Data Protection Statement
This Data Protection Statement clarifies the type, scope and purpose of processing of personal data (hereafter referred to as “data”) within our on-line offer and its associated webpages, functions and contents, as well as our external on-line presence, as e.g., our social media profile (hereafter collectively referred to as “on-line offer”). With regard to the definitions employed as e.g., “processing” or “Controller”, we refer to the definitions given in Art. 4 of the General Data Protection Regulation (GDPR).
AMAZONEN-Werke H. Dreyer GmbH & Co. KG
represented by Christian Dreyer and Dr Justus Dreyer
Am Amazonenwerk 9-13
E-Mail address: firstname.lastname@example.org
Link to imprint: http://www.amazone.de/5000.asp
Data Protection Officer: email@example.com
Type of Processed Data
- Master data (e.g., names, addresses)
- Contact data (e.g., e-mail, telephone numbers)
- Contents data (e.g., text inserted, photographs, videos)
- Utilization data (e.g., web pages visited, contents of interest, access times)
- Meta- or communication data (e.g., device information, IP addresses)
Categories of Data Subjects
Visitors and users of our online offer (hereafter data subjects are also col-lectively referred to as “users “).
- Supply of online offer, functions and contents
- Answering enquiries and communication with users
- Security measures
- Range measurements, marketing
“Personal Data” means any information that refers to an identified or identifiable person (hereafter “Data Subject”). A natural person is considered identifiable when it can be identified directly or indirectly, in particular by way of an identifier such as a name, code, location, online marker (e.g., a cookie) or one or several characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” means any process using an automated or non-automated procedure or a series of such procedures in connection with personal data. The term has a wide definition and encompasses practically any interaction with data.
“Anonymization” is the processing of personal data in such a way that the personal data can no longer be allocated to a particular person without the use of additional information provided the additional information is stored separately and subject to technical and organizational measures which ensure that the personal data are not allocated to an identified or identifiable person.
“Profiling” is any type of automated processing of personal data which uses the given personal data to evaluate certain personal aspects of a natural person, in particular to analyze and forecast aspects of performance, financial situation, health, personal preferences, hobbies, reliability, conduct, habitual residence or change of location of a natural person.
“Controller” means any natural person or legal entity, authority, facility or agency which on its own or together with others decides on the purpose and means of processing personal data.
“Processor” is a natural person or legal entity, authority, facility or agency which processes personal data on instructions of the Controller.
Relevant Legal Bases
Pursuant to Art. 13 GDPR, we hereby inform you of the legal bases of our data processing. When the legal basis is not quoted in the Data Protection Statement, the following applies: The legal basis for obtaining consent is Art. 6 Subsec. 1 lit. a and Art. 7 GDPR, the legal basis for the processing to perform our services or contractual undertakings and for attending to enquiries is Art. 6 Subsec. 1 lit. b GDPR, the legal basis for the processing to meet our legal obligations is Art. 6 Subsec. 1 lit. c GDPR and the legal basis for the processing to safeguard our legitimate interests is Art. 6 Subsec. 1 lit. f GDPR. In the event that vital interests of the data subject or of another natural person require the processing of personal data, the legal basis is Art. 6 Subsec. 1 lit. d GDPR.
As per Art. 32 GDPR, we adopt suitable technical and organizational measures, taking into account the state of technology, implementation costs and method, scope, circumstances and purpose of processing as well as the variable probability of occurrence and the gravity of risk to the rights and options of natural persons, to ensure a level of protection that is commensurate to the risk.
These measures include in particular the protection of confidentiality, integrity and availability of data by controlling the physical access to the data, likewise the digital access to them, their entry, transfer and the protection of their availability and segregation. Moreover, we have installed procedures which guarantee safeguarding the rights of data subjects, the erasure of data and a response to a data hazard. We furthermore take the protection of personal data into account already at the time of developing and selecting hard- and software and procedures in harmony with the principles of data protection through design engineering and data protection-friendly default settings (Art. 25 GDPR).
