In order to comply with our obligations in accordance with Art. 13 DSGVO, you will be informed by means of this data protection declaration about the type and scope as well as the purpose of the processing of personal data (hereinafter referred to as “data”) that is incurred in the provision of our services and within our online offer. This online offer includes in particular the websites required for this purpose as well as associated functions and contents and external online presences, such as profiles of social networks and media.
With regard to the terms used, reference is made to the definitions in Art. 4 of the Basic Data Protection Regulation (DSGVO).
- 1 Responsible person
is the person responsible for data processing in the sense of Art. 13 para. 1 DSGVO
Oranien Str. 47
Link to the imprint: palderby.com/imprint
- 2 Persons concerned
Visitors and users of our online offer are affected by the data processing carried out by us.
- 3 Types of data processed
In the case of a mere call up of our online offer, i.e. without registration or indication of other information, only the data transmitted to our server by the browser of the respective user (so-called “server log files”) are collected. The following data are affected by this:
. Date and time of access
. Amount of data sent in bytes
. Source/reference from which you reached the page
. IP address used
. Usage data (e.g. so-called cookies, websites visited, interest in content, access times)
. Meta/communication data (e.g. software information, IP/MAC addresses, operating system used and browser).
Should the respective user also complete a registration or provide other information, the following data will also be processed:
. inventory data (e.g. personal master data, names or addresses),
. Contact details (e.g. e-mail addresses, telephone numbers),
. Content data (e.g. text input, photo and video material) .
- 4 Purpose of processing
The processing of the data takes place
– to provide the online offer including its functions and contents,
– to answer contact requests and communicate with and between users,
– to ensure security measures,
– for range measurement and
– for marketing purposes
- 5 Terms used
According to Art. 4 No. 1 DPA, “personal data” is defined as “any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
According to Art. 4 No. 2 DPA, “processing” is defined in Art. 4 No. 2 DPA as “any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.
According to Art. 4 No. 4 FADP, “profiling” is understood to mean “any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person”.
According to Art. 4 No. 5 DSGVO, “pseudonymisation” means “processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person”.
According to Art. 4 No. 6 FADP, a “file system” is “any structured collection of personal data which is accessible according to specific criteria, regardless of whether this collection is managed centrally, decentrally or in an orderly manner according to functional or geographical criteria“.
According to Art. 4 No. 7 DPA, “controller” is “the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, provision may be made for the controller or for the specific criteria for his or her designation under Union law or the law of the Member States”.
According to Art. 4 No. 8, “processor” means “any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller”.
According to Art. 4 No. 9 DSGVO, “recipient” is “a natural or legal person, authority, institution or other body to whom personal data are disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States shall not be regarded as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection provisions and in accordance with the purposes of the processing”.
IP address” means a combination of numbers assigned to a device by an Internet service provider to give that device access to the Internet.
- Section 6 Legal basis
In accordance with Art. 13 para. 1 lit. c DSGVO we are obliged to inform you of the legal basis of our data processing.
The following applies to users within the scope of the Basic Data Protection Regulation (DSGVO), which covers the European Union (EU) and the European Economic Community (EEC), with the proviso that no other legal basis is mentioned in the data protection declaration:
1- Art. 6 para. 1 lit. a and Art. 7 DSGVO is the legal basis for the processing of data covered by a consent
2- Art. 6 para. 1 lit. b DPA is the legal basis for the processing of data for the purpose of fulfilling our owed services, for carrying out pre-contractual measures and for answering enquiries.
3- Art. 6 para. 1 lit. c DSGVO is the legal basis for the processing of data for the fulfilment of our legal obligations.
4- Art. 6 para. 1 lit. d DSGVO is the legal basis for the processing of personal data which is necessary for the vital interests of the person concerned or of another natural person.
5- Art. 6 para. 1 lit. e DSGVO is the legal basis for processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, insofar as this is necessary for this purpose.
6- Art. 6, paragraph 1, letter f of the DPA is the legal basis for processing for the purpose of safeguarding our legitimate interests.
7- Article 6, paragraph 4 of the DPA concerns the processing of data for purposes other than those for which they were collected. Such processing is only possible under the conditions stated here.
