies and similar technologies to provide you with advertisements that are relevant to you. The use of these technologies enables Microsoft and its partner sites to serve ads based on prior visits to our site or other sites on the internet.

     

    The access data generated in this context may be transferred by Microsoft to a server in the USA for analysis and stored there. By concluding EU standard contract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Articles 44 et seq. GDPR.

     

    Besides the possibility to revoke your consent, you can also object to the collection of data described above at any time with effect for the future by activating the following link: http://choice.microsoft.com/de-DE/opt-out For more information on data protection and the cookies used by Microsoft and Bing Ads, please visit Microsoft's website at https://privacy.microsoft.com/de-de/privacystatement

     

    BingAds uses the following cookies:

Cookie Name Purpose Duration

MUID, MC1, and MSFPC

Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics and other operational purposes.

One year

ANON

Contains the ANID, a unique identifier derived from your Microsoft account, which is used for advertising, personalization, and operational purposes. It is also used to preserve your choice to opt out of interest-based advertising from Microsoft if you have chosen to associate the opt-out with your Microsoft account.

One year

CC

Contains a country code as determined from your IP address.

One year

PPAuth, MSPAuth, MSNRPSAuth, KievRPSAuth

Helps to authenticate you when you sign in with your Microsoft account.

One year

NAP

Contains an encrypted version of your country, postal code, age, gender, language and occupation, if known, based on your Microsoft account profile.

One year

MH

Appears on co-branded sites where Microsoft is partnering with an advertiser. This cookie identifies the advertiser, so the right ad is selected.

One year

MR

Used to collect information for analytics purposes.

One year

TOptOut
Records your decision not to receive interest-based advertising delivered by Microsoft.

One year

    1. 2. Commission Junction (cj.com)

    Our Website uses the services of Commission Junction, which is a service provider operated by Conversant Europe Ltd., Oxford House, London S W15, United Kingdom (“Commission Junction”). Commission Junction uses cookies and similar technologies to provide you with advertisements that are relevant to you. The use of these technologies enables Commission Junction and its partner sites to serve ads based on prior visits to our site or other sites on the internet.

     

    The access data generated in this context may be transferred by Commission Junction to a server in the USA for analysis and stored there. By concluding EU standard contract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Article 44 et seq. GDPR.

     

    Besides the possibility to revoke your consent, you can also object to the collection of data described above at any time with effect for the future by activating the following link: www.networkadvertising.org/choices For more information on data protection and the cookies used by Commission Junction, please visit Commission Junction’s website at https://www.conversantmedia.com/legal/privacy.

     

    Commission Junction uses the following cookies:

Cookie Name Purpose Duration
CONTID

Used to track the purchase of a product from another sites ads

End of the transaction

_ga

Used to track the purchase of a product from another sites ads

End of the transaction

_mkto_trk

Used to track the purchase of a product from another sites ads

End of the transaction

      1. 3. NextRoll

      Our Website uses the services of NextRoll, a service provided by NextRoll Ltd., Level 6 1, Burlington Plaza, Burlington Road, Dublin 4, Ireland (“Next Roll”). NextRoll uses cookies and similar technologies to provide you with advertisements that are relevant to you. The use of these technologies enables Next Roll and its partner sites to serve ads based on prior visits to our site or other sites on the internet.

       

      The access data generated in this context may be transferred by NextRoll to a server in the USA for analysis and stored there. By concluding EU standard contract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Articles 44 et seq. GDPR.

       

      Besides the possibility to revoke your consent, you can also object to the collection of data described above at any time with effect for the future by activating the following link: https://app.adroll.com/optout/safari#other. NextRoll also collects hashed identifiers derived from email addresses for the purposes of cross-device tracking for targeted advertising using NextRoll. To opt-out from receiving cross-device site advertising (i.e. tracking a user across devices), you can do so by accessing your device setting or visiting and employing the controls described on the NAI’s Mobile Choices page. For more information on data protection, device tracking and the cookies used by Next Roll, please visit Next Roll’s website at https://www.nextroll.com/privacy

       

      Next Roll uses the following cookies:

Cookie Name Purpose Duration

_adroll

adroll_v4

adroll_fpc
These cookies are used to record what you visited while on the store so that advertisements can be shared with you on other sites.