Cooperation with Processors and Third Parties
When during processing we disclose or transfer data to other persons or companies (processors or third parties) or allow access to the data in other ways for our contractual performance pursuant to Art. 6 Subsec. 1 lit. b GDPR, this occurs only on the basis of lawful consent (e.g., when a data transfer to a third party, e.g., a payment provider, is required), when you have granted consent, when a legal obligation provides for it or when based on our legitimate interests (e.g., when employing an agent, web hoster, etc.).
Data processing by a third party appointed under a so-called “Data Pro-cessing Agreement” is done on the basis of Art. 28 GDPR.
Transfer to Non-Member States
When we process data in a non-member state (i.e., one outside the European Union (EU) or the European Economic Area (EEA)) or when this occurs as part of the services by a third party or the disclosure or transfer of data to a third party, this takes place only when required for the performance of our (pre)contractual services, with your consent, due to a legal obligation or on the basis of our legitimate interests. Assuming statutory or contractual consent, we process data or have them processed in a non-member state only when the special preconditions of Art. 44 ff GDPR are met, i.e., only if the processing is performed in the presence of specific guaranties, like e.g., an officially acknowledged data protection level that corresponds to the EU level (e.g., the “Privacy Shield” in the USA) or by observing officially recognized contractual undertakings (so-called “standard contract clauses”).
Rights of Data Subjects
Under Art. 15 GDPR, you have the right to demand a confirmation whether the data in question are being processed and request information on these data and on other information as well as a copy of these data.
Under Art. 16 GDPR, you have the right to demand the completion of data concerning you or the correction of incorrect data concerning you.
Under Art. 17 GDPR, you have the right to demand that the respective da-ta are immediately erased or alternatively, as per Art. 18 GDPR, demand to limit the processing of these data.
You have the right to demand that data concerning you and supplied to us by you are maintained in line with Art. 20 GDPR and request their transfer to other controllers.
Furthermore, under Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
Right of Revocation
Under Art. 7 Subsec. 3 GDPR, you have the right to revoke a consent pre-viously granted with immediate effect. Revoking your consent does not affect the lawfulness of processing performed with your consent up to revocation. Please send your revocation to: firstname.lastname@example.org
Right to Object
Under Art. 21 GDPR, you may object to the future processing of your data at any time. An objection can be lodged in particular when the purpose of processing is direct mail. Please send your objection to:
Cookies and Right to Object to Direct Mail
Cookies are small files that are stored on the computers of users. These cookies may have various tasks. The primary purpose of a cookie is to store information on a user (or on the device on which the cookie is stored) during or even after access to an online offer. Temporary cookies, so-called “session cookies” or “transient cookies” are those which are de-leted when the user leaves the online offer and closes his browser. Such a cookie may store e.g., the contents of a shopping basket in an online shop or the log-in status. “Permanent” or “persistent” cookies are those which remain even after closing the browser. Thus, the log-in status may remain stored when the user returns after several days. Likewise, the preferences of a user can be stored in such a cookie and used for range measurements or marketing purposes. A “third-party cookie” is one which is deposited by suppliers other than the controller operating the online offer (cookies only placed by the latter are called “first-party cookies”).
We may use temporary and permanent cookies and explain their nature in our Data Protection Statement.
Users who do not wish cookies to be stored on their computers are re-quested to disable the respective option in the settings of their browser. Stored cookies can be deleted through the system settings of the browser. The exclusion of cookies may result in functional limitations of the online offer.
Right to Erasure
Pursuant to Secs. 17 and 18 GDPR, the data processed by us are erased or their processing is restricted. If not explicitly stated otherwise in the present Data Protection Statement, data stored by us will be erased as soon as they are no longer required and no statutory retention obligation exists in their regard. When data are not erased because they are needed for other legally permitted purposes, their processing is restricted, i.e., the data are blocked and no longer processed for other purposes. This applies e.g., to data that must be stored for commercial or tax-related reasons.