8- Art. 9, para. 2 of the DPA sets specific requirements for the processing of special categories of data (corresponding to Art. 9, para. 1 DPA).
- Art. 7 Security measures
In order to ensure a level of protection appropriate to the risk, we ensure the following in accordance with
– the legal requirements, taking into account the state of the art,
– the implementation costs, the nature, scope, circumstances and purposes of the processing, and
– the varying degrees of probability and seriousness of the risk to the rights and freedoms of natural persons
for appropriate technical and organisational measures.
These measures include in particular ensuring the confidentiality, integrity and availability of data by
– Control physical access to the data,
– Control access to the data,
– Control of the inputs, transfers, securing the availability of the data and their separation.
In addition, we have created procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data threats.
- 8 Cooperation with contract processors, jointly responsible parties and third parties
For certain services, in the course of our processing of the data, it is necessary to disclose the data to other persons (usually companies), i.e. to transfer the data to them or otherwise grant them access to the data. These companies are, on the one hand, processors or jointly responsible parties and, on the other hand, third parties such as payment service providers. Such disclosure will only be made on the basis of a legal permission or obligation, a consent by the user or on the basis of our legitimate interests, which may exist, for example, when using agents or web hosts. Such a legitimate interest exists in particular when processing the data for administrative purposes.
In the event that we make data available to other companies in our group of companies (by disclosing, transmitting or granting access in any other form), this is done in particular for administrative purposes. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. In addition, making access available may also be based on a legal requirement.
- 9 Transfer of data to third countries
A disclosure, transmission or other access to the data to a person (this includes a company) in a third country (i.e. outside the EU, EEA or Swiss Confederation) takes place if the legal requirements are met.
This is particularly the case if the data is processed to fulfil our contractual or pre-contractual obligations. Otherwise the processing must be based on your consent, a legal obligation or our legitimate interests. Furthermore, we are obliged to guarantee the necessary minimum standards in this constellation as well. This includes, for example, that the respective third country has been officially granted a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or that officially recognised special contractual obligations are observed.
- Section 10 Rights of the data subjects
You have the right to obtain, upon request, information as to whether data concerning you are being processed. In addition, you have the right to receive further information and to receive a copy of the data in accordance with legal requirements.
You have the right to have the data concerning you completed and to have incorrect data concerning you corrected.
You are entitled to the immediate deletion of data concerning you in accordance with the legal requirements. Alternatively, you have the right to limit the processing of the data within the framework of the legal requirements. (see also right of objection)
In accordance with legal requirements, you have a right to receive the data concerning you that you have provided us with and may also request that it be passed on to other responsible parties.
You have the right to lodge a complaint with the relevant supervisory authority.
- 11 Right of withdrawal
You can revoke your given consent at any time with effect for the future.
- 12 Right of objection
You have the right to object to the future processing of data concerning you in accordance with the legal requirements. The objection may in particular also be directed against processing for the purposes of direct advertising.
- 13 Cookies
We offer the use of temporary and permanent cookies. If you do not agree with this use, please deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of your browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Cookies are small files that are stored on your computer. These files contain different information. First and foremost, cookies serve to store information about a user of an online offer. In particular, login data, the contents of a shopping basket and the articles called up in an online shop or generally called up websites are stored.
A distinction must be made between temporary and permanent cookies.
Temporary cookies are also called “session cookies” or “transient cookies”. These are cookies that are deleted after leaving the online offer. This usually happens when the browser is closed.
Permanent cookies (or “persistent cookies”) are files that remain stored even after the browser is closed. This means that the above-mentioned data can remain stored beyond the respective browser session.
This is particularly relevant in the case of cookies that contain information on user interests. This data is often used for range measurement or marketing purposes.
Furthermore, a distinction must also be made between so-called “third party cookies”, which are offered by providers other than the person responsible for operating the online offering, and so-called “first-party cookies”, which are present in all other cases.
Furthermore, the storage of cookies can also be prevented by deactivating them in the browser settings. However, not all functions of this online offer can be used by this option.
- 14 Deletion of data
In accordance with the legal requirements, we delete the data collected by us or restrict its processing.
We delete the data stored by us as soon as the purpose on which the storage is based has ceased to exist and there are no statutory storage obligations to the contrary and no deviating provisions have been made in this data protection declaration.
