Privacy Policy
Preamble
With the following privacy policy we would like to inform you which types of your personal
data (hereinafter
also
abbreviated as "data") we process for which purposes and in which scope. The
privacy statement applies to all
processing of personal data carried out by us, both in the context of providing our services
and in particular
on our websites, in mobile applications and within external online presences, such as our
social media profiles
(hereinafter collectively referred to as "online services").
The terms used are not gender-specific.
Last Update: 22. April 2024
Table of contents
-
Preamble
-
Controller
-
Overview of processing operations
-
Relevant legal bases
-
Security Precautions
-
Transmission of Personal Data
-
International data transfers
-
Data Retention and Deletion
-
Rights of Data Subjects
-
Business services
-
Payment Procedure
-
Provision of online services and web hosting
-
Use of Cookies
-
Special Notes on Applications (Apps)
-
Registration, Login and User Account
-
Contact and Inquiry Management
-
Chatbots and chat functions
-
Newsletter and Electronic Communications
-
Commercial communication by E-Mail, Postal Mail, Fax or Telephone
-
Sweepstakes and Contests
-
Surveys and Questionnaires
-
Web Analysis, Monitoring and Optimization
-
Affiliate Program
-
Customer Reviews and Ratings
-
Digital Badges
-
Profiles in Social Networks (Social Media)
-
Plugins and embedded functions and content
-
Management, Organization and Utilities
-
Changes and Updates
-
Terminology and Definitions
Controller
SFWS TECH Ltd.
Georgiou Karaiskaki 11-13
Carisa Salonica, Office 102
7560 Pervolia, Larnaca
Republic of Cyprus
E-mail:
office@1hub.ai
Overview of processing operations
The following table summarises the types of data processed, the purposes for which they are
processed and the
concerned data subjects.
Categories of Processed Data:
-
Inventory data
-
Payment Data
-
Contact data
-
Content data
-
Contract data
-
Usage data
-
Meta, communication and process data
-
Event Data (Facebook)
Categories of Data Subjects:
-
Service recipients and clients
-
Prospective customers
-
Communication partner
-
Users
-
Participants in sweepstakes and competitions
-
Members
-
Business and contractual partners
-
Students and Participants
-
Participants
-
Third parties
Purposes of Processing:
-
Provision of contractual services and fulfillment of contractual obligations
-
Communication
-
Security measures
-
Direct marketing
-
Web Analytics
-
Office and organisational procedures
-
Remarketing
-
Conversion tracking
-
Affiliate Tracking
-
Affiliate Tracking
-
Managing and responding to inquiries
-
Conducting sweepstakes and contests
-
Content Delivery Network (CDN)
-
Feedback
-
Marketing
-
Profiles with user-related information
-
Provision of our online services and usability
-
Information technology infrastructure
-
Public relations and informational purposes
Relevant legal bases
Relevant legal bases according to the GDPR: In the following, you will find an
overview of the legal
basis
of the GDPR on which we base the processing of personal data. Please note that in addition
to the provisions
of
the GDPR, national data protection provisions of your or our country of residence or
domicile may apply. If,
in
addition, more specific legal bases are applicable in individual cases, we will inform you
of these in the
data
protection declaration.
-
Consent (Article 6 (1) (a) GDPR): The data subject has given consent to the
processing of his
or
her
personal data for one or more specific purposes.
-
Performance of a contract and prior requests (Article 6 (1) (b) GDPR):
Performance of a
contract
to
which the data subject is party or in order to take steps at the request of the data
subject prior
to
entering
into a contract.
-
Compliance with a legal obligation (Article 6 (1) (c) GDPR): Processing is
necessary for
compliance
with
a legal obligation to which the controller is subject.
-
Legitimate Interests (Article 6 (1) (f) GDPR): the processing is necessary
for the
protection of
the
legitimate interests of the controller or a third party, provided that the
interests, fundamental
rights,
and
freedoms of the data subject, which require the protection of personal data, do not
prevail.
National data protection regulations in Austria: In addition to the data protection
regulations of the
GDPR, national regulations apply to data protection in Austria. This includes in particular
the Federal Act
on
the Protection of Individuals with regard to the Processing of Personal Data (Data
Protection Act / DSG). In
particular, the Data Protection Act contains special provisions on the right of access,
rectification or
cancellation, processing of special categories of personal data, processing for other
purposes and
transmission
and automated decision making in individual cases.
Security Precautions
We take appropriate technical and organisational measures in accordance with the legal
requirements, taking
into
account the state of the art, the costs of implementation and the nature, scope, context and
purposes of
processing as well as the risk of varying likelihood and severity for the rights and
freedoms of natural
persons, in order to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and
availability of data by
controlling physical and electronic access to the data as well as access to, input,
transmission, securing
and
separation of the data. In addition, we have established procedures to ensure that data
subjects' rights are
respected, that data is erased, and that we are prepared to respond to data threats rapidly.
Furthermore, we
take the protection of personal data into account as early as the development or selection
of hardware,
software
and service providers, in accordance with the principle of privacy by design and privacy by
default.
Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the
data of users
transmitted via our online services from unauthorized access, we employ TLS/SSL encryption
technology.
Secure
Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data
transmission on
the
internet. These technologies encrypt the information that is transferred between the website
or app and the
user's browser (or between two servers), thereby safeguarding the data from unauthorized
access. TLS, as the
more advanced and secure version of SSL, ensures that all data transmissions conform to the
highest security
standards. When a website is secured with an SSL/TLS certificate, this is indicated by the
display of HTTPS
in
the URL. This serves as an indicator to users that their data is being securely and
encryptedly transmitted.
Transmission of Personal Data
In the course of processing personal data, it may happen that this data is transmitted to or
disclosed to
other
entities, companies, legally independent organizational units, or individuals. Recipients of
this data may
include service providers tasked with IT duties or providers of services and content that
are integrated
into a
website. In such cases, we observe the legal requirements and particularly conclude relevant
contracts or
agreements that serve to protect your data with the recipients of your data.
Data Transmission within the Group of Companies: We may transfer personal data to other
companies within our
group of companies or otherwise grant them access to this data. Insofar as this disclosure
is for
administrative
purposes, the disclosure of the data is based on our legitimate business and economic
interests or
otherwise, if
it is necessary to fulfill our contractual obligations or if the consent of the data
subjects or otherwise a
legal permission is present.
Data Transfer within the Organization: Data Transfer within the Corporate Group: We may
transfer personal
data
to
other companies within our corporate group or grant them access to it. If the data is shared
for
administrative
purposes, it is based on our legitimate business and commercial interests or occurs if
necessary to fulfil
our
contractual obligations, or when consent from the individuals concerned has been obtained or
a legal
permission
exists.
International data transfers
Data Processing in Third Countries: If we process data in a third country (i.e., outside the
European Union
(EU)
or the European Economic Area (EEA)), or if the processing is done within the context of
using third-party
services or the disclosure or transfer of data to other individuals, entities, or companies,
this is only
done
in accordance with legal requirements. If the data protection level in the third country has
been recognized
by
an adequacy decision (Article 45 GDPR), this serves as the basis for data transfer.
Otherwise, data
transfers
only occur if the data protection level is otherwise ensured, especially through standard
contractual
clauses
(Article 46 (2)(c) GDPR), explicit consent, or in cases of contractual or legally required
transfers
(Article 49
(1) GDPR). Furthermore, we provide you with the basis of third-country transfers from
individual
third-country
providers, with adequacy decisions primarily serving as the foundation. "Information
regarding third-country
transfers and existing adequacy decisions can be obtained from the information provided by
the EU
Commission:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.
EU-US Trans-Atlantic Data Privacy Framework: Within the context of the so-called "Data
Privacy Framework"
(DPF),
the EU Commission has also recognized the data protection level for certain companies from
the USA as secure
within the adequacy decision of 10th July 2023. The list of certified companies as well as
additional
information about the DPF can be found on the website of the US Department of Commerce at
https://www.dataprivacyframework.gov/s/.
We will
inform
you
which of our service providers are certified under the Data Privacy Framework as part of our
data protection
notices.
Data Retention and Deletion
We delete personal data that we process in accordance with legal provisions as soon as the
underlying
consents
are revoked or no further legal bases for processing exist. This applies to cases where the
original purpose
of
processing no longer applies or the data is no longer needed. Exceptions to this rule exist
if statutory
obligations or special interests require a longer retention or archiving of data.
In particular, data that must be retained for commercial or tax law reasons, or whose
storage is necessary
for
legal prosecution or for protecting the rights of other natural or legal persons, must be
archived
accordingly.
Our privacy policy may contain additional information on the retention and deletion of data
specifically
applicable to certain processing activities.
Where there are multiple statements regarding the retention period or deletion deadlines of
a date, the
longest
period always applies.
If a period does not expressly start on a specific date and lasts at least one year, it
automatically begins
at
the end of the calendar year in which the event triggering the period occurred.
Data that is no longer stored for its originally intended purpose but due to legal
requirements or other
reasons
is processed exclusively for reasons justifying their retention.
Further information on processing methods, procedures and services used:
-
Data Retention and Deletion (Austria): The following general deadlines apply
to retention and
archiving according to Austrian law:
10 Years - Retention period for books
and records,
annual
financial statements, inventories, annual reports, opening balance sheets, booking
receipts and
invoices, as
well as any necessary work instructions and other organisational documents (Austrian
Federal Tax
Code
(BAO
§132), Austrian Commercial Code (UGB §§190-212)).
6 Years - Remaining
business documents:
Received
business or trading letters, copies of sent business or trading letters, and other
documents, if
they
are
relevant for taxation. These could be hourly wage sheets, operational accounting
sheets, calculation
documents, price tags, and payroll documents, as long as they aren't already booking
receipts and
cash
register strips (Austrian Federal Tax Code (BAO §132), Austrian Commercial Code (UGB
§§190-212)).
3
Years - Data required to consider potential warranty and compensation claims or
similar contractual
claims
and rights, as well as to process related inquiries, based on previous business
experiences and
common
industry practices, will be stored for the duration of the regular statutory
limitation period of
three
years (Sections 1478, 1480 of the Austrian Civil Code).
Rights of Data Subjects
Rights of the Data Subjects under the GDPR: As data subject, you are entitled to various
rights under the
GDPR,
which arise in particular from Articles 15 to 21 of the GDPR:
-
Right to Object:
You have the right, on grounds arising from your particular situation, to object
at
any
time to the processing of your personal data which is based on letter (e) or (f) of
Article 6(1)
GDPR,
including profiling based on those provisions. Where personal data are processed for
direct
marketing
purposes, you have the right to object at any time to the processing of the personal
data
concerning
you
for the purpose of such marketing, which includes profiling to the extent that it is
related to
such
direct marketing.
-
Right of withdrawal for consents:
You have the right to revoke consents at any time.
-
Right of access:
You have the right to request confirmation as to whether the data in question
will be
processed and to be informed of this data and to receive further information and a
copy of the data
in
accordance with the provisions of the law.
-
Right to rectification:
You have the right, in accordance with the law, to request the
completion
of
the data concerning you or the rectification of the incorrect data concerning you.
-
Right to Erasure and Right to Restriction of Processing:
In accordance with the statutory
provisions,
you have the right to demand that the relevant data be erased immediately or,
alternatively, to
demand
that
the processing of the data be restricted in accordance with the statutory
provisions.
-
Right to data portability:
You have the right to receive data concerning you which you have
provided
to us in a structured, common and machine-readable format in accordance with the
legal requirements,
or
to
request its transmission to another controller.
-
Complaint to the supervisory authority:
In accordance with the law and without prejudice to
any
other
administrative or judicial remedy, you also have the right to lodge a complaint with
a data
protection
supervisory authority, in particular a supervisory authority in the Member State
where you
habitually
reside, the supervisory authority of your place of work or the place of the alleged
infringement, if
you
consider that the processing of personal data concerning you infringes the GDPR.
Business services
We process data of our contractual and business partners, e.g. customers and interested
parties
(collectively
referred to as "contractual partners") within the context of contractual and comparable
legal relationships
as
well as associated actions and communication with the contractual partners or
pre-contractually, e.g. to
answer
inquiries.