Under the legal provisions in Germany, retention is required in particular for 10 years under Secs. 147 Subsec. 1 AO, 257 Subsec. 1 Nos. 1 and 4, Subsec. 4 HGB (accounting books, records, management reports, vouchers, ledgers, records relevant to tax matters) and for 6 years under Sec. 257 Subsec. 1 Nos. 2 and 3, Subsec. 4 HGB (commercial correspondence).
Under the legal provisions in Austria, retention is required in particular for 7 years under Sec. 132 Subsec. 1 BAO (accounting records, vouchers, invoices), for 22 years for real estate transactions and for 10 years in connection with digitally provided services, telecommunications and for radio and TV broadcasting services provided to non-merchants in EU member states and used for the Mini-One-Stop-Shop (MOSS).
- In addition, we process
contract data (e.g., contract object, contract term, customer category)
- payment data (e.g., banking data, payment history)
of our customers, prospects and business partners for the purpose of performing contractual services, maintenance and customer support, marketing, advertising and market research.
On-Line Order Handling and Customer Accounts
We process the data of our customers, in particular for ordering in our on-line shop, to permit customers to select and order the chosen products and services, and for their payment, delivery and order execution.
Processed data include stock data, communication data, contract data, payment data; the persons subject to processing are our customers, prospects and other business partners. Processing is made for the purpose of supplying our contractual services during on-line transactions, billing, delivery and customer support. For this purpose we use session cookies for the storage of basket contents and permanent cookies for the storage of the log-in status.
Processing is made on the basis of Art. 6 Subsec. 1 lit. b (order processing) and c (legally required archiving) GDPR whereby data marked compulsory are required for contract substantiation and performance. We will disclose such data to a third party only for delivery and payment purposes, with lawful permission or when obligated to do so vis-a-vis legal consultants or authorities. Data are processed in non-member states only when this is required for contract performance (e.g., at customer request on delivery or payment).
Users are free to create a user account, in particular to view their settings. The required obligatory data are advised to users during registration. User accounts are not public and cannot be indexed by search engines. When users terminate their account, the data relevant to the account are deleted except when their storage is required for business or tax reasons pursuant to Art. 6 Subsec. 1 lit. c GDPR. When there is a legal archiving obligation, data in the customer account are retained and subsequently archived. After a notice of termination, it is up to the user to secure their data prior to contract termination.
As part of the registration and renewed log-ins or when making use of our online services, we store the IP address and the time of access. Storage is made on the basis of our legitimate interests, but also in the interest of users to prevent abuse or other forms of unlawful use. In principle, these data are not transferred to a third party except when required to assert a claim as per Art. 6 Subsec. 1 lit. f GDPR or in the event of a legal obliga-tion to disclosure as per Art. 6 Subsec. 1 lit. c GDPR.
Deletion takes place on the expiration of the statutory warranty periods or of comparable obligations. The data storage need is reviewed every three years; in the event of a statutory archiving obligation, deletion takes place after its expiry (at the end of a commercial (6 years) or a tax-related (10 years) retention period).
Administration, Financial Accounting, Office Administration and Contact Management
We process data as part of our administrative functions and office organization, payroll accounting and in compliance with statutory obligations such as record-keeping. When doing so, we process the same data that we process during the performance of our contractual services. The processing bases are rooted in Art. 6 Subsec. 1 lit. c GDPR and Art. 6 Subsec. 1 lit. f GDPR. This processing concerns customers, prospects, business partners and website visitors. The purpose and our interest in processing lies in the administration, payroll accounting, office management, data archiving, i.e., all tasks that allow us to perform our functions and services. The erasure of data relating to contractual services and contractual communications corresponds to the tasks underlying their processing.
We disclose or transmit data to tax offices, consultants as e.g., tax con-sultants or auditors and to other billing centres or payment providers.
Reflecting our business interests, we furthermore store data on suppliers, organisers and other business partners, e.g., for the purpose of a future entry into contact. These data which are primarily business-related are in principle stored indefinitely.
