Privacy Policy
Preamble
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as ‘data’) that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as ‘online offer’).
The terms used are not gender-specific.
Status: 22 January 2024
Table of contents
-
Preamble
-
Controller
-
Overview of the processing operations
-
Relevant legal bases
-
Security measures
-
Transfer of personal data
-
International data transfers
-
Rights of the data subjects
-
Use of cookies
-
Business services
-
Provision of the online offer and web hosting
-
Contact and enquiry management
-
Newsletter and electronic notifications
-
Promotional communication via e-mail, post, fax or telephone
-
Web analysis, monitoring and optimisation
-
Presence in social networks (social media)
-
Changing and updating the privacy policy
-
Definitions of Terms
Responsible Party Email Address: support@sorealert.com
See Imprint: https://www.sorealert.com/impressum
Overview of Processing
The following overview summarizes the types of processed data and the purposes of their processing and refers to the data subjects.
Types of Processed Data
-
Inventory data.
-
Payment data.
-
Contact data.
-
Content data.
-
Contract data.
-
Usage data.
-
Meta, communication, and procedural data.
Categories of Data Subjects
-
Interested parties.
-
Communication partners.
-
Users.
-
Business and contractual partners.
Purposes of Processing
-
Provision of contractual services and fulfillment of contractual obligations.
-
Contact inquiries and communication.
-
Security measures.
-
Direct marketing.
-
Reach measurement.
-
Office and organizational procedures.
-
Management and response to inquiries.
-
Feedback.
-
Marketing.
-
Profiles with user-related information.
-
Provision of our online offer and user-friendliness.
-
Information technology infrastructure.
Applicable Legal Bases
Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.
-
Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes.
-
Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
-
Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
-
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains, in particular, special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission as well as automated decision-making in individual cases including profiling. Furthermore, data protection laws of the individual federal states may apply. Reference to the applicability of GDPR and Swiss DPA: These data protection notices are intended both to provide information in accordance with the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DPA "processing" of "personal data," "overriding interest," and "specially protected personal data," the terms used in the GDPR "processing" of "personal data" as well as "legitimate interest" and "special categories of data" are used. However, the legal meaning of the terms will continue to be determined according to the Swiss DPA within the scope of its applicability.
Security Measures
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to them, input, transmission, ensuring availability, and their separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures according to the principle of data protection through technology design and through privacy-friendly default settings. TLS/SSL encryption (https): To protect the data of users transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transferred between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
Transfer of Personal Data
In the course of our processing of personal data, it may happen that the data is transferred to other locations, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include service providers tasked with IT tasks or providers of services and content that are embedded in a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
Data transfer within the organization: We may transfer personal data to other locations within our organization or grant them access to this data. If this transfer is for administrative purposes, it is based on our legitimate entrepreneurial and business interests or is necessary to fulfill our contractual obligations, or if there is consent from the data subjects or a legal permission.
International Data Transfers Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies, or companies, this is done only in accordance with the legal requirements. If the data protection level in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers only take place if the data protection level is otherwise guaranteed, in particular by standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transmission (Art. 49 para. 1 GDPR). Furthermore, we inform you of the basis of the third-country transfer with the individual providers from the third country, whereby the adequacy decisions are given priority as a basis. Information on third-country transfers and existing adequacy decisions can be found on the EU Commission's information portal: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure under the adequacy decision of 10.07.2023. You can find the list of certified companies as well as further information on the DPF on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We inform you in the context of the data protection notices which service providers we use that are certified under the Data Privacy Framework.
Rights of Data Subjects Rights of data subjects under the GDPR: As data subjects, you have various rights under the GDPR, which are mainly derived from Art. 15 to 21 GDPR:
-
Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
-
Right to Withdraw Consent: You have the right to withdraw consent given at any time.
-
Right to Information: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with the legal requirements.
-
Right to Rectification: You have the right, in accordance with the legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
-
Right to Erasure and Restriction of Processing: You have the right, in accordance with the legal requirements, to request that data concerning you be deleted immediately, or alternatively to request a restriction of the processing of the data in accordance with the legal requirements.
-
Right to Data Portability: You have the right, in accordance with the legal requirements, to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller.
-
Complaint to Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR, without prejudice to any other administrative or judicial remedy.
