Privacy Policy

Introduction

This Privacy Policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") in the context of the provision of our range of services and on our websites, mobile applications, functions and contents connected with them as well as external online representations, e.g. Social Media Profiles (hereinafter collectively referred to as "Services"):

  • In the first section of the privacy policy you will find details of the subject responsible for the processing and an overview of our processing operations.
  • In the second section you will find information about your rights, the relevant legal standards and general information about our data processing.
  • The third section contains information on the individual processing operations. This section is divided into further areas, such as our key services, reach measurement or marketing.
  • The fourth and final section contains a glossary with explanations and descriptions of the terms used in this Privacy Policy. This means that if you do not know the terms used (e.g. "personal data" or "cookie"), please refer to the last section. All terms used (e.g. "responsible" or "user") are to be understood gender-neutral.

Table of Contents

Section I – Controller and Overview of Data Processing

  • Controller
  • Data Protection Officer
  • Description of our services and objectives
  • Type of processed data
  • Processing of special categories of Data (Art. 9 (1) GDPR)
  • Categories of data subjects
  • Purpose of Processing

Section II – Rights of data subjects, legal basis for the processing and general information

  • Rights of Data Subjects
  • Right of Withdrawal
  • Right to Object
  • Cookies and Right to Object in Direct Marketing
  • Solely Automated individual decision-making
  • Erasure of data and archiving obligations
  • Changes and Updates to this Privacy Policy
  • Relevant Legal Basis for the Processing
  • Security of Data Processing
  • Disclosure and Transmission of Data
  • Transfers to Third Countries

Section III - Processing operations

  • The Key Area of Data Processing
    • Fanpage Karma Tool - Basic Information on the Processing of Personal data
    • Additional Information on Fanpage Karma Analytics
    • Additional Information on Fanpage Karma Monitoring
    • Additional Information on Fanpage Karma Engage
    • Additional Information on Fanpage Karma Publish
    • Additional Information on Fanpage Karma TeamBoard
    • Additional Information on Fanpage Karma ELON Brand Report
    • Additional Information on Fanpage Lucky Fairy
    • Fanpage Karma - Job Market
    • Tricider Tool
    • Answering Inquiries and Customer Service
    • Business and market research
  • Data protection information for Job Candidates
    • Application process
  • External online profiles
    • Online Presences in Social Media
  • Webserver and Security
    • Hosting
    • Server-Logs
  • Embedded content and functions
    • Facebook Features and Content
    • Single sign-on authentication with Facebook
  • Marketing
    • Newsletter and measuring success
    • Communication via Mail, E-Mail, Fax or Telephone
    • Sweepstakes and Competitions
  • Web analytics, online marketing and technology partners
    • Google Tag Manager
    • Google Analytics
    • Google AdWords
    • Google Display Network
    • Facebook Pixels and Custom Audiences

Section IV - Definitions



Section I – Controller and Overview of Data Processing

Controller

uphill GmbH
Oranienstr. 188, 10999 Berlin, Germany.
Managing directors: Stephan Eyl, Nicolas Graf von Kanitz
Phone: +49 30 577 095 060
Email:
Complete legal information: https://www.fanpagekarma.com/contact
Terms of Service: https://www.fanpagekarma.com/terms
The Controller is hereinafter also referred to as "we" or "us".

Data Protection Officer

Dr. jur. Thomas Schwenke
E-Mail:

Description of our services and objectives

Fanpage Karma is an online service designed to make it easier for users to understand and analyse social media better and faster and to communicate more easily with their own community. Fanpage Karma provides tools for social media analysis, community management and editorial scheduling to achieve this goal in the best possible way.

These applications should open up new possibilities for users to evaluate and analyse social media networks (e.g. Facebook, Twitter, YouTube, Instagram etc.), to establish interpersonal connections, to promote the exchange of information and to distribute important information.

Type of processed data

  • Inventory Data (e.g., names, addresses).
  • Contact details (e.g., e-mail, phone numbers).
  • Content Data (e.g., text input, photographs, videos).
  • Contract Data (e.g., subject matter of the contract, duration, customer type).
  • Payment Data (e.g., bank details, payment history).
  • Usage Data (e.g., interests, websites visited, purchasing behaviour, access times, log Data).
  • Meta/communication Data (e.g., device IDs, IP addresses).
  • Employee master Data (for example, names, addresses, wage groups, tax characteristics).
  • Job candidate Data (e.g., names, contact details, qualifications, job application documents).

Processing of special categories of Data (Art. 9 (1) GDPR)

In general, no special categories of data are processed, unless these are provided for processing by the user, e.g. in online forms.

Categories of data subjects

  • Customers / prospective customers / business partners.
  • Visitors and users of the online service, third parties.
  • Job candidates.

In the following, we will also summarise the data subjects as "users".

Purpose of Processing

  • Provision of our services, its contents and functions.
  • Software-as-a-Service (SaaS) services.
  • Provision of contractual services, customer care and support.
  • Response to contact requests and communication with users.
  • Marketing, advertising and market research.
  • Security measures.

Automated individual decision-making (Art. 22 GDPR)

Assessment of creditworthiness in the case of advance payment in accordance with Art. 22 GDPR.



As of: May 2018

Section II – Rights of data subjects, legal basis for the processing and general information

Rights of Data Subjects

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the further information and a copy of the data in accordance with Art. 15 GDPR.

You have correspondingly. In accordance with Article 16 of the GDPR, the right to obtain from the controller the rectification of inaccurate personal data concerning you, or the completion of the data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be erased without undue delay or, alternatively, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR.

You have in accordance with Art. 20 GDPR the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

In accordance with Art. 77 GDPR, you also have the right to file a complaint with a supervisory authority.