Amazon Partner Program
Further information on the use of the data by Amazon and on your objec-tion options are found in the Data Protection Statement of the company at: http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.
Notes on Data Processing for Job Applications
We process applicant data only for the purpose and within the limits of the application process and in harmony with the statutory provisions. Pro-cessing of applicant data is made to establish an employment relationship as per Art. 6 Subsec. 1 lit. b. GDPR and Art. 6 Subsec. 1 lit. f GDPR, Sec. 26 BDSG, as far as the data processing is required by us within the limits of a lawful process.
The application process presupposes that applicants forward their applica-tion data to us. When an on-line form is used, the necessary application data are marked accordingly; otherwise, they are a function of the job description and in principle include data on the person, postal and contact addresses and documents that are part of a job application such a covering letter, curriculum vitae and testimonials. In addition, applicants are also free to submit additional information.
When during the application process, special categories of personal data in the sense of Art. 9 Subsec. 1 GDPR are submitted voluntarily, their processing is additionally undertaken pursuant to Art. 9 Subsec. 2 lit. b GDPR (e.g., health data as e.g., invalidity or ethnic origin). If during the application process, special categories of personal data in the sense of Art. 9 Subsec. 1 GDPR are requested from applicants, these are in addition pro-cessed in principle as per Art. 9 Subsec. 2 lit. a GDPR (e.g., data on the state of health required to exercise the job in question).
Applicants can forward their applications to our website by way of the ap-plication portal of the provider concludis GmbH. Concludis GmbH carries out order processing on our behalf under a processing agreement as per Art. 28 GDPR. Data are transferred encrypted using the current state of the art.
Applicants may furthermore forward their applications by e-mail. It should be noted, however, that in principle e-mails are sent unencrypted and that applicants must ensure the encryption themselves. We are therefore unable to assume any responsibility for the transmission route of the application between sender and receipt on our server and thus recommend the use of the application portal supplied on our homepage or submission by regular mail. In the place of submitting an application via the on-line form and e-mail, applicants may continue to forward their applications by regular mail.
If consent of the applicant was granted, data supplied by the applicant may also be transmitted to the following companies:
- Amazonen Werke H. Dreyer GmbH & Co. KG, Heinrich-Dreyer-Straße 7, 27798 Hude (Oldb.)
- Amazone Technologie Leeden GmbH & Co. KG, Natrup-Hagener Str. 1, 49545 Tecklenburg-Leeden
- BBG Bodenbearbeitungsgeräte Leipzig GmbH & Co. KG, Rippachtalstraße 10, 04249 Leipzig
- AMAZONE S.A. Auneau, Zone d'activité du Pays Alnélois, CS 20001, 28702 Auneau Cedex (France)
- AMAZONE S.A. Forbach, 17, rue de la Verrerie, 57602 Forbach (France)
In the event of a successful application, data supplied by applicants may continue to be processed by us in connection with the subsequent employment. When an application for a vacancy is not successful, applicant data are deleted. Applicant data are likewise deleted when an application is retracted and thus revoked which an applicant is entitled to do at any time.
Deletion takes place, except in the event of a justified revocation by the applicant, at the end of a period of six months to allow us respond to pos-sible follow-up queries on the application and to demonstrate the performance of our obligations under the Equal Treatment Act. Invoices for the possible reimbursement of travel expenses are archived as per the tax-related provisions.
If you have any questions about our job vacancies, then applicants can also contact us by using WhatsApp. For this the applicants need an existing WhatsApp messaging account. When applicants send a message to our WhatsApp account, as found on our homepage at http://amazone.de/3957.asp, they agree, in accordance with GDPR Art. 6, Para.1 Part a. that we use personal related data for the direct communication and the necessary relevant data processing by utilising WhatsApp. The processed data may include, in particular, surname, given name, phone number, messenger ID, profile picture and messages. We wish to point out that WhatsApp receives personal data from the applicants and processes it on servers located outside the EU (such as, for example, in the USA). Over this we do not have any influence. However, WhatsApp. Inc. has committed itself according to the Privacy Shield Agreement to comply with the European data protection law. In this context we refer to our explanation mentioned above with reference to “Transfer to Non-Member States”. The responsible provider of this Messenger is WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data protection declaration: https://www.whatsapp.com/legal/#privacy-policy
Users may create a user account. Users will be informed of the required obligatory data during registration which on the basis of Art. 6 Subsec. 1 lit. b GDPR are processed for the purpose of creating the user account. Processed data include in particular the log-in information (name, pass-word and e-mail address). The registration data are needed to permit the intended use of the account.
