Thank you for your interest in our company. The senior management of ad publica Public Relations GmbH considers privacy, also called data protection, a top priority. In principle, the website of ad publica Public Relations GmbH may be accessed without disclosing any personal data. However, if a data subject wishes to use specific services offered by our company via our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we will always obtain the data subject’s consent.
Personal data such as the name, address, email address or telephone number of a data subject is always processed in accordance with the General Data Protection Regulation as well as the national data protection regulations applicable to ad publica Public Relations GmbH. In this privacy policy, our company would like to inform the public of the type of personal data we collect, use and process, and to what extent and for what purpose we do so. Furthermore, this privacy policy serves to inform data subjects of their rights.
ad publica Public Relations GmbH as the data controller has implemented a number of technical and organisational measures to ensure the most comprehensive protection possible for personal data processed through this website. Nevertheless, internet-based data transmission is inherently subject to security breaches. We cannot guarantee absolute protection. For that reason, a data subject has the option to transmit personal data to us by alternative means, for example by telephone.
1. Definitions
The privacy policy of ad publica Public Relations GmbH is based on the definitions set out by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily legible and comprehensible to the general public as well as our clients and partners. For that purpose, we would like to start by providing definitions for the terms used.
This privacy policy includes, without limitation, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or processing controller
Controller or processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
ad publica Public Relations GmbH
Poßmoorweg 1
22301 Hamburg
Tel.: +494031766300
Email: datenschutz(at)adpublica.com
Website: www.adpublica.com
3. Name and address of the data protection officer
Data protection officer of the controller is:
Proliance GmbH
Dominik Fünkner
Leopoldstraße 21
80802 Munich
Tel.: +4989250039222
Email: datenschutzbeauftragter(at)datenschutzexperte.de
Website: www.datenschutzexperte.de
Data subjects may contact our data protection officer at any time with questions or suggestions in respect of privacy and data protection.
4. Recording of general data and information
Each time the website of ad publica Public Relations GmbH is accessed by a data subject or an automated system, it records certain general data and information. This general data and information is saved in the server’s log files. The following may be recorded: (1) type and version of browser used, (2) the operating system used by the accessing system, (3) the website from which an accessing system was referred to our website (so-called referrer), (4) the subpages an accessing system is accessing on our website, (5) the date and time the website is accessed, (6) an Internet Protocol address (IP address), (7) the internet service provider of the accessing system and (8) further similar data and information that serves the purpose of averting threats in the event of attacks on our information technology systems.
ad publica Public Relations GmbH does not draw any conclusions about the data subject when using this general data and information. Rather, this information is necessary to (1) correctly deliver our website content, (2) optimize our website content as well as any advertising for the website, (3) ensure stable functionality of our information technology systems and the technology of our website and (4) to provide law enforcement agencies with the information required to enforce the law in case of a cyber attack. This data and information is collected anonymously and used by ad publica Public Relations GmbH for statistical analysis and further with the aim of enhancing the data protection and data safety in our company to ultimately ensure an optimum level of protection for the personal data we process. Anonymous data from server log files is stored separately from any personal data provided by a data subject.
5. Subscribing to our newsletter
The website of ad publica Public Relations GmbH offers users the option of subscribing to our company newsletter. The subscription screen will show the personal data transmitted to the controller during the submission of a request for receipt of our newsletter.
ad publica Public Relations GmbH uses the newsletter to regularly inform clients and partners of products and services offered by the company. A data subject will only be able to receive our newsletter if (1) the data subject has a valid email address and (2) the data subject has registered to receive the newsletter. For legal reasons, upon the data subject’s initial registration of an email address to receive newsletters, a confirmation email is sent to that address as part of a double opt-in process. This confirmation email serves to verify whether the owner of the email address, as the data subject, has authorised receipt of the newsletter.
During the registration process for the newsletter, we also store the IP address assigned by the internet service provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of registration. Collection of this data is necessary in order to understand and trace any (possible) misuse of the email address of a data subject at a later date; it therefore serves as legal protection for the controller.
