Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online services”).

The terms used are not gender-specific.

As of November 14, 2019

Table of Contents

• Introduction
• Responsible
• Overview of processing activities
• Relevant legal bases
• Security measures
• Transmission and disclosure of personal data
• Data processing in third countries
• Use of cookies
• Commercial and business services
• Blogs and publication media
• Provision of the online service and web hosting
• Online marketing
• Presences in social networks
• Plugins and embedded functions as well as content
• Deletion of data
• Changes and updates to the privacy policy
• Definitions of terms

Responsible

René Tebbel,
Bahnhofstr. 33,
48488 Emsbüren

Email address : info@hengststation-tebbel.de

Telephone : 05903-9359372

Legal notice : http://www.rene-tebbel.de/impressum

Overview of processing activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of data processed

• Inventory data (e.g. names, addresses).

• Content data (e.g., text entries, photographs, videos).

• Contact details (e.g. email, phone numbers).

• Metadata/communication data (e.g., device information, IP addresses).

• Usage data (e.g. websites visited, interest in content, access times).

• Location data (data that indicates the location of an end user’s terminal device).

• Contract details (e.g. subject matter of the contract, term, customer category).

• Payment details (e.g. bank details, invoices, payment history).

Categories of affected persons

• Business and contractual partners.

• Interested parties.

• Communication partner.

• Users (e.g., website visitors, users of online services).

Purposes of processing

• Provision of our online services and user-friendliness.

• Visitor activity evaluation.

• Office and organizational procedures.

• Cross-device tracking (processing of user data across devices for marketing purposes).

• Direct marketing (e.g. via email or post).

• Feedback (e.g., collecting feedback via online form).

• Interest-based and behavioral marketing.

• Contact requests and communication.

• Conversion measurement (measuring the effectiveness of marketing measures).

• Profiling (creating user profiles).

• Remarketing.

• Audience measurement (e.g., access statistics, recognition of returning visitors).

• Security measures.

• Tracking (e.g., interest-/behavior-based profiling, use of cookies).

• Contractual services and support.

• Managing and responding to inquiries.

• Target group formation (determination of target groups relevant for marketing purposes or other output of content).

Relevant legal bases

Below, we explain the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the GDPR regulations, national data protection laws may apply in your or our country of residence or establishment.

• Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

• Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

• Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR) – The processing is necessary for compliance with a legal obligation to which the controller is subject.

• Protection of vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR) – The processing is necessary to protect the vital interests of the data subject or of another natural person.

• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany : In addition to the data protection regulations of the General Data Protection Regulation (GDPR), national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains specific provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment-related purposes (§ 26 BDSG), especially with regard to the establishment, execution, or termination of employment relationships and the consent of employees. State data protection laws of the individual federal states may also apply.

Security measures

In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

SSL encryption (https) : To protect the data you transmit via our online service, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.

Transmission and disclosure of personal data

As part of our processing of personal data, it may be necessary to transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, payment institutions involved in payment transactions, IT service providers, or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, bodies or companies, this will only be done in accordance with legal requirements.

Subject to explicit consent or where transfer is required by contract or law, we only process or have data processed in third countries with a recognized level of data protection, which includes US processors certified under the “Privacy Shield”, or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection rules (Articles 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit to an online service. The stored information may include, for example, language settings on a website, login status, a shopping cart, or the point at which a video was watched. We also include under the term “cookies” other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”).

The following cookie types and functions are distinguished:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their browser.

Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user revisits a website. Likewise, the interests of users, which are used for reach measurement or marketing purposes, can be stored in such a cookie.

First-party cookies: First-party cookies are set by us directly.

Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

Necessary (also: essential or strictly required) cookies: Cookies can, on the one hand, be strictly necessary for the operation of a website (e.g., to save logins or other user inputs, or for security reasons).

Statistics, marketing, and personalization cookies: Cookies are also regularly used in the context of reach measurement, and when the interests or behavior of a user (e.g., viewing certain content, using certain features, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that potentially matches their interests. This process is also referred to as “tracking,” i.e., tracing the potential interests of users. Where we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., in the commercially viable operation of our online service and its improvement), or, if the use of cookies is necessary to fulfill our contractual obligations.

General information on withdrawal and objection (opt-out): Depending on whether processing is based on consent or legal permission, you have the option at any time to withdraw a given consent or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection via your browser settings, e.g., by disabling the use of cookies (though this may also restrict the functionality of our online service). An objection to the use of cookies for online marketing purposes can also be declared through a number of services, particularly in the case of tracking, via the websites http://optout.aboutads.info and http://www.youronlinechoices.com/. In addition, you can obtain further opt-out information in the context of the details provided about the service providers and cookies used.