We process this data in order to fulfill our contractual obligations. These include, in
particular, the
obligations to provide the agreed services, any update obligations and remedies in the event
of warranty and
other service disruptions. In addition, we process the data to protect our rights and for
the purpose of
administrative tasks associated with these obligations and company organization.
Furthermore, we process the
data on the basis of our legitimate interests in proper and economical business management
as well as
security
measures to protect our contractual partners and our business operations from misuse,
endangerment of their
data, secrets, information and rights (e.g. for the involvement of telecommunications,
transport and other
auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service
providers or
tax
authorities). Within the framework of applicable law, we only disclose the data of
contractual partners to
third
parties to the extent that this is necessary for the aforementioned purposes or to fulfill
legal
obligations.
Contractual partners will be informed about further forms of processing, e.g. for marketing
purposes, within
the
scope of this privacy policy.
Which data are necessary for the aforementioned purposes, we inform the contracting partners
before or in
the
context of the data collection, e.g. in online forms by special marking (e.g. colors),
and/or symbols (e.g.
asterisks or the like), or personally.
We delete the data after expiry of statutory warranty and comparable obligations, i.e. in
principle after
expiry
of 4 years, unless the data is stored in a customer account or must be kept for legal
reasons of archiving.
The
statutory retention period for documents relevant under tax law as well as for commercial
books,
inventories,
opening balance sheets, annual financial statements, the instructions required to understand
these documents
and
other organizational documents and accounting records is ten years and for received
commercial and business
letters and reproductions of sent commercial and business letters six years. The period
begins at the end of
the
calendar year in which the last entry was made in the book, the inventory, the opening
balance sheet, the
annual
financial statements or the management report was prepared, the commercial or business
letter was received
or
sent, or the accounting document was created, furthermore the record was made or the other
documents were
created.
-
Processed data types:
Inventory data (For example, the full name, residential address, contact
information, customer number,
etc.); Payment Data (e.g. bank details, invoices, payment history); Contact data
(e.g. postal and email
addresses or phone numbers); Contract data (e.g. contract object, duration, customer
category); Usage
data (e.g. page views and duration of visit, click paths, intensity and frequency of
use, types of
devices and operating systems used, interactions with content and features). Meta,
communication and
process data (e.g. IP addresses, timestamps, identification numbers, involved
parties).
-
Data subjects:
Service recipients and clients; Prospective customers; Business and contractual
partners. Students and Participants.
-
Purposes of processing:
Provision of contractual services and fulfillment of contractual obligations;
Security measures;
Communication; Office and organisational procedures. Managing and responding to
inquiries.
-
Legal Basis:
Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Compliance
with a legal
obligation (Article 6 (1) (c) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
Customer Account:
Customers can create an account within our online offer (e.g. customer or
user
account, "customer account" for short). If the registration of a customer account is
required,
customers
will be informed of this as well as of the details required for registration. The
customer accounts
are
not
public and cannot be indexed by search engines. In the course of registration and
subsequent
registration
and use of the customer account, we store the IP addresses of the contractual
partners along with
the
access
times, in order to be able to prove the registration and prevent any misuse of the
customer account.
If
the
customer account has been terminated, the customer account data will be deleted
after the
termination
date,
unless it is retained for purposes other than provision in the customer account or
must be retained
for
legal reasons (e.g. internal storage of customer data, order transactions or
invoices). It is the
customers'
responsibility to back up their data when terminating the customer Account;
Legal Basis:
Performance
of a contract and prior requests (Article 6 (1) (b) GDPR).
-
Customer loyalty program:
We process the data of the customers within the context of our
loyalty
card
program for the purpose of fulfilling the services provided to the participating
customers within
the
framework of the loyalty card program. For this purpose, the information collected
from the
customers
and,
to the extent necessary, marked as such, is stored in a profile of the customers. In
the profile,
information about the use of the loyalty program as well as about the use of the
associated services
and
benefits is also processed and, only if necessary for the aforementioned purposes,
passed on to
third
parties (e.g. executing service providers). The customer profiles are deleted after
termination of
participation and archived with the respective data alone only insofar as this may
be necessary for
the
statutory retention purposes or the fulfillment of legal claims (up to 11 years in
the case of tax
information from the end of the year in which they arose) or contractual claims (up
to three years
from
the
end of the year of termination);
Legal Basis:
Performance of a contract and prior requests
(Article 6
(1) (b) GDPR).
-
Online shop, order forms, e-commerce and delivery:
We process the data of our customers in
order
to
enable them to select, purchase or order the selected products, goods and related
services, as well
as
their
payment and delivery, or performance of other services. If necessary for the
execution of an order,
we
use
service providers, in particular postal, freight and shipping companies, in order to
carry out the
delivery
or execution to our customers. For the processing of payment transactions we use the
services of
banks
and
payment service providers. The required details are identified as such in the course
of the ordering
or
comparable purchasing process and include the details required for delivery, or
other way of making
the
product available and invoicing as well as contact information in order to be able
to hold any
consultation;
Legal Basis:
Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
-
Education and Training Services:
We process the data of the participants of our education and
training
programmes (uniformly referred to as "students") in order to provide them
with our educational and
training
services. The data processed, the type, scope and purpose of the processing and the
necessity of its
processing are determined by the underlying contractual and educational
relationship. The processing
also
includes the performance evaluation and evaluation of our services and the teachers
and
instructors.
As part of our activities, we may also process special
categories of data, in
particular
information on the health of persons undergoing training or further training and
data revealing
ethnic
origin, political opinions, religious or philosophical convictions. To this end, we
obtain, if
necessary,
the express consent of the students to be trained and further educated and process
the special
categories of
data otherwise only if it is necessary for the provision of training services, for
purposes of
health
care,
social protection or protection of vital interests of the students to be trained and
further
educated;
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b)
GDPR).
-
Data Analysis:
We process the data of our customers and clients to enable them to perform data
analysis, evaluation, and consulting, as well as related services. The required
information includes
that
needed for analysis, evaluation, and billing, as well as contact information for
necessary
coordination.
To
the extent that we have access to information from end customers, employees, or
other persons, we
process
this in accordance with legal and contractual requirements;
Legal Basis:
Performance of a
contract
and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation
(Article 6 (1) (c)
GDPR),
Legitimate Interests (Article 6 (1) (f) GDPR).
-
Agents and Brokerage Services:
We process the data of our customers, clients and interested
parties
(uniformly referred to as "customers") in accordance with the underlying
assignment of the
customers.
Furthermore, we may process information on the characteristics and circumstances of
persons or items
belonging to them if this is part of our assignment. These can be, for example,
information on
personal
circumstances, mobile or immovable assets and financial situation.
Insofar as this is
necessary
for
the performance of our assignment or required by law, we disclose or transmit
customer data within
the
scope
of cover requests, the conclusion and execution of contracts to providers of the
brokered
services/properties, insurers, reinsurers, broker pools, technical service
providers, other service
providers, such as cooperating associations, as well as financial service providers,
credit
institutions
and
investment companies, social insurance institutions, tax authorities, tax
consultants, legal
advisors,
auditors, insurance ombudsmen and a Financial Supervisory Authority. Furthermore, we
may, subject to
other
agreements, commission subcontractors;
Legal Basis:
Performance of a contract and prior
requests
(Article 6 (1) (b) GDPR).
-
IT Services:
We process the data of our clients as well as contractors to enable them to plan,
implement, and support IT solutions and associated services. The required
information is marked as
such
during the contract, project, or similar agreement phase and includes details
necessary for service
provision and billing, as well as contact information to facilitate any necessary
consultations.
Insofar
as
we gain access to information from end customers, employees, or other individuals,
we process this
in
accordance with legal and contractual requirements.
Processing processes
include project
management
and documentation, which cover all phases from initial requirement analysis to
project completion.
This
involves creating and managing project timelines, budgets, and resource allocations.
Data processing
also
supports change management, where changes in the project flow are documented and
tracked to ensure
compliance and transparency.
Another process is customer relationship
management (CRM), which
involves recording and analyzing customer interactions and feedback to improve
service quality and
efficiently address individual customer needs. Additionally, the processing process
encompasses
technical
support and trouble-shooting, which includes capturing and handling support
requests, error
resolutions,
and
regular maintenance.
Furthermore, reporting and performance analysis are
conducted by
capturing
and
evaluating performance metrics to assess the effectiveness of provided IT solutions
continuously
optimizing
them. All these processes are aimed at ensuring high customer satisfaction and
compliance with all
relevant
regulations;
Legal Basis:
Performance of a contract and prior requests (Article 6 (1) (b)
GDPR),
Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests
(Article 6 (1) (f)
GDPR).
-
Online Courses and Online Training:
We process the data of participants in our online courses
and
training sessions (collectively referred to as "participants") in order to
be able to provide them
with
our
course and training services. The data processed, the type, scope, purpose, and
necessity of their
processing are determined by the underlying contractual relationship. The data
generally includes
information on the courses and services utilized, as well as personal preferences
and results of the
participants, insofar as they are part of our service offering. Processing forms
also include
performance
evaluation and the evaluation of our services as well as those of the course and
training
instructors.
Additionally, depending on the equipment and structure of the respective courses or
learning
content,
further processing operations may be implemented, such as attendance tracking for
documenting
participation,
progress monitoring for measuring and analyzing learning progress by collecting exam
and test
results,
and
analyzing interactions on learning platforms, such as forum posts and assignment
submissions;
Legal Basis:
Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Payment Procedure
Within the framework of contractual and other legal relationships, due to legal obligations
or otherwise on
the
basis of our legitimate interests, we offer data subjects efficient and secure payment
options and use other
service providers for this purpose in addition to banks and credit institutions
(collectively referred to as
"payment service providers").
The data processed by the payment service providers includes inventory data, such as the
name and address,
bank
data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well
as the
contract,
total and recipient-related information. The information is required to carry out the
transactions. However,
the
data entered is only processed by the payment service providers and stored with them. I.e.
we do not receive
any
account or credit card related information, but only information with confirmation or
negative information
of
the payment. Under certain circumstances, the data may be transmitted by the payment service
providers to
credit
agencies. The purpose of this transmission is to check identity and creditworthiness. Please
refer to the
terms
and conditions and data protection information of the payment service providers.
The terms and conditions and data protection information of the respective payment service
providers apply
to
the
payment transactions and can be accessed within the respective websites or transaction
applications. We also
refer to these for further information and the assertion of revocation, information and
other data subject
rights.
-
Processed data types:
Inventory data (For example, the full name, residential address, contact
information, customer number, etc.); Payment Data (e.g. bank details, invoices,
payment history);
Contract
data (e.g. contract object, duration, customer category); Usage data (e.g. page
views and duration
of
visit,
click paths, intensity and frequency of use, types of devices and operating systems
used,
interactions
with
content and features); Meta, communication and process data (e.g. IP addresses,
timestamps,
identification
numbers, involved parties). Contact data (e.g. postal and email addresses or phone
numbers).
-
Data subjects:
Service recipients and clients. Prospective customers.
-
Purposes of processing:
Provision of contractual services and fulfillment of contractual
obligations.
-
Legal Basis:
Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Further information on processing methods, procedures and services used:
-
Apple Pay:
Payment services provider; Service provider: Apple Inc., Infinite Loop,
Cupertino,
CA 95014, USA; Legal Basis: Performance of a contract and prior requests
(Article 6 (1) (b)
GDPR);
Website: https://www.apple.com/apple-pay/.
Privacy
Policy: https://www.apple.com/legal/privacy/en-ww/.
-
Google Pay:
Payment services provider; Service provider: Google Ireland Limited, Gordon
House,
Barrow Street, Dublin 4, Ireland; Legal Basis: Performance of a contract and
prior requests
(Article
6 (1) (b) GDPR); Website: https://pay.google.com/intl/en_uk/about/.
Privacy
Policy: https://policies.google.com/privacy.
-
Mastercard:
Payment-Service-Provider (technical integration of online-payment-methods);
Service
provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo,
Belgium;
Legal
Basis: Performance of a contract and prior requests (Article 6 (1) (b)
GDPR);
Website: https://www.mastercard.co.uk.