One week

        1. 4. Facebook

        We use marketing pixels from the service provider Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; “Facebook”) on our website. We implemented a code (pixel) for the service on our website. This pixel is a snippet of JavaScript code that loads a collection of functions that allows Facebook to track your user actions if you came to our website via Facebook ads. For example, if you purchase a product on our website, the pixel is triggered and stores your actions on our website in respective cookies. These tools enable Facebook to match your user data (customer data such as IP address, user ID) with the data of your Facebook account. Facebook then deletes this data. The collected data is anonymous and cannot be viewed by us and is only used for advertising purposes. If you are a user of Facebook and are logged in to your account there, your visit to our website is automatically assigned to your Facebook user account.

         

        The purpose of setting cookies is to send you interesting advertisements in connection with Turtle Beach on Facebook, if you are a customer there. We only want to show our services or products to people who are really interested in them. With the help of such a marketing pixel, our advertising measures can be better adjusted to your wishes and interests. For example, Facebook users (provided they have allowed the use of cookies required for personalized advertising) will see appropriate ads. In addition, Facebook uses the collected data for analysis purposes and their own advertisements.

         

        For more information on the collection and use of the data by Facebook, as well as on your rights and possibilities for the protection of your privacy in this regard, please refer to the privacy notices of Facebook at https://www.facebook.com/about/privacy/

         

        Within the scope of the use of marketing pixels functions, the personal data contained in the cookies are transmitted to Facebook. It may happen that Facebook also process data on servers outside the European Economic Area/UK. By concluding EU standard contract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Articles. 44 et seq. GDPR.

         

        The cookies set by the integration of the Facebook marketing pixel are:

Cookie Name Purpose Duration

campaign_click_url

Records the Facebook URL that an individual landed on after clicking on an ad promoting Facebook

Persistent

fr
Facebook’s primary advertising cookie, used to deliver, measure, and improve the relevancy of ads.

90 days

oo

Used to record advertising opt outs

5 years

ddid

Used to open a specific location in an advertiser's app upon installation

28 days

          1. 5. TikTok

          TikTok (address: TikTok Inc., Attn: TikTok Legal Department 10100 Venice Blvd, Suite 401, Culver City, CA 90232, USA) is another social medial platform we connect with – similar to Facebook and Twitter. Through its cookies, TikTok links your contact or subscriber information with your activity on our platform across all your devices, using your email or other log-in or device information. TikTok may use this information to display advertisements on the platform and elsewhere online and across your devices tailored to your interests, preferences, and characteristics: You find TikTok’s Privacy Policy here: https://www.tiktok.com/legal/privacy-policy?lang=en. More information on TikTok’s use of cookies and pixels is also available at https://www.tiktok.com/legal/cookie-policy?lang=en under “2. Categories of tracking technologies.”

           

          The access data generated in this context may be transferred by TikTok to a server outside the EU for analysis and stored there. By concluding EU standard contract clauses and undertaking other measures, the companies guarantee an adequate level of data protection within the meaning of Articles 44 et seq. GDPR.

           

          TikTok uses the following 3rd party cookie:

Cookie Name Purpose Duration
_ttp
Used to distinguish users.
2 years. It is updated every time the TikTok Pixel is visited.
          1. 6. Google Ads (Adwords)

          Please note our disclosures on Google in the Analytical Cookies section. In addition, Google Ads (formerly Google AdWords) is an online advertising platform we are using that is developed by Google, where advertisers bid to display brief advertisements, service offerings, product listings, or videos to web users. It can place ads both in the results of search engines like Google Search and on non-search websites, mobile apps, and videos.

           

          Google Ads (Adwords) uses the following cookies:

Cookie Name Purpose Duration
AdsUserLocale
Tracks the consumer to measure conversion from an ad on google to the site
Persistent