Processing of cookie data on the basis of consent: Before we process or have data processed in connection with the use of cookies, we ask users for consent that can be revoked at any time. Until consent has been given, only cookies that are necessary for the operation of our online service will be used. Their use is based on our interest and the interest of users in the expected functionality of our online service.

Types of data processed: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data subjects: Users (e.g., website visitors, users of online services).

Legal bases: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Commercial and Business Services

We process data of our contractual and business partners, e.g., customers and prospective customers (collectively referred to as “contractual partners”), in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractually), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations, to protect our rights, and for the purposes of the administrative tasks associated with this information as well as for business organization. We only disclose the data of contractual partners to third parties within the scope of applicable law insofar as this is necessary for the aforementioned purposes, for the fulfillment of legal obligations, or with the consent of the contractual partners (e.g., to involved telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within the scope of this privacy policy.

We inform contractual partners of which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, by means of special markings (e.g., colors) or symbols (e.g., asterisks), or in person.

We delete the data after the expiry of statutory warranty periods and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes, generally 10 years). Data disclosed to us by the contractual partner within the scope of an order is deleted in accordance with the specifications of the order, generally after the end of the order.

Where we use third-party providers or platforms to deliver our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply to the relationship between users and providers.

Further information on commercial services: We process the data of our customers and clients (hereinafter collectively referred to as “customers”) to enable them to select, purchase, or commission the chosen services or works and associated activities, as well as their payment and delivery, execution, or provision.

The required information is identified as such in the context of order, purchase, or comparable contract conclusion and includes the information needed for service delivery and billing, as well as contact information so that any follow-up queries can be addressed.

Types of data processed: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, telephone numbers), contract data (e.g., subject matter of contract, duration, customer category).

Data subjects: Prospective customers, business and contractual partners.

Purposes of processing: Contractual services and support, contact requests and communication, office and organizational procedures, administration and responding to inquiries.

Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legal obligation (Art. 6(1)(c) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Reader data is processed for the purposes of the publication medium only to the extent necessary for its display and for communication between authors and readers, or for security reasons. Beyond this, we refer to the information on the processing of visitors to our publication medium within the scope of this privacy notice.

Comments and posts: When users leave comments or other posts, their IP addresses may be stored on the basis of our legitimate interests. This is done for our security, in case someone posts unlawful content in comments or posts (insults, prohibited political propaganda, etc.). In such a case, we ourselves could be held liable for the comment or post and are therefore interested in the identity of the author.

Furthermore, we reserve the right to process users’ data for spam detection purposes on the basis of our legitimate interests.

On the same legal basis, we reserve the right to store users’ IP addresses for the duration of surveys and to use cookies to prevent multiple votes.

The personal information communicated in comments and posts, any contact details and website information, as well as the content itself, are stored by us permanently until objected to by the users.

Retrieval of WordPress emojis and smilies: Within our WordPress blog, graphic emojis (or smilies), i.e., small graphic files expressing emotions, are used for the purpose of efficiently embedding content elements, sourced from external servers. The providers of these servers collect the IP addresses of users. This is necessary so that the emoji files can be transmitted to the users’ browsers.

Profile images from Gravatar: We use the Gravatar service within our online service, and in particular within the blog.

Gravatar is a service where users can register and deposit profile images and their email addresses. When users leave posts or comments on other online presences (particularly in blogs) using the respective email address, their profile images can be displayed alongside the posts or comments. For this purpose, the email address communicated by the user is transmitted to Gravatar in encrypted form to check whether a profile is stored for it. This is the sole purpose of transmitting the email address. It is not used for any other purposes and is deleted thereafter.

The use of Gravatar is based on our legitimate interests, as Gravatar allows us to offer contributors and comment authors the option of personalizing their posts with a profile image.

By displaying the images, Gravatar learns the IP address of users, as this is necessary for communication between a browser and an online service.

If users do not wish for a user image linked to their email address on Gravatar to appear in comments, they should use an email address that is not registered with Gravatar when commenting. We also point out that it is possible to use an anonymous or no email address at all if users do not wish their email address to be sent to Gravatar. Users can prevent data transmission entirely by not using our comment system.

Types of data processed: Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), content data (e.g., text inputs, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses), contract data (e.g., subject matter of contract, duration, customer category).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: Contractual services and support, feedback (e.g., collecting feedback via online forms), security measures, administration and responding to inquiries, provision of our online service and user-friendliness.

Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR), Consent (Art. 6(1)(a) GDPR), Protection of vital interests (Art. 6(1)(d) GDPR).

Services and service providers used:

Retrieval of WordPress emojis and smilies: Service provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Website: https://automattic.com; Privacy policy: https://automattic.com/privacy.

Profile images from Gravatar: Service provider: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; Website: https://automattic.com; Privacy policy: https://automattic.com/privacy.

UpdraftPlus: Backup software and backup storage; Service provider: Simba Hosting Ltd., 11, Barringer Way, St. Neots, Cambs., PE19 1LW, GB; Website: https://updraftplus.com/.

Wordfence: Firewall and security as well as error detection functions; Service provider: Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA; Website: https://www.wordfence.com; Privacy policy: https://www.wordfence.com/privacy-policy/; Standard contractual clauses (ensuring data protection level for processing in third countries): https://www.wordfence.com/gdpr/dpa.pdf.

Provision of the Online Service and Web Hosting

In order to provide our online service securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online service can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed in connection with the provision of the hosting service may include all information relating to users of our online service that arises in the course of use and communication. This regularly includes the IP address, which is necessary to deliver the content of online services to browsers, and all entries made within our online service or on websites.

Email sending and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders as well as further information concerning the email dispatch (e.g., the providers involved) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not sent in encrypted form over the internet. While emails are typically encrypted during transmission, they are not encrypted on the servers from which they are sent and received (unless a so-called end-to-end encryption method is used). We therefore cannot accept responsibility for the transmission path of emails between the sender and receipt on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the accessed websites and files, date and time of access, data volumes transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and generally IP addresses and the requesting provider.

Server log files may be used on the one hand for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure server utilization and stability.

Types of data processed: Content data (e.g., text inputs, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data subjects: Users (e.g., website visitors, users of online services).

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Online Marketing

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar methods are used to store information relevant to the display of the aforementioned content about the user. This information may include, for example, content viewed, websites visited, online networks used, as well as communication partners and technical details such as the browser used, the computer system used, and information about usage times. Where users have consented to the collection of their location data, this may also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, within the online marketing process, no clear data of users (such as email addresses or names) is stored, but pseudonyms. That is, neither we nor the providers of online marketing procedures know the actual identity of users, only the information stored in their profiles.

The information in the profiles is generally stored in cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content, supplemented with further data, and stored on the server of the online marketing procedure provider.

Exceptionally, clear data may be assigned to profiles. This is the case, for example, when users are members of a social network whose online marketing procedure we use and the network links the profiles of users with the aforementioned information. We ask you to note that users may enter into additional agreements with providers, e.g., through consent during registration.

We generally only receive access to aggregated information about the success of our advertisements. However, within the context of so-called conversion measurements, we can check which of our online marketing methods has led to a so-called conversion, i.e., for example, to entering into a contract with us. Conversion measurement is used solely to analyze the success of our marketing activities.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Notes on legal bases: Where we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Facebook Pixel: With the help of the Facebook Pixel, it is possible for Facebook to determine visitors to our online service as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to display Facebook Ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called “Audience Network” https://www.facebook.com/audiencenetwork/) who have also shown an interest in our online service or who exhibit certain characteristics (e.g., interest in certain topics or products, as evidenced by the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of users and do not appear intrusive. With the help of the Facebook Pixel, we can further track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion measurement”).

Types of data processed: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses), location data (data indicating the location of a user’s end device).

Data subjects: Users (e.g., website visitors, users of online services), prospective customers.

Purposes of processing: Tracking (e.g., interest/behavior-based profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavior-based marketing, profiling (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g., access statistics, recognition of returning visitors), target group creation (identification of target groups relevant for marketing purposes or other output of content), cross-device tracking (cross-device processing of user data for marketing purposes).

Security measures: IP masking (pseudonymization of the IP address).

Legal bases: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Opt-out options: We refer to the privacy notices of the respective providers and the opt-out options indicated for the providers. If no explicit opt-out option has been specified, one option is to disable cookies in your browser settings. However, this may restrict the functionality of our online service. We therefore additionally recommend the following opt-out options, which are offered collectively for their respective regions:

a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-regional: http://optout.aboutads.info.

Services and service providers used:

Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online service). The Tag Manager itself (which implements the tags) does not process any personal data of users. With regard to the processing of users’ personal data, reference is made to the following information on Google services. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Google Analytics: Online marketing and web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, Settings for ad display: https://adssettings.google.com/authenticated.

Google Ads and Conversion Measurement: We use the online marketing procedure “Google Ads” to place advertisements in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the advertisements. We also measure the conversion of the advertisements. However, we only learn the anonymous total number of users who clicked on our advertisement and were redirected to a page marked with a so-called “conversion tracking tag.” We ourselves receive no information that would allow users to be identified. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Google Ad Manager: We use the “Google Marketing Platform” (and services such as “Google Ad Manager”) to place advertisements in the Google advertising network (e.g., in search results, in videos, on websites, etc.). The Google Marketing Platform is characterized by advertisements being displayed in real time based on users’ presumed interests. This allows us to display advertisements for and within our online service in a more targeted manner, in order to present users only with advertisements that potentially match their interests. If a user is shown advertisements for products in which they have expressed interest on other online services, this is referred to as “remarketing.” Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Facebook Pixel: Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out: https://www.facebook.com/settings?tab=ads.

Presence on Social Networks

We maintain online presences within social networks in order to communicate with users active there or to offer information about ourselves.

We point out that user data may be processed outside the area of the European Union in this context. This may give rise to risks for users, for example because the enforcement of users’ rights may be more difficult. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of an adequate level of data protection, we note that they thereby commit to complying with EU data protection standards.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage behavior and the resulting interests of users. These usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of users. For these purposes, cookies are generally stored on users’ devices, in which the usage behavior and interests of users are stored. Furthermore, data may also be stored in the usage profiles independently of the devices used by users (particularly if users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective forms of processing and opt-out options, we refer to the privacy policies and information of the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can most effectively be asserted with the providers. Only the providers have access to users’ data and can take appropriate measures and provide information directly. If you nevertheless need assistance, please contact us.

Types of data processed: Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), content data (e.g., text inputs, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: Contact requests and communication, tracking (e.g., interest/behavior-based profiling, use of cookies), remarketing, reach measurement (e.g., access statistics, recognition of returning visitors).

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Services and service providers used:

Instagram: Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy policy: http://instagram.com/about/legal/privacy.

Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out – settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional data protection notes: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy notices for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Pinterest: Social network; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; Website: https://www.pinterest.com; Privacy policy: https://about.pinterest.com/de/privacy-policy; Opt-out: https://about.pinterest.com/de/privacy-policy.

Twitter: Social network; Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy policy: https://twitter.com/de/privacy, (Settings) https://twitter.com/personalization; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

YouTube: Social network; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: https://adssettings.google.com/authenticated.

Xing: Social network; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online service that are sourced from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or social media buttons and posts (hereinafter collectively referred to as “content”).

The integration always requires that the third-party providers of this content process the IP addresses of users, since without the IP address they would be unable to send the content to the users’ browsers. The IP address is therefore required for the display of this content or functionality. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on users’ devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit times, and further details about the use of our online service, and may also be linked with such information from other sources.

Notes on legal bases: Where we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Types of data processed: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses), contact data (e.g., email, telephone numbers), content data (e.g., text inputs, photographs, videos), inventory data (e.g., names, addresses).

Data subjects: Users (e.g., website visitors, users of online services), communication partners.

Purposes of processing: Provision of our online service and user-friendliness, contractual services and support, contact requests and communication, direct marketing (e.g., by email or post), tracking (e.g., interest/behavior-based profiling, use of cookies), interest-based and behavior-based marketing, profiling (creating user profiles), security measures, administration and responding to inquiries.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR), Consent (Art. 6(1)(a) GDPR), Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Services and service providers used:

Facebook Social Plugins: Facebook Social Plugins – These may include, for example, content such as images, videos, or texts and buttons allowing users to share content from this online service within Facebook. The list and appearance of Facebook Social Plugins can be viewed at: https://developers.facebook.com/docs/plugins/; Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out – settings for advertisements: https://www.facebook.com/settings?tab=ads.

Google Fonts: We integrate fonts (“Google Fonts”) provided by Google, whereby users’ data is used solely for the purpose of displaying the fonts in users’ browsers. The integration is carried out on the basis of our legitimate interests in a technically secure, maintenance-free, and efficient use of fonts, their uniform display, and taking into account possible licensing restrictions for their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active.

Google Maps: We integrate maps from the “Google Maps” service provided by Google. The data processed may include in particular users’ IP addresses and location data, which, however, are not collected without their consent (generally obtained through the settings of their mobile devices). Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://maps.google.de; Privacy policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active; Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, Settings for ad display: https://adssettings.google.com/authenticated.

Instagram Plugins and Buttons: Instagram plugins and buttons – These may include, for example, content such as images, videos, or texts and buttons allowing users to share content from this online service within Instagram. Service provider: https://www.instagram.com, Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy policy: http://instagram.com/about/legal/privacy.