Should the data not be deleted due to the necessity for other, legally permissible purposes (e.g. storage for commercial or tax law reasons), their processing will be restricted. In this case, the data will be processed exclusively for this purpose and will otherwise be blocked.
- 15 Changes to the data protection declaration
Legal innovations or changes in the data processing carried out by us may make it necessary to adapt this data protection declaration. For this reason, we ask you to regularly inquire about the content of our data protection declaration. Should a change require a cooperative action on your part (e.g. consent) or other individual notification, you will be informed by us in an appropriate form.
- 16 Processing for business purposes
In addition, we process contract data (e.g. subject matter of the contract, duration, date of conclusion) as well as payment data (e.g. account number) of our customers, interested parties and business partners in order to provide contractual services as well as other services. These include in particular services, customer care, marketing, advertising and market research.
- 17 Customer account
During the registration process on our platform, we process the users’ data to enable them to use the functions provided, such as posting content and communicating with other users. In particular, this includes inventory data, communication data, contract data and payment data. The persons concerned are our customers, interested parties and other business partners.
The purpose of processing is to provide contractual services in the context of operating a social media platform. For this purpose, we use session cookies to store the user pages called up and the posts viewed. In addition, we use permanent cookies to store the login status.
The data processing is carried out on the one hand to fulfil our services and implement contractual measures, and on the other hand to comply with legal regulations (e.g., legally required archiving of business transactions for commercial and tax purposes).
The information marked as required is necessary for the establishment and fulfilment of the contract.
The data will only be passed on to third parties within the scope of the legal permissions and obligations and on the basis of our legitimate interests, about which we expressly inform you within the scope of this data protection declaration. As examples of this are in particular disclosures to legal and tax consultants, financial institutions and authorities.
Our users are offered the opportunity to create a user account. This allows them to view their activities and access additional services, such as sending messages to other users. The users will be advised of the mandatory data required for registration.
The accounts we create are not public and cannot be indexed by search engines. In the event that the user terminates such an account, the user’s data relating to the user account will be deleted, unless it is necessary to keep them for reasons of commercial or tax law.
All data collected within the scope of the customer account will remain in existence until its deletion with subsequent archiving in the event of a legal obligation or our legitimate interests. Such an obligation exists, for example, in the event of legal disputes.
It is the user’s responsibility to back up the data before the end of the contract if the contract is terminated.
We store the IP address used by you during registration and subsequent logins as well as the IP address used when using our online services and the time of the respective user action. This storage is done in order to protect our legitimate interests and to protect the user from misuse and other unauthorized use. These data will not be passed on to third parties. This does not apply if this is necessary to pursue our legal claims as a legitimate interest or if there is a legal obligation to do so.
After expiry of the legal warranty rights or other contractual obligations, we will not pass on this data to third parties.
After expiry of the statutory warranty rights or other contractual rights or obligations, such as payment claims or performance obligations from contracts, the data collected and stored by us will be deleted. The necessity of keeping the data is reviewed every three years. In the case of storage due to statutory archiving obligations, the data will be destroyed once this obligation has expired.
- 18 Administration, financial accounting, office organisation, contact management
We process data within the performance of administrative tasks and the organisation of our operations, financial accounting and compliance with legal obligations, such as archiving.
This data is the same data that we process to provide our contractual services. This processing is carried out in accordance with Art. 6 paragraph 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO.
Customers, interested parties, business partners and website visitors are affected by the processing. The purpose of and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.
We disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee agencies and payment service providers.
Furthermore, we store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We store these mostly company-related data permanently.
- 19 Business management analyses and market research
The data available to us, especially those concerning business transactions, contracts and enquiries, are analysed by us in order to be able to operate our business economically. In doing so, we also try to identify market trends and the wishes of our contractual partners and users (marketing, market research). For these purposes, in particular inventory data, communication data, contract data, payment data, usage data and meta data are collected on the basis of Art. 6 Para. 1 lit. f. DSGVO are processed by us. Within the scope of processing, we can, for example, compare the details of registered users within their profiles with the services they have used.
The analyses carried out are designed to increase user-friendliness and business efficiency and to optimise our services. The analyses are carried out exclusively for our own purposes and are not disclosed externally, unless they are anonymous analyses with summarised values.