Right of Withdrawal

You have the right to withdraw consents granted pursuant to Art. 7 (3 GDPR with effect for the future.

Right to Object

You can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.

Cookies and Right to Object in Direct Marketing

We use temporary and permanent cookies, i.e. small files that are stored on the user's devices (for the explanation of the term and function, see last section of this Privacy Policy). In part, cookies serve security purposes or are required for the operation of our online services (e.g., for the appearance of the website) or to save the user's decision when confirming a cookie banner. In addition, we or our technology partners use cookies to measure the reach and for marketing purposes, about which the users will be informed in the scope of the Privacy Policy.

If users do not want cookies to be stored on their computer, they are advised to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online services.

An objection to the use of cookies used for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

Solely Automated individual decision-making

In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based exclusively on automated processing - including profiling - which has legal effect concerning you or similarly significantly affects you.

We inform you that we do not use exclusively automated individual decision-making.

Erasure of data and archiving obligations

The data processed by us will be erased or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us will be erased as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data are not erased because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is excluded and not processed for other purposes. This applies, for example, to data that must be retained for commercial or taxation reasons.

In accordance with statutory requirements, the records shall be kept for 6 years in particular in accordance with § 257 (1) German Commercial Code (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) German Financial Act (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).

Changes and Updates to this Privacy Policy

We ask you to keep yourself regularly informed about the contents of our Privacy Policy. We will adapt the Privacy Policy as soon as any changes in data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Relevant Legal Basis for the Processing;

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not explicitly stated in the Privacy Policy, the following applies: The legal basis for obtaining consents is Art. 6 (1)) a and Art. 7 GDPR, the legal basis for processing for the performance of our services and performance of contractual measures as well as for answering inquiries is Art. 6 (1)) b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 (1)) c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1)) f GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

The principles for commercial communications outside of business relations, in particular by post, telephone, fax and e-mail, are contained in § 7 of the German Unfair Competition Act (UWG).

Security of Data Processing

We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons; the measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, integrity and pseudonymity. Furthermore, we have established procedures that guarantee the assertion of data subjects' rights, the erasure of data and the response to data hazards. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design of technology and by data protection-friendly presettings (Art. 25 GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server.

Employees are bound to confidentiality with regard to data protection, are instructed, monitored, and informed of possible liability consequences.

Disclosure and Transmission of Data

If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transfer the data to them or otherwise grant them access to the data, this will only be carried out on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is required for contract fulfilment pursuant to Art. 6 (1),) b GDPR), if you have consented, if a legal obligation requires this or on the basis of our legitimate interests (e.g. when using agents, web hosting services, etc.).

If we commission third parties with the processing of data on the basis of a so-called " Data Processing Agreement", this is done on the basis of Art. 28 GDPR.

If we disclose, transfer or otherwise grant access to data to other companies in our Group of Companies (Undertakings), this is done in particular for administrative purposes as a legitimate interest and in addition on the basis of a Data Processing Agreement.

Transfers to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or let the data being processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised adequate data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "Standard Contractual Clauses").

Section III - Processing operations

The following section provides an overview of our processing activities, which we have subdivided into other areas of operation. Please note that the areas of operation are for guidance only and that processing activities may overlap (e.g. the same data may be processed in several operations).

For reasons of clarity and comprehensibility, you will find the frequently repeated terms in Section IV of this data protection declaration.

The Key Area of Data Processing

In this section you will find information on our key services and operations, such as responding to enquiries and providing our contractual services as well as the associated ancillary tasks.

Fanpage Karma Tool - Basic Information on the Processing of Personal data

The processing of the following data is necessary to establish and implement the contractual relationship with regard to the use of the Fanpage Karma Tool and the services and functions associated with it in accordance with the Principal Agreement.

The Fanpage Karma Tool provides various functionalities (e.g. Analytics, Monitoring, Engagement, etc.). The processing of personal data within these functionalities is described separately and applies in addition to the general information in the case of the use of these functionalities by the Controller.

To use Fanpage Karma's tools, a Facebook login is required.

The information accessible via the Fanpage Karma Tool can be made available (within the framework of the specification according to the Principal Agreement) via an Application-Programming-Interface (API).

  • Types of data which are regularly the subject of processing: Inventory data/master data (first name, surname, gender, country code), contact data (e-mail address), data concerning the online accounts linked in the context of the use of the Fanpage Karma Tool (profile ID, authorization key (access token), list of profiles for which the Controller has special access rights (e.g. Facebook, Twitter, Instagram, LinkedIn etc.).), creation date, login times, language, time zone, preferred currency, account ID, newsletter active, wallpaper, own profile picture, when logging in via a mobile app: Firebase Cloud Messaging Token, email signature for use in Engage), data regarding the use of the tool (time and functions used).In order to perform analyses for profiles, it may be necessary for the Controller to log in to the profiles and for access to the Processor's app (e.g. Twitter or LlinkedIn). In these cases, the account name, account ID, access token, token secret and their expiration date are stored.
  • Additional types of data that are regularly processed in the case of paid accounts: Inventory data/master data (company name, contact person, street, postal code, city, country), contact data (e-mail, telephone), contract and payment data (payment method, account holder, IBAN, BIC, bank (if payment by electronic direct debiting), Controller reference number, ID at the payment service provider for debiting via credit card data stored there, tax identification number, list of all associated users), authorizations within the Fanpage Karma Tools to employees, the Processor stores their names, e-mail addresses and Facebook IDs., Note: If the Controller has a paid subscription, an account will be created for the Controller, to which other users can then also be invited. In the case of invitations to an account, the Processor stores the first and last name as well as the e-mail address of the invited person.
  • Special categories of personal data: In general, no special categories of data are processed, unless these are provided for processing by the user, e.g. in online forms..
  • Data subjects: Customers, prospective customers, business partners, other users of the Fanpage Karma Tool.
  • Purpose of processing: Provision of contractual services, billing, customer service.
  • Legal basis: Art. 6 (1) b (performance of contractual services) and c (archiving required by law) GDPR.
  • Necessity / interest in processing: The data is required to establish and fulfil the contractual services.
  • External disclosure and purpose: No, only on delivery or payment or within the scope of legal permits and obligations towards legal advisors and authorities, or if the service is provided via platforms of third parties. In this case the data protection regulations of the respective platform operators apply.
  • Processing in third countries: No, only on customer request upon distribution or payment or within the scope of events.
  • Retention of data: The time of data deletion is determined by the customer. Self-collected data is retained for as long as it is relevant for the analyses carried out. Customer profiles are deactivated and are only used for reactivation. In the case of test users, only the name and Facebook ID are stored for multiple login detection, and the email address is deleted. The need for data retention shall be reviewed every three years. In the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law/tax law retention obligation: 10 years).
  • With regard to the cancellation and deactivation of user profiles, we refer to our General Terms and Conditions.