Users can be informed by e-mail of news relevant to their accounts as e.g. technical changes. When users have given notice of terminating their ac-count, the user data are deleted except in the case of a statutory retention requirement. In the event of termination, it is up to the user to secure their data prior to the end of the contract. We are entitled to irrevocably delete all user data stored during the term of the contract.
As part of the use of our registration and log-in functions and the use of the user account as such, we store the IP address and the time of user ac-cess. The storage is made on the basis of our legitimate interests but also in the interest of users to prevent abuse or other forms of unlawful use. In principle, these data are not passed on to a third party except when re-quired by us to assert claims or in the event of a statutory obligation pur-suant to Art. 6 Subsec. 1 lit. c GDPR. IP addresses are anonymised or deleted at the latest after 7 days.
Entry into Contact
When contact is made with us (e.g., via the contact form, by e-mail, tele-phone or the social media), user data are processed to deal with the en-quiry and its subsequent handling pursuant to Art. 6 Subsec. 1 lit. b GDPR. The data of the user may be stored in a Customer Relationship Management System (“CRM System”) or comparable software package.
We delete enquiries that are no longer needed. We examine the storage necessity every two years; in all other matters, the statutory archiving pe-riods apply.
The following serves to inform you of the contents of our newsletter and of the registration, mailing and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you signal your consent to the receipt and above procedure.
Contents of the newsletter: We send out newsletters, e-mails and other digital messages with advertising information (hereafter “newsletter”) only with the consent of the recipient or where permitted under law. If the con-tents of the newsletter is concretely stated during registration, the consent of the user is mandatory. Our newsletters also contain information on our services and on ourselves.
Double-Opt-In and access records: The registration for a newsletter sub-scription is made in a so-called Double Opt-In process. I.e., after registra-tion, you receive an e-mail requesting you to confirm the registration. This confirmation is necessary to prevent registrations using a third-party e-mail address. Newsletter registrations are recorded so we can prove that the registration process meets legal requirements. This includes storing the registration and confirmation times as well as the IP address. Changes to the data stored by the e-mail distributor are also recorded.
Registration data: To register for a newsletter, it is sufficient to provide an e-mail address. Quoting a name to permit a personal address in the news-letter is optional.
The dispatch of the newsletter and the subsequent performance measure-ment are made only with the consent of the recipient as per Art. 6 Subsec. 1 lit. a, Art. 7 GDPR in connection with Sec. 7 Subsec. 2 No. 3 UWG, likewise on the basis of lawful consent as per Sec. 7 Subsec. 3 UWG.
The registration procedure is logged on the basis of our legitimate interests as per Art. 6 Subsec. 1 lit. f GDPR. Our interest is in a user-friendly and secure newsletter system that serves both our business interests and the expectations of users which at the same time permits us to prove their consent.
Notice of termination/cancellation: You may cancel the receipt of our news-letter at any time, i.e., revoke your consent. See the link for notice of ter-mination at the end of every newsletter. To prove previously granted consent, we may store the e-mail addresses of recipients on the basis of our legitimate interests for up to three years prior to deletion. The pro-cessing of data is limited to the purpose of a possible defence against claims. A separate deletion request is possible at any time provided the former existence of consent is confirmed.
Newsletter – CleverReach
The dispatch of the newsletter is made by means of e-mail distributor CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. The data protection regulations of the e-mail distributor can be found at: https://www.cleverreach.com/de/dataschutz/. The e-mail distributor oper-ates on the basis of our legitimate interests as per Art. 6 Subsec. 1 lit. f GDPR and under a commissioning agreement pursuant to Art. 28 Subsec. 3 Cl. 1 GDPR.
