Privacy policy
Introduction
With the following data protection declaration we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) which we process, for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter also referred to collectively as “online offer”).
The terms used are not gender-specific.
Status: 24. October 2020
Summary of contents
- Introduction
- Responsible
- Overview of Processing
- Legal Bases
- Security Measures
- Transfer of Personal Data
- International Data Transfers
- General Information on Data Storage and Deletion
- Rights of Data Subjects
- Business Services
- Payment Procedures
- Provision of the Online Offering and Web Hosting
- Use of Cookies
- Blogs and Publication Media
- Newsletters and Electronic Notifications
- Advertising Communication via Email, Post, Fax or Telephone
- Competitions and Giveaways
- Social Media Presenes
- Plugins and Embedded Functions and Content
- Management, Organization and Support Tools
- Changes and Updates
- Definition
Responsible
Tanja Gauer
Hücheler Ring 57
53773 Hennef
Germany
e-mail address: tanja@tanjagauer.com
Imprint: https://tanjagauer.com/de/legaldetails/
Overview of Processing
The following overview summarizes the types of data processed, the purposes of processing and the categories of data subjects.
Types of data processed
• Inventory data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication and procedural data
• Event data (Facebook)
• Log data
Special Categories of Data
• Health Data
Categories of data subjects
• Service recipients and clients
• Prospective customers
• Communication partners
• Users
• Contest and competition participants
• Business and contractual partners
Purposes of processing
• Provision of contractual services and fulfillment of contractual obligations
• Communication
• Security measures
• Direct marketing
• Reach measurement
• Tracking
• Office and organizational procedures
• Target group formation
• Administrative and management procedures
• Conducting contests and competitions
• Feedback
• Marketing
• Profiles with user-related information
• Provision of our online offering and user-friendliness
• Information technology infrastructure
• Public relations
• Sales promotion
• Business processes and economic procedures
Legal Bases
Relevant legal bases under the General Data Protection Regulation (GDPR):
Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the Privacy Policy.
- Consent (Art. 6(1) sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data concerning them for one or more specific purposes.
- Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR) –
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. - Legal obligation (Art. 6(1) sentence 1 lit. c GDPR) –
Processing is necessary for compliance with a legal obligation to which the responsible party is subject. - Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) –
Processing is necessary for the purposes of the legitimate interests pursued by the responsible party or by a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require the protection of personal data, do not override those interests.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transfer as well as automated decision-making in individual cases, including profiling. Furthermore, the data protection laws of the individual federal states may apply.
Security measures
In accordance with the statutory requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances and purposes of processing, as well as the different likelihoods of occurrence and the extent of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access related to the data itself, its entry, disclosure, securing of availability and separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to threats to data security. In addition, we take the protection of personal data into account already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by data protection-friendly default settings.
Securing Online Connections Using TLS/SSL Encryption Technology (HTTPS)): In order to protect the data of users transmitted via our online services against unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access.
TLS, as the further developed and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and in encrypted form.
Transfer of Personal Data
In order to protect the data of users transmitted via our online services against unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access.
TLS, as the further developed and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and in encrypted form.
International Data Transfers
Data processing in third countries:
If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or the disclosure or transfer of data to other persons, bodies or companies (which becomes apparent based on the postal address of the respective provider or if the Privacy Policy explicitly refers to the transfer of data to third countries), this is always done in compliance with the statutory requirements.
For data transfers to the United States, we primarily rely on the Data Privacy Framework (DPF), which has been recognized as a secure legal framework by an adequacy decision of the European Commission dated 10 July 2023. In addition, we have concluded Standard Contractual Clauses with the respective providers that comply with the requirements of the European Commission and establish contractual obligations to protect your data.
This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the Standard Contractual Clauses serve as an additional layer of security. Should changes occur within the framework of the DPF, the Standard Contractual Clauses will take effect as a reliable fallback option. In this way, we ensure that your data remains adequately protected at all times, even in the event of political or legal changes.
For the individual service providers, we inform you whether they are certified under the DPF and whether Standard Contractual Clauses are in place. Further information about the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English).
For data transfers to other third countries, appropriate safeguards apply, in particular Standard Contractual Clauses, explicit consent or legally required transfers. Information on transfers to third countries and existing adequacy decisions can be found in the information provided by the European Commission:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
General Information on Data Storage and Deletion
General Information on Data Storage and Deletion
We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are withdrawn or no further legal bases for the processing exist. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist where statutory obligations or special interests require longer storage or archiving of the data.