Additional Information on Fanpage Karma Analytics

  • Purpose, type and scope of data processing: With the assistance of Fanpage Karma Monitoring, the Controller can monitor keywords in public postings on social media services that are accessible for the search. The Processor will query the keywords defined by the Controller via the public interfaces of the platforms. No special authorizations are required for this.
  • Types of data which are regularly the subject of processing: Public data that is searched for after entering a keyword and made available for viewing via a link.
  • Data subjects: Users of social media profiles.

Additional Information on Fanpage Karma Monitoring

  • Purpose, type and scope of data processing: With the assistance of Fanpage Karma Monitoring, the Controller can monitor keywords in public postings on social media services that are accessible for the search. The Processor will query the keywords defined by the Controller via the public interfaces of the platforms. No special authorizations are required for this.
  • Types of data which are regularly the subject of processing: Public data that is searched for after entering a keyword and made available for viewing via a link.
  • Data subjects: Users of social media profiles.

Additional Information on Fanpage Karma Engage

  • Purpose, type and scope of data processing: Fanpage Karma Engage is a community management tool for answering inquiries, contributions and comments (hereinafter "messages") on social media platforms (e.g. Facebook, Twitter, Instagram) and those received by e-mail. Controllers grant the Processor permission so that the Karma Engage fan page can publish the answers on their behalf on the various platforms. The messages can be publicly visible (e.g. Facebook Post comments or Twitter Replies) or non-public (e.g. Facebook/Twitter direct message, e-mail).
  • Types of data which are regularly the subject of processing: Inventory data/master data (names, account names, user IDs, links to these). Content data (texts, links, images, videos, documents and files published or sent by users). Usage data (time of request). Location data (information on places where the contributions were written).
  • Data subjects: Author of messages within social media profiles.

Additional Information on Fanpage Karma Publish

  • Purpose, type and scope of data processing: Fanpage Karma Publish is a tool for the editorial management and automatic publication of posts on social media platforms. Users can create postings with text, links, images, documents, time of publication, restriction to user groups etc. and release them for publication through a simple release process. For networks on which an automatic publication is possible (and the user has released the corresponding authorization) Fanpage Karma Engage can automatically publish the postings at the set time. In other cases, users will be asked by e-mail to publish their data. Already used media (e.g. pictures, videos) can be viewed via a media library and used for further contributions.
  • Types of data which are regularly the subject of processing: Inventory data/master data (names, account names of authors). Content data (texts, links, images, videos, documents and files that are published). Usage data (time of planning and publication, profile(s) to be published, restriction to user groups (targeting)).
  • Data subjects: Authors of the published contents.

Additional Information on Fanpage Karma TeamBoard

  • Purpose, type and scope of data processing: TeamBoard is an easy way to share a live dashboard with other users who do not need a login. The dashboard can be accessed via a unique URL (the user may be able to set a password to protect access). For information on data processing see Fanpage Karma Analytics.
  • Types of data which are regularly the subject of processing: For information on data processed, please refer is made to Fanpage Karma Analytics. In addition, data relating to the persons participating in the sharing process of the dashboard will be processed (time of sharing, persons involved).
  • Data subjects: For information on data subjects, please refer is made to Fanpage Karma Analytics. Also affected are the people/employees participating in the process of sharing the dashboard.

Additional Information on Fanpage Karma ELON Brand Report

  • Purpose, type and scope of data processing: The fan page Karma ELON Brand Report includes information about the active fans of a Facebook page, the fan loyalty, the range competition, interests and personas of the fans. The statements are only made available to the Controller in aggregated form. The analysis is based exclusively on publicly available data that is accessed via the Facebook API. The report is provided as a PDF and/or as a printout. The report also contains statements about competitors (key figures, names, profile pictures, links, contributions to Facebook pages).
  • Types of data which are regularly the subject of processing: User IDs of all users who have publicly posted a comment to a post on a Facebook page, as well as the time of the comment and the profile ID of the Facebook page to which the users have posted the comment, the period for the data of a report is 3 months (plus the previous quarter and the month after for comparison). All public comments from the largest German-speaking Facebook pages are examined.
  • Data subjects: Users of social media profiles.