Personal data collected as part of the registration process for our newsletter is used exclusively to send our newsletter. Newsletter subscribers may also be sent information by email, provided this is required to operate the newsletter service or a registration related to it. This may be the case, for example, if the newsletter offering or any of the technical circumstances change. Personal data collected as part of the newsletter service is not shared with third parties. The data subject may cancel the subscription to our newsletter at any time. Consent to the storage of personal data given to us by the data subject for the purposes of sending the newsletter may be withdrawn at any time. Each newsletter includes a link for the purpose of withdrawing such consent. The data subject additionally has the option to access the controller’s website directly to unsubscribe from receipt of the newsletter or to inform the controller by other means of the withdrawal of their subscription.
6. Newsletter tracking
The newsletter of ad publica Public Relations GmbH includes so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format; it enables log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, ad publica Public Relations GmbH can identify whether and when an email has been opened by a data subject and which links in that email the data subject has accessed.
Personal data collected via tracking pixels contained in the newsletters is stored and evaluated by the controller in order to optimise the newsletter dispatch and to better adapt the content of future newsletters to the data subject’s interests. This personal data is not shared with third parties. Data subjects have the right at any time to withdraw their consent to this, which had been given separately by way of the double opt-in process. Following a withdrawal, this personal data will be deleted by the controller. ad publica Public Relations GmbH will automatically treat any cancellation of a subscription for receipt of the newsletter as a withdrawal.
7. Contact via the website
In accordance with legal requirements, the website of ad publica Public Relations GmbH includes information to facilitate establishing swift electronic contact with our company as well as direct communication with us. This includes a general address for so-called electronic mail (email address). If a data subject contacts the controller via email or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted voluntarily by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. This personal data is not shared with third parties.
8. Routine erasure and blocking of personal data
The controller will process and store the data subject’s personal data only for the period necessary to achieve the purpose of storage, or to the extent provided for by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply, or if a storage period imposed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with legal requirements.
9. Rights of the data subject
a) Right of confirmation
The European legislator has granted each data subject the right to obtain from the controller a confirmation on whether any personal data relating to the data subject is being processed. To avail himself or herself of this right to confirmation, a data subject may at any time contact any employee of the controller.
b) Right of access
The European legislator has granted each data subject affected by the processing of personal data the right, at any time and at not cost, to obtain from the controller information on the personal data stored about his or her own person, as well as a copy of this information. The European legislator has also granted the data subject a right to access the following information:
the purposes of the processing
the categories of personal data concerned
the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the right to lodge a complaint with a supervisory authority
where the personal data is not collected from the data subject: any available information as to their source
the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Further, the data subject has a right to be informed about whether personal data has been transferred to a third country or to an international organisation. If that is the case, the data subject shall also have the right to be informed of the appropriate safeguards relating to the transfer.
To avail himself or herself of this right of access, a data subject may at any time contact any employee of the controller.
c) Right to rectification
The European legislator has granted each data subject affected by the processing of personal data the right to request the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject shall additionally have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
To avail himself or herself of this right to rectification, a data subject may at any time contact any employee of the controller.
d) Right to erasure (‘right to be forgotten’)
The European legislator has granted each data subject affected by the processing of personal data the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies and provided the processing is not required:
The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
The data subject withdraws consent on which the processing is based according to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR and there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.
The personal data has been unlawfully processed.
The personal data has to be erased for compliance with a legal obligation in accordance with Union or Member State law to which the controller is subject.
The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
If one of the above reasons applies and a data subject wishes to request the erasure of personal data stored by ad publica Public Relations GmbH, he or she may, at any time, contact any employee of the controller. An employee of ad publica Public Relations GmbH will ensure that the request for erasure is carried out without undue delay.