In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal enforcement or for the protection of the rights of other natural or legal persons must be archived accordingly.
Our privacy notices contain additional information on the retention and deletion of data that applies specifically to certain processing operations.
Where multiple retention periods or deletion deadlines are specified for a data record, the longest period shall always apply. Data that is no longer retained for the originally intended purpose but due to statutory requirements or other reasons is processed exclusively for the reasons that justify its retention.
Retention and Deletion of Data
The following general retention and archiving periods apply under German law:
10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the work instructions and other organizational documents required for their understanding
(§ 147(1) no. 1 in conjunction with (3) AO, § 14b(1) UStG, § 257(1) no. 1 in conjunction with (4) HGB).
8 years – Accounting documents, such as invoices and cost receipts
(§ 147(1) nos. 4 and 4a in conjunction with (3) sentence 1 AO as well as § 257(1) no. 4 in conjunction with (4) HGB).
6 years – Other business documents: received commercial or business correspondence, reproductions of sent commercial or business correspondence, other documents insofar as they are relevant for taxation, e.g. hourly wage slips, operating accounting sheets, calculation documents, price markings, as well as payroll documents insofar as they are not already accounting documents, and cash register strips
(§ 147(1) nos. 2, 3, 5 in conjunction with (3) AO, § 257(1) nos. 2 and 3 in conjunction with (4) HGB).
3 years – Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and customary industry practices, is stored for the duration of the regular statutory limitation period of three years
(§§ 195, 199 BGB).
Rights of Data Subjects
Rights of Data Subjects under the GDPR
As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
Right to object:
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Right to withdraw consent:
You have the right to withdraw any consent you have given at any time.
Right of access:
You have the right to request confirmation as to whether personal data concerning you is being processed, and to obtain information about this data as well as further information and a copy of the data in accordance with the statutory provisions.
Right to rectification:
In accordance with the statutory provisions, you have the right to request the completion of personal data concerning you or the correction of inaccurate personal data concerning you.
Right to erasure and restriction of processing:
In accordance with the statutory provisions, you have the right to request that personal data concerning you be deleted without undue delay, or alternatively to request restriction of the processing of the data in accordance with the statutory provisions.
Right to data portability:
You have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the statutory provisions, or to request that such data be transmitted to another responsible party.
Right to lodge a complaint with a supervisory authority:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the provisions of the GDPR.
Business Services
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships as well as associated measures and with regard to communication with the contractual partners (or pre-contractually), for example in order to respond to inquiries.
We use this data in order to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any update obligations, and remedies in the event of warranty and other service disruptions. In addition, we use the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations as well as the organization of our company.
Furthermore, we process the data on the basis of our legitimate interests both in proper and economically sound business management and in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties insofar as this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, such as for marketing purposes, within the scope of this Privacy Policy.
Which data is required for the aforementioned purposes is communicated to the contractual partners before or within the scope of data collection, e.g. in online forms, by means of special labeling (e.g. colors) or symbols (e.g. asterisks or similar), or personally.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be retained for statutory archiving reasons (for example, for tax purposes generally ten years). Data disclosed to us by the contractual partner within the scope of an order is deleted in accordance with the specifications and generally after the end of the order.
Processed Data Types
Inventory data (e.g. full name, residential address, contact information, customer number, etc.);
Payment data (e.g. bank details, invoices, payment history);
Contact data (e.g. postal and email addresses or telephone numbers);
Contract data (e.g. subject matter of the contract, term, customer category);
Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions);
Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons).
Special Categories of Personal Data
Health data.
Data Subjects
Service recipients and clients; interested parties; business and contractual partners.
Purposes of Processing
Provision of contractual services and fulfillment of contractual obligations;
Security measures;
Communication;
Office and organizational procedures;
Organizational and administrative procedures;
Business processes and economic procedures.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Legal Bases
Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR);
Legal obligation (Art. 6(1) sentence 1 lit. c GDPR);
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Further Information on Processing Operations, Procedures and ServicesOnline Shop, Order Forms, E-Commerce and Fulfillment of Services
We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and provision, delivery or execution. If required for the execution of an order, we use service providers, in particular postal, freight and shipping companies, in order to carry out the delivery or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers.
The required information is marked as such within the scope of the order or comparable purchase process and includes the information required for delivery or provision and billing as well as contact information in order to be able to make inquiries if necessary; legal basis: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
Therapeutic Services
We process the data of our clients as well as interested parties and other clients or contractual partners (collectively referred to as “clients”) in order to be able to provide our services to them. The processed data, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and client relationship.
Within the scope of our activities, we may also process special categories of data, in particular information relating to the health of clients, possibly with reference to their sexual life or sexual orientation, as well as data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. For this purpose, we obtain the explicit consent of clients where required and otherwise process the special categories of data insofar as this serves the health of the clients, the data has been made public or other legal permissions apply.
If necessary for the fulfillment of our contract, for the protection of vital interests or if legally required, or if the consent of the clients has been obtained, we disclose or transfer client data to third parties or agents in compliance with professional regulations, such as authorities, medical institutions, laboratories, billing agencies as well as providers in the field of IT, office or comparable services; legal basis: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
Payment Procedures
Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and, for this purpose, use additional service providers alongside banks and credit institutions (collectively referred to as “payment service providers”). Payment transactions are carried out exclusively via encrypted connections in accordance with the state of the art, so that the data entered is protected against unauthorized access during transmission.
The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract-related, amount-related and recipient-related information. This information is required in order to carry out the transactions. However, the data entered is processed and stored exclusively by the payment service providers. This means that we do not receive any account- or credit-card-related information, but only information confirming or rejecting the payment.
Under certain circumstances, the payment service providers may transmit data to credit agencies. This transmission serves the purpose of identity and creditworthiness checks. In this regard, we refer to the terms and conditions and privacy notices of the payment service providers.
For payment transactions, the terms and conditions and privacy notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and for the assertion of rights of withdrawal, information and other data subject rights.
Processed Data Types
Inventory data (e.g. full name, residential address, contact information, customer number, etc.);
Payment data (e.g. bank details, invoices, payment history);
Contract data (e.g. subject matter of the contract, term, customer category);
Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions);
Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons).
Data Subjects
Service recipients and clients; business and contractual partners; interested parties.
Purposes of Processing
Provision of contractual services and fulfillment of contractual obligations;
Business processes and economic procedures.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Legal Bases
Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR);
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Further Information on Processing Operations, Procedures and Services
PayPal
Payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree);
Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg;
Legal basis: performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR);
Website: https://www.paypal.com/de;
Privacy Policy: https://www.paypal.com/de/legalhub/paypal/privacy-full.
Provision of the Online Offering and Web Hosting
We process the data of users in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary in order to transmit the content and functions of our online services to the user’s browser or device.
Processed Data Types
Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions);
Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons);
Log data (e.g. log files relating to logins or the retrieval of data or access times);
Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as details on authorship or time of creation).
Data Subjects
Users (e.g. website visitors, users of online services).
Purposes of Processing
Provision of our online offering and user-friendliness;
Information technology infrastructure (operation and provision of information systems and technical devices such as computers and servers);
Security measures.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Legal Bases
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Further Information on Processing Operations, Procedures and Services
Provision of the Online Offering on Rented Storage Space
For the provision of our online offering, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a “web host”);
legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Collection of Access Data and Log Files
Access to our online offering is logged in the form of so-called “server log files”. The server log files may include the address and name of the accessed websites and files, date and time of access, amounts of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider.
The server log files may be used, on the one hand, for security purposes, e.g. to avoid server overload (in particular in the case of abusive attacks, so-called DDoS attacks), and, on the other hand, to ensure server utilization and stability;
legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Deletion of data:
Log file information is stored for a maximum period of 30 days and is then deleted or anonymized. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
Hetzner
Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacities);
Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany;
Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);
Website: https://www.hetzner.com;
Privacy Policy: https://www.hetzner.com/de/rechtliches/datenschutz;
Data processing agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.
WordPress.com
Hosting and software for the creation, provision and operation of websites, blogs and other online offerings;
Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland;
Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);
Website: https://wordpress.com;
Privacy Policy: https://automattic.com/de/privacy/;
Data processing agreement: https://wordpress.com/support/data-processing-agreements/;
Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider).
Use of Cookies
The term “cookies” refers to functions that store information on users’ devices and read information from them. Cookies can also be used in connection with different purposes, such as for the functionality, security and convenience of online offerings, as well as for creating analyses of visitor flows.