Additional Information on Fanpage Lucky Fairy

  • Purpose, type and scope of data processing: Automatic evaluation of Facebook promotions, sweepstakes, etc. The information on a competition posting is imported into the Fanpage Karma Tool via the Facebook API and then evaluated according to the specified criteria. As a result, profiles of Facebook users who could have won a promotion according to various possible criteria are displayed to the Controller (the name, the profile picture and a link to the profile are displayed). In addition, the Controller can download a file showing the names and Facebook IDs of all participants as well as a file containing all user comments.
  • Types of data which are regularly the subject of processing: User IDs, names and links to profile pictures of all users who made a comment publicly on the Facebook page to be evaluated or reacted with a reaction to the promotion (e.g. Like, Haha), as well as the time of the action and, if necessary, the text of the comment.
  • Data subjects: Users of social media profiles / participants in promotions.
  • Retention of data: The data is only available for the moment of the query and is not saved.

Fanpage Karma – Job Market

In the Fanpage Karma Job Market registered users can create and publish entries regarding job offers or job applications. These entries are open to the public. Authors can disable the entries so that they are no longer publicly visible.

  • Data processed: "Inventory data, content data, contact data, metadata, usage data; advertisement title, job title, company name, country, city, type of employment, description, company logo, website, company description, contact person (name, e-mail), link to application form.
  • Special categories of personal data: no.
  • Legal basis: Art. 6 (1) b DSGVO (contract performance).
  • Data subjects: Job candidates, companies.
  • External disclosure and purpose: Display of job entries.
  • Processing in third countries: no.
  • Retention of data: The entries are visible forever, unless the author deactivates the display. The entries themselves are currently not deleted.
  • External disclosure and purpose: Display of job entries.
  • Processing in third countries: no.
  • Retention of data: The entries are visible forever, unless the creator disables public display. The entries themselves are currently not deleted.

Tricider Tool

  • With www.tricider.com, brainstorming sessions with any user group can be easily accomplished online. You create a question (e.g. "What do we do next team event") and receive a unique URL with which you can access the question. You can share this link with any number of people. Anyone who has access to the link can view and edit the question and answers. You can enter answers to an asked question and evaluate these answers positively and negatively. A name for your own answer is optional and freely selectable. When you log in (via Facebook, Gmail or e-mail) you will get an overview of the questions you have created and participated in. Users will receive email notifications when your question expires soon or has expired (you can set a deadline). You can also upload your own photos for personal styling of your questions.
  • Data processed: The service can be used without login. During login, your name and e-mail address will be saved. Content data (user information, texts, images). For each access to a question, the system logs: Time, region, city, country, IP address.
  • Special categories of personal data: No, unless entered by user.
  • Legal basis: Art. 6 (1) b DSGVO (contract performance).
  • Data subjects: Users of Tricider.
  • External disclosure and purpose: Provision of Tricider.
  • Processing in third countries: no.
  • Retention of data: The posts are visible forever, unless the creator disables the question. The posts themselves are not deleted.

Answering Inquiries and Customer Service

We process the information in the inquiries, which we receive via our contact form and other means, e.g. via e-mail, in order to answer the inquiries. For these purposes, the inquiries may be stored in our Customer Relationship Management (CRM) system or in similar procedures that serve us to manage inquiries. For customer relationship management purposes (CRM) we use so-called CRM software. With the help of the software we can answer the inquiries more effectively and faster.

  • Data processed: Inventory data, contact data, contract data, payment data, usage data, metadata; e.g.
  • Data subjects: customers, prospective customers, business partners, website visitors.
  • Purpose of processing: Answering inquiries.
  • Type, scope and mode of operation of the processing: registration process, termination option.
  • Legal basis: Art. 6 (1) b./f. GDPR.
  • Necessity / interest in processing: Necessary to answer queries, optimization, user-friendliness, business interests.
  • External disclosure and purpose: Operator of the CRM system, Highrise HQ, LLC, 30 N. Racine Avenue, Suite 200, Chicago, Illinois 60607, USA.
  • Privacy Policy: https://highrisehq.com/privacy/.
  • Special security measures: Data Processing Agreement.
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000TOXEAA4&status=Active.
  • Retention of data: We delete the requests if they are no longer required. We review the requirement every two years; requests from customers who have a customer account are stored permanently and are linked to the customer account details for deletion. In the case of statutory archiving obligations, the erasure takes place after their expiry (end of commercial law (6 years) and tax law (10 years) storage obligation).

Business and market research

In order to operate our business economically and to identify market trends, customer and user requirements, we analyse the data available to us on business transactions, contracts, enquiries, etc., in order to ensure that we are able to offer our customers the best possible service. For this purpose, we combine the personal data of customers from registrations and orders with the behaviour-related data of customers. In the context of the economic evaluation we bring together the data of the users independently of the used devices (e.g. if users use our on-line offer on a mobile or on a stationary device).

  • Data processed: Inventory data, contact data, contract data, payment data, usage data and metadata, e.g. activity data from e-mails via our online channels, e.g. data on the page accessed, the page history, the device used, the approximate location and data for pseudonymous identification of the user profile).
  • Legal basis: Art. 6 (1) f. GDPR.
  • Data subjects: customers, prospective customers, business partners, visitors and users of the online offer.
  • Purpose of processing: business analysis, marketing, advertising, market research.
  • Type, scope and mode of operation of the processing: profiling, online behavioural advertising, first party cookies.
  • Necessity / interest in processing: Increased user-friendliness, optimization of the service, business efficiency.
  • External disclosure and purpose: The analyzes are for us alone and will not be disclosed externally unless they are anonymous analyzes with summarized values.
  • Processing in third countries: no.
  • Retention of data: If a customer account was opened, with its termination, otherwise after two years from conclusion of contract. For the rest, macroeconomic analyses and general trend determinations are carried out anonymously wherever possible.

Data protection information for Job Candidates

This section informs job candidates about the processing of their data during the application process.