Where ad publica Public Relations GmbH has made the personal data public and our company, as the controller, is obliged pursuant to Article 17 (1) GDPR to erase the personal data, ad publica Public Relations GmbH, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data made public that the data subject has requested the erasure by such other controllers of any links to, or copy or replication of, this personal data, provided that the processing is not necessary. In individual cases, an employee of ad publica Public Relations GmbH will do what is necessary to carry out the request.
e) Right to restriction of processing
The European legislator has granted each data subject affected by the processing of personal data the right to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the above prerequisites applies and a data subject wishes to request the restriction of personal data stored by ad publica Public Relations GmbH, he or she may, at any time, contact any employee of the controller. An employee of ad publica Public Relations GmbH will ensure that the processing is restricted.
f) Right to data portability
The European legislator has granted each data subject affected by the processing of personal data the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. Each data subject further has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where: the processing is based on consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR; and the processing is carried out by automated means, provided that the processing is not required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and as long as the rights and freedoms of others are not impacted.
The data subject may contact any employee of ad publica Public Relations GmbH at any time to avail himself or herself of the right to data portability.
g) Right to object
The European legislator has granted each data subject affected by the processing of personal data the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on these provisions.
If an objection is raised, ad publica Public Relations GmbH shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is necessary for the establishment, exercise or defence of legal claims.
Where ad publica Public Relations GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also includes profiling, to the extent that it is related to such direct marketing Where the data subject notifies ad publica Public Relations GmbH of objections to processing for direct marketing purposes, ad publica Public Relations GmbH shall no longer process the personal data for such purposes.
Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her to ad publica Public Relations GmbH, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
The data subject may contact any employee of ad publica Public Relations GmbH at any time directly to avail himself or herself of the right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
h) Automated individual decision-making, including profiling
The European legislator has granted each data subject affected by the processing of personal data the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or affects him or her in a similarly significant way. This does not apply if the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller; or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (3) is based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, ad publica Public Relations GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
To avail himself or herself of any rights relating to automated decision-making, a data subject may at any time contact any employee of the controller.
i) Right to withdrawal of consent to the processing of data
The European legislator has granted each data subject affected by the processing of personal data the right to withdraw consent to the processing of personal data at any time.
To avail himself or herself of the right to withdraw consent, a data subject may at any time contact any employee of the controller.
10. Privacy during the recruitment process
The controller collects and processes the personal data of job applicants for the purposes of the recruitment process. This data may also be processed electronically. In particular, data is processed electronically if a job applicant transmits documents relating to the application to the controller by electronic means, for example by email or through a web form accessible on the website. If the controller enters into an employment contract with an applicant, the data transmitted will be stored for the purposes of processing the employment and in compliance with legal provisions. Should the controller not enter into an employment contract with the applicant, documents relating to the application will be automatically deleted two months after announcing the rejection, unless other legitimate interests of the controller justify their retention. For these purposes, other legitimate interests may, for example, include the burden of proof in a proceeding pursuant to the AGG (Allgemeines Gleichbehandlungsgesetz, the German General Act on Equal Treatment).
11. Privacy policy for the use of Facebook
The controller has integrated components from the company Facebook into this website. Facebook is a social network.
A social network is a social meeting place hosted on the internet. It is an online community that generally enables users to communicate with each other and interact in the virtual space. A social network can act as a platform for the exchange of opinions and experiences, or it can facilitate the provision of personal and corporate information by the internet community. Among other things, Facebook allows its users to create private profiles, upload pictures and establish a network through friendship requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For data subjects resident outside the USA or Canada, the controller responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Every time a data subject accesses an individual page of this website, which is operated by the controller and into which a Facebook component (Facebook plugin) has been integrated, the Facebook component automatically prompts the web browser on the data subject’s information technology system to download an image of the corresponding Facebook component from Facebook. An overview of all Facebook plugins is available on https://developers.facebook.com/docs/plugins/?locale=de_DE. As a result of this technical procedure, Facebook is informed of the specific subpage of our website that was accessed by the data subject.