We use cookies in accordance with statutory provisions. Where required, we obtain the prior consent of users. If consent is not required, we rely on our legitimate interests. This applies if the storage and reading of information is essential in order to provide content and functions expressly requested by users. This includes, for example, the storage of settings as well as ensuring the functionality and security of our online offering. Consent can be withdrawn at any time. We clearly inform users about its scope and which cookies are used.
Notes on Data Protection Legal Bases
Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.
Storage Duration
With regard to storage duration, the following types of cookies are distinguished:
Temporary cookies (also: session cookies):
Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g. browser or mobile application).
Permanent cookies:
Permanent cookies remain stored even after the device has been closed. For example, the login status can be stored and preferred content can be displayed directly when the user visits a website again. Likewise, usage data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information on the type and storage duration of cookies (e.g. as part of obtaining consent), users should assume that these are permanent and that the storage duration may be up to two years.
General Notes on Withdrawal and Objection (Opt-Out)
Users can withdraw their consent at any time and may also object to processing in accordance with statutory provisions, including via the privacy settings of their browser.
Processed Data Types
Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons).
Data Subjects
Users (e.g. website visitors, users of online services).
Legal Bases
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);
Consent (Art. 6(1) sentence 1 lit. a GDPR).
Further Information on Processing Operations, Procedures and Services
Processing of Cookie Data on the Basis of Consent
We use a consent management solution by means of which users’ consent to the use of cookies or to the procedures and providers named within the consent management solution is obtained. This procedure serves to obtain, log, manage and withdraw consent, in particular with regard to the use of cookies and comparable technologies used to store, read and process information on users’ devices.
Within the scope of this procedure, users’ consent is obtained for the use of cookies and the associated processing of information, including the specific processing operations and providers named in the consent management procedure. Users also have the option to manage and withdraw their consent. The consent declarations are stored in order to avoid a renewed request and to be able to provide proof of consent in accordance with statutory requirements.
Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information on the providers of consent management services is available, the following general information applies: the duration of storage of consent is up to two years. In this process, a pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. affected categories of cookies and/or service providers) as well as information about the browser, system and device used;
legal basis: consent (Art. 6(1) sentence 1 lit. a GDPR).
Blogs and Publication Media
We use blogs or comparable means of online communication and publication (hereinafter referred to as “publication medium”). The data of readers is processed for the purposes of the publication medium only insofar as this is necessary for its presentation and the communication between authors and readers or for reasons of security. Otherwise, we refer to the information on the processing of visitors to our publication medium within the scope of these privacy notices.
Processed Data Types
Inventory data (e.g. full name, residential address, contact information, customer number, etc.);
Contact data (e.g. postal and email addresses or telephone numbers);
Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as details on authorship or time of creation);
Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions);
Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons).
Data Subjects
Users (e.g. website visitors, users of online services).
Purposes of Processing
Feedback (e.g. collection of feedback via online form);
Provision of our online offering and user-friendliness;
Security measures.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Legal Bases
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Further Information on Processing Operations, Procedures and Services
UpdraftPlus
Backup software and backup storage;
Service provider: Simba Hosting Ltd., 11 Barringer Way, St. Neots, Cambs., PE19 1LW, United Kingdom;
Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);
Website: https://updraftplus.com/;
Privacy Policy: https://updraftplus.com/data-protection-and-privacy-centre/.
Newsletter and Electronic Notifications
We process personal data of participants in games and competitions only in compliance with the relevant data protection regulations, insofar as the processing is contractually necessary for the provision, implementation and handling of the game, the participants have consented to the processing or the processing serves our legitimate interests (e.g. the processing of personal data is not necessary for the provision, implementation and handling of the game, the participants have consented to the processing or the processing serves our legitimate interests). e.g. the security of the competition or the protection of our interests against misuse by possible recording of IP addresses when submitting competition entries).
If contributions of the participants are published within the scope of the lottery (e.g. within the scope of a vote or presentation of the lottery contributions or the winners or the reporting on the lottery), we point out that the names of the participants can also be published in this context. The participants can object to this at any time.
If the competition takes place within an online platform or a social network (e.g. Facebook or Instagram, hereinafter referred to as “online platform”), the terms of use and data protection regulations of the respective platforms apply additionally. In these cases, we would like to point out that we are responsible for the information provided by the participants in the course of the competition and that any enquiries regarding the competition should be addressed to us.