Application process

Candidates can send us their applications via e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that the candidates themselves must ensure that they are encrypted. We can therefore accept no responsibility for the transmission of the application between the sender and the reception on our server.

Instead of applying by e-mail, candidates can still send us their application by post.

  • Data processed: Inventory data, contact data, content data (content of application folder, correspondence, internal comments).
  • Special categories of personal data: Yes, if required for the application procedure or submitted by candidates (e.g. health data).
  • Legal basis: Art. 6 (1) b. GDPR, § 26 Federal German Data Protection Act (BDSG).
  • Data subjects: Applicants
  • Purpose of processing: application procedure, selection of applicants.
  • Special security measures: Restriction of access to application documents to jobs that are involved in the application process; Encrypted transmission option.
  • Necessity / interest in processing: Precondition for the selection of suitable candidates.
  • Retention of data: The data provided by the candidates may be further processed by us for employment purposes in the event of a successful application; otherwise, if the application for a job offer is not successful, the candidates' data will be deleted or made anonymous. Candidates' data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time. Candidates will be deleted after a period of six months, subject to justified revocation, so that we can answer any follow-up questions to the application and meet our obligations under the General Equal Treatment Act (AGG).

External online profiles

In this area you will find information about our data processing in the context of operating external online activities, e.g. in social media.

Online Presences in Social Media

We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the privacy policy of their respective providers apply. Unless otherwise stated in our privacy policy, we will process the data of users who communicate with us within social networks and platforms, e.g. publish contributions on our online profiles or send us messages.

The links/buttons to social networks and platforms (hereinafter referred to as "social media") used within our online services do not establish a data transmission between social networks and users until users click on the links/buttons and access the respective networks or their websites. This function corresponds to the function of a regular online link.

  • Social networks/platforms used by us: Facebook, Instagram, LinkedIn, Pinterest, Twitter, Xing, YouTube, Google+.
  • Data processed: Inventory data, contact data, content data, usage data, metadata.
  • Special categories of personal data: In principle, no, except as provided voluntarily by users.
  • Legal basis: Art. 6 (1) lit f. GDPR.
  • Data subjects: Users of social media networks/ platforms (this can include customers and prospective customers).
  • Purpose of processing: Information and communication.
  • Type, scope and mode of operation of the processing: By providers of the respective platforms as a general rule: permanent cookies, tracking, targeting, remarketing, online behavioural advertising.
  • Necessity / interest in processing: Expectations of users active on the platforms, business interests.
  • External disclosure and purpose: To the social networks/platforms.
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield (except Pinterest).
  • Retention of data: The deletion policies of the respective networks/ platforms apply.

Webserver and Security

Our services are operated on web servers. In the following section we will inform you about their use and data processed during the operation of our servers.

Hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, security services, technical maintenance services.

  • Data processed: Inventory data, contact data, content data, contract data, usage data, meta/communication data.
  • Special categories of personal data: no.
  • Legal basis: Art. 6 (1) f GDPR.
  • Data subjects: customers, prospective customers, visitors of the online service.
  • Special security measures: Data Processing Agreement.
  • Processing in third countries: USA.
  • External disclosure and purpose:, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
  • Guarantee when processing in third countries: https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAI&status=Active.
  • Necessity / interest in processing: Security, business interests.

Server-Logs

The server on which this online service is hosted collects so-called log files each time the online service is accessed, in which user data is stored. The data is used for statistical analysis to maintain and optimize server operation and for security purposes, e.g. to detect potential unauthorized access attempts.

  • Data processed: Usage data and metadata (name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited website), IP address and the requesting provider).
  • Special categories of personal data: no.
  • Legal basis: Art. 6 (1) f GDPR.
  • Data subjects: customers, prospective customers, visitors of the online service.
  • Purpose of processing: Optimization of server operation and security monitoring.
  • Necessity / interest in processing: Security, business interests.
  • Processing in third countries: no.
  • Deletion of data: After 7 days from the time of the collection.

Embedded content and functions

In this section we inform you which contents, software or functions (briefly "contents") of other providers we embed in the context of our website on the basis of Art. 6(1)) f GDPR (so-called "embedding"). The embedding is done to make our online offer more interesting for our users or for legal reasons, e.g. to be able to present videos or social media contributions within our online offer at all. Embedding can also be used to improve the speed or security of online content, e.g. when software elements or fonts are obtained from other sources. The processed data includes in all cases the user's usage and metadata and also the IP address necessarily transmitted to the provider for embedding the content, the data subjects include the visitors to our website. The data subject categories include the users of our website, customers and interested parties. Further explanations can be found in the definitions of terms, in particular on the functions and security measures, at the end of this Privacy Policy. The data retention is determined by the data protection conditions of the providers of the embedded content.

Funktionen Facebook Features and Content

Functions and contents of the Facebook service can be integrated within our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions.

Single sign-on authentication with Facebook

We use Facebook's single sign-on method, which allows users to register within our online service.

  • Data processed: Inventory data (name, e-mail address, password (only processed on Facebook and cannot be viewed by us), user ID, user handle);
  • External disclosure and purpose: Facebook Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.
  • Privacy Policy: https://www.facebook.com/policy.php.
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
  • Retention of data: Information stored with us is not automatically matched with the user account on Facebook; for example, if the user's e-mail address changes, users must manually change it in your user account with us. The link to our user account can be removed within Facebook's settings; if users wish to delete their data with us, they must cancel their registration with us.

Marketing

In this section you will find information on data processing carried out by us for the purpose of optimising our marketing and market research activities.