Privacy
Policy: https://www.mastercard.co.uk/en-gb/vision/terms-of-use/commitment-to-privacy/privacy.html.
-
PayPal:
Payment-Service-Provider (technical integration of online-payment-methods) (e.g.
PayPal,
PayPal Plus, Braintree, Braintree); Service provider: PayPal (Europe) S.à
r.l. et Cie,
S.C.A.,
22-24
Boulevard Royal, L-2449 Luxembourg; Legal Basis: Performance of a contract
and prior requests
(Article 6 (1) (b) GDPR); Website: https://www.paypal.com.
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
-
Stripe:
Payment-Service-Provider (technical integration of online-payment-methods);
Service
provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA;
Legal
Basis:
Performance of a contract and prior requests (Article 6 (1) (b) GDPR);
Website: https://stripe.com/de; Privacy
Policy: https://stripe.com/en-de/privacy.
Basis for
third-country
transfers: Data Privacy Framework (DPF).
-
Visa:
Payment-Service-Provider (technical integration of online-payment-methods);
Service
provider: Visa Europe Services Inc., Zweigniederlassung London, 1 Sheldon
Square, London W2
6TT,
UK;
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b)
GDPR);
Website:
https://www.visa.de; Privacy
Policy: https://www.visa.de/datenschutz.
Basis for
third-country
transfers: Adequacy decision (UK).
Provision of online services and web hosting
We process user data in order to be able to provide them with our online services. For this
purpose, we
process
the IP address of the user, which is necessary to transmit the content and functions of our
online services
to
the user's browser or terminal device.
-
Processed data types:
Usage data (e.g. page views and duration of visit, click paths,
intensity
and
frequency of use, types of devices and operating systems used, interactions with
content and
features);
Meta, communication and process data (e.g. IP addresses, timestamps, identification
numbers,
involved
parties). Content data (e.g. textual or pictorial messages and contributions, as
well as information
pertaining to them, such as details of authorship or the time of creation.).
-
Data subjects:
Users (e.g. website visitors, users of online services).
-
Purposes of processing:
Provision of our online services and usability; Information technology
infrastructure (Operation and provision of information systems and technical
devices, such as
computers,
servers, etc.); Security measures. Content Delivery Network (CDN).
-
Legal Basis:
Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
Provision of online offer on rented hosting space:
For the provision of our online services,
we
use
storage space, computing capacity and software that we rent or otherwise obtain from
a corresponding
server
provider (also referred to as a "web hoster"); Legal Basis: Legitimate
Interests (Article 6
(1)
(f)
GDPR).
-
Collection of Access Data and Log Files:
Access to our online service is logged in the form of
so-called "server log files". Server log files may include the address and name of
the accessed web
pages
and files, date and time of access, transferred data volumes, notification of
successful retrieval,
browser
type along with version, the user's operating system, referrer URL (the previously
visited page),
and
typically IP addresses and the requesting provider. The server log files can be used
for security
purposes,
e.g., to prevent server overload (especially in the case of abusive attacks, known
as DDoS attacks),
and
to
ensure server load management and stability; Legal Basis: Legitimate
Interests (Article 6 (1)
(f)
GDPR). Retention period: Log file information is stored for a maximum period
of 30 days and
then
deleted or anonymized. Data, the further storage of which is necessary for evidence
purposes, are
excluded
from deletion until the respective incident has been finally clarified.
-
E-mail Sending and Hosting:
The web hosting services we use also include sending, receiving
and
storing e-mails. For these purposes, the addresses of the recipients and senders, as
well as other
information relating to the sending of e-mails (e.g. the providers involved) and the
contents of the
respective e-mails are processed. The above data may also be processed for SPAM
detection purposes.
Please
note that e-mails on the Internet are generally not sent in encrypted form. As a
rule, e-mails are
encrypted
during transport, but not on the servers from which they are sent and received
(unless a so-called
end-to-end encryption method is used). We can therefore accept no responsibility for
the
transmission
path
of e-mails between the sender and reception on our server; Legal Basis:
Legitimate Interests
(Article
6 (1) (f) GDPR).
-
Content-Delivery-Network:
We use a so-called "Content Delivery Network" (CDN). A CDN is a
service
with
whose help contents of our online services, in particular large media files, such as
graphics or
scripts,
can be delivered faster and more securely with the help of regionally distributed
servers connected
via
the
Internet; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
-
Cloudflare:
Content-Delivery-Network (CDN) service with whose help contents of our online
services,
in particular large media files, such as graphics or scripts, can be delivered
faster and more
securely
with
the help of regionally distributed servers connected via the Internet; Service
provider:
Cloudflare,
Inc., 101 Townsend St, San Francisco, CA 94107, USA; Legal Basis: Legitimate
Interests
(Article 6
(1)
(f) GDPR); Website: https://www.cloudflare.com;
Privacy
Policy: https://www.cloudflare.com/privacypolicy/;
Data
Processing Agreement: https://www.cloudflare.com/cloudflare-customer-dpa/.
Basis for third-country transfers: Data Privacy Framework (DPF).
Use of Cookies
Cookies are small text files or other types of storage markers that store information on end
devices and
read
information from them. For example, to save the login status in a user account, the contents
of a shopping
cart
in an e-shop, the content accessed, or the functions used of an online offer. Furthermore,
cookies can be
used
for various concerns, such as for the functionality, security, and comfort of online offers
as well as the
creation of analyses of visitor flows.
Notes on Consent: We use cookies in accordance with legal regulations. Therefore, we
obtain prior
consent
from users, unless it is not required by law. Permission is particularly not necessary if
the storage and
reading of information, including cookies, are absolutely necessary to provide a telemedia
service (i.e.,
our
online offer) expressly requested by the users. The revocable consent is clearly
communicated to them and
contains information on the respective cookie usage.
Notes on the legal basis for data protection: The legal basis on which we process
users' personal
data
with the help of cookies depends on whether we ask them for consent. If users accept, the
legal basis for
processing their data is the declared consent. Otherwise, the data processed with the help
of cookies are
based
on our legitimate interests (e.g., in a commercial operation of our online offer and its
usability
improvement)
or, if this occurs within the fulfillment of our contractual obligations, when the use of
cookies is
necessary
to fulfill our contractual obligations. We clarify the purposes for which the cookies are
used by us in the
course of this data protection declaration or within the scope of our consent and processing
processes.
Storage Duration: Regarding the storage duration, the following types of cookies are
distinguished:
-
Temporary cookies (also: session or session cookies): Temporary cookies are
deleted at the
latest
after a user has left an online offer and closed his end device (e.g., browser or
mobile
application).
-
Permanent cookies: Permanent cookies remain stored even after closing the end
device. For
example,
the
login status can be saved and preferred content can be displayed directly when the
user revisits a
site.
Similarly, user data collected via cookies can be used for reach measurement. Unless
we provide
users
with
explicit information about the nature and storage duration of cookies (e.g., when
obtaining
consent),
they
should assume that they are permanent and the storage duration can be up to two
years.
General notes on revocation and objection (Opt-out): Users can revoke the consents
they have given at
any
time and also declare an objection to the processing according to legal requirements, also
via the privacy
settings of their browser.
-
Processed data types: Usage data (e.g. page views and duration of visit,
click paths,
intensity
and
frequency of use, types of devices and operating systems used, interactions with
content and
features).
-
Data subjects: Users (e.g. website visitors, users of online services).
-
Purposes of processing: Provision of our online services and usability.
-
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Consent (Article
6 (1) (a) GDPR).
Further information on processing methods, procedures and services used:
-
Processing Cookie Data on the Basis of Consent: We implement a consent
management solution
that
obtains users' consent for the use of cookies or for the processes and providers
mentioned within
the
consent management framework. This procedure is designed to solicit, log, manage,
and revoke
consents,
particularly regarding the use of cookies and similar technologies employed to
store, read from, and
process
information on users' devices. As part of this procedure, user consents are obtained
for the use of
cookies
and the associated processing of information, including specific processing and
providers named in
the
consent management process. Users also have the option to manage and withdraw their
consents.
Consent
declarations are stored to avoid repeated queries and to provide proof of consent
according to legal
requirements. The storage is carried out server-side and/or in a cookie (so-called
opt-in cookie) or
by
means of comparable technologies in order to associate the consent with a specific
user or their
device.If
no specific details about the providers of consent management services are provided,
the following
general
notes apply: The duration of consent storage is up to two years. A pseudonymous user
identifier is
created,
which is stored along with the time of consent, details on the scope of consent
(e.g., relevant
categories
of cookies and/or service providers), as well as information about the browser,
system, and device
used;
Legal Basis: Consent (Article 6 (1) (a) GDPR).
-
Cookie-Opt-Out: In the footer of our website you will find a link that allows
you to change
your
cookie settings as well as revoke corresponding consents; Legal Basis:
Legitimate Interests
(Article
6 (1) (f) GDPR).
Special Notes on Applications (Apps)
We process the data of the users of our application to the extent necessary to provide the
users with the
application and its functionalities, to monitor its security and to develop it further.
Furthermore, we may
contact users in compliance with the statutory provisions if communication is necessary for
the purposes of
administration or use of the application. In addition, we refer to the data protection
information in this
privacy policy with regard to the processing of user data.
Legal basis: The processing of data necessary for the provision of the
functionalities of the
application
serves to fulfil contractual obligations. This also applies if the provision of the
functions requires user
authorisation (e.g. release of device functions). If the processing of data is not necessary
for the
provision
of the functionalities of the application, but serves the security of the application or our
business
interests
(e.g. collection of data for the purpose of optimising the application or security
purposes), it is carried
out
on the basis of our legitimate interests. If users are expressly requested to give their
consent to the
processing of their data, the data covered by the consent is processed on the basis of the
consent.
-
Processed data types: Inventory data (For example, the full name, residential
address, contact
information, customer number, etc.). Meta, communication and process data (e.g. IP
addresses,
timestamps,
identification numbers, involved parties).
-
Purposes of processing: Provision of contractual services and fulfillment of
contractual
obligations.
-
Legal Basis: Consent (Article 6 (1) (a) GDPR); Performance of a contract and
prior requests
(Article 6
(1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
Device authorizations for access to functions and data: The use of certain
functions of our
application may require access to the camera and the stored recordings of the users.
By default,
these
authorizations must be granted by the user and can be revoked at any time in the
settings of the
respective
devices. The exact procedure for controlling app permissions may depend on the
user's device and
software.
Users can contact us if they require further explanation. We would like to point out
that the
refusal or
revocation of the respective authorizations can affect the functionality of our
application.
Registration, Login and User Account
Users can create a user account. Within the scope of registration, the required mandatory
information is
communicated to the users and processed for the purposes of providing the user account on
the basis of
contractual fulfilment of obligations. The processed data includes in particular the login
information
(name,
password and an e-mail address).
Within the scope of using our registration and login functions as well as the use of the
user account, we
store
the IP address and the time of the respective user action. The storage is based on our
legitimate interests,
as
well as the user's protection against misuse and other unauthorized use. This data will not
be passed on to
third parties unless it is necessary to pursue our claims or there is a legal obligation to
do so.
Users may be informed by e-mail of information relevant to their user account, such as
technical changes.
-
Processed data types: Inventory data (For example, the full name, residential
address, contact
information, customer number, etc.); Contact data (e.g. postal and email addresses
or phone
numbers);
Content data (e.g. textual or pictorial messages and contributions, as well as
information
pertaining to
them, such as details of authorship or the time of creation.). Meta, communication
and process data
(e.g. IP
addresses, timestamps, identification numbers, involved parties).
-
Data subjects: Users (e.g. website visitors, users of online services).
-
Purposes of processing: Provision of contractual services and fulfillment of
contractual
obligations;
Security measures; Managing and responding to inquiries. Provision of our online
services and
usability.
-
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b)
GDPR). Legitimate
Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
Registration with pseudonyms: Users may use pseudonyms as user names instead
of real names;
Legal
Basis: Performance of a contract and prior requests (Article 6 (1) (b)
GDPR).