Use of Cookies
Cookies are small text files or other storage markers that store information on end devices and read out information from end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the accessed contents, or used functions of an online offer. Cookies can also be used for various purposes, e.g., for the functionality, security, and comfort of online offers, as well as for the creation of analyses of visitor flows. Notes on consent: We use cookies in accordance with the legal provisions. Therefore, we obtain prior consent from users, except when this is not legally required. In particular, consent is not necessary if the storage and retrieval of information, including cookies, is absolutely necessary to provide users with a telemedia service they have expressly requested (i.e., our online offer). Generally, necessary cookies are those with functions related to the display and operability of the online offer, load balancing, security, storage of user preferences and options, or similar purposes related to the provision of the main and ancillary functions of the online offer requested by the users. The revocable consent is clearly communicated to users and contains information on the respective use of cookies.
Notes on data protection legal bases: The legal basis on which we process the personal data of users using cookies depends on whether we ask users for consent. If users consent, the legal basis for the processing of their data is the declared consent. Otherwise, the data processed using cookies is processed based on our legitimate interests (e.g., in the economic operation of our online offer and improvement of its usability) or, if this is necessary for the fulfillment of our contractual obligations, if the use of cookies is required to fulfill our contractual obligations. We clarify the purposes for which the cookies are processed by us in the course of this privacy policy or in the context of our consent and processing processes.
Retention period: Regarding the retention period, the following types of cookies are distinguished:
Temporary cookies (also: session or session cookies):
-
Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g., browser or mobile application).
-
Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Similarly, the data collected with the help of cookies can be used for reach measurement. If we do not provide users with explicit information on the type and duration of cookies (e.g., in the context of obtaining consent), users should assume that cookies are permanent, and the retention period can be up to two years.
General notes on revocation and objection (so-called "opt-out"): Users can revoke their given consents at any time and object to the processing in accordance with the legal requirements. For this purpose, users can, among other things, restrict the use of cookies in their browser settings (although this may also limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com.
-
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Further notes on processing processes, procedures, and services:
-
Processing of cookie data based on consent: We use a cookie consent management procedure, in which users' consents for the use of cookies, or the processing and providers mentioned in the context of the cookie consent management procedure, can be obtained, managed, and revoked. In this context, the consent declaration is stored to avoid having to repeat the query and to be able to provide proof of the consent in accordance with the legal obligation. The storage can take place server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to assign the consent to a user or his device. Subject to individual information about the providers of cookie management services, the following notes apply: The duration of the storage of consent can be up to two years. In this case, a pseudonymous user identifier is created and stored, along with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers) as well as the browser, system, and device used; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Business Services
We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships, as well as associated measures and in the context of communication with the contractual partners (or pre-contractually), e.g., to answer inquiries. We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedy in case of warranty and other service disruptions. Furthermore, we process the data to protect our rights and for purposes of the administrative tasks associated with these obligations and corporate organization. In addition, we process the data based on our legitimate interests in proper and economic business management and in security measures to protect our contractual partners and our business operations from abuse, threats to their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, e.g., for marketing purposes, within this privacy policy. We inform the contractual partners about which data is required for the aforementioned purposes before or as part of the data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisk, etc.), or personally. We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after four years unless the data is stored in a customer account, e.g., as long as they have to be kept for legal reasons of archiving. The statutory retention period is ten years for tax-relevant documents as well as for commercial books, inventories, opening balances, annual accounts, the instructions and other organizational documents required to understand these documents, and booking receipts, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual account, or the management report was prepared, the commercial or business letter received or sent, or the booking receipt arose, furthermore, the recording was carried out or the other documents arose. Insofar as we use third-party providers or platforms to provide our services, the terms and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
-
Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, term, customer category).
-
Affected Persons: Interested parties. Business and contractual partners.
-
Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Contact inquiries and communication; Office and organizational procedures. Management and response to inquiries.
-
Legal Bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further notes on processing processes, procedures, and services:
-
Technical Services: We process the data of our customers and clients (hereinafter collectively referred to as "customers") to enable them to select, purchase, or commission the chosen services or works as well as related activities, as well as their payment and provision or execution or performance.
-
The necessary information is marked as such in the context of the order, purchase, or similar contract conclusion and includes the information required for service provision and billing as well as contact information to be able to make any inquiries. Insofar as we gain access to information about end customers, employees, or other persons we process this information in accordance with legal and contractual requirements; Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
Provision of the Online Offer and Web Hosting
We process the data of users to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or device.
-
Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status); Content data (e.g., entries in online forms).
-
Affected Persons: Users (e.g., website visitors, users of online services).
-
Purposes of Processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
-
Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further notes on processing processes, procedures, and services:
-
Collection of Access Data and Log Files: Access to our online offer is logged in the form of so-called "server log files." Server log files can include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, message about successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks), and also to ensure the load and stability of the servers; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that requires further storage for evidence purposes is excluded from deletion until the respective incident is finally clarified.