Newsletter and measuring success

We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletters") with the consent of the recipients or a legal permission. Subscribers' data is logged as we are required to provide documentation of registrations. We also keep track of whether newsletters have been opened and whether links have been clicked. This information is stored on a per-user basis for technical reasons, but is not used to monitor individual users, but rather, for example, to adapt content and services to users. Information that we should collect in addition to the e-mail address (e.g. name) is used to personally address the users or to adapt the contents of the newsletter to the users.

  • Contents of the newsletter: As indicated in the registration form, otherwise information about our services and our company.
  • Data processed: Inventory data (e-mail address), usage data (registration time, confirmation time double opt-in, IP address, opening of e-mail, time and place, time and click on a link in the newsletter).
  • Special categories of personal data: no.
  • Legal basis: Art. 6 (1) a., Art. 7 GDPR and § 7 (2) no. 3 UWG (sending and performance measurement), Art. 6 (1) f GDPR (logging).
  • Data subjects: E-mail recipient
  • Purpose of processing: newsletter dispatch, optimization, proof of consent.
  • Type, scope and mode of operation of the processing: Web-Beacon.
  • Necessity / interest in processing: Only the e-mail information is required for sending, the other information is voluntary and serves to personalize and optimize the content based on the interests of the user; the obligation to provide evidence of consent is the reason for logging; performance measurement is based on legitimate interests in the optimization of the content for users and based on business interests
  • Opt-Out: A unsubscribe link is included in every newsletter.
  • External disclosure and purpose: „Mailchimp“, Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, Sending newsletters, security and optimization of Mailchimp's shipping services.
  • Privacy Policy: https://mailchimp.com/legal/privacy/.
  • Special security measures: Data Processing Agreement.
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.
  • Retention of data: We may store the e-mail addresses we have unsubscribed for up to three years on the basis of our legitimate interests before we delete them for the purpose of sending the newsletter in order to be able to prove a previously given consent. The processing of these data is limited to the purpose of a possible defence against claims. An individual request for erasure is possible at any time, provided that at the same time the former existence of a consent is confirmed.

Communication via Mail, E-Mail, Fax or Telephone

Sending information material, contacting us by telephone.

  • Data processed: Inventory data, address and contact data, contract data.
  • Special categories of personal data: no.
  • Legal basis: Art. 6 (1) a, Art. 7 GDPR, Art. 6 (1) f GDPR in connection with legal requirements for advertising communications.
  • Data subjects: customers, prospective customers, communication partners.
  • Purpose of processing: Commercial communication.
  • Type, scope and mode of operation of the processing: Contact is only established with the consent of the contact partners or within the scope of legal permissions.
  • Necessity / interest in processing: Information and business interests.
  • External disclosure and purpose: No.
  • Processing in third countries: No.
  • Retention of data: With objection/ revocation or expiration of the legal basis of eligibility.

Sweepstakes and Competitions

In the course of sweepstakes and competitions (" sweepstakes" for short) we processed the data of the participants for the execution of the sweepstakes. Further information on the processing of your data within the scope of the individual sweepstakes as well as any consent to the publication of their names or contributions to the sweepstakes will be provided to the users within the conditions of participation of the respective sweepstakes.

  • content data (e.g. contributions to competitions).
  • Special categories of personal data: no.
  • Legal basis: 6 (1) b GDPR.
  • Data subjects: Participants
  • Purpose of processing: Conducting lotteries, notification of prizes, sending prizes, possibly presentation of winners.
  • External disclosure and purpose: Shipping companies for the purpose of sending the prizes, possibly partners and sponsors of prizes.
  • Processing in third countries: No, except for sending prizes abroad.
  • Retention of data: As soon as the data is not required for the competition (e.g. for inquiries regarding prizes); when winners or contributions to the competition are published, they remain permanently online; otherwise, in the event of a legal obligation (end of commercial law (6 years) and tax law (10 years) retention obligation).

Web analytics, online marketing and technology partners

In this section we inform you which services of technology partners are used for web analytics and online marketing purposes. Their application is based on Art. 6 (1) letter f GDPR and our interest in increasing user convenience, optimizing our services and their economic efficiency. The processed data includes in all cases the usage data and the metadata. Further explanations can be found in the definitions of terms, in particular on the functions and security measures, at the end of this Privacy Policy. The retention of the data is determined, unless otherwise stated, in accordance with the Privacy Policies of the technology partners.

Google Tag Manager

Google Tag Manager is a tool that allows us to manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online serviced,). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users' personal data, reference is made to the following information on the Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

We use Google Analytics for purposes of range measurement and target group building.

Google AdWords

We use Google AdWords to place ads on Google's and Google partner's websites and measure their performance.

  • Data processed: Usage data, metadata.
  • Type, scope and mode of operation of the processing: permanent cookies, third party cookies, tracking, conversion measurement, online behavioural advertising, profiling, cross-device-tracking.
  • Special security measures: Pseudonymisation, IP masking, conclusion of Data Processing Agreement, opt-out.
  • Opt-Out: https://adssettings.google.com/.
  • External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Privacy Policy: https://policies.google.com/privacy.
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
  • Retention of data: The data may be processed by Google for up to two years before it is anonymised or deleted.

Google Display Netzwerk

Google's Double-Click technology allows us to target visitors of our website through targeted marketing campaigns on our advertising partners’ websites.

  • Data processed: Usage data, metadata.
  • Type, scope and mode of operation of the processing: permanent cookies, third party cookies, tracking, conversion measurement, online behavioural advertising, profiling, cross-device-tracking.
  • Special security measures: Pseudonymisation, IP masking, conclusion of Data Processing Agreement, opt-out.
  • Opt-Out: https://adssettings.google.com/.
  • External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Privacy Policy: https://policies.google.com/privacy.
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
  • Retention of data: The data may be processed by Google for up to two years before it is anonymised or deleted.