-
Users' profiles are public: The users' profiles are not publicly visible or
accessible.
-
Deletion of data after termination: If users have terminated their user
account, their data
relating
to the user account will be deleted, subject to any legal permission, obligation or
consent of the
users;
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b)
GDPR).
-
No obligation to retain data: It is the responsibility of the users to secure
their data
before
the
end of the contract in the event of termination. We are entitled to irretrievably
delete all user
data
stored during the term of the contract; Legal Basis: Performance of a
contract and prior
requests
(Article 6 (1) (b) GDPR).
Contact and Inquiry Management
When contacting us (e.g. via mail, contact form, e-mail, telephone or via social media) as
well as in the
context
of existing user and business relationships, the information of the inquiring persons is
processed to the
extent
necessary to respond to the contact requests and any requested measures.
-
Processed data types: Contact data (e.g. postal and email addresses or phone
numbers); Content
data
(e.g. textual or pictorial messages and contributions, as well as information
pertaining to them,
such
as
details of authorship or the time of creation.); Usage data (e.g. page views and
duration of visit,
click
paths, intensity and frequency of use, types of devices and operating systems used,
interactions
with
content and features). Meta, communication and process data (e.g. IP addresses,
timestamps,
identification
numbers, involved parties).
-
Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
-
Purposes of processing: Communication; Managing and responding to inquiries;
Feedback (e.g.
collecting
feedback via online form). Provision of our online services and usability.
-
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Performance of a
contract and
prior
requests (Article 6 (1) (b) GDPR).
Further information on processing methods, procedures and services used:
-
Contact form: When users contact us via our contact form, e-mail or other
communication
channels,
we
process the data provided to us in this context to process the communicated request;
Legal
Basis:
Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate
Interests (Article
6
(1)
(f) GDPR).
Chatbots and chat functions
We provide online chats and chatbot functions as a means of communication (together referred
to as "Chat
Services"). A chat is an online conversation that is conducted with a certain degree of
immediacy. A chatbot
is
software that answers users' questions or informs them about messages. If you use our chat
functions, we may
process your personal data.
If you use our Chat Services within an online platform, your identification number is also
stored within the
respective platform. We may also collect information about which users interact with our
Chat Services and
when.
Furthermore, we store the content of your conversations via the Chat Services and log
registration and
consent
processes in order to be able to prove these in accordance with legal requirements.
We would like to inform users that the respective platform provider can find out that and
when users
communicate
with our Chat Services and can collect technical information about the user's device used
and, depending on
the
settings of their device, also location information (so-called metadata) for the purpose of
optimising the
respective services and for security purposes. Likewise, the metadata of communication via
Chat Services
(i.e.,
information about who has communicated with whom) could be used by the respective platform
providers for
marketing purposes or to display advertising tailored to users in accordance with their
regulations, to
which we
refer for further information.
If users agree to activate information with regular messages to a chatbot, they have the
possibility to
unsubscribe from the information for the future at any time. The chatbot points out to users
how and with
which
terms they can unsubscribe the messages. By unsubscribing from the chatbot messages, Users'
data is deleted
from
the directory of message recipients.
We use the aforementioned information to operate our Chat Services, e.g. to address users
personally, to
answer
their inquiries, to transmit any requested content and also to improve our Chat Services
(e.g. to "teach"
chatbots answers to frequently asked questions or to identify unanswered inquiries).
Information on Legal basis: We use the Chat Services on the basis of a consent if we
first obtain the
permission of the users to process their data by the Chat Services (this applies in cases
where users are
asked
for consent, e.g. so that a chatbot regularly sends them messages). If we use Chat Services
to answer user
queries about our services or our company, this is done for contractual and pre-contractual
communication.
In
addition, we use Chat Services based on our legitimate interests in optimizing the Chat
Services, its
operating
efficiency and enhancing the positive user experience.
Withdrawal, objection and deletion: You can revoke a given consent at any time or
contradict the
processing
of your data in the context of our chatbot use.
-
Processed data types: Contact data (e.g. postal and email addresses or phone
numbers); Content
data
(e.g. textual or pictorial messages and contributions, as well as information
pertaining to them,
such
as
details of authorship or the time of creation.); Usage data (e.g. page views and
duration of visit,
click
paths, intensity and frequency of use, types of devices and operating systems used,
interactions
with
content and features). Meta, communication and process data (e.g. IP addresses,
timestamps,
identification
numbers, involved parties).
-
Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
-
Purposes of processing: Communication. Direct marketing (e.g. by e-mail or
postal).
-
Legal Basis: Consent (Article 6 (1) (a) GDPR); Performance of a contract and
prior requests
(Article 6
(1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).
Newsletter and Electronic Communications
We send newsletters, emails, and other electronic notifications (hereinafter
"newsletters") exclusively with
the
consent of the recipients or based on a legal basis. If the contents of the newsletter are
specified during
registration for the newsletter, these contents are decisive for the users' consent.
Normally, providing
your
email address is sufficient to sign up for our newsletter. However, to offer you a
personalised service, we
may
ask for your name for personal salutation in the newsletter or for additional information if
necessary for
the
purpose of the newsletter.
Deletion and restriction of processing: We may store unsubscribed email addresses for up to
three years
based on
our legitimate interests before deleting them to be able to demonstrate previously given
consent. The
processing
of these data is limited to the purpose of potentially defending against claims. An
individual request for
deletion is possible at any time, provided that at the same time the former existence of
consent is
confirmed.
In case of obligations to permanently observe objections, we reserve the right to store the
email address
solely
for this purpose in a blocklist.
The logging of the registration process is based on our legitimate interests for the purpose
of proving its
proper execution. If we commission a service provider to send emails, this is done based on
our legitimate
interests in an efficient and secure mailing system.
Contents: Information about us, our services, promotions and offers.
-
Processed data types: Inventory data (For example, the full name, residential
address, contact
information, customer number, etc.); Contact data (e.g. postal and email addresses
or phone
numbers);
Meta,
communication and process data (e.g. IP addresses, timestamps, identification
numbers, involved
parties).
Usage data (e.g. page views and duration of visit, click paths, intensity and
frequency of use,
types of
devices and operating systems used, interactions with content and features).
-
Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
Users (e.g.
website
visitors, users of online services).
-
Purposes of processing: Direct marketing (e.g. by e-mail or postal).
Provision of contractual
services
and fulfillment of contractual obligations.
-
Legal Basis: Consent (Article 6 (1) (a) GDPR).
-
Opt-Out: You can cancel the receipt of our newsletter at any time, i.e.
revoke your consent or
object
to further receipt. You will find a link to cancel the newsletter either at the end
of each
newsletter
or
you can otherwise use one of the contact options listed above, preferably e-mail.
Further information on processing methods, procedures and services used:
-
Measurement of opening rates and click rates: The newsletters contain a
so-called "web
beacons",
which
is a pixel-sized file that is retrieved from our server, or the server of the
dispatch service
provider
if
one is used, when the newsletter is opened. In the course of this retrieval,
technical information
such
as
details about the browser and your system, as well as your IP address and the time
of access are
collected.
This information is used to technically improve our newsletter based on technical
data or target
audiences
and their reading behavior, which can be determined by their access locations
(identifiable by IP
address)
or access times. This analysis also includes determining whether and when
newsletters are opened and
which
links are clicked. The information is assigned to individual newsletter recipients
and stored in
their
profiles until deletion. The evaluations serve to recognize the reading habits of
our users and
adjust
our
content to them or send different content according to the interests of our users.
The measurement
of
opening and click rates, as well as the storage of the measurement results in user
profiles and
their
further processing, are based on user consent. Unfortunately, it is not possible to
revoke success
measurement separately; in this case, the entire newsletter subscription must be
cancelled or
objected
to.
In that case, stored profile information will be deleted; Legal Basis:
Consent (Article 6 (1)
(a)
GDPR).
-
Prerequisite for the use of free services: Consent to the sending of mailings
can be made
dependent on
the use of free services (e.g. access to certain content or participation in certain
campaigns) as a
prerequisite. If the users would like to take advantage of the free service without
registering for
the
newsletter, we offer them to contact us.
-
Order process reminder emails: When users cancel an order process, we can
send them a notice
of
the
cancellation and remind them to continue. This function can be useful, for example,
if the purchase
process
could not be continued due to a browser crash, oversight or forgetting. The dispatch
is based on
consent,
which users can object to at any time; Legal Basis: Consent (Article 6 (1)
(a) GDPR).
-
Sending via text messages: The electronic communications can also be sent via
text messages
(or
are
sent exclusively via text messages, if the sending authorization, e.g., consent,
only includes
sending
via
SMS); Legal Basis: Consent (Article 6 (1) (a) GDPR).
Commercial communication by E-Mail, Postal Mail, Fax or Telephone
We process personal data for the purposes of promotional communication, which may be carried
out via various
channels, such as e-mail, telephone, post or fax, in accordance with the legal requirements.
The recipients have the right to withdraw their consent at any time or to object to the
advertising
communication
at any time.
After revocation or objection, we store the data required to prove the past authorization to
contact or send
up
to three years from the end of the year of revocation or objection on the basis of our
legitimate interests.
The
processing of this data is limited to the purpose of a possible defense against claims.
Based on the
legitimate
interest to permanently observe the revocation, respectively objection of the users, we
further store the
data
necessary to avoid a renewed contact (e.g. depending on the communication channel, the
e-mail address,
telephone
number, name).
-
Processed data types: Inventory data (For example, the full name, residential
address, contact
information, customer number, etc.). Contact data (e.g. postal and email addresses
or phone
numbers).
-
Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
-
Purposes of processing: Direct marketing (e.g. by e-mail or postal).
-
Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article
6 (1) (f) GDPR).
Sweepstakes and Contests
We process the personal data of participants in We process personal data of participants in
competitions,
contents, raffles, prize-draws or sweepstakes (hereinafter referred to as
"competitions") only in compliance
with the relevant data protection regulations and if the processing is contractually
necessary for the
provision, execution and handling of the competition, the participants have consented to the
processing or
the
processing serves our legitimate interests (e.g. in the security of the competition or the
protection of our
interests against misuse by possible recording of IP addresses when submitting entries to
the competition.
In the event that entries are published as part of the competitions (e.g. as part of a vote
or presentation
of
the competition entries, or the winner or reporting on the competition), we would like to
point out that the
names of participants may also be published in this context. The participants can object to
this at any
time.
If the competitions take place within an online platform or a social network (e.g. Facebook
or Instagram,
hereinafter referred to as "online platform"), the usage and data protection provisions of
the respective
online
platforms also apply. In such cases, we would like to point out that we are responsible for
the information
provided by the participants as part of the competition and that we must be contacted with
regard to the
competitions.
The data of the participants will be deleted as soon as the competition has ended and the
data is no longer
required to inform the winners or because questions about the competition can be expected.
In general, the
data
of the participants will be deleted at the latest 6 months after the end of the competition.
Winners' data
can
be retained for a longer period of time, e.g. in order to answer questions about the prizes
or to fulfil the
prizes; in this case, the retention period depends on the type of prize and is up to three
years for items
or
services, e.g. in order to be able to process warranty claims. Furthermore, the
participants' data may be
stored
for longer, e.g. in the form of coverage of the competition in online and offline media.
Insofar as data was collected for other purposes as part of the competition, its processing
and storage
period
shall be governed by the privacy information for this use (e.g. in the case of registration
for a newsletter
as
part of a competition).
-
Processed data types: Inventory data (For example, the full name, residential
address, contact
information, customer number, etc.); Content data (e.g. textual or pictorial
messages and
contributions,
as
well as information pertaining to them, such as details of authorship or the time of
creation.).
Meta,
communication and process data (e.g. IP addresses, timestamps, identification
numbers, involved
parties).
-
Data subjects: Participants in sweepstakes and competitions.
-
Purposes of processing: Conducting sweepstakes and contests.
-
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b)
GDPR).
Surveys and Questionnaires
We conduct surveys and interviews to gather information for the survey purpose communicated
in each case.