As long as the data subject is logged into their Facebook account, Facebook can recognize each subpage of our website accessed by the data subject for the entire duration of the data subject’s visit to our website. This information is collected through the Facebook component and allocated by Facebook to the data subject’s Facebook account. If the data subject activates one of the Facebook buttons integrated into our website, for example the ‘Like’ button, or if the data subject submits a comment, Facebook will allocate this information to the data subject’s personal Facebook user account and will store this personal data.
The Facebook component informs Facebook of the data subject’s visit to our website whenever the data subject is logged into their Facebook account at the same time as accessing our website, irrespective of whether the data subject clicks on the Facebook component or not. If the data subject wishes to avoid the transmission of this information to Facebook, the data subject may prevent this transmission by logging out of his or her Facebook account prior to accessing our website.
Facebook’s privacy policy is published under https://de-de.facebook.com/about/privacy/ and sets out how Facebook collects, processes and uses personal data. It also details the various settings and options offered by Facebook to protect the data subject’s privacy. Additionally, a number of different applications are available in order to block the transmission of data to Facebook. The data subject may use such applications in order to block a transmission of data to Facebook.
12. Privacy policy for the use of Google Analytics (with anonymization function)
The controller has integrated the component Google Analytics (with anonymization function) into this website. Google Analytics is a web analytics service. Web analytics is the collection, compilation and analysis of data on the behaviour of website visitors. A web analytics service collects, among other things, data on the website from which a data subject navigated to another (the so-called referrer), which subpages were accessed or how often and for how long a subpage was viewed. Web analytics is predominantly used to optimize websites and to perform cost-benefit analyses for internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the ‘_gat._anonymizeIp’ function for web analyses through Google Analytics. This add-on ensures that Google truncates and anonymizes the IP address allocated to the data subject’s internet connection if our website is accessed from a member state of the European Union or another contracting state of the Agreement on the European Economic Area.
Purpose of the Google Analytics component is to analyse the traffic on our website. Google uses the data and information collected among other things to perform a usage analysis of our website, to compile online reports on our behalf showing activities on our webpages, and to provide further services relating to the use of our website.
Google Analytics places a cookie on the data subject’s information technology system. Cookies are explained in detail above. Placing this cookie enables Google to perform a usage analysis of our website. Every time a data subject accesses an individual page of this website, which is operated by the controller and into which a Google Analytics component has been integrated, the Google Analytics component automatically prompts the web browser on the data subject’s information technology system to transmit data for an online analysis to Google. As a result of this technical procedure, Google obtains certain personal data, such as the data subject’s IP address. Google uses this data, among other things, to trace the origin of visitors and clicks, and eventually to facilitate commission accounting.
Personal information such as the time of access, the location of access and the frequency of visits to our website by the data subject is stored through the cookie. During each visit to our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may, in some circumstances, share personal data collected through this technical procedure with third parties.
As outlined above, the data subject may at any time activate the relevant setting in the internet browser used to object to and prevent cookies being placed by our website. This will permanently block the placement of cookies. Activating this setting in the web browser used also prevents Google from placing a cookie on the data subject’s information technology system. Additionally, a cookie already placed by Google Analytics can be deleted at any time either through the internet browser or using other software.
The data subject further has the option to object to and to prevent the recording of data generated by Google Analytics and relating to the use of this website as well as to the processing of such data by Google. To do so, the data subject will need to download and install a browser add-on from https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to notify Google Analytics that no data and information on website visits may be transmitted to Google Analytics. Google will treat the installation of the browser add-on as an objection. If the data subject’s information technology system is subsequently erased, formatted or re-installed, the data subject will need to re-install the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person with the relevant authority, it is possible to reinstall or reactivate the browser add-on.
Further information as well as Google’s current privacy policy is available under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Further information on Google Analytics is available under https://www.google.com/intl/de_de/analytics/.
13. Privacy policy for the use of Google AdWords
The controller has integrated Google AdWords into this website. Google AdWords is an internet advertising service. It allows advertisers to display their advertisements both in Google search results and within the Google ad network. Google AdWords enables the prior setting of certain keywords through the advertiser to ensure that an advertisement is only displayed with the Google search results if a user has entered a term relevant to these keywords into the search engine. The Google ad network uses an algorithm to automatically display advertisements on websites that have been identified as relevant based on the previously set keywords.
Operating company of the Google AdWords service is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to promote our website by displaying relevant advertisements on third-party websites and in the search results of the Google search engine, and to display third-part advertisement on our own website.
If a data subject navigates to our website via a Google advertisement, Google places a so-called conversion cookie on the data subject’s information technology system. Cookies are explained in detail above. A conversion cookie expires after thirty days and is not used to identify the data subject. Until its expiration, a conversion cookie is used to trace whether specific subpages, for example a shopping basket of an online store, have been accessed from our website. The conversion cookie allows us, as well as Google, to trace whether a data subject who has navigated to our website via a Google AdWords advertisement has generated revenue, i. e. whether they completed or cancelled a purchase of goods.
Google uses the data and information collected through the conversion cookie to compile visitor statistics for our website. We in turn use these visitor statistics to determine the total number of users referred to us through Google AdWords advertisements; effectively, we determine the performance of each Google AdWords advertisement to optimize our Google AdWords advertisements in future. Google does not provide information that would allow for a data subject to be identified to either our company or any other Google AdWords advertising clients.
The conversion cookie is used to store personal information, for example the websites visited by the data subject. Consequently, during each visit to our website, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may, in some circumstances, share personal data collected through this technical procedure with third parties.
As outlined above, the data subject may at any time activate the relevant setting in the internet browser used to object to and prevent cookies being placed by our website. This will permanently block the placement of cookies. Activating this setting in the web browser used also prevents Google from placing a conversion cookie on the data subject’s information technology system. Additionally, a cookie already placed by Google AdWords can be deleted at any time either through the internet browser or using other software.
The data subject further has the option to object to interest-based advertising by Google. To do so, the data subject must access the page www.google.de/settings/ads from each internet browser he or she uses and change the relevant settings accordingly.
Further information as well as Google’s current privacy policy is available under https://www.google.de/intl/de/policies/privacy/.
14. Privacy policy for the use of Instagram
The controller has integrated components of the Instagram service into this website. Instagram is a service that qualifies as an audio-visual platform. It allows users to share images and video files and to disseminate such data in other social networks.
Operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Every time a data subject accesses an individual page of this website, which is operated by the controller and into which an Instagram component (Instagram button) has been integrated, the Instagram component automatically prompts the web browser on the data subject’s information technology system to download an image of the relevant component from Instagram. As a result of this technical procedure, Instagram is informed of the specific subpage of our website that was accessed by the data subject.
As long as the data subject is logged into their Instagram account, Instagram can recognize each subpage of our website accessed by the data subject for the entire duration of the data subject’s visit to our website. This information is collected through the Instagram component and allocated by Instagram to the data subject’s Instagram account. If the data subject activates one of the Instagram buttons integrated into our website, data and information transmitted through that button will be allocated to the data subject’s personal Instagram user account and will be stored and processed by Instagram.
The Instagram component informs Instagram of the data subject’s visit to our website whenever the data subject is logged into their Instagram account at the same time as accessing our website, irrespective of whether the data subject clicks on the Instagram component or not. If the data subject wishes to avoid the transmission of this information to Instagram, the data subject may prevent this transmission by logging out of his or her Instagram account prior to accessing our website.
Further information as well as Instagram’s current privacy policy is available under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
15. Privacy policy for the use of Twitter
The controller has integrated components from Twitter into this website. Twitter is a multilingual micro-blogging service that is accessible to the public. Users have the ability to publish and distribute so-called Tweets, i. e. short messages of no more than 140 characters. These short messages are accessible to anyone, including users not registered with Twitter. Tweets are also accessible to the so-called followers of the user posting them. Followers are other Twitter users who have elected to follow the Tweets of a specific user. Additionally, Twitter offers options such as hashtags, linking or Retweets, making it possible to address a wide audience.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Every time a data subject accesses an individual page of this website, which is operated by the controller and into which a Twitter component (Twitter button) has been integrated, the Twitter component automatically prompts the web browser on the data subject’s information technology system to download an image of the relevant component from Twitter. Further information on Twitter buttons is available under https://about.twitter.com/de/resources/buttons. As a result of this technical procedure, Twitter is informed of the specific subpage of our website that was accessed by the data subject. The Twitter component is integrated for the purposes of allowing our users to disseminate the content of this website, of raising awareness of this website in the digital world and of increasing the number of visitors to our website.
As long as the data subject is logged into their Twitter account, Twitter can recognize each subpage of our website accessed by the data subject for the entire duration of the data subject’s visit to our website. This information is collected through the Twitter component and allocated by Twitter to the data subject’s Twitter account. If the data subject activates one of the Twitter buttons integrated into our website, data and information transmitted through that button will be allocated to the data subject’s personal Twitter user account and will be stored and processed by Twitter.
The Twitter component informs Twitter of the data subject’s visit to our website whenever the data subject is logged into their Twitter account at the same time as accessing our website, irrespective of whether the data subject clicks on the Twitter component or not. If the data subject wishes to avoid the transmission of this information to Twitter, the data subject may prevent this transmission by logging out of his or her Twitter account prior to accessing our website.
Twitter’s current privacy policy is available under https://twitter.com/privacy?lang=de.
16. Privacy policy for the use of XING
The controller has integrated components from XING into this website. XING is an internet-based social network offering users the facility to connect with existing business contacts as well as to establish new business contacts. Each user has the option to set up a personal profile with XING. Companies can set up company profiles and use XING, among other things, to advertise vacancies.
The operating company of XING is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Every time a data subject accesses an individual page of this website, which is operated by the controller and into which a XING component (XING plug-in) has been integrated, the XING component automatically prompts the web browser on the data subject’s information technology system to download an image of the relevant component from Xing. Further information on XING plug-ins is available under https://dev.xing.com/plugins. As a result of this technical procedure, XING is informed of the specific subpage of our website that was accessed by the data subject.
As long as the data subject is logged into their XING account, XING can recognize each subpage of our website accessed by the data subject for the entire duration of the data subject’s visit to our website. This information is collected through the XING component and allocated by XING to the data subject’s XING account. If the data subject activates one of the XING buttons integrated into our website, for example the ‘Share’ button, XING will allocate this information to the data subject’s personal XING user account and will store this personal data.
The XING component informs XING of the data subject’s visit to our website whenever the data subject is logged into their XING account at the same time as accessing our website, irrespective of whether the data subject clicks on the XING component or not. If the data subject wishes to avoid the transmission of this information to XING, the data subject may prevent this transmission by logging out of his or her XING account prior to accessing our website.
XING’s privacy policy is available under https://www.xing.com/privacy and sets out how XING collects, processes and uses personal data. XING has also published a separate privacy policy for the XING Share Button under https://www.xing.com/app/share?op=data_protection.
17. Privacy policy for the use of YouTube
The controller has integrated components from YouTube into this website. YouTube is an internet video portal offering video publishers a facility for publishing video clips free of charge and other users the option to view, review and comment on these video clips free of charge. YouTube permits the publication of all types of video clips. The internet portal provides access to entire movies or television series as well as music videos, trailers or user-created video clips.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time a data subject accesses an individual page of this website, which is operated by the controller and into which a YouTube component (YouTube Video) has been integrated, the YouTube component automatically prompts the web browser on the data subject’s information technology system to download an image of the relevant component from YouTube. Further information on YouTube is available under https://www.youtube.com/yt/about/de/. As a result of this technical procedure, YouTube and Google are informed of the specific subpage of our website that was accessed by the data subject.
As long as the data subject is logged into their YouTube account, YouTube can recognize each specific subpage of our website that contains a YouTube Video if and when it is accessed by the data subject. This information is collected by YouTube and Google and allocated to the data subject’s YouTube account.
The YouTube component informs YouTube and Google of the data subject’s visit to our website whenever the data subject is logged into their YouTube account at the same time as accessing our website, irrespective of whether the data subject clicks on a YouTube video or not. If the data subject wishes to avoid the transmission of this information to YouTube and Google, the data subject may prevent this transmission by logging out of his or her YouTube account prior to accessing our website.
YouTube’s privacy policy is published under https://www.google.de/intl/de/policies/privacy/ and sets out how YouTube and Google collect, process and use personal data.
18. Privacy policy for the use of Hotjar
We use Hotjar to better understand the needs of our users and to optimize our website offering. Hotjar technology allows us to gain a better understanding of the user experience we offer (e. g. how much time users spend on which pages, what links they click, what they like or dislike etc.). This, in turn, helps us to adapt our range of services to our user feedback. Hotjar employs cookies and other technologies to collect information on user behaviour and user devices (in particular the IP address of a device (anonymized prior to recording and storing), monitor size, type of device (Unique Device Identifiers), details of the browser used, location (country only), preferred language for viewing our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or combine it with additional data on individual users. For further information, please read Hotjar’s privacy policy under https://www.hotjar.com/legal/policies/privacy.
To object to Hotjar storing a user profile and information on your visit to our website, and to Hotjar Tracking Cookies being placed by other websites, please click this opt-out link: https://www.hotjar.com/legal/compliance/opt-out
19. Legal basis for processing
Article 6 (1) (a) GDPR sets out our company’s legal basis for processing operations for which we obtain consent for a specific purpose of processing. If processing of personal data is necessary for the performance of a contract to which the data subject is party, for example for processing operations required for the delivery of goods or the provision of another service or consideration, the basis for processing is set out in Article 6 (1) (b) GDPR. This also applies to processing operations required to carry out pre-contractual measures, for example in case of inquiries on our products or services. If our company is subject to a legal obligation that entails the necessity of processing personal data, such as the fulfilment of tax obligations, the basis for processing is set out in Article 6 (1) (c) GDPR. In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were to be injured on our premises, making it necessary to disclose his or her name, age, health insurance details or other vital information to a physician, hospital or other third parties. The basis for processing personal data under such circumstances is provided for under Article 6 (1) (d) GDPR. Processing operations may also be based on the provisions of Article 6 (1) (f) GDPR. This sets out the legal basis for processing operations not covered by any of the above legal bases if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to perform these types of processing operations in particular since the European legislator has specifically mentioned them. It takes the view that a legitimate interest may be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
20. Legitimate interests in the processing pursued by the controller or by a third party
If personal data is processed on the basis set out in Article 6 (1) (f) GDPR, our legitimate interest is the performance of our business activities for the benefit of all our employees and shareholders.
21. Storage period for personal data
The storage period of personal data is determined by the applicable statutory retention period. Upon expiry of this period, data is erased as a matter of routine, provided it is no longer required for the performance or initiation of a contract.
22. Statutory or contractual requirements for the provision of personal data; necessity for the conclusion of a contract; obligation on the part of the data subject to provide personal data; possible consequences of failure to provide personal data
We would like to clarify that the provision of personal data is, in some cases, a statutory requirement (e. g. tax regulations) or a requirement arising from contractual arrangements (e. g. details on a contractual party). It may be necessary for a data subject to provide us with personal data in order to conclude a contract and for us to subsequently be required to process such personal data. The data subject is obliged to provide us with personal data if, for example, our company enters into a contract with him or her. A failure to provide such personal data would mean that no contract could be concluded with that data subject. A data subject should contact one of our employees prior to providing personal data. Depending on individual circumstances, our employee will inform the data subject whether the provision of personal data is a statutory or contractual requirement or a necessity for the conclusion of a contract, whether there is an obligation to provide personal data and what the consequences of a failure to provide such personal data would be.
23. Existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.
This privacy policy was generated through the privacy policy generator of Datenschutz Nürnberg in cooperation with RC GmbH, a company recycling used notebooks, and the legal experts for filesharing at WBS-LAW.