The e-mail distributor may use the data in anonymous form, i.e., without allocating them to optimize or improve their own services, that is to say for technical optimization, display of newsletters or statistical purposes. The e-mail distributor will not, however, contact users directly or to pass the data on to a third party.
Collection of Access Data and Log Files
On the basis of our legitimate interests in the sense of Art. 6 Subsec. 1 lit. f GDPR, we or our hosting provider, collect data on every access to the server which hosts our website (so-called server log files). Access data in-clude the name of the accessed website, file, date and time of the access, downloaded data volume, reports on a successful download, browser type and version, operating system of the user, referrer URL (i.e., the website visited just prior thereto), IP address and the enquiring provider.
For security reasons (e.g., for investigation of abusive or fraudulent con-duct), log file data are stored for a maximum of 7 days and thereafter de-leted. Data which are needed as evidence are excepted from the above up to the final clarification of the matter in question.
Google is certified under the Privacy Shield Agreement which guarantees that European data protection law will be respected (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
On our instructions, Google will use this information to evaluate the use of our online offer by the user, compile reports on activities within our web-site and to provide further online offer and website-related services to us. While doing so, anonymous user profiles may be generated from the processed data.
We use Google Analytics only with IP anonymization enabled. This means that the IP address of the user is truncated by Google within member states of the European Union and in other signatories of the Treaty on the European Economic Area. Only in exceptions is the full IP address transmit-ted to a Google server in the USA and truncated there.
The IP address transmitted by the user’s browser is not aggregated with other Google data. Users can prevent the storage of cookies by a corresponding setting of their browser; in addition, users can prevent the logging of the data generated by the cookie that deals with viewing the website and the processing of these data by Google by downloading and installing a browser plugin available from the following link http://tools.google.com/dlpage/gaoptout?hl=de
Further information on the data use by Google and on available setting and objection options can be found in Google’s Data Protection Statement at (https://policies.google.com/technologies/ads) as well as in the settings for the display of online advertisements faded in by Google
Personal data of users are deleted or anonymized after 14 months.
Target Group Formation With Google Analytics
We use Google Analytics so that ads inserted by advertising providers like Google and its partners are only shown to users who have previously indi-cated an interest in our online offer or who due to the websites visited show certain characteristics (e.g., an interest in certain topics or products) whom we then pass on to Google (so-called “remarketing“ or “Google Analytics audiences”). By using Google remarketing audiences, we aim to ensure that our ads meet the potential interests of users.
Google AdWords and Conversion Tracking
On the basis of our legitimate interests (i.e., an interest in the analysis, optimization of our online offer in the sense of Art. 6 Subsec. 1 lit. f. GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield Agreement which guarantees that European data protection law will be respected (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the online marketing system Google “AdWords” to place advertisements in the Google Advertising Network (e.g., in search results, videos, on webpages, etc.) for display to users who are presumed to have an interest in the subject. This makes it possible for us to show ads for and as part of our online offer and to present to users only ads of potential interest to them. The display of ads to the user of a product for which he or she has shown an interest on other website offers is called “remarketing”. For this purpose when our website, or others for which the Google Ad network is active, is visited, a Google code is implemented directly by Google and so-called remarketing tags (invisible graphics or code also known as web beacons) are deposited on the website. With their help, an individual cookie, a small file, is placed on the device of the user (instead of cookies, comparable technologies may also be used). This cookie notes which websites the user has visited previously, what contents was of interest and which offers the user has clicked on, furthermore technical information on the browser, the operating system, the website referred from, the time of access as well as information on the use of the online offer.
Furthermore, we receive an individual “conversion cookie”. Information ob-tained with the help of the cookie serve Google to prepare conversion sta-tistics for us. However, this allows us to merely learn the total number of anonymous users who have clicked on our ad and were transferred to a website with conversion tracking. We do not receive any information that allows is to identify a user by name.