The
surveys and questionnaires ("surveys") carried out by us are evaluated
anonymously. Personal data is only
processed insofar as this is necessary for the provision and technical execution of the
survey (e.g.
processing
the IP address to display the survey in the user's browser or to enable a resumption of the
survey with the
aid
of a cookie).
-
Processed data types: Contact data (e.g. postal and email addresses or phone
numbers); Content
data
(e.g. textual or pictorial messages and contributions, as well as information
pertaining to them,
such
as
details of authorship or the time of creation.); Usage data (e.g. page views and
duration of visit,
click
paths, intensity and frequency of use, types of devices and operating systems used,
interactions
with
content and features). Meta, communication and process data (e.g. IP addresses,
timestamps,
identification
numbers, involved parties).
-
Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
Participants.
-
Purposes of processing: Feedback (e.g. collecting feedback via online form).
-
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Web Analysis, Monitoring and Optimization
Web analysis is used to evaluate the visitor traffic on our website and may include the
behaviour, interests
or
demographic information of users, such as age or gender, as pseudonymous values. With the
help of web
analysis
we can e.g. recognize, at which time our online services or their functions or contents are
most frequently
used
or requested for repeatedly, as well as which areas require optimization.
In addition to web analysis, we can also use test procedures, e.g. to test and optimize
different versions
of
our
online services or their components.
Unless otherwise stated below, profiles, i.e. data aggregated for a usage process, can be
created for these
purposes and information can be stored in a browser or in a terminal device and read from
it. The
information
collected includes, in particular, websites visited and elements used there as well as
technical information
such as the browser used, the computer system used and information on usage times. If users
have agreed to
the
collection of their location data from us or from the providers of the services we use,
location data may
also
be processed.
Unless otherwise stated below, profiles, that is data summarized for a usage process or
user, may be created
for
these purposes and stored in a browser or terminal device (so-called "cookies") or
similar processes may be
used
for the same purpose. The information collected includes, in particular, websites visited
and elements used
there as well as technical information such as the browser used, the computer system used
and information on
usage times. If users have consented to the collection of their location data or profiles to
us or to the
providers of the services we use, these may also be processed, depending on the provider.
The IP addresses of the users are also stored. However, we use any existing IP masking
procedure (i.e.
pseudonymisation by shortening the IP address) to protect the user. In general, within the
framework of web
analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is
stored, but
pseudonyms. This means that we, as well as the providers of the software used, do not know
the actual
identity
of the users, but only the information stored in their profiles for the purposes of the
respective
processes.
-
Processed data types: Usage data (e.g. page views and duration of visit,
click paths,
intensity
and
frequency of use, types of devices and operating systems used, interactions with
content and
features).
Meta, communication and process data (e.g. IP addresses, timestamps, identification
numbers,
involved
parties).
-
Data subjects: Users (e.g. website visitors, users of online services).
-
Purposes of processing: Remarketing; Affiliate Tracking; Web Analytics (e.g.
access
statistics,
recognition of returning visitors); Profiles with user-related information (Creating
user profiles);
Provision of our online services and usability; Conversion tracking (Measurement of
the
effectiveness of
marketing activities). Marketing.
-
Security measures: IP Masking (Pseudonymization of the IP address).
-
Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article
6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
Information on recipients of consent and cookie-less analytics: Information
on recipients of
consent:
The consent given by users in the context of a consent dialogue (also known as
"Cookie
Opt-In/Consent",
"Cookie Banner", etc.) serves multiple purposes. Firstly, it helps us to fulfil our
obligation to
obtain
consent for the storage and reading of information on and from the end-user's device
(in accordance
with
ePrivacy Directives). Secondly, it covers the processing of users' personal data in
accordance with
data
protection requirements. Additionally, this consent is also applicable to Google, as
the company is
required
by the Digital Markets Act to obtain consent for personalised services. Therefore,
we share the
status
of
consents given by users with Google. Our consent management software informs Google
about whether
consents
have been given or not. The aim is to ensure that user consents – or their absence –
are taken into
account
when using Google Analytics and integrating features and external services. Thus,
user consents and
their
revocation can be dynamically adjusted within our online offerings through Google
Analytics and
other
Google
services, depending on user selection.
Cookieless Analysis: We utilise the
advanced
implementation of
consent mode of Google Analytics. This means that if users do not give consent for
the storage and
reading
of information on their end devices – particularly regarding cookies &ndash no
cookies or similar
information will be stored on the user's devices. Likewise, no user profiles will be
created.In this
case,
Google's code generates a random identification number on the user's end device and
transmits it to
Google
(known as a "ping"). There is no storage of the identification in the
browser, in apps, or other
devices
used by the user. This identification number is unique for each website visit, so
that users'
behaviour
or
interests cannot be tracked across devices or websites. Only a minimum amount of
information about
user
activity is sent. This includes details about consent status and information for
conversion
measurement,
i.e., whether a user was directed to our online service via a Google
advertisement.Additionally,
where
available, the following information may be transmitted: a) Function-related
information such as
headers
(technical details transmitted by the browser), b) Timestamps (date and time of
access), c)
User-Agent
(information about the browser and device used, web only), d) Referrer URL (the URL
of the page from
which
the user arrived), e) Aggregated/pseudonymous information: This includes an
indication of whether
the
current or a previous page in the user's navigation history contains information
about ad clicks in
its
URL
(e.g., GCLID/DCLID, specific tracking codes from Google), a random number generated
with each page
view,
and
details about the platform used by the website owner for consent management (e.g.,
developer ID);
Service
provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland; Legal
Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://support.google.com/analytics/answer/9976101?hl=de.
Privacy Policy: https://policies.google.com/privacy.
-
Google Analytics Audiences: We use Google Analytics to specifically present
ads, placed
through
Google's advertising services and those of its partners, to users who have already
shown interest in
our
online offering or exhibit certain characteristics (e.g., interests in specific
topics or products
determined based on the websites they have visited). We transmit this data to Google
as part of what
is
known as "Remarketing" or "Google Analytics Audiences". The
purpose of using Remarketing Audiences
is to
ensure that our ads align as closely as possible with the potential interests of the
users;
Service
provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland; Legal
Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com;
Legal
Basis:
https://business.safety.google/adsprocessorterms/;
Privacy Policy: https://policies.google.com/privacy;
Data Processing Agreement: https://business.safety.google/adsprocessorterms/;
Basis for third-country transfers: Data Privacy Framework (DPF); Further
Information:
Types of
processing and data processed: https://business.safety.google/adsservices/.
Data
Processing Conditions for Google Advertising Products and standard contractual
clauses for data
transfers to
third countries: https://business.safety.google/adsprocessorterms
.
-
No collection of detailed location and device data (Google Analytics
function): No detailed
location
and device data is recorded (further information: https://support.google.com/analytics/answer/12017362).
-
Google Tag Manager: We use Google Tag Manager, a software provided by Google,
which enables us
to
manage so-called website tags centrally via a user interface. Tags are small code
elements on our
website
that serve to record and analyse visitor activities. This technology assists us in
improving our
website
and
the content offered on it. Google Tag Manager itself does not create user profiles,
store cookies
with
user
profiles, or perform any independent analyses. Its function is limited to
simplifying and making the
integration and management of tools and services we use on our website more
efficient. Nevertheless,
when
using Google Tag Manager, users' IP addresses are transmitted to Google, which is
technically
necessary
to
implement the services we use. Cookies may also be set in this process. However,
this data
processing
only
occurs if services are integrated via the Tag Manager. For more detailed information
about these
services
and their data processing, please refer to the further sections of this privacy
policy; Service
provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland; Legal
Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com;
Privacy
Policy: https://policies.google.com/privacy;
Data
Processing Agreement: https://business.safety.google/adsprocessorterms.
Basis for third-country transfers: Data Privacy Framework (DPF).
-
Google Tag Manager (server-side use): Google Tag Manager is a solution with
which we can
manage
so-called website tags via an interface and thus integrate other services into our
online services
(please
refer to further information in this privacy policy). With the Tag Manager itself
(which implements
the
tags), therefore, neither user profiles nor cookies are stored. The integration of
the other
services is
server-based. This means that the users' data is not transmitted directly from their
end device to
the
respective service. In particular, the IP address of the users is not transmitted to
the other
service
or
Google. Instead, the data is first transmitted to our server, where the user's data
records are
assigned
to
our internal user identification number. Subsequent transmission takes place only in
this
pseudonymized
form
from our server to the servers of the respective service providers. The
identification number does
not
contain any unique data, such as names or e-mail addresses; Service provider:
Google Ireland
Limited,
Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article
6 (1) (a)
GDPR);
Website: https://marketingplatform.google.com/intl/en/about/analytics/;
Privacy Policy: https://policies.google.com/privacy;
Data Processing Agreement: https://business.safety.google/adsprocessorterms/;
Basis for third-country transfers: Data Privacy Framework (DPF). Further
Information:
https://business.safety.google/adsservices/
(Types
of processing and data processed).
Affiliate Program
We offer an affiliate program, i.e. we offer commissions or other benefits (collectively
referred to as
"Commission") to users (collectively referred to as "Affiliates") who
refer to our offers and services. The
reference is made through a link associated with the Affiliate or other methods (e.g.,
discount codes) that
allow us to recognize that the use of our services was based on the reference (collectively
referred to as
"Affiliate Links").
In order to track whether users have perceived our services based on affiliate links used by
affiliates, it
is
necessary for us to know that users have followed an affiliate link. The assignment of
affiliate links to
the
respective business transactions or other use of our services serves solely the purpose of
Commission
billing
and will be cancelled as soon as it is no longer necessary for the purpose.
For the purposes of the aforementioned affiliate link assignment, the affiliate links may be
supplemented by
certain values that may be a component of the link or otherwise stored, for example, in a
cookie. The values
may
include in particular the source website (referrer), time, an online identifier of the
operator of the
website
on which the affiliate link was located, an online identifier of the respective service, the
type of link
used,
the type of service and an online identifier of the user.
Information on legal basis: The processing of the data of our partners is carried out
for the
provision of
our (pre)contractual services. The users' data is processed on the basis of their consent.
-
Processed data types: Contract data (e.g. contract object, duration, customer
category). Usage
data
(e.g. page views and duration of visit, click paths, intensity and frequency of use,
types of
devices
and
operating systems used, interactions with content and features).
-
Data subjects: Users (e.g. website visitors, users of online services).
Business and
contractual
partners.
-
Purposes of processing: Provision of contractual services and fulfillment of
contractual
obligations.
Affiliate Tracking.
-
Legal Basis: Consent (Article 6 (1) (a) GDPR). Performance of a contract and
prior requests
(Article 6
(1) (b) GDPR).
Customer Reviews and Ratings
We participate in review and rating procedures to evaluate, optimise and advertise our
performance. If users
rate
us via the participating rating platforms or methods or otherwise provide feedback, the
General Terms and
Conditions of Business or Use and the data protection information of the providers also
apply. As a rule,
the
rating also requires registration with the respective provider.
In order to ensure that the evaluators have actually made use of our services, we transmit,
with the consent
of
the customer, the necessary data relating to the customer and the service or products used
to the respective
rating platform (this includes the name, e-mail address, order number or article number).
This data is used
solely to verify the authenticity of the user.
-
Processed data types: Contract data (e.g. contract object, duration, customer
category); Usage
data
(e.g. page views and duration of visit, click paths, intensity and frequency of use,
types of
devices
and
operating systems used, interactions with content and features). Meta, communication
and process
data
(e.g.
IP addresses, timestamps, identification numbers, involved parties).
-
Data subjects: Service recipients and clients. Users (e.g. website visitors,
users of online
services).
-
Purposes of processing: Feedback (e.g. collecting feedback via online form).
Marketing.
-
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
Rating Widget: We include so-called " rating widgets " in our online
services. A widget is a
functional and content element integrated within our online services that displays
variable
information
(e.g. a widget can be displayed in the form of a seal or a badge). Although the
corresponding
content of
the
widget is displayed within our online services, it is retrieved from the servers of
the respective
widget
provider at this moment. This is the only way to always show the current content,
especially the
current
rating. For this purpose, a data connection must be established from the website
accessed within our
online
service to the widget provider's server and the widget provider receives certain
technical data
(access
data, including the IP address) that is necessary for the content of the widget to
be delivered to
the
user's browser.