The persons affected by these measures include our contractual partners, interested parties, customers, visitors and users of our online offer.
Insofar as such analyses or profiles are personal, they are deleted or made anonymous when the users terminate their contract. Otherwise this happens after two years from conclusion of the contract. Furthermore, the overall business analyses and general tendency determinations are made anonymously if possible.
- 20 Participation in affiliate partner programs
Within the scope of our online offer, we use tracking measures customary in the industry insofar as these are necessary for the operation of the affiliate system.
The legal basis for this measure is the protection of our legitimate interests in accordance with Art. 6 Para. 1 lit. f DSGVO, in particular the interest in the analysis, optimisation and economic operation of our online offer.
The services offered by us or our contractual partners are also advertised and linked on other websites. On the one hand, there are so-called affiliate systems, which are based on the fact that the operator of the respective website receives a commission as soon as a user clicks on an affiliate link and then takes advantage of the respective offer. In addition, there are also so-called “after-buy systems” in which, for example, links or services of third parties are offered after the conclusion of a contract.
In order to check whether users who express an interest in our offer by clicking on such an affiliate link, or who have expressed an interest in an offer within our online presence, are then actually taking advantage of it, it is necessary for our online offer to track the surfing behaviour of our users. This can be achieved by adding certain values to the affiliate links and our offers. On the one hand, this can be done by supplementing the link with a component that contains such tracking information or in another way, such as by setting a cookie.
The tracking information includes in particular
– the output web page (referrer),
– an online identification of the operator of the website on which the affiliate link was located,
– an online identification of the respective offer,
– an online identification of the user and
– Tracking specific values (e.g. ad media ID, partner ID and categorizations).
The online identification of the users used here exclusively contains pseudonymous values. This means that the online ID itself does not contain any personal data such as names or e-mail addresses.
The identification only serves to determine whether the same user who clicked on an affiliate link or was interested in an offer within our online presence has actually taken advantage of the offer, i.e. has usually concluded a contract with the provider. However, we and the partner company usually have the online identification together with other user data, which means that the identification is to be regarded as personal. This is necessary because only by this procedure the partner company can tell us whether the user has taken advantage of the offer and we have to pay the agreed commission.
- 21 Registration function
Users have the possibility to create a user account. During the registration required for this purpose, the required mandatory data is provided to the users. This data is processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of providing the user account. In particular, login information (name, password and e-mail address) is recorded and processed. All data entered during registration will be used for the use of the user account and related purposes.
Our users can receive information relevant to the user account by e-mail. This may concern technical changes, for example.
If a user account is terminated by the user, the user’s data relating to the user account will be deleted, subject to a legal obligation to retain data. It is the users’ responsibility to save their data before the end of the contract if they terminate it. We have the right to permanently delete all user data that has been saved during the contract period.
In addition, within the scope of the registration and login function, we will store the IP address and the time of the respective user action. This is done on the basis of the protection of our legitimate interests as well as those of the users, as this is intended to ensure protection against misuse and other unauthorised use. This data will not be passed on to third parties, unless this is necessary to pursue our claims or if there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c. DSGVO exists. The IP addresses are anonymised or deleted after 7 days at the latest.
- 22 Making contact
Within the scope of contacting us, which is possible via contact form, e-mail, telephone, fax or social media, the user’s data is processed for the purpose of processing and handling the contact request. The legal basis with regard to contractual/pre-contractual relations is derived from Art. 6 para. 1 lit. b. DSGVO. With regard to other enquiries, Art. 6 para. 1 lit. f. DSGVO is relevant. The information provided by users is generally stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation.
We delete the data obtained with regard to the enquiry if it is no longer required. The necessity is checked every two years. Otherwise, the statutory archiving obligations apply.
- 23 Newsletter
Now follow notes regarding the contents of our newsletter, the registration, dispatch and statistical evaluation procedure as well as your rights of objection.
By ordering our newsletter, you simultaneously declare your agreement to receive it and to the procedures explained.
Content of the newsletter:
We send newsletters in the form of e-mails and other electronic notifications containing advertising information only with the prior consent of the recipient or if permitted by law.
If the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. Furthermore, our newsletters contain information about our services and us.