The participants’ data will be deleted as soon as the competition or contest is finished and the data is no longer required to inform the winners or because further inquiries about the competition can be expected. In principle, the participants’ data will be deleted at the latest 6 months after the end of the competition. Winners’ data may be retained for longer, e.g. in order to be able to answer We send newsletters, emails and other electronic notifications (hereinafter referred to as “newsletters”) exclusively with the consent of the recipients or on the basis of a statutory permission. If the contents of the newsletter are specified when registering for the newsletter, these contents are decisive for the consent of users. For registration for our newsletter, it is usually sufficient to provide your email address. However, in order to be able to offer you a personalized service, we may ask you to provide your name for personal address in the newsletter or further information if this is necessary for the purpose of the newsletter.
Deletion and Restriction of Processing
We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a potential defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocking list (so-called “blocklist”).
The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of providing proof of its proper execution. If we commission a service provider with the sending of emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.
Contents
Information about us, our services, promotions and offers.
Processed Data Types
Inventory data (e.g. full name, residential address, contact information, customer number, etc.);
Contact data (e.g. postal and email addresses or telephone numbers);
Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons);
Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
Data Subjects
Communication partners;
Users (e.g. website visitors, users of online services).
Purposes of Processing
Direct marketing (e.g. via email or postal mail);
Provision of contractual services and fulfillment of contractual obligations.
Legal Bases
Consent (Art. 6(1) sentence 1 lit. a GDPR);
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Right to Object (Opt-Out)
You may cancel receipt of our newsletter at any time, i.e. withdraw your consent or object to further receipt. A link to cancel the newsletter can be found either at the end of each newsletter or you may otherwise use one of the contact options listed above, preferably email.
Further Information on Processing Operations, Procedures and Services
Requirement for the Use of Free Services
Consent to receive mailings may be made a condition for the use of free services (e.g. access to certain content or participation in certain promotions). If users wish to make use of the free service without subscribing to the newsletter, we ask that they contact us.
Delivery via SMS
Electronic notifications may also be sent as SMS text messages (or are sent exclusively via SMS if the authorization to send, e.g. consent, only covers delivery via SMS);
legal basis: consent (Art. 6(1) sentence 1 lit. a GDPR).
Mailchimp
Email marketing, automation of marketing processes, collection, storage and management of contact data, measurement of campaign performance, recording and analysis of recipient interaction with content, personalization of content;
Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA;
Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);
Website: https://mailchimp.com;
Privacy Policy: https://mailchimp.com/legal/;
Data processing agreement: https://mailchimp.com/legal/;
Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider);
Further information: Special security measures: https://mailchimp.com/de/help/mailchimp-european-data-transfers/.questions about the prizes or to fulfil the prize services; in this case the retention period depends on the type of prize and is up to three years in the case of items or services, for example, in order to be able to process warranty claims. Furthermore, the participants’ data may be stored for longer, e.g. in the form of reports on the competition in online and offline media.
- Processed data types: Inventory data (e.g. names, addresses), content data (e.g. entries in online forms).
- Affected persons: Lottery and competition participants.
- Conducting competitions and prize draws.
- Legal basis: Fulfilment of contract and pre-contractual enquiries (Art. 6 Paragraph 1 S. 1 lit. b. DSGVO).
Advertising Communication via Email, Post, Fax or Telephone
We process personal data for purposes of advertising communication, which may take place via various channels, such as email, telephone, post or fax, in accordance with statutory provisions.
Recipients have the right to withdraw any consent given at any time or to object to advertising communication at any time free of charge via the contact options listed above.
After withdrawal or objection, we store the data required to provide proof of the previous authorization to contact or send communications for up to three years after the end of the year in which the withdrawal or objection occurred, on the basis of our legitimate interests. The processing of this data is limited to the purpose of a potential defense against claims. On the basis of the legitimate interest in permanently observing the withdrawal or objection of users, we also store the data required to avoid renewed contact (e.g. depending on the communication channel, the email address, telephone number or name).
Processed Data Types
Inventory data (e.g. full name, residential address, contact information, customer number, etc.);
Contact data (e.g. postal and email addresses or telephone numbers);
Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as details on authorship or time of creation).
Data Subjects
Communication partners.
Purposes of Processing
Direct marketing (e.g. via email or postal mail);
Marketing;
Sales promotion.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Legal Bases
Consent (Art. 6(1) sentence 1 lit. a GDPR);
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Competitions and Giveaways
We process the personal data of participants in competitions and giveaways only in compliance with the applicable data protection regulations, insofar as the processing is contractually required for the provision, execution and handling of the competition or giveaway, the participants have consented to the processing, or the processing serves our legitimate interests (e.g. in the security of the competition or the protection of our interests against misuse through the possible recording of IP addresses when competition entries are submitted).
If participant contributions are published as part of competitions or giveaways (e.g. as part of a vote or presentation of competition entries or winners, or in reporting on the competition or giveaway), we point out that the names of participants may also be published in this context. Participants may object to this at any time.
If the competition or giveaway takes place within an online platform or a social network (e.g. Facebook or Instagram, hereinafter referred to as “online platform”), the terms of use and data protection provisions of the respective platforms also apply. In these cases, we point out that we are responsible for the information provided by participants within the scope of the competition or giveaway and that inquiries regarding the competition or giveaway should be addressed to us.
The data of participants is deleted as soon as the competition or giveaway has ended and the data is no longer required in order to notify the winners or because inquiries regarding the competition or giveaway are no longer to be expected. As a rule, participant data is deleted no later than six months after the end of the competition or giveaway. Data of winners may be retained for a longer period in order, for example, to respond to inquiries regarding prizes or to fulfill prize services; in this case, the retention period depends on the type of prize and may amount to up to three years for items or services, for example, in order to process warranty cases. Furthermore, participant data may be stored for a longer period, for example in the form of reporting on the competition or giveaway in online and offline media.
If data is also collected for other purposes within the scope of the competition or giveaway, its processing and retention period are governed by the privacy notices for that use (e.g. in the case of newsletter registration as part of a competition or giveaway).
Processed Data Types
Inventory data (e.g. full name, residential address, contact information, customer number, etc.);
Contact data (e.g. postal and email addresses or telephone numbers);
Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as details on authorship or time of creation).
Data Subjects
Competition and giveaway participants.
Purposes of Processing
Conducting competitions and giveaways.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Legal Bases
Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR);
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Web Analysis, Monitoring and Optimization
Web analysis (also referred to as “reach measurement”) is used to evaluate visitor flows to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what times our online offering or its functions or content are used most frequently, or invite users to reuse them. Likewise, it enables us to understand which areas require optimization.
In addition to web analysis, we may also use testing procedures in order to test and optimize different versions of our online offering or its components.
Unless otherwise stated below, for these purposes profiles may be created, i.e. data combined for a usage process, and information may be stored in and read from a browser or device. The information collected includes, in particular, visited websites and elements used there, as well as technical information, such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data to us or to the providers of the services used by us, the processing of location data is also possible.
In addition, users’ IP addresses are stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored within the scope of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of users, but only the information stored in their profiles for the purposes of the respective procedures.
Notes on Legal Bases
If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this Privacy Policy.
Processed Data Types
Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions);
Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons).
Data Subjects
Users (e.g. website visitors, users of online services).
Purposes of Processing
Reach measurement (e.g. access statistics, recognition of returning visitors);
Profiles with user-related information (creation of user profiles);
Provision of our online offering and user-friendliness.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Storage of cookies for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of two years).
Security Measures
IP masking (pseudonymization of the IP address).
Legal Bases
Consent (Art. 6(1) sentence 1 lit. a GDPR);
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Further Information on Processing Operations, Procedures and Services
Google Analytics
We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any clear data, such as names or email addresses. It is used to assign analysis information to a device in order to recognize which content users have accessed within one or more usage processes, which search terms they have used, accessed again or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users who refer to our online offering and technical aspects of their devices and browsers.
In this process, pseudonymous profiles of users are created with information from the use of different devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). In EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, not accessible and not used for any further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before traffic is forwarded for processing to Analytics servers.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal basis: consent (Art. 6(1) sentence 1 lit. a GDPR);
Website: https://marketingplatform.google.com/intl/de/about/analytics/;
Security measures: IP masking (pseudonymization of the IP address);
Privacy Policy: https://policies.google.com/privacy;
Data processing agreement: https://business.safety.google/adsprocessorterms/;
Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms);
Right to object (opt-out): Opt-out browser add-on: https://tools.google.com/dlpage/gaoptout?hl=de;
Settings for the display of advertising: https://myadcenter.google.com/personalizationoff;
Further information: https://business.safety.google/adsservices/ (types of processing and processed data).
Social Media Presences
We maintain online presences within social networks and process user data in this context in order to communicate with users who are active there or to provide information about us.