In addition, the widget provider receives information that users
have visited our
online
services. This information may be stored in a cookie and used by the widget provider
to identify
which
online offerings participating in the rating process have been visited by the user.
The information
can
be
stored in a user profile and used for advertising or market research purposes;
Legal Basis:
Legitimate Interests (Article 6 (1) (f) GDPR).
Digital Badges
Digital badges, also known as Open Badges (hereafter referred to as "badges"), are
digital certificates that
confirm the skills, achievements, and interests of individuals or organisations. They are
issued by credible
organisations. These badges come with metadata and information about the acquired skills and
achievements.
Typically, badges are represented by an image or a digital certificate which provides
details about the
recipient, issuer, the metadata, and other relevant information.
When badges are individually issued for specific individuals, the metadata stored within the
badges
pertaining
to
skills, achievements, and interests of those individuals is processed.
If, within the context of the badges, non-essential cookies and similar technologies are
used, and therefore
or
otherwise user consent is required, we obtain the appropriate consent from the users and
inform them
accordingly.
-
Processed data types: Inventory data (For example, the full name, residential
address, contact
information, customer number, etc.). Content data (e.g. textual or pictorial
messages and
contributions,
as
well as information pertaining to them, such as details of authorship or the time of
creation.).
-
Data subjects: Business and contractual partners.
-
Purposes of processing: Provision of contractual services and fulfillment of
contractual
obligations.
Public relations and informational purposes.
-
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Profiles in Social Networks (Social Media)
We maintain online presences within social networks and process user data in this context in
order to
communicate
with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This
may entail risks
for
users, e.g. by making it more difficult to enforce users' rights.
In addition, user data is usually processed within social networks for market research and
advertising
purposes.
For example, user profiles can be created on the basis of user behaviour and the associated
interests of
users.
The user profiles can then be used, for example, to place advertisements within and outside
the networks
which
are presumed to correspond to the interests of the users. For these purposes, cookies are
usually stored on
the
user's computer, in which the user's usage behaviour and interests are stored. Furthermore,
data can be
stored
in the user profiles independently of the devices used by the users (especially if the users
are members of
the
respective networks or will become members later on).
For a detailed description of the respective processing operations and the opt-out options,
please refer to
the
respective data protection declarations and information provided by the providers of the
respective
networks.
Also in the case of requests for information and the exercise of rights of data subjects, we
point out that
these
can be most effectively pursued with the providers. Only the providers have access to the
data of the users
and
can directly take appropriate measures and provide information. If you still need help,
please do not
hesitate
to contact us.
-
Processed data types: Contact data (e.g. postal and email addresses or phone
numbers); Content
data
(e.g. textual or pictorial messages and contributions, as well as information
pertaining to them,
such
as
details of authorship or the time of creation.); Usage data (e.g. page views and
duration of visit,
click
paths, intensity and frequency of use, types of devices and operating systems used,
interactions
with
content and features); Meta, communication and process data (e.g. IP addresses,
timestamps,
identification
numbers, involved parties). Inventory data (For example, the full name, residential
address, contact
information, customer number, etc.).
-
Data subjects: Users (e.g. website visitors, users of online services).
Members.
-
Purposes of processing: Communication; Feedback (e.g. collecting feedback via
online form);
Marketing;
Provision of our online services and usability. Information technology
infrastructure (Operation and
provision of information systems and technical devices, such as computers, servers,
etc.).
-
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
Instagram: Social network; Service provider: Meta Platforms Ireland
Limited, Merrion
Road,
Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1)
(f) GDPR);
Website: https://www.instagram.com;
Privacy
Policy:
https://instagram.com/about/legal/privacy.
Basis
for third-country transfers: Data Privacy Framework (DPF).
-
Facebook Pages: Profiles within the social network Facebook; Service
provider: Meta
Platforms
Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis:
Legitimate Interests
(Article 6 (1) (f) GDPR); Website: https://www.facebook.com;
Privacy Policy: https://www.facebook.com/about/privacy;
Basis
for
third-country transfers: Data Privacy Framework (DPF); Further
Information: We are
jointly
responsible (so called "joint controller") with Meta Platforms Ireland Limited for
the collection
(but
not
the further processing) of data of visitors to our Facebook page. This data includes
information
about
the
types of content users view or interact with, or the actions they take (see "Things
that you and
others
do
and provide" in the Facebook Data Policy: https://www.facebook.com/policy), and
information about
the
devices used by users (e.g., IP addresses, operating system, browser type, language
settings, cookie
information. see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy). As
explained in the
Facebook
Data Policy under "How we use this information?" Facebook also collects and uses
information to
provide
analytics services, known as "page insights," to site operators to help them
understand how people
interact
with their pages and with content associated with them. We have concluded a special
agreement with
Facebook
("Information about Page-Insights", https://www.facebook.com/legal/terms/page_controller_addendum),
which regulates in particular the security measures that Facebook must observe and
in which Facebook
has
agreed to fulfill the rights of the persons concerned (i.e. users can send
information access or
deletion
requests directly to Facebook). The rights of users (in particular to access to
information,
erasure,
objection and complaint to the competent supervisory authority) are not restricted
by the agreements
with
Facebook. Further information can be found in the "Information about Page Insights"
(https://www.facebook.com/legal/terms/information_about_page_insights_data).
The joint controllership is limited to the collection and transfer of the data to
Meta Platforms
Ireland
Limited, a company located in the EU. Further processing of the data is the sole
responsibility of
Meta
Platforms Ireland Limited.
-
Facebook-Groups: We use the "Groups" function of the Facebook
platform to create interest
groups
within which Facebook users can contact each other or us and exchange information.
In doing so, we
process
personal data of the users of our groups as far as this is necessary for the purpose
of the group
use as
well as its moderation. These data include information on first and last names, as
well as published
or
privately shared content, as well as values on the status of group membership or
group-related
activities,
such as entry or exit, as well as the time information on the aforementioned data.
Our guidelines
within
the
groups may contain further specifications and information on the use of the
respective group.
Furthermore,
we would like to point out the processing of data of the users by Facebook itself.
This data
includes
information about the types of content users view or interact with, or the actions
they take (see
under
"Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy), as
well as
information
about
the devices users use (e.g., IP addresses, operating system, browser type, language
settings, cookie
data;
see under "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy). As
explained in the
Facebook
Data Policy under "How do we use this information?", Facebook also collects and uses
information to
provide
analytics services, called "Insights," to group operators to provide them with
insights about how
people
interact with their groups and with content associated with them; Service
provider: Meta
Platforms
Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis:
Legitimate Interests
(Article 6 (1) (f) GDPR); Website: https://www.facebook.com;
Privacy Policy: https://www.facebook.com/about/privacy.
Basis
for
third-country transfers: Data Privacy Framework (DPF).
-
Facebook events: Event profiles within the social network Facebook - We use
the "Events"
function
of
the Facebook platform to refer to events and dates as well as to get in touch with
users
(participants
and
interested parties) and to exchange information. In doing so, we process personal
data of the users
of
our
event pages, as far as this is necessary for the purpose of the event page as well
as its
moderation.
These
data include information on first and last names, as well as published or privately
communicated
content, as
well as values on the status of participation and the time information on the
aforementioned data.
Furthermore, we refer to the processing of data of users by Facebook itself. This
data includes
information
about the types of content users view or interact with, or the actions they take
(see under "Things
You
and
Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy), as
well as
information
about
the devices users use (e.g., IP addresses, operating system, browser type, language
settings, cookie
data;
see under "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy). As
explained in the
Facebook
Data Policy under "How do we use this information?", Facebook also collects and uses
information to
provide
analytics services, known as "insights," to event providers to provide them with
insights about how
people
interact with their event pages and with content associated with them; Service
provider: Meta
Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal
Basis: Legitimate
Interests (Article 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy
Policy: https://www.facebook.com/about/privacy.
Basis
for
third-country transfers: Data Privacy Framework (DPF).
-
LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited
Company, Wilton
Place,
Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f)
GDPR);
Website: https://www.linkedin.com;
Privacy
Policy: https://www.linkedin.com/legal/privacy-policy;
Basis for third-country transfers: Data Privacy Framework (DPF);
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Further Information: We are jointly responsible with LinkedIn Ireland
Unlimited Company for
the
collection (but not the further processing) of data from visitors for the purposes
of creating
"Page-Insights" (statistics) for our LinkedIn profiles. This data includes
information about the
types
of
content that users view or interact with, or the actions they take, as well as
information about the
devices
used by the users (e.g., IP addresses, operating system, browser type, language
settings, cookie
data)
and
details from the users' profiles, such as job function, country, industry,
seniority, company size,
and
employment status. Privacy information regarding the processing of user data by
LinkedIn can be
found in
LinkedIn's privacy notices: https://www.linkedin.com/legal/privacy-policy
We
have concluded a special agreement with LinkedIn Irland, the 'Page Insights Joint
Controller
Addendum
(the
"Addendum") (https://legal.linkedin.com/pages-joint-controller-addendum),
which specifically regulates the security measures that LinkedIn must observe and
wherein LinkedIn
has
agreed to fulfill the rights of the affected parties (i.e., users can, for example,
direct requests
for
information or deletion directly to LinkedIn). The rights of the users (in
particular to access to
information, erasure, objection, and complaint to the competent supervisory
authority) are not
restricted by
the agreements with LinkedIn. The joint responsibility is limited to the collection
of data by and
transmission to Ireland Unlimited Company, a company based in the EU. The further
processing of the
data
is
the sole responsibility of Ireland Unlimited Company, particularly regarding the
transmission of
data to
the
parent company LinkedIn Corporation in the USA.
-
Pinterest: Social network; Service provider: Pinterest Europe Limited,
2nd Floor,
Palmerston
House, Fenian Street, Dublin 2, Ireland; Legal Basis: Legitimate Interests
(Article 6 (1) (f)
GDPR);
Website: https://www.pinterest.com.
Privacy
Policy:
https://policy.pinterest.com/en/privacy-policy.
-
Telegram Groups: We use the Telegram platform to create interest groups
within which Telegram
users
can contact each other or us and share information; Service provider:
Representative in the
European
Union: European Data Protection Office (EDPO), Avenue Huart Hamoir 71, 1030
Brussels, Belgium;
Website: https://telegram.org/; Privacy
Policy: https://telegram.org/privacy.
Further
Information:
We
process the personal data of the group members only insofar as we can manage the
group members, i.e.
add,
delete, restrict the use of the group and moderate the content. Beyond that, i.e. in
particular for
the
provision of technical functions, the evaluation and provision of anonymous dispatch
statistics for
the
group operators and the administration of the users, Telegram is the controller.
-
Telegram Channels: We use the Telegram platform to send messages to
subscribers of our
Telegram
channel; Service provider: Representative in the European Union: European
Data Protection
Office
(EDPO), Avenue Huart Hamoir 71, 1030 Brussels, Belgium; Website: https://telegram.org/;
Privacy Policy: https://telegram.org/privacy/de.
Further
Information: We
process the subscribers' personal data only to the extent that we can view and
delete the
subscribers as
recipients of the channel. Beyond that, i.e. in particular for the sending of the
messages, the
evaluation
and provision of anonymous sending statistics for the channel operators and the
administration of
the
subscribers, Telegram is responsible under data protection law.
-
Threads: Social network; Service provider: Meta Platforms Ireland
Limited, Merrion
Road,
Dublin
4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f)
GDPR);
Website:
https://www.threads.net/.
Privacy
Policy: https://help.instagram.com/515230437301944?locale=en_GB.
-
TikTok: Social network / video plattform; Service provider: TikTok
Technology Limited,
10
Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK
Limited,
Kaleidoscope, 4
Lindsey Street, London, United Kingdom, EC1A 9HP; Legal Basis: Legitimate
Interests (Article
6
(1)
(f) GDPR); Website: https://www.tiktok.com.