YouTube: Videos; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, Settings for ad display: https://adssettings.google.com/authenticated.

Deletion of Data

The data processed by us is deleted in accordance with the statutory provisions as soon as consents permitting its processing are revoked or other permissions cease to apply (e.g., when the purpose for processing that data has ceased or it is no longer necessary for that purpose).

Where data is not deleted because it is required for other legally permissible purposes, its processing is restricted to those purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Further information on the deletion of personal data may also be provided within the individual data protection notices of this privacy policy.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We update the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as changes require an action on your part (e.g., consent) or individual notification.

Definitions

In this section, you will find an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The statutory definitions are binding. The following explanations are intended primarily to aid understanding. The terms are sorted alphabetically.

Visit action evaluation: “Visit action evaluation” (English: “conversion tracking”) refers to a method by which the effectiveness of marketing measures can be determined. For this purpose, a cookie is generally stored on the devices of users within the websites on which the marketing measures are carried out and then retrieved again on the target website. We can thus determine, for example, whether the advertisements we have placed on other websites were successful.

Cross-device tracking: Cross-device tracking is a form of tracking in which behavioral and interest information of users is recorded across devices in so-called profiles by assigning users an online identifier. This allows user information to be analyzed regardless of the browsers or devices used (e.g., mobile phones or desktop computers), generally for marketing purposes. The online identifier is in most cases not linked to clear data such as names, postal addresses, or email addresses.

IP masking: “IP masking” refers to a method by which the last octet, i.e., the last two digits of an IP address, are deleted so that the IP address can no longer serve to uniquely identify a person. IP masking is therefore a means of pseudonymizing processing procedures, particularly in online marketing.

Interest-based and behavior-based marketing: Interest-based and/or behavior-based marketing refers to when the potential interests of users in advertisements and other content are determined as precisely as possible. This is done based on information about their previous behavior (e.g., visiting certain websites and spending time on them, purchasing behavior, or interaction with other users), which is stored in a so-called profile. Cookies are generally used for these purposes.

Conversion measurement: Conversion measurement is a method by which the effectiveness of marketing measures can be determined. For this purpose, a cookie is generally stored on the devices of users within the websites on which the marketing measures take place and then retrieved again on the target website. We can thus determine, for example, whether the advertisements we have placed on other websites were successful.

Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Profiling: “Profiling” refers to any form of automated processing of personal data consisting of the use of that personal data to evaluate certain personal aspects relating to a natural person (depending on the type of profiling, this includes information concerning age, gender, location data and movement data, interaction with websites and their content, purchasing behavior, social interactions with other people) to analyze, assess, or predict them (e.g., interests in certain content or products, click behavior on a website, or whereabouts). Cookies and web beacons are frequently used for profiling purposes.

Reach measurement: Reach measurement (also referred to as web analytics) serves to evaluate the flow of visitors to an online service and can encompass the behavior or interests of visitors in certain information, such as the content of websites. Using reach analysis, website operators can, for example, recognize at what time visitors access their website and what content they are interested in. This allows them, for example, to better adapt the content of the website to the needs of their visitors. Pseudonymous cookies and web beacons are frequently used for reach analysis purposes in order to recognize returning visitors and thus obtain more precise analyses of the use of an online service.

Remarketing: “Remarketing” or “retargeting” refers to, for example, noting for advertising purposes which products a user has shown interest in on a website, in order to remind the user of those products on other websites, e.g., in advertisements.

Tracking: “Tracking” refers to when the behavior of users can be traced across multiple online services. Behavioral and interest information is generally stored in cookies or on the servers of the providers of tracking technologies in relation to the online services used (so-called profiling). This information can subsequently be used, for example, to display advertisements to users that are likely to correspond to their interests.

Controller: “Controller” refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processing: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data, whether collecting, evaluating, storing, transmitting, or deleting.

Target group creation: Target group creation (or “Custom Audiences”) refers to the process of defining target groups for advertising purposes, such as displaying advertisements. For example, based on a user’s interest in certain products or topics online, it can be inferred that this user is interested in advertisements for similar products or the online shop where they viewed the products. “Lookalike Audiences” (or similar target groups) are created when content deemed suitable is displayed to users whose profiles or interests are likely to match those of the users for whom the profiles were created. Cookies and web beacons are typically used to create Custom Audiences and Lookalike Audiences.

Created with the free data privacy generator Datenschutz-Generator.de by Dr. Thomas Schwenke