Double-Opt-In and logging:
The registration for our newsletter is carried out in a so-called double-opt-in procedure.
This means that a message is sent to the e-mail address you have provided, requesting confirmation of the registration by clicking on a specific link. This confirmation is necessary so that users can only register with e-mail addresses that they can access themselves and not abuse other e-mail addresses.
In order to be able to prove the registration process in accordance with the legal requirements, each registration for the newsletter is logged. For this purpose, the time of registration and confirmation as well as the IP address of the user are recorded.
In addition, any changes to your data stored by the mailing service provider are recorded.
For the registration to our newsletter it is sufficient to enter your e-mail address. To be able to address you personally in the newsletter, we ask you to enter a name in addition.
The legal admissibility of sending newsletters results from the above-mentioned consent of the respective recipient in accordance with Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with § Art. 7 para. 2 no. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lt. f. DSGVO in conjunction with § Art. 7 Para. 3 UWG.
The logging of the registration procedure is based on the protection of our legitimate interests in accordance with Art. 6 Para. 1 lit. f. DSGVO.these interests consist in the establishment and maintenance of a user-friendly and secure newsletter system for business purposes, which also enables us to prove consent.
You have the right to cancel our newsletter service at any time. By doing so, you simultaneously revoke your consent. You will find a link to unsubscribe from our newsletter at the end of each newsletter. In order to be able to prove a given but later revoked consent, we are entitled to store the unsubscribed e-mail addresses for up to three years after the revocation based on our legitimate interests. This data is processed exclusively for the purpose of a possible defence against claims. If you confirm the former existence of a consent, you have the possibility to submit an individual request for deletion at any time.
- 24 Hosting and e-mail dispatch
For the operation of our online offer we fall back on external hosting services. This concerns:
– Infrastructure and platform services
– Computing capacity, storage space and database services,
– e-mail dispatch services and
– security and technical maintenance services.
Within the scope of safeguarding our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of contract processing agreement), the following data in particular are processed by us or our hosting provider:
– inventory and contact data,
– Content data and contract data and
– Usage, meta and communication data.
This data processing concerns our customers as well as interested parties and visitors to our online offer.
- 25 Collection of access data and log files
On the basis of safeguarding our legitimate interests in accordance with Art. 6 Para. 1 lit. f. DSGVO, we or our hosting provider collect data about every access to the server on which this service is located (so-called server log files). These data include
– Name of the web page accessed and, if applicable, of certain files,
– Date and time of the retrieval,
– transferred data volume,
– Message about successful retrieval,
– Browser type and version, the user’s operating system,
– Referrer URL (the previously visited page),
– IP address and
– the requesting provider.
For security reasons, log file information is stored for up to seven days and then deleted. This serves in particular for the clarification of abuse or fraud. If data is suitable as evidence for the clarification of a matter, it will be excluded from deletion until the final clarification of the respective incident.
- 26 Google Tag Manager
The Google Tag Manager is used to manage so-called website tags via a single interface, which can be used to integrate Google Analytics and other Google marketing services into our online offering. The Tag Manager only implements the respective tags, i.e. it does not process any personal data of the users. Regarding the processing of such related data, we refer to the following usage guidelines for Google services: https://www.google.com/intl/de/tagmanager/use-policy.html.
- 27 Google Analytics
On the basis of safeguarding our legitimate interests in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO we use the web analysis service Google Analytics, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Insofar as data is processed in the USA, we would like to point out that Google is certified in accordance with the Privacy-Shield-Agreement and thereby assures that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
The information is processed on the basis of our interest in evaluating the use of our online offer and recording the activities within the scope of this offer. In addition, further services associated with the use of this online offer and the use of the Internet are provided. This enables Google to create pseudonymous user profiles of the users from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data.
In the event that users do not agree with such data processing, there is the option of deactivating the setting of any cookies via the browser settings.
Furthermore, users can prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the use of data by Google, setting and objection options, are contained in the Google data protection declaration (https://policies.google.com/privacy) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).
The personal data of users will be deleted or anonymised after 14 months.
- 28 Google AdWords and conversion measurement
On the basis of safeguarding our legitimate interests in the analysis, optimisation and economic operation of our online offer in accordance with Art. 6 Para. 1 lit. f. DSGVO we use the online marketing procedure Google “AdWords” of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby personal data is processed.