Privacy
Policy:
https://www.tiktok.com/de/privacy-policy.
-
X: Social network; Service provider: Twitter International Company,
One Cumberland
Place,
Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate Interests
(Article 6 (1)
(f)
GDPR). Privacy Policy: https://twitter.com/privacy,
(Settings: https://twitter.com/personalization).
-
YouTube: Social network and video platform; Service provider: Google
Ireland Limited,
Gordon
House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests
(Article 6 (1) (f)
GDPR);
Privacy Policy: https://policies.google.com/privacy;
Basis for third-country transfers: Data Privacy Framework (DPF).
Opt-Out: https://myadcenter.google.com/personalizationoff.
-
Social Media Wall / Social Media Newsroom: A "Social Media Wall" or
"Social Media Newsroom" is
a
compilation of certain posts from various social networks in which we are mentioned
or which contain
a
hashtag with our name or the name of a campaign. This includes mentions of posts we
publish on
social
networks and posts published by users. The content of the posts is automatically
obtained from the
respective social networks in accordance with the terms and permissions of the
authors, and users
may
object
to the display at any time. The authors are generally responsible for the content of
the posts. The
providers of the respective social networks are responsible for the processing of
data in connection
with
the display of the posts and their content. We refer to the information on the
respective social
networks
within the scope of this privacy policy. Without prejudice to the data subject
rights of users, we
recommend
that users (also) contact the respective authors or providers of the respective
social networks in
the
event
of requests for information and complaints about posts that were not written by us,
in order to
remove
the
posts at the source or to assert their data protection rights; Legal Basis:
Legitimate
Interests
(Article 6 (1) (f) GDPR).
Plugins and embedded functions and content
Within our online services, we integrate functional and content elements that are obtained
from the servers
of
their respective providers (hereinafter referred to as "third-party providers"). These may,
for example, be
graphics, videos or city maps (hereinafter uniformly referred to as "Content").
The integration always presupposes that the third-party providers of this content process
the IP address of
the
user, since they could not send the content to their browser without the IP address. The IP
address is
therefore
required for the presentation of these contents or functions. We strive to use only those
contents, whose
respective offerers use the IP address only for the distribution of the contents. Third
parties may also use
so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or
marketing
purposes.
The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of
this website.
The
pseudonymous information may also be stored in cookies on the user's device and may include
technical
information about the browser and operating system, referring websites, visit times and
other information
about
the use of our website, as well as may be linked to such information from other sources.
-
Processed data types: Usage data (e.g. page views and duration of visit,
click paths,
intensity
and
frequency of use, types of devices and operating systems used, interactions with
content and
features);
Meta, communication and process data (e.g. IP addresses, timestamps, identification
numbers,
involved
parties); Inventory data (For example, the full name, residential address, contact
information,
customer
number, etc.); Contact data (e.g. postal and email addresses or phone numbers);
Content data (e.g.
textual
or pictorial messages and contributions, as well as information pertaining to them,
such as details
of
authorship or the time of creation.); Event Data (Facebook) ("Event Data" is data
that can be
transmitted
from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates
to persons or
their
actions; the data includes, for example, information about visits to websites,
interactions with
content,
functions, installations of apps, purchases of products, etc.; Event data is
processed for the
purpose
of
creating target groups for content and advertising information (Custom Audiences).
Event Data does
not
include the actual content (such as written comments), login information, and
Contact Information
(such
as
names, email addresses, and phone numbers). Event Data is deleted by Facebook after
a maximum of two
years,
the Custom Audiences created from them with the deletion of our Facebook account).
-
Data subjects: Users (e.g. website visitors, users of online services).
-
Purposes of processing: Provision of our online services and usability;
Provision of
contractual
services and fulfillment of contractual obligations; Profiles with user-related
information
(Creating
user
profiles). Marketing.
-
Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article
6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
Integration of third-party software, scripts or frameworks: We incorporate
into our online
services
software which we retrieve from servers of other providers (e.g. function libraries
which we use for
the
purpose of displaying or user-friendliness of our online services). The respective
providers collect
the
user's IP address and can process it for the purposes of transferring the software
to the user's
browser
as
well as for security purposes and for the evaluation and optimisation of their
services; Legal
Basis:
Legitimate Interests (Article 6 (1) (f) GDPR).
-
Facebook plugins and contents: Facebook Social Plugins and contents - This
can include content
such as
images, videos or text and buttons with which users can share content from this
online service
within
Facebook. The list and appearance of the Facebook Social Plugins can be viewed here:
https://developers.facebook.com/docs/plugins/
-
We are jointly responsible (so-called "joint-controllership") with Meta Platforms
Ireland Limited
for
the
collection or transmission (but not further processing) of "Event Data" that
Facebook collects or
receives
as part of a transmission using the Facebook Social Plugins that run on our website
for the
following
purposes: a) displaying content advertising information that matches users' presumed
interests; b)
delivering commercial and transactional messages (e.g. b) delivering commercial and
transactional
messages
(e.g., addressing users via Facebook Messenger); c) improving ad delivery and
personalizing features
and
content (e.g., improving recognition of which content or advertising information is
believed to be
of
interest to users). We have entered into a special agreement with Facebook
("Controller Addendum",
https://www.facebook.com/legal/controller_addendum),
which specifically addresses the security measures that Facebook must take (https://www.facebook.com/legal/terms/data_security_terms)
and in which Facebook has agreed to comply with the rights of data subjects (i.e.,
users can, for
example,
submit information access or deletion requests directly to Facebook). Note: If
Facebook provides us
with
measurements, analyses and reports (which are aggregated, i.e. do not contain
information on
individual
users and are anonymous to us), then this processing is not carried out within the
scope of joint
responsibility, but on the basis of a DPA ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing/update),
the "Data Security Conditions" (https://www.facebook.com/legal/terms/data_security_terms)
and, with regard to processing in the USA, on the basis of Standard Contractual
Clauses ("Facebook
EU
Data
Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum).
The rights of users (in particular to access to information, erasure, objection and
complaint to the
competent supervisory authority) are not restricted by the agreements with Facebook;
Service
provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5,
Ireland;
Legal
Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy
Policy: https://www.facebook.com/about/privacy.
Basis
for
third-country transfers: Data Privacy Framework (DPF).
-
Google Fonts (Provision on own server): Provision of font files for the
purpose of a
user-friendly
presentation of our online services; Service provider: The Google Fonts are
hosted on our
server,
no
data is transmitted to Google; Legal Basis: Legitimate Interests (Article 6
(1) (f) GDPR).
-
Google Fonts (from Google Server): Obtaining fonts (and symbols) for the
purpose of a
technically
secure, maintenance-free and efficient use of fonts and symbols with regard to
timeliness and
loading
times,
their uniform presentation and consideration of possible restrictions under
licensing law. The
provider
of
the fonts is informed of the user's IP address so that the fonts can be made
available in the user's
browser. In addition, technical data (language settings, screen resolution,
operating system,
hardware
used)
are transmitted which are necessary for the provision of the fonts depending on the
devices used and
the
technical environment. This data may be processed on a server of the provider of the
fonts in the
USA -
When
visiting our online services, users' browsers send their browser HTTP requests to
the Google Fonts
Web
API.
The Google Fonts Web API provides users with Google Fonts' cascading style sheets
(CSS) and then
with
the
fonts specified in the CCS. These HTTP requests include (1) the IP address used by
each user to
access
the
Internet, (2) the requested URL on the Google server, and (3) the HTTP headers,
including the user
agent
describing the browser and operating system versions of the website visitors, as
well as the
referral
URL
(i.e., the web page where the Google font is to be displayed). IP addresses are not
logged or stored
on
Google servers and they are not analyzed. The Google Fonts Web API logs details of
HTTP requests
(requested
URL, user agent, and referring URL). Access to this data is restricted and strictly
controlled. The
requested URL identifies the font families for which the user wants to load fonts.
This data is
logged
so
that Google can determine how often a particular font family is requested. With the
Google Fonts Web
API,
the user agent must match the font that is generated for the particular browser
type. The user agent
is
logged primarily for debugging purposes and is used to generate aggregate usage
statistics that
measure
the
popularity of font families. These aggregate usage statistics are published on
Google Fonts'
Analytics
page.
Finally, the referral URL is logged so that the data can be used for production
maintenance and to
generate
an aggregate report on top integrations based on the number of font requests. Google
says it does
not
use
any of the information collected by Google Fonts to profile end users or serve
targeted ads;
Service
provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland; Legal
Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://fonts.google.com/;
Privacy
Policy: https://policies.google.com/privacy;
Basis for
third-country transfers: Data Privacy Framework (DPF). Further
Information: https://developers.google.com/fonts/faq/privacy?hl=en.
-
reCAPTCHA: We integrate the "reCAPTCHA" function to be able to
recognise whether entries (e.g.
in
online forms) are made by humans and not by automatically operating machines
(so-called "bots"). The
data
processed may include IP addresses, information on operating systems, devices or
browsers used,
language
settings, location, mouse movements, keystrokes, time spent on websites, previously
visited
websites,
interactions with ReCaptcha on other websites, possibly cookies and results of
manual recognition
processes
(e.g. answering questions asked or selecting objects in images). The data processing
is based on our
legitimate interest to protect our online services from abusive automated crawling
and spam;
Service
provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland, , parent
company:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal
Basis: Legitimate
Interests (Article 6 (1) (f) GDPR); Website: https://www.google.com/recaptcha/;
Privacy
Policy: https://policies.google.com/privacy;
Basis for
third-country transfers: Data Privacy Framework (DPF). Opt-Out:
Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en,
Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff.
-
X plugins and contents: Plugins and buttons of the platform "X" -
This may include, for
example,
content such as images, videos or texts and buttons with which users can share
content of this
online
offer
within X; Service provider: Twitter International Company, One Cumberland
Place, Fenian
Street,
Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate Interests (Article 6 (1)
(f) GDPR);
Website: https://twitter.com;
Privacy
Policy: https://twitter.com/privacy,
(Settings: https://twitter.com/personalization);
Data
Processing
Agreement: https://privacy.twitter.com/en/for-our-partners/global-dpa.
Basis for third-country transfers: Standard Contractual Clauses (https://privacy.twitter.com/en/for-our-partners/global-dpa).
-
YouTube videos: Video contents; Service provider: Google Ireland
Limited, Gordon House,
Barrow
Street, Dublin 4, Ireland, , parent company: Google LLC, 1600 Amphitheatre Parkway,
Mountain View,
CA
94043,
USA; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.youtube.com;
Privacy Policy:
https://policies.google.com/privacy;
Basis for
third-country transfers: Data Privacy Framework (DPF). Opt-Out:
Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en,
Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff.
-
YouTube-Videos: Video content; ouTube videos are integrated via a special
domain (recognizable
by
the
component "youtube-nocookie") in the so-called " enhanced data protection mode",
whereby no cookies
on
user
activities are collected in order to personalise the video playback. Nevertheless,
information on
the
user's
interaction with the video (e.g. remembering the last playback point) may be stored;
Service
provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland, , parent
company:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Legal
Basis: Consent
(Article 6
(1) (a) GDPR); Website: https://www.youtube.com;
Privacy
Policy: https://policies.google.com/privacy.
Basis for third-country transfers: Data Privacy Framework (DPF).
-
Vimeo-Videoplayer: Integration of a video player; Service provider:
Vimeo Inc.,
Attention:
Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal
Basis: Legitimate
Interests (Article 6 (1) (f) GDPR); Website: https://vimeo.com;
Privacy Policy: https://vimeo.com/privacy;
Data
Processing
Agreement: https://vimeo.com/enterpriseterms/dpa.
Basis for third-country transfers: Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa).
Management, Organization and Utilities
We use services, platforms and software from other providers (hereinafter referred to as "
third-party
providers") for the purposes of organizing, administering, planning and providing our
services. When
selecting
third-party providers and their services, we comply with the legal requirements.
Within this context, personal data may be processed and stored on the servers of third-party
providers. This
may
include various data that we process in accordance with this privacy policy. This data may
include in
particular
master data and contact data of users, data on processes, contracts, other processes and
their contents.