User data are anonymously processed as part of the Google Advertising Network, i.e., Google stores and processes not the name or e-mail address of the user e.g., but the relevant cookie-provided data as part of an anon-ymous user profile. I.e., from the viewpoint of Google, the ads are managed and displayed not for a concretely identified user but for the cookie owner irrespective of who the owner of the cookie is. This does not apply when a user has explicitly permitted Google to process the data without anonymization. Information on users collected in this way are transferred to Google and stored on Google servers in the USA.
Further information on how Google uses the data and on available setting and objection options can be found in the Data Protection Statement of Google at https://policies.google.com/technologies/ads but also in the settings for the display of ad insertions by Google
Online Presence in the Social Media
We maintain an online presence in social networks and platforms to communicate with customers, prospects and users active there and to inform them of our services.
Please note that user data can also be processed outside the European Un-ion. This could lead to risks for users as it could impede the enforcement of user rights, e.g., With regard to US provider certified under Privacy Shield, we point out that the latter have undertaken to observe EU data protection standards.
Furthermore, user data are regularly processed for market research and advertising purposes. Thus, e.g., user profiles can be created out of user conduct and the interests displayed. These user profiles can in turn be utilized to show advertisements in- and outside of the platform which presumably meet the interests of the user. For this purpose, cookies are routinely stored on the computers of users which provide information on user conduct and of areas of interest to them. Furthermore, user profiles can also store data independent from the devices used by visitors (in particular when users are registered with the relevant platform and are logged in there).
The processing of personal user data is made on the basis of our legitimate interests in providing effective information to users and to communicate with them as per Art. 6 Subsec. 1 lit. f GDPR. When users are requested by the respective provider to consent to data processing (i.e., to declare their consent by checking a box or clicking on a button), the legal basis for processing is Art. 6 Subsec. 1 lit. a and Art. 7 GDPR.
For a detailed presentation of the various kinds of processing and the ob-jection options (Opt-Out), please refer to the data of suppliers linked be-low.
We point out that also in the case of enquiries or rights of use, these can be asserted most effectively vis-a-vis the provider. Only the providers have access to user data and are able to directly adopt the necessary measures and give out the requested information. If nevertheless you require any assistance, feel free to contact us.
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Data Protection Statement: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
- Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Data Protection Statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Data Protection Statement/ Opt-Out: http://instagram.com/about/legal/privacy/.
- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Data Protection Statement: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Data Protection Statement/ Opt-Out: https://about.pinterest.com/de/privacy-policy.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Data Protection Statement https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
- Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - Data Protection Statement/Opt-Out: https://privacy.xing.com/de/dataschutzerklaerung.
Integration of Third-Party Services and Contents
For our online offer, on the basis of our legitimate interests (i.e., an inter-est in the analysis, optimization and economical operation of our online offer in the sense of Art. 6 Subsec. 1 lit. f GDPR), we utilize the contents and service offers of third-party suppliers and integrate their contents and services as e.g., videos or fonts (hereafter collectively referred to as “con-tents”).
This supposes at all times that the third-party suppliers of the contents log the IP address of the user as they are unable to upload the contents to the browser without the user’s IP address. We endeavour to use only contents whose suppliers make use of IP addresses only to display their contents. Third-party suppliers may furthermore make use of so-called pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. These pixel tags allow analyzing information such as the traffic to the website. Anonymous information may furthermore be stored in cookies on the device of the user and may contain among other items technical information on the browser and operating system, the website referred from, the time of access and other data on the use of our online offer but may also be linked to such information from other sources.
We make use of videos of the “YouTube” platform offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Statement: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated
We integrate “Google Maps” from Google LLC, 1600 Amphitheatre Park-way, Mountain View, CA 94043, USA. The processed data may include in particular IP addresses and location data of users which, however, are not collected without their consent (generally through the settings of their mobile devices). The data may be processed in the USA. For their Data Protection Statement, see
https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.