We point out that user data may be processed outside the territory of the European Union. This may result in risks for users, for example because the enforcement of user rights could be made more difficult.
Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, usage profiles may be created on the basis of user behavior and the interests resulting from it. These usage profiles may in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of users. For this purpose, cookies are generally stored on users’ computers in which user behavior and user interests are stored. In addition, data may also be stored in the usage profiles independently of the devices used by users (in particular if users are members of the respective platforms and are logged in to them).
For a detailed presentation of the respective forms of processing and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.
Also in the case of requests for information and the assertion of data subject rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to user data and can directly take appropriate measures and provide information. If you nevertheless require assistance, you may contact us.
Processed Data Types
Contact data (e.g. postal and email addresses or telephone numbers);
Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as details on authorship or time of creation);
Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
Data Subjects
Users (e.g. website visitors, users of online services).
Purposes of Processing
Communication;
Feedback (e.g. collection of feedback via online form);
Public relations.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Legal Bases
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Further Information on Processing Operations, Procedures and Services
Social network that enables the sharing of photos and videos, commenting and favoriting of posts, sending messages, subscribing to profiles and pages;
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);
Website: https://www.instagram.com;
Privacy Policy: https://privacycenter.instagram.com/policy/;
Basis for third-country transfers: Data Privacy Framework (DPF).
Facebook Pages
Profiles within the social network Facebook – The responsible party is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data of visitors to our Facebook page (“fan page”). This includes, in particular, information about user behavior (e.g. content viewed or interacted with, actions taken) as well as device information (e.g. IP address, operating system, browser type, language settings, cookie data).
Further details can be found in Facebook’s Data Policy:
https://www.facebook.com/privacy/policy/.
Facebook also uses this data to provide us with statistical analyses via the “Page Insights” service, which provide information about how people interact with our page and its content. The basis for this is an agreement with Facebook (“Page Insights Information”):
https://www.facebook.com/legal/terms/page_controller_addendum,
which regulates, among other things, security measures and the exercise of data subject rights.
Further information can be found here:
https://www.facebook.com/legal/terms/information_about_page_insights_data.
Users can therefore direct requests for information or deletion directly to Facebook. Users’ rights (in particular access, deletion, objection and complaint to a supervisory authority) remain unaffected by this.
The joint responsibility is limited exclusively to the collection of data by Meta Platforms Ireland Limited (EU). Meta Platforms Ireland Limited is solely responsible for further processing, including a possible transfer to Meta Platforms Inc. in the USA.
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);
Website: https://www.facebook.com;
Privacy Policy: https://www.facebook.com/privacy/policy/;
Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses
(https://www.facebook.com/legal/EU_data_transfer_addendum).
YouTube
Social network and video platform;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);
Privacy Policy: https://policies.google.com/privacy;
Basis for third-country transfers: Data Privacy Framework (DPF);
Right to object (opt-out): https://myadcenter.google.com/personalizationoff.
Plugins and Embedded Functions and Content
We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos or maps (hereinafter collectively referred to as “content”).
Integration always requires that the third-party providers of this content process the users’ IP addresses, as they would otherwise not be able to send the content to users’ browsers. The IP address is therefore required for the display of this content or functions. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. By means of these “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times and further information on the use of our online offering, but may also be combined with such information from other sources.
Notes on Legal Bases
If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this Privacy Policy.
Processed Data Types
Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions);
Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons);
Event data (Facebook) (“event data” refers to information that is transmitted to the provider Meta, for example via Meta Pixel (whether via apps or other channels), and relates to persons or their actions. This data includes, for example, details of website visits, interactions with content and functions, app installations and product purchases. The processing of event data is carried out with the aim of creating target groups for content and advertising messages (custom audiences). It is important to note that event data does not include actual content such as written comments, login information or contact information such as names, email addresses or telephone numbers. Event data is deleted by Meta after a maximum of two years, and the target groups formed from it disappear when our Meta user accounts are deleted).
Data Subjects
Users (e.g. website visitors, users of online services).
Purposes of Processing
Provision of our online offering and user-friendliness;
Reach measurement (e.g. access statistics, recognition of returning visitors);
Tracking (e.g. interest- and behavior-based profiling, use of cookies);
Target group formation;
Marketing.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Storage of cookies for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of two years).