If users are referred to the third-party providers or their software or platforms in the
context of
communication, business or other relationships with us, the third-party provider processing
may process
usage
data and metadata that can be processed by them for security purposes, service optimisation
or marketing
purposes. We therefore ask you to read the data protection notices of the respective third
party providers.
-
Processed data types: Content data (e.g. textual or pictorial messages and
contributions, as
well
as
information pertaining to them, such as details of authorship or the time of
creation.); Usage data
(e.g.
page views and duration of visit, click paths, intensity and frequency of use, types
of devices and
operating systems used, interactions with content and features); Meta, communication
and process
data
(e.g.
IP addresses, timestamps, identification numbers, involved parties); Contract data
(e.g. contract
object,
duration, customer category). Contact data (e.g. postal and email addresses or phone
numbers).
-
Data subjects: Communication partner (Recipients of e-mails, letters, etc.);
Users (e.g.
website
visitors, users of online services); Business and contractual partners. Third
parties.
-
Purposes of processing: Provision of contractual services and fulfillment of
contractual
obligations;
Office and organisational procedures. Security measures.
-
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
-
calendly: Online scheduling and calendar management; Service provider:
Calendly LLC.,
271
17th
St NW, Ste 1000, Atlanta, Georgia, 30363, USA; Legal Basis: Legitimate
Interests (Article 6
(1)
(f)
GDPR); Website: https://calendly.com;
Privacy Policy:
https://calendly.com/pages/privacy;
Data
Processing
Agreement: https://calendly.com/dpa.
Basis for
third-country
transfers: Standard Contractual Clauses (https://calendly.com/dpa).
-
DocuSign: Electronic signature of documents, sending documents for signature,
tracking the
status
of
documents, storage of signed documents
; Service provider: DocuSign, Inc.,
221 Main Street
Suite
1000 San Francisco, CA 94105, USA; Legal Basis: Legitimate Interests (Article
6 (1) (f)
GDPR);
Website: https://www.docusign.com/;
Privacy
Policy:
https://www.docusign.com/company/privacy-policy;
Data Processing Agreement: https://www.docusign.com/legal/terms-and-conditions/data-protection-attachment;
Basis for third-country transfers: Standard Contractual Clauses (https://www.docusign.com/legal/terms-and-conditions/data-protection-attachment).
Further Information: The processing as processor and controller is also
carried out on the
basis
of
approved Binding Corporate Rules, which ensure a level of data protection in
accordance with the
requirements of the GDPR (Article 47 GDPR): https://www.docusign.com/trust/privacy/binding-corporate-rules.
-
AI software (on own server): Use of "artificial intelligence" in the
applicable legal sense of
the
term, i.e., software that is primarily based on specific logic and is essentially
autonomous in its
ability
to understand and produce natural language or other input, output, and data, analyze
information,
and
make
predictions; Service provider: Executed on servers and/or computers under our
controllership;
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
-
Midjourney: AI-based image processing service designed to understand and
generate natural
language
and
related input and data, analyze information, and make predictions ("AI",
meaning "Artificial
Intelligence"
shall be construed in the applicable legal sense of the term); Service
provider: Midjourney,
Inc.,
795 Folsom Street, 1st Floor, San Francisco, CA 94107 USA; Legal Basis:
Legitimate Interests
(Article
6 (1) (f) GDPR); Website: https://www.midjourney.com/.
Privacy Policy: https://docs.midjourney.com/docs/privacy-policy.
-
nele.ai: Software that enables the integration of AI software and the
creation of AI content
using
API
access to AI-based services in various use cases. User inputs are not directly
forwarded to the AI
providers, but are stored securely on EU servers. Using a privacy filter, there is
also the
possibility
to
anonymize these. The communication history of the users is stored on the EU-based
servers of
nele.ai.
Depending on the functions chosen by the user and provided by the supplier, the use
of AI functions
is
regulated in such a way that user inputs must not be stored by the AI providers or
used for learning
purposes; Service provider: GAL Digital GmbH, Unter den Linden 26, 35410
Hungen, Germany;
Legal
Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.nele.ai/en;
Privacy Policy:
https://www.nele.ai/en/data-protection.
Data
Processing Agreement: Provided by the service provider.
-
OpenAI API: Interface access (so-called "API") to AI-based services
designed to understand and
generate natural language and related inputs, analyze information, and make
predictions ("AI", i.e.,
"Artificial Intelligence", is to be understood in the legal sense of the term as
applicable). The
provision
of AI services includes the processing (including collection, storage, organization,
and
structuring) of
personal data as part of a machine learning process based on natural language;
conducting activities
to
verify or maintain the quality of the services; identifying and correcting errors
that impair the
existing
intended functionality, as well as supporting efforts to ensure the security and
integrity of the AI
services; Service provider: OpenAI Ireland Ltd, 117-126 Sheriff Street Upper,
D01 YC43 Dublin
1,
Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR);
Website: https://openai.com/product;
Privacy Policy: https://openai.com/de/policies/eu-privacy-policy;
Data Processing Agreement: https://openai.com/policies/data-processing-addendum;
Basis for third-country transfers: Standard Contractual Clauses (https://openai.com/policies/data-processing-addendum).
Opt-Out: https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZSOcIWzcUYUXQ1xttjBgDpA/viewform.
Changes and Updates
We kindly ask you to inform yourself regularly about the contents of our data protection
declaration. We
will
adjust the privacy policy as changes in our data processing practices make this necessary.
We will inform
you as
soon as the changes require your cooperation (e.g. consent) or other individual
notification.
If we provide addresses and contact information of companies and organizations in this
privacy policy, we
ask
you
to note that addresses may change over time and to verify the information before contacting
us.
Terminology and Definitions
In this section, you will find an overview of the terminology used in this privacy policy.
Where the
terminology
is legally defined, their legal definitions apply. The following explanations, however, are
primarily
intended
to aid understanding.
-
Affiliate Tracking: Affiliate tracking logs links that the linking websites
use to refer users
to
websites with products or other offers. The owners of the respective linked websites
can receive a
commission if users follow these so-called "affiliate links" and subsequently take
advantage of the
offers
(e.g. buy goods or use services). To this end, it is necessary for providers to be
able to track
whether
users who are interested in certain offers subsequently follow the affiliate links.
It is therefore
necessary for the functionality of affiliate links that they are supplemented by
certain values that
become
part of the link or are otherwise stored, e.g. in a cookie. The values include in
particular the
source
website (referrer), time, an online identification of the owner of the website on
which the
affiliate
link
was located, an online identification of the respective offer, an online identifier
of the user, as
well
as
tracking specific values such as advertising media ID, partner ID and
categorizations
-
Contact data: Contact details are essential information that enables
communication with
individuals or
organizations. They include, among others, phone numbers, postal addresses, and
email addresses, as
well
as
means of communication like social media handles and instant messaging identifiers.
-
Content Delivery Network (CDN): A "Content Delivery Network" (CDN) is a
service with whose
help
contents of our online services, in particular large media files, such as graphics
or scripts, can
be
delivered faster and more securely with the help of regionally distributed servers
connected via the
Internet.
-
Content data: Content data comprise information generated in the process of
creating, editing,
and
publishing content of all types. This category of data may include texts, images,
videos, audio
files,
and
other multimedia content published across various platforms and media. Content data
are not limited
to
the
content itself but also include metadata providing information about the content,
such as tags,
descriptions, authorship details, and publication dates.
-
Contract data: Contract data are specific details pertaining to the
formalisation of an
agreement
between two or more parties. They document the terms under which services or
products are provided,
exchanged, or sold. This category of data is essential for managing and fulfilling
contractual
obligations
and includes both the identification of the contracting parties and the specific
terms and
conditions of
the
agreement. Contract data may encompass the start and end dates of the contract, the
nature of the
agreed-upon services or products, pricing arrangements, payment terms, termination
rights, extension
options, and special conditions or clauses. They serve as the legal foundation for
the relationship
between
the parties and are crucial for clarifying rights and duties, enforcing claims, and
resolving
disputes.
-
Controller: "Controller" means the natural or legal person, public
authority, agency or other
body
which, alone or jointly with others, determines the purposes and means of the
processing of personal
data.
-
Conversion tracking: Conversion tracking is a method used to evaluate the
effectiveness of
marketing
measures. For this purpose, a cookie is usually stored on the devices of the users
within the
websites
on
which the marketing measures take place and then called up again on the target
website (e.g. we can
thus
trace whether the advertisements placed by us on other websites were successful).
-
Inventory data: Inventory data encompass essential information required for
the identification
and
management of contractual partners, user accounts, profiles, and similar
assignments. These data may
include, among others, personal and demographic details such as names, contact
information
(addresses,
phone
numbers, email addresses), birth dates, and specific identifiers (user IDs).
Inventory data form the
foundation for any formal interaction between individuals and services, facilities,
or systems, by
enabling
unique assignment and communication.
-
Meta, communication and process data: Meta-, communication, and procedural
data are categories
that
contain information about how data is processed, transmitted, and managed.
Meta-data, also known as
data
about data, include information that describes the context, origin, and structure of
other data.
They
can
include details about file size, creation date, the author of a document, and
modification
histories.
Communication data capture the exchange of information between users across various
channels, such
as
email
traffic, call logs, messages in social networks, and chat histories, including the
involved parties,
timestamps, and transmission paths. Procedural data describe the processes and
operations within
systems
or
organisations, including workflow documentations, logs of transactions and
activities, and audit
logs
used
for tracking and verifying procedures.
-
Payment Data: Payment data comprise all information necessary for processing
payment
transactions
between buyers and sellers. This data is crucial for e-commerce, online banking, and
any other form
of
financial transaction. It includes details such as credit card numbers, bank account
information,
payment
amounts, transaction dates, verification numbers, and billing information. Payment
data may also
contain
information on payment status, chargebacks, authorizations, and fees.
-
Personal Data: "personal data" means any information relating to an
identified or identifiable
natural
person ("data subject"); an identifiable natural person is one who can be
identified, directly or
indirectly, in particular by reference to an identifier such as a name, an
identification number,
location
data, an online identifier or to one or more factors specific to the physical,
physiological,
genetic,
mental, economic, cultural or social identity of that natural person.
-
Processing: The term "processing" covers a wide range and
practically every handling of data,
be
it
collection, evaluation, storage, transmission or erasure.
-
Profiles with user-related information: The processing of "profiles with
user-related
information",
or "profiles" for short, includes any kind of automated processing of
personal data that consists of
using
these personal data to analyse, evaluate or predict certain personal aspects
relating to a natural
person
(depending on the type of profiling, this may include different information
concerning demographics,
behaviour and interests, such as interaction with websites and their content, etc.)
(e.g. interests
in
certain content or products, click behaviour on a website or location). Cookies and
web beacons are
often
used for profiling purposes.
-
Remarketing: "Remarketing" or "retargeting" is the term
used, for example, to indicate for
advertising
purposes which products a user is interested in on a website in order to remind the
user of these
products
on other websites, e.g. in advertisements.
-
Usage data: Usage data refer to information that captures how users interact
with digital
products,
services, or platforms. These data encompass a wide range of information that
demonstrates how users
utilise
applications, which features they prefer, how long they spend on specific pages, and
through what
paths
they
navigate an application. Usage data can also include the frequency of use,
timestamps of activities,
IP
addresses, device information, and location data. They are particularly valuable for
analysing user
behaviour, optimising user experiences, personalising content, and improving
products or services.
Furthermore, usage data play a crucial role in identifying trends, preferences, and
potential
problem
areas
within digital offerings
-
Web Analytics: Web Analytics serves the evaluation of visitor traffic of
online services and
can
determine their behavior or interests in certain information, such as content of
websites. With the
help
of
web analytics, website owners, for example, can recognize at what time visitors
visit their website
and
what
content they are interested in. This enables them, for example, to better adapt the
content of their
websites to the needs of their visitors. For the purposes of web analytics ,
pseudonymous cookies
and
web
beacons are often used to recognize returning visitors and thus obtain more precise
analyses of the
use
of
an online service.