Facebook-Pixel und Custom Audiences

We use the Facebook pixel to form target groups and measure the success of the ads we place on Facebook and to build target groups for ads.

Section IV - Definitions

This section provides an overview of the terms used in this Privacy Policy. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for understanding. The terms are sorted alphabetically.

  • A/B Tests – A/B Tests are designed to improve the usability and performance of online services. For example, users are shown different versions of a website or its elements, such as input forms, on which the placement of the content or labels of the navigation elements can differ. Subsequently, it is possible to determine which of these websites or elements are more suited to the needs of the users on the basis of the users' behaviour, e.g. longer stays on the website or more frequent interaction with the elements of the website.
  • Affiliate Links – Affiliate links are links that are used to refer users to websites with product or other offers. The operators of the respective linking websites can receive a commission if users follow the affiliate links and then take advantage of the offers. For this it is necessary that the providers can track whether users who are interested in certain offers subsequently purchase them at the initiative of the affiliate links. Therefore, the functionality of affiliate links requires that they be supplemented by certain values that become part of the link or are otherwise stored, e.g. in a cookie. The values include in particular the initial website (referrer), the time, an online identification of the operator of the website on which the affiliate link was located, an online identification of the respective offer, an online identification of the user, as well as tracking specific values such as, for example, advertising material ID, partner ID and categorisations.
  • After-Sales – "After Sales" is a marketing procedure in which, for example, customers of an online shop are presented with advertising offers from other companies (which are usually based on the services or products purchased in the online shop). Furthermore, the functionality of after-sales corresponds to the functionality of affiliate links.
  • Aggregated Data – Aggregated data is pooled data that cannot be traced back to a person and is therefore not personal. For example, visit times on a website can be saved as median values.
  • Anonymous data – Anonymity occurs when a person cannot at least be identified by the controller using the reasonable means at his disposal on the basis of data. In particular, aggregated data may be anonymous.
  • Click tracking – "Click tracking" allows to track the movements of users within an entire website. Since the results of these tests are more accurate if the user interaction can be monitored over a certain period of time (e.g. if a user likes to return), cookies are usually stored on the user's computers for these test purposes.
  • Consent – „consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • Conversion – "Conversion", or "Conversion measurement" refers to a procedure with which the effectiveness of marketing measures can be determined. As a rule, a cookie is stored on the user's devices within the websites on which the marketing activities take place and then retrieved again on the target website (e.g. this enables us to trace whether the ads we placed on other websites were effective).
  • Cookies – Cookies are small files that are stored on the user's computer. Different data can be stored in the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to a website. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves a website and closes his browser. In such a cookie, for example, the content of a shopping basket in an online shop or a login status within a community can be stored. Cookies are referred to as "permanent" or "persistent" if they are stored even after the browser is closed. For example, the login status can be saved permanently. Likewise, the interests of users used for web analytics or marketing purposes (see e.g. "Remarketing") may be stored in such a cookie. As a "third party cookie", cookies are offered by providers other than the operator of the website (otherwise, if they are only the operators cookies, they are referred to as "first party cookies").
  • Cross-Device-Tracking – Cookies and fingerprints are device-related. Cross-device tracking is required to evaluate the interests of users using smartphones for advertising on desktop PCs. Logins in social networks such as Facebook, for example, can be used for this purpose. Alternatively, location data, IP addresses and user behaviour are used to achieve up to 98% more precise user restriction. Cookies and web beacons are usually used for cross-device tracking purposes.
  • Custom Audiences – Custom audiences are people who are targeted for advertising purposes, e.g. the display of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it may be concluded that the user is interested in advertisements for similar products or the online shop in which he has viewed the products. "Lookalike audiences" are users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of creating custom audiences and lookalike audiences. "Custom Audiences from Website" means that the target groups are formed on the basis of visitors of the own website. "Custom Audiences from File" means that, for example, a list of e-mail addresses is uploaded to the respective advertising network or platform to form the target group.
  • Data subject – See "Personal data".
  • Demographic Data – Demographic data are general information about groups of people or persons, e.g. characteristics such as age, gender, place of residence and social characteristics such as occupation, marital status or income. Demographic data is collected within the scope of web analytics and in online marketing for the purposes of online behavioural marketing or for business analyses that are used, for example, to determine the target groups.
  • Embedding – Embedding involves integrating external content or software functions (see "Plug-ins") into one' s own website in such a way that they are displayed or executed on this website. No copy of the content is created because it is called from the original server (e.g. videos, images, posts on social networks, widgets with ratings). With embedding, it is technically necessary for the provider of the content to obtain the IP address of the user in order to display the embedded content in the user's browser. Furthermore, the content provider may, for example, store cookies on the user's devices.
  • Advanced matching – The "advanced matching" is a Facebook pixel option, which means that inventory data such as phone numbers, email addresses or Facebook IDs of users are transmitted to Facebook in encrypted form to form target groups for Facebook ads and are used only for this purpose.
  • Error tracking – During error tracking, e.g. incorrectly executed program code is detected in order to eliminate it and thus guarantee the functionality and security of websites.
  • Fingerprints and other online identifiers – "Fingerprints" correspond in their function to cookies, whereby the storage of a file on the user's device is not required. These digital fingerprints can be individually created as cross sums of individual factors of devices, e.g. computing power or browser plug-ins for devices, and thus used for web analytics, profiling, remarketing, online- and behavioural advertising.
  • First-Party Cookies – See „Cookies”.
  • Heatmaps – "Heatmaps" are mouse movements of the users, which are combined to an overall picture, with the help of which e.g. it is possible to recognize which website elements are preferred and which website elements users prefer less.