Insofar as data is processed in the USA, we would like to point out that Google is certified according to the Privacy-Shield-Agreement and thereby assures to comply with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google “AdWords” enables us to place ads on the Google advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to better target ads for and within our online services in order to show users only ads that potentially match their interests. For example, if a user is shown ads for products that he or she has been interested in on other websites, this is called “remarketing”. For these purposes, when you visit our website and other websites on which the Google advertising network is active, Google will execute code directly by Google and incorporate so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (instead of cookies, comparable technologies can also be used). This file records which websites the user has visited, what content he is interested in and which offers the user has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer.
We also receive an individual “conversion cookie”. The information obtained with the help of the cookie is used by Google to compile conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive any information that personally identifies users. User information is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the name or e-mail address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. I.e. from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google’s servers in the USA.
- 29 Facebook pixels, custom audiences and Facebook conversion
Due to the protection of our legitimate interests in analysis, optimization and economic operation of our online offer, we use the so-called “Facebook pixel”, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and in the use of which personal data is processed. Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA is responsible for users who are located outside the EU.
Facebook is certified in accordance with the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
The use of a Facebook pixel enables Facebook to select visitors to our online offer as a target group for the display of advertisements (so-called “Facebook Ads“).
We then use this Facebook pixel to display the Facebook Ads we have placed exactly to those Facebook users who have also expressed an interest in our online offer. In addition, we may also want to target specific audiences who have characteristics such as interest in certain topics or products that are determined by the websites visited. Such characteristics are transmitted by us to Facebook (so-called “custom audiences”).
The use of the Facebook pixel also helps us to determine how well our Facebook Ads have been accepted by potential interested parties. It is very important to us that our ads are not annoying. With the help of the Facebook pixel, we can precisely evaluate the effect of Facebook ads for statistical and market research purposes. In doing so, we check whether the respective user was also redirected to our website after clicking on a Facebook ad (so-called “conversion”).
The processing of data by Facebook takes place within the framework of the Facebook data usage guidelines: https://www.facebook.com/policy.
Special information and details about the Facebook pixel and its functionality can be viewed in the Facebook help area: https://www.facebook.com/business/help/651294705016616.
Every user can object to the data collection by the Facebook pixel as well as the use of data to display Facebook ads.
In addition, it is also possible to specify exactly what types of ads should be displayed within Facebook. This is done through the page set up by Facebook, following the instructions on the Usage-based Advertising Settings page: https://www.facebook.com/settings?tab=ads.
The settings are platform-independent. They are therefore applied to all devices used.
This can be done via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) or via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
- 30 BuddyPress and WordPress
- 31 Online presence in social media
We operate online presences within the framework of social networks and platforms in order to communicate with their users and to inform them about our offer.
In doing so, user data may be processed outside the area of the European Union.
This may entail risks for the respective users. For example, the enforcement of users’ rights may be more difficult. In the event that the provider is based in the USA and must therefore be certified in accordance with the Privacy-Shield, the provider is obliged to comply with the data protection standards of the EU.
In addition, user data is also generally processed for market research and advertising purposes. For example, user profiles are created from the user behaviour and the resulting interests of the users. These can then be used, for example, for personalised advertisements within and outside the platforms that correspond to the presumed interests of the users.
The technical implementation is usually done by using cookies, which are stored on the users’ computers. These contain the surfing behaviour of the users, from which their interests can be inferred. It should be noted that data from other devices used by the user can also be stored in the user profiles. This is particularly the case if the users are logged in as members of the respective platforms.
The personal data of users is processed within the scope of our legitimate interests in effective information of users and communication with users in accordance with Art. 6 Para. 1 lit. f. DSGVO. In the event that the respective platform providers request the users to give their consent to the aforementioned data processing, Art. 6 para. 1 lit. a., Art. 7 DSGVO is the legal basis for the processing.
For a detailed presentation of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information from the providers.
Requests for information and the assertion of user rights can also most effectively be asserted with the providers themselves, as only they have access to the users’ data and can directly take appropriate measures and provide information. Should you nevertheless need help, we are at your side to support you.