Legal Bases
Consent (Art. 6(1) sentence 1 lit. a GDPR);
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Further Information on Processing Operations, Procedures and Services
Facebook Plugins and Content
Facebook social plugins and content – This may include, for example, content such as images, videos or texts and buttons with which users can share content of this online offering within Facebook. The list and appearance of Facebook social plugins can be viewed here:
https://developers.facebook.com/docs/plugins/
We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt in the context of a transmission (but not the further processing) of “event data” that Facebook collects or receives via Facebook social plugins (and embedding functions for content) that are executed on our online offering, for the following purposes:
a) display of content and advertising information that presumably corresponds to the interests of users;
b) delivery of commercial and transactional messages (e.g. addressing users via Facebook Messenger);
c) improvement of ad delivery and personalization of functions and content (e.g. improvement of the recognition of which content or advertising information presumably corresponds to the interests of users).
We have concluded a special agreement with Facebook (“Controller Addendum”):
https://www.facebook.com/legal/controller_addendum
This agreement regulates, among other things, which security measures Facebook must observe
(https://www.facebook.com/legal/terms/data_security_terms)
and in which Facebook has committed to fulfilling data subject rights (i.e. users can, for example, direct requests for information or deletion directly to Facebook).
Note: If Facebook provides us with measurement values, analyses and reports (which are aggregated, i.e. do not contain information about individual users and are anonymous to us), this processing does not take place within the scope of joint responsibility, but on the basis of a data processing agreement (“Data Processing Terms”):
https://www.facebook.com/legal/terms/dataprocessing,
the “Data Security Terms”
https://www.facebook.com/legal/terms/data_security_terms
and, with regard to processing in the USA, on the basis of Standard Contractual Clauses (“Facebook EU Data Transfer Addendum”):
https://www.facebook.com/legal/EU_data_transfer_addendum.
Users’ rights (in particular the right of access, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
Legal basis: consent (Art. 6(1) sentence 1 lit. a GDPR);
Website: https://www.facebook.com;
Privacy Policy: https://www.facebook.com/privacy/policy/;
Basis for third-country transfers: Data Privacy Framework (DPF).
Google Fonts (Hosted Locally)
Provision of font files for the purpose of user-friendly display of our online offering;
Service provider: the Google Fonts are hosted on our server, no data is transmitted to Google;
Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
YouTube Videos
Video content;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal basis: consent (Art. 6(1) sentence 1 lit. a GDPR);
Website: https://www.youtube.com;
Privacy Policy: https://policies.google.com/privacy;
Basis for third-country transfers: Data Privacy Framework (DPF);
Right to object (opt-out): Opt-out browser add-on: https://tools.google.com/dlpage/gaoptout?hl=de;
Advertising settings: https://myadcenter.google.com/personalizationoff.
Management, Organization and Support Tools
We use services, platforms and software of other providers (hereinafter referred to as “third-party providers”) for the purposes of organization, administration, planning and provision of our services. When selecting the third-party providers and their services, we comply with the statutory requirements.
In this context, personal data may be processed and stored on the servers of the third-party providers. Various data may be affected by this, which we process in accordance with this Privacy Policy. This data may include, in particular, inventory data and contact data of users, data on processes, contracts, other procedures and their contents.
If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask users to observe the privacy notices of the respective third-party providers.
Processed Data Types
Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as details on authorship or time of creation);
Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions);
Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, involved persons).
Data Subjects
Communication partners;
Users (e.g. website visitors, users of online services).
Purposes of Processing
Communication;
Provision of contractual services and fulfillment of contractual obligations;
Office and organizational procedures.
Retention and Deletion
Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
Legal Bases
Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Further Information on Processing Operations, Procedures and Services
WeTransfer
Transfer of files via the internet;
Service provider: WeTransfer BV, Oostelijke Handelskade 751, 1019 BW Amsterdam, Netherlands;
Legal basis: legitimate interests (Art. 6(1) sentence 1 lit. f GDPR);
Website: https://wetransfer.com;
Privacy Policy: https://wetransfer.com/legal/privacy.
Changes and Updates
We ask you to regularly inform yourself about the content of this Privacy Policy. We adapt the Privacy Policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Definitions
This section provides an overview of the terms used in this Privacy Policy. Where terms are legally defined, those definitions apply. The following explanations are primarily intended to help with understanding.
Personal data:
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject:
“Data subject” means any identified or identifiable natural person whose personal data is processed by the responsible party.
Processing:
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
Responsible party:
“Responsible party” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Consent:
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
Created with free Datenschutz-Generator.de von Dr. Thomas Schwenke