-
Email Dispatch and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as other information concerning email dispatch (e.g., the involved providers) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purpose of spam detection. We ask you to note that emails are generally not sent encrypted on the internet. Emails are usually encrypted during transmission, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission route of emails between the sender and the reception on our server; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
-
Wix: Hosting and software for creating, providing, and operating websites, blogs, and other online offers; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://de.wix.com/; Privacy Policy: https://de.wix.com/about/privacy; Data Processing Agreement: https://www.wix.com/about/privacy-dpa-users; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF). Further Information: As part of the aforementioned services of Wix, data may also be transferred to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, based on standard contractual clauses or an equivalent data protection guarantee in the course of processing on behalf of Wix.
Contact and Inquiry Management
When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within existing user and business relationships, the information of the requesting persons is processed to the extent necessary to respond to the contact inquiries and any requested measures.
-
Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
-
Affected Persons: Communication partners.
-
Purposes of Processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form). Provision of our online offer and user-friendliness.
-
Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
Further notes on processing processes, procedures, and services:
-
Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data provided in this context to handle the communicated request; Legal Bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Newsletter and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter "newsletter") only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a subscription, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and us. To register for our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal address in the newsletter or further details if these are necessary for the purposes of the newsletter.
Double-Opt-In Procedure: Registration for our newsletter generally takes place in a so-called double-opt-in procedure. This means that you will receive an email after registration asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign email addresses. The registrations for the newsletter are logged to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation times as well as the IP address. Changes to your data stored with the email service provider are also logged.
Deletion and Restriction of Processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address alone for this purpose in a blocklist (so-called "blocklist"). The logging of the registration process is based on our legitimate interests for purposes of proving its proper course. Insofar as we engage a service provider for sending emails, this is done based on our legitimate interests in an efficient and secure dispatch system.
Contents:
Information about us, our services, promotions, and offers.
-
Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Usage data (e.g., visited websites, interest in content, access times).
-
Affected Persons: Communication partners.
-
Purposes of Processing: Direct marketing (e.g., via email or post).
-
Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
-
Opt-Out Option: You can unsubscribe from our newsletter at any time, i.e., revoke your consents or object to further receipt. A link to unsubscribe from the newsletter can be found either at the end of each newsletter or you can otherwise use one of the contact options provided above, preferably email, for this purpose.
Further notes on processing processes, procedures, and services:
-
Measurement of Open and Click Rates: The newsletters contain a so-called "web-beacon," i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we engage a dispatch service provider, from their server. In the context of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is collected.
These are used to improve our newsletter based on the technical data or target groups and their reading behavior, based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Promotional Communication via Email, Post, Fax, or Phone
We process personal data for purposes of promotional communication, which can take place via various channels, such as email, phone, post, or fax, in accordance with legal requirements.
Recipients have the right to revoke consents given at any time or to object to promotional communication at any time.
After revocation or objection, we store the data necessary to prove the previous authorization for contact or sending for up to three years after the end of the year of revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of possible defense against claims. Based on the legitimate interest in permanently observing the revocation or objection of users, we also store the data necessary to prevent a new contact (e.g., depending on the communication channel, the email address, phone number, name).
-
Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers).
-
Affected Persons: Communication partners.
-
Purposes of Processing: Direct marketing (e.g., via email or post).
-
Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as "reach measurement") serves the evaluation of visitor flows of our online offer and can include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can e.g., recognize at what time our online offer or its functions or contents are used most frequently or invite for reuse. Similarly, we can track which areas require optimization. In addition to web analysis, we can also use test procedures, e.g., to test and optimize different versions of our online offer or its components. Unless otherwise specified below, profiles, i.e., data summarized for a usage process, may be created for these purposes, and information may be stored in a browser or on a device and read from it. The collected information includes, in particular, visited websites and elements used there as well as technical information such as the browser used, the computer system used, and information about usage times. If users have declared their consent to us or the providers of the services we use to collect their location data, location data may also be processed. The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data of users (such as email addresses or names) are stored within the scope of web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
-
Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
-
Affected Persons: Users (e.g., website visitors, users of online services).
-
Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Profiles with user-related information (creation of user profiles). Provision of our online offer and user-friendliness.
-
Security Measures: IP masking (pseudonymization of the IP address).