  • IP address – The IP address ("IP" stands for Internet Protocol) is a sequence of numbers that can be used to identify devices connected to the Internet. When a user visits a website on a server, he informs the server of his IP address. The server then knows that it must send the data packets containing the content of the website to this address.
  • IP Masking – IP masking is a method in which the last octet, i.e. the last two numbers of an IP address, are deleted so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing methods, especially in online marketing.
  • Lookalike Audiences – See “Custom Audiences”.
  • Online behavioural advertising (OBA) – online behavioural advertising is the term used when profiling is used to assess the potential interest of users in advertising. Cookies and web beacons are usually used for these purposes.
  • Opt-in – The term "opt-in" means, depending on the context, the same as registration or consent.. If a registration (e.g. by entering an e-mail address in an online form field) is confirmed by sending an e-mail with a confirmation link to the owner of the e-mail address, this is referred to as a Double-Opt-In (DOI).
  • Opt-Out – The term Opt-Out means unsubscription and may be an objection (e.g. against tracking) or a cancellation (e.g. for newsletter subscriptions).
  • Opt-Out-Cookie – An "Opt-Out-Cookie" is a small file (see "Cookies") which is stored in your browser and in which it is noted that, for example, a tracking service should not process your data. The "opt-out cookie" only applies to the browser in which it was saved, i.e. in which you clicked the opt-out link. If cookies are deleted in this browser, you must click the opt-out link again. Furthermore, an opt-out link can only be limited to the domain on which the opt-out link was clicked.
  • Permanent Cookies – See „Cookies”.
  • Personal Data – "Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Plugins/ Social Plugins – Plugins (or "Social Plugins" in the case of social functions) are external software functions that are integrated into a website. For example, they can be used to output interaction elements (e.g., a "I like" button) or content (e.g., external commenting function or postings in social networks).
  • Processor – "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • Profiling – "Profiling" means any automated processing of personal data consisting in the use of such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this includes information regarding age, gender, location and movement data, interaction with websites and their contents, shopping behaviour, social interactions with other people) (e.g. interests in certain contents or products, click behaviour on a website or the location). Cookies and web beacons are often used for profiling purposes.
  • Privacy Shield – The EU-US Privacy Shield is an informal agreement in the field of data protection law negotiated between the European Union and the United States of America. It consists of a number of assurances from the US government and a decision by the EU Commission. Companies certified under the Privacy Shield offer a guarantee to comply with European data protection law (https://www.privacyshield.gov).
  • Pseudonymisation/ Pseudonyms – "Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; E.g. if an exact interest profile of the computer user is stored in a cookie (a "marketing avatar"), but not the name of the user, then data is processed pseudonymously. If his name is stored, e.g. as part of his e-mail address or his IP address is stored, then the processing is no longer pseudonymous.
  • Third countries – Third countries are countries in which the GDPR is not directly applicable law, i.e. in general states that do not belong to the European Union (EU) or the European Economic Area (EEA).
  • Web Analytics – Web Analytics is used to evaluate the visitor flows of a website and can include their behaviour, interests or demographic information, e.g. age or gender. With the help of range analysis, website owners, for example, can see what types of people visit their website at what time and what content they are interested in. This enables them, for example, to better optimize the content of the website to the needs of their visitors. Cookies and web beacons are often used for Web Analytics purposes.
  • Remarketing/ Retargeting – "Remarketing" or "Retargeting" is used when, for example, for advertising purposes is noted which products a user is interested in on a website in order to remind the user on other websites of these products, e.g. in advertisements. Cookies are usually used for retargeting purposes.
  • Session Cookies – See „Cookies”.
  • Single-Sign-On – Single-Sign-On" or "Single-Sign-On-Authentication" is a procedure that allows users to log on to an online service, using other online services, they are members with. A requirement for Single-Sign-On authentication is that users are registered with the respective Single-Sign-On provider and enter the required credentials on the web form provided for this purpose. Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in under this user ID at the respective single sign-on provider and an ID that can no longer be used by us (so-called "user handle"). Whether we receive further data depends solely on the single sign-on procedure used, the selected data shares as part of authentication and also which data users have authorised in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the choice of users, it can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on procedure is neither visible to us nor is it stored by us. Users are asked to note that their data stored with us can be automatically synchronized with their user account with the Single-Sign-On provider, but this is not always possible or actually occurs. If, for example, the e-mail addresses of users change, users must change these manually in their user account at our site. If users decide that they no longer want to use their user account link with the Single-Sign-On provider for the Single-Sign-On procedure, they must cancel this link within their user account held with the Single-Sign-On provider. If users wish to erase their data from our system, they must cancel their registration at our service.
  • Special categories of personal data – Data identifying racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data or data relating to a natural person's sex life or sexual orientation.
  • Third Party – “Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Third-Party Cookies – See „Cookies”.
  • Tracking – Tracking is defined as when the behaviour of users can be traced across several online offers, e.g. for remarketing purposes. The behavioural and interest information collected with regard to the online services used is stored as user profiles in cookies or on the servers of marketing service providers (e.g. Google or Facebook).
  • Universal Analytics – "Universal Analytics" is a Google Analytics process in which the user analysis is based on a pseudonymous user ID and a pseudonymous profile of the user with information from the use of various devices is created ("cross-device tracking").
  • Controller – “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing – “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Tracking pixels – See Web-Beacons.
  • Web beacons – Web beacons (or "pixels", "measuring pixels" or "tracking pixels") are small, pixel-sized graphics that are integrated into Web pages or HTML e-mails. For example, they allow to determine whether an e-mail has been opened (at least if the image display in e-mails is enabled) or how often a website is accessed by a user.
  • Widgets – See Embedding.

As of: May 2018

Feedback? Questions?