-
Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Further notes on processing processes, procedures, and services:
-
Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offer based on a pseudonymous user identification number. This identification number contains no unique data, such as names or email addresses. It is used to assign analysis information to a device to recognize which content users have accessed within one or multiple usage processes, which search terms they have used, whether they have accessed them again, or interacted with our online offer. Similarly, the time of use and its duration are stored, as well as the sources of users referring to our online offer and technical aspects of their devices and browsers. Pseudonymous profiles of users are created with information from the use of different devices, where cookies can be used. Google Analytics does not log or store individual IP addresses for EU users. Analytics does, however, provide rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before traffic is forwarded for processing to Analytics servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for Displaying Advertisements: https://myadcenter.google.com/personalizationoff. Further Information: https://business.safety.google/adsservices/ (types of processing and processed data).
Presence in Social Networks (Social Media)
We maintain online presences within social networks and process data of users in this context to communicate with the users active there or to offer information about us.
We point out that data of the users can be processed outside the area of the European Union. This may result in risks for the users because it may, for example, make it more difficult to enforce the rights of the users.
Furthermore, the data of users within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and resulting interests of the users. The usage profiles can, in turn, be used to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles irrespective of the devices used by the users (especially if the users are members of the respective platforms and logged in there). For a detailed presentation of the respective processing forms and the objection options (opt-out), we refer to the privacy statements and information of the operators of the respective networks.
Also, in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can directly take appropriate measures and provide information. If you still need help, you can contact us.
-
Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
-
Affected Persons: Users (e.g., website visitors, users of online services).
-
Purposes of Processing: Contact inquiries and communication; Feedback (e.g., collecting feedback via online form). Marketing.
-
Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further notes on processing processes, procedures, and services:
-
Facebook Pages: Profiles within the social network Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum); Further Information: We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data of visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with or the actions they take (see "Things done and provided by you and others" in Facebook's Data Policy: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in Facebook's Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytical services, called "Page Insights," to page operators to provide them with insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook ("Information about Page Insights," https://www.facebook.com/legal/terms/page_controller_addendum), which specifically regulates which security measures Facebook must observe and in which Facebook agrees to fulfill data subject rights (i.e., users can, for example, submit requests for information or deletion directly to Facebook). The rights of users (in particular to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which particularly concerns the transmission of data to the parent company Meta Platforms, Inc. in the USA.
-
LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa); Opt-Out Option: https://www.linkedin.com/psettings/guest-controls/retarget-out-opt-out; Further Information: We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data from visitors to create "Page Insights" (statistics) of our LinkedIn profiles. This data includes information about the types of content users view or interact with, or the actions they take, as well as information about the devices used by the users (e.g., IP addresses, operating systems, browser types, language settings, cookie data) and information from the users' profiles, such as job function, country, industry, hierarchy level, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy notices: https://www.linkedin.com/legal/privacy-policy. We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum (the 'Addendum')", https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates which security measures LinkedIn must observe and in which LinkedIn agrees to fulfill data subject rights (i.e., users can, for example, submit requests for information or deletion directly to LinkedIn). The rights of users (in particular to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection of data by and transmission to the Ireland Unlimited Company, a company based in the EU. The further processing of the data is the sole responsibility of the Ireland Unlimited Company, which particularly concerns the transmission of data to the parent company LinkedIn Corporation in the USA.
Changes and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as the changes in the data processing activities we carry out make it necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notifications become necessary.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and we ask you to check the information before contacting them.
Definitions of Terms
In this section, you will find an overview of the terminology used in this privacy policy. To the extent that the terminology is legally defined, their legal definitions apply. The following explanations are intended primarily to aid understanding.
-
Personal Data: "Personal data" is all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); a natural person is considered identifiable if they can be identified directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more specific factors that are the expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
-
Profiles with User-Related Information: The processing of "profiles with user-related information," or simply "profiles," includes any type of automated processing of personal data that uses this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.). Cookies and web beacons are often used for profiling purposes.
-
Reach Measurement: Reach measurement (also referred to as web analytics) serves the evaluation of visitor flows of an online offer and can include behaviors or interests of visitors in certain information, such as website content. With the help of reach analysis, operators of online offers can, for example, determine when users visit their websites and what content they are interested in. This allows them to better tailor the content of the websites to the needs of their visitors. Pseudonymous cookies and web beacons are often used for the purposes of reach analysis to recognize returning visitors and obtain more precise analyses of the use of an online offer.
-
Responsible Party: The "responsible party" is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
-
Processing: "Processing" is any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, whether collection, evaluation, storage, transmission, or deletion.
Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke