Privacy Policy
Introduction
This Privacy Policy explains to you the nature, scope and purpose of the processing of personal data (hereinafter “Data“) within our online offer and the websites, functions and contents associated with it as well as external online presentations, such as our Social Media Profile. (hereinafter collectively referred to as “Online offer“)
- In the first section of the data protection statement you will find information on the data controller and an overview of our processing procedures.
- In the second section you will find information about your rights, the relevant legal standards and general information about our data processing.
- The third section contains information on the individual processing operations. This section is divided into further areas, such as our core services, range measurement or marketing.
- The fourth and final section contains a glossary of terms used in the context of the provision of our services, including explanations and descriptions of the terms used in the data protection declaration. This means that if you do not know the terms used (e.g. personal reference or cookie), please refer to the last section. In general, all terms used (e.g. responsible person or user) are to be understood as gender-neutral.
Table of contents
Section I – Responsibility and overview of data processing >>
- Responsibility >>
- Contact Data Protection Officer >>
- Types of processed data >>
- Processing of special categories of data (Art. 9 para. 1 DSGVO) >>
- Categories of affected people >>
- Purpose of processing >>
- Automated decision in individual cases (Art. 22 DSGVO) >>
- Competent supervisory authority
Section II – Rights of affected people, legal bases and general information >>
- Rights of affected people
- Right of revocation
- Right of objection
- Cookies and right of objection in direct marketing >>
- Deletion of data and archiving obligations
- Changes and Updates to the Privacy Statement
- Applicable legal bases
- Security of data processing
- Disclosure and transfer of data
- Transfers to third countries
- Information on data transfer to the USA and other non-EU countries
- Right to data portability
- Consent with Usercentrics
Section III – Processes >>
- Core area of data processing >><
- Order processing in the online shop<
- Customer account
- Bonit check
- PayPal
- Mastercard
- VISA
- Job Applications
- External Online Presentations >>
- Online Presentations in Social Media
- Webserver and Security >>
- Server logs
- Encrypted payment transactions on this website
- Hosting Hetzner
- Embedded content and features >>
- Google services and content
- Facebook features and content
- Instagram features and Contents
- Pinterest features and content
- Marketing >>
- Newsletter distribution and performance measurement (Sendinblue)
- Communication via mail, e-mail, fax or telephone
- Sweepstakes and competitions
- Google Maps
- Reach measurement, online marketing and technology partners >>
- Google Tag Manager
- Google Analytics
- Google Ads
- Facebook Pixels and Facebook Customer Audience Pixels
Section IV - Definitions >>
Section I – Responsibility and overview of data processing
United Salon Technologies GmbH
Ketzberger Strasse 34
42653 Solingen
Managing Director: Holger Schmidt, András von Kontz, Peter Mirtic, Christian Klüber
Phone: + 49 (0) 212 - 25 20 70
Fax: + 49 (0) 212 - 25 20 777
E-Mail: info@tondeo.com<
Full Legal Notice: https://tondeo.com/impressum/
II Contact Data Protection Officer
E-Mail: datenschutz@ust-germany.com
United Salon Technologies GmbH
Ketzberger Str. 34
42653 Solingen
- Inventory data (e.g., names, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Contract data (for example, contract object, term, customer category).
- Payment data (e.g., bank details, payment history).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/contact data (e.g., device information, IP addresses).
IV Processing of special categories of data (Art. 9 Para. 1 DSGVO)
No special categories of data are processed.
V Categories of affected people
- customers / prospects / business partners.
- visitors and users of the online offer.
In the following we will summarize the affected persons as "users".
- Provision of the online offer, its contents and functions.
- Provision of contractual services, service and customer care.
- Response to contact requests and communication with users.
- Marketing, analysis of purchasing behaviour, usage behaviour, advertising and market research.
- Safety measures.
VII Automated decision in individual cases (Art. 22 DSGVO)
Bonit check in the case of advance payment in accordance with Art. 22 DSGVO.
VIII Competent supervisory authority
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Postfach 20 04 44, 40102 Düsseldorf; Tel .: 0211 / 38424-0; Fax: 0211 / 38424-999, email poststelle@ldi.nrw.de
Status: October 2020
Section II - Rights of persons concerned, legal bases and general information
a) Rights of data subjects
You have the right to request confirmation as to whether the data concerned are processed and to request information about these data as well as further information and a copy of the data in accordance with Art. 15 DSGVO.
In accordance with Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 DSGVO, you have the right to demand that relevant data be immediately protected or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 DSGVO.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 DSGVO and to demand that it be passed on to other persons responsible.
In accordance with Art. 77 DSGVO, you also have the right to file a complaint with the competent supervisory authority.
b) Right of revocation
You have the right to revoke consents granted pursuant to Art. 7 para. 3 DSGVO with effect for the future.
c) Right of objection
You can object to the future processing of the data concerning you in accordance with Art. 21 DSGVO at any time. The objection may be lodged in particular against the processing for the purposes of direct marketing.
I Cookies and right of objection in direct marketing
We use temporary and permanent cookies, i.e. small files that are stored on the users' devices (explanation of the term and function, see last section of this data protection declaration). In part, cookies serve security purposes or are necessary for the operation of our online offer (e.g., for the presentation of the website) or in order to save the user's decision when selecting the cookie banner. In addition, we or our technology partners use cookies to measure reach and for marketing purposes, about which users will be informed in the course of the data protection declaration.
A general objection to the use of cookies for online marketing purposes may be raised for a large number of services, especially in the case of tracking, via the US site. http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case not all functions of this online offer can be used.
a) Deletion of data and archiving obligations
The data processed by us will be processed in accordance with Articles 17 and 18 DSGVO or its processing will be restricted. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be disclosed as soon as it is no longer required for its intended use and there are no legal storage obligations to the contrary. If the data are not protected because they are necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons.
In accordance with legal requirements, the data is stored, in particular for 6 years in accordance with §§ 257 (1) HGB (trading companies, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.).) as well as for 10 years in accordance with ä§ 147 para. 1 AO (invoices, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.)
b) Changes and Updates to the Privacy Statement
We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will amend this privacy statement as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
c) Applicable legal bases
In accordance with Art. 13 DSGVO, we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the performance of our services and execution of contractual measures as well as answering inquiries is Art. 6 para. 1 lit. a and Art. 7 DSGVO. The legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
The principles for commercial communications outside of business relations, in particular by mail, telephone, fax and e-mail, are contained in § 7 UWG.
d) Security of data processing
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in accordance with Art. 32 DSGVO. Such measures shall in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. Furthermore, we have established procedures to ensure the exercise of rights of data subjects, deletion of data and reaction to endangerment of data. Furthermore, we take into account the protection of personal data already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Art. 25 DSGVO).
The security measures include in particular the encrypted transmission of data between your browser and our server.
Employees are bound to secrecy with regard to data protection, instructed and instructed, and informed of possible liability consequences.
e) Disclosure and transfer of data
If, in the course of our processing, we disclose data to other persons and companies (contract processors or third parties), transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permit (e.g. if a transfer of the data to third parties, such as payment service providers, is required pursuant to Art. 6 para. 1 lit. b DSGVO for the performance of the contract), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract“, this is done on the basis of Art. 28 DSGVO.
If we disclose, transfer or otherwise grant access to other companies in our Group of Companies (Undertakings), this is done in particular for administrative purposes as a legitimate interest and in addition on the basis of a Data Processing Agreement.
f) Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we do so in connection with the use of third-party services or disclosure or transfer of data to third parties, this will only take place if we do so in order to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special requirements of Art. 44 ff. Process DSGVO. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clause").
g) Information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.
h) Right to data portability
You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
i) Consent with Usercentrics
This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your device or for the use of specific technologies, and to document the former in a data protection compliant manner. The party offering this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany, website:
https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).
Whenever you visit our website, the following personal data will be transferred to Usercentrics:
- Your declaration(s) of consent or your revocation of your declaration(s) of consent
- Your IP address
- Information about your browser
- Information about your device
- The date and time you visited our website
Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of
consent or any revocations of the former. The data that are recorded in this manner shall be stored until you
ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer
exists. This shall be without prejudice to any mandatory legal retention periods.
Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use
of specific technologies is Art. 6(1)(c) GDPR.
Section III – Processes
In the following presentation you will find an overview of our processing activities, which we have subdivided into further areas of activity. Please note that the areas of activity are for orientation purposes only and that processing activities may overlap (e.g. the same data may be processed in several processes).
For reasons of clarity and comprehensibility, you will find the frequently repeated terms in section IV of this data protection declaration.
.
I Core area of data processing
In this section you will find information on our core services and tasks, such as answering enquiries and providing our contractual services as well as the ancillary tasks associated with them.
a) Order processing in the online shop
We process the data of our customers as part of the order process in our online shop to enable them to select and order the products and services selected, as well as their payment and delivery or execution.
- Data processed: Inventory data, contact data, contract data, payment data.
- Affected parties: customers, interested parties, business partners.
- Purpose of processing: Provision of contractual services in the context of operating an online shop, invoicing, delivery, customer service.
- Type, scope, function of processing: Persistent cookies for shopping cart and login status.
- Legal basis: Art. 6 para. 1 lit. b (execution of order procedures) and c (archiving required by law). DSGVO.
- Necessity / interest in processing: The data are required to justify and fulfil the contract.
- External disclosure and purpose: No, only on delivery or payment (use of payment service providers: Creditreform Solingen Kirschner KG, Kuller Str. 58, 42651 Solingen as well as banks and financial institutions). [TS1] [FK2] Further information on data processing at Creditreform is available at www.creditreform-solingen.de/EU-DSGVO
- Processing in third countries: No, only on customer request on delivery or payment.
- data processing: The solution takes place after the expiry of statutory warranty and comparable obligations, the necessity of data storage is reviewed every three years; in the case of statutory archiving obligations, the solution takes place after their expiry (end of commercial law (6 years) and tax law (10 years) storage obligation). Data in the customer account remain up to its solution.
Our company regularly checks customers, including existing ones, for creditworthiness whenever contracts are concluded and also in certain cases when there is a legitimate interest. We therefore collaborate with Creditreform Boniversum GmbH – address: Hammfelddamm 13, 41460 Neuss, Germany – which provides us with the relevant data. For this purpose, we send your name and contact details to Creditreform Boniversum GmbH. The information on the data processing conducted by Creditreform Boniversum GmbH is based on the EU General Data Protection Regulation, article 14, which can be found here: www.boniversum.de/EU-DSGVO/?lang=en
b) Customer account
A customer account (which also includes the wish list) requires registration. Subsequently, users can in particular track their orders after entering their login data and use other customer account functions.
We offer our own single sign-on procedure for the customer account. This means that users who register in one of the online offers of companies belonging to United Salon Technologies can also use the access data for other online offers of companies belonging to United Salon Technologies Unternehmen GmbH.
- Data processed: Inventory data (first name, last name; email address; password (will be stored encrypted)), contact data, contract data, payment data, product data/ product preference, usage data, referrer data.
- Affected: Customers, interested parties.
- Purpose of the processing: Creation and operation of a customer account to manage the contractual relationship.
- Type, scope and functioning of the processing: registration process, termination.
- Legal basis: Art. 6 para. 1 lit. b. DSGVO.
- Protective measures: The public account information of the users is not visible to external bodies such as search engines or other users and cannot be searched by them. Users are responsible for the secure storage of their access data.
- Necessity / interest in processing: The customer account is optional, data required for its operation. Mandatory fields are marked as such. In addition, each user decides for himself on further details.
- External disclosure and purpose: No.
- Processing in third countries: No.
- data processing: Data in the customer account remain up to its solution with subsequent archiving in the case of a legal obligation (end of commercial law (6 years) and tax law (10 years) storage obligation).
c) Bonit check
If we make advance payments (e.g., in the case of purchase on account), we reserve the right to obtain information on identity and creditworthiness for the purpose of assessing the credit risk on the basis of mathematical-statistical procedures from specialized service providers (credit agencies) in order to protect our legitimate interests. We process the information received from the credit agencies on the statistical probability of a payment default within the framework of an appropriate discretionary decision on the establishment, implementation and termination of the contractual relationship. We reserve the right, in the event of a negative result of the credit check, to refuse payment on account or any other advance payment.
Processed data: Name, postal address, date of birth, information on the type of contract, bank details.
Special categories of personal data: no.
Legal basis: Art. 6 para. 1 lit. f. DSGVO; If based on consent of the users customers: Art. 6 para. 1 lit. a., Art. 7 DSGVO.
Data subjects: customers, interested parties.
Purpose of processing: assessment of the probability of default of receivables.
Type, scope, mode of operation of the processing: we process the information received from credit agencies on the statistical probability of default as part of an appropriate discretionary decision on the establishment, performance and termination of the contractual relationship. We reserve the right to refuse payment on account or any other advance payment in the event of a negative result of the credit check.
Necessity / interest in processing: Business interests.
Disclosure external and purpose as well as privacy policy: Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, privacy policy: https://www.boniversum.de/datenschutzerklaerung
Processing in third countries: no.
Automated decision in individual cases pursuant to Art. 22 DSGVO: In accordance with Art. 22 DSGVO, the decision as to whether we provide advance services is made solely on the basis of an automated decision in individual cases, which is made by our software on the basis of the information provided by the credit agency without the involvement of employees.
d) PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449
Luxembourg (hereinafter “PayPal”).
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European
Commission. Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
e) Mastercard
The provider of this payment service is the Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410
Waterloo, Belgium (hereinafter “Mastercard”).
Mastercard may transfer data to its parent company in the US. The data transfer to the US is based on
Mastercard's Binding Corporate Rules. Details can be found here:
https://www.mastercard.de/de-de/datenschutz.html and
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
f) VISA
The provider of this payment service is the Visa Europe Services Inc, London Branch, 1 Sheldon Square,
London W2 6TT, United Kingdom (hereinafter “VISA”).
Great Britain is considered a secure non-EU country as far as data protection legislation is concerned. This
means that the data protection level in Great Britain is equivalent to the data protection level of the
European Union.
VISA may transfer data to its parent company in the US. The data transfer to the US is based on the standard
contractual clauses of the EU Commission. Details can be found here:
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-
fur-den-ewr.html.
For more information, please refer to VISA’s privacy policy:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
g) Job Applications
We offer website visitors the opportunity to submit job applications to us (e.g., via e-mail, via postal services
on by submitting the online job application form). Below, we will brief you on the scope, purpose and use of
the personal data collected from you in conjunction with the application process. We assure you that the
collection, processing and use of your data will occur in compliance with the applicable data privacy rights
and all other statutory provisions and that your data will always be treated as strictly confidential.
Scope and purpose of the collection of data
If you submit a job application to us, we will process any affiliated personal data (e.g., contact and
communications data, application documents, notes taken during job interviews, etc.), if they are required to
make a decision concerning the establishment or an employment relationship. The legal grounds for the
aforementioned are § 26 GDPR according to German Law (Negotiation of an Employment Relationship), Art.
6(1)(b) GDPR (General Contract Negotiations) and – provided you have given us your consent – Art. 6(1)(a)
GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be
shared with individuals who are involved in the processing of your job application.
If your job application should result in your recruitment, the data you have submitted will be archived on the
grounds of § 26 GDPR and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship
in our data processing system.
Data Archiving Period
If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the
right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up
to 6 months from the end of the application procedure (rejection or withdrawal of the application).
Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage
serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required
after the expiry of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only
take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your
II External Online Presentations
In this section you will find information about our data processing in the context of operating external online presentations, e.g. in social media.
a) Online Presentations in Social Media
We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, users' data will be processed if they communicate with us within social networks and platforms, e.g. write articles on our websites or send us messages.
The links/switchboards to social networks and platforms (hereinafter referred to as "social media") used within our online offering do not establish contact between social networks and users until users click on the links/switchboards and access the respective networks or their websites. This function corresponds to the mode of action of a regular online link.
- Social networks/platforms we use: Facebook, Instagram, Pinterest, Twitter, Xing, YouTube.
- Data processed: Inventory data, contact data, content data, usage data, metadata.
- Special categories of personal data: Basically no, except by users.
- Legal basis: Art. 6 para. 1 lit f. DSGVO.
- Affected: Users of social media presences (this can include customers and interested parties).
- Purpose of processing: Information and communication. Type, scope, function of processing: Usually: Permanent cookies, tracking, targeting, remarketing, content- and behavior-related advertising by the operator of the respective platforms.
- Necessity / Interest in processing: Expectations of users active on the platforms, business interests.
- External disclosure and purpose: To social networks/platforms.
- Processing in third countries: USA.
- Deletion of data: The solution rules of the respective platforms apply.
Our services are operated on web servers. In the following section we will inform you about their use and data processed during the operation of our servers.
a) Server logs
The server on which this online offer is located collects so-called log files each time the online offer is accessed, in which user data is stored. The data is used for statistical analysis to maintain and optimize server operation and for security purposes, e.g. to detect potential unauthorized access attempts.
- Data processed: Usage data and metadata (name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider). .
- Special categories of personal data: no.
- Legal bases: Art. 6 para. 1 lit. f DSGVO.
- Affected persons: customers, interested parties, visitors of the online offer.
- Purpose of processing: Optimization of server operation and safety monitoring.
- Necessity / Interest in processing: Security, business interests.
- Processing in third countries: no.
- Deletion of data: After 7 days from the time of collection.
IV Embedded content and functions
In this section we inform you which contents, software or functions (in short "contents") of other providers we embed in our online offer on the basis of Art. 6 para. 1 lit. f DSGVO. The embedding takes place in order to make our online offer more interesting for our users or for legal reasons in order to be able to present e.g. videos or social media contributions at all within our online offer. Embedding can also be used to improve the speed or security of online content, e.g. when software elements or fonts are obtained from other sources. The processed data includes in all cases the user's usage and metadata and also the IP address necessarily transmitted to the provider for embedding the content, the persons concerned include the visitors to our online offer. The categories affected include users of our online services, customers and interested parties. Further explanations can be found in the definitions of terms, in particular on the functions and protective measures, at the end of this data protection declaration. The deletion of the data is determined by the data protection conditions of the providers of the embedded content.
a) Services and content from Google
We use the following services and contents of the provider Google: YouTube - Videos; Google Maps - Maps; Google Fonts - Fonts; Google Recaptcha - recognition of bots when entering forms.
- Data processed: Usage data, metadata.
- Type, scope, functioning of processing: permanent cookies, third party cookies, interest-based marketing, tracking.
- Special protective measures: Pseudonymization, Opt-Out.
- Opt-Out: http://tools.google.com/dlpage/gaoptout?hl=en, https://adssettings.google.com/.
- External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- Privacy Statement: https://www.google.com/policies/privacy.
- Processing in third countries: USA.
- Deletion of data: The data will be deleted according to Google's regulations.
b) Facebook features and content
Functions and contents of the Facebook service can be integrated within our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions.
- Data processed: Usage data, metadata; if users are registered with the service, the above data can be linked to their profiles and to the data stored with the service (in particular inventory data).
- Type, scope, functioning of processing: social plug-ins, permanent cookies, third party cookies, interest-based marketing, tracking, remarketing.
- Opt-Out: https://www.facebook.com/settings?tab=ads, http://www.youronlinechoices.com/uk/your-ad-choices/ (EU), http://www.aboutads.info/choices (US).
- External disclosure: Facebook Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.
- Privacy Statement: https://www.facebook.com/policy.php.
- Processing in third countries: USA.
- Deletion of data: The data will be deleted in accordance with Facebook regulations
-
c) Functions and contents of Instagram
Functions and contents of the Instagram service can be integrated into our online offer. This may include, for example, content such as images, videos or texts and buttons that users can use to show their appreciation of the content, to subscribe to the authors of the content or to our contributions.
- Data processed: Usage data, metadata; if users are registered with the service, the above data can be linked to their profiles and to the data stored with the service (in particular inventory data).
- Type, scope and functioning of processing: social plug-ins, permanent cookies, third party cookies, interest-based marketing, tracking, remarketing.
- External disclosure: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.
- Privacy Policy: https://help.instagram.com/155833707900388.
- Processing in third countries: USA.
- Deletion of data: The data will be deleted according to Instagram's regulations.
In this section you will find information about the data processing carried out by us for the purpose of optimising our marketing and market research services.
a) Newsletter distribution and performance measurement
We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletters") with the consent of the recipients or a legal permission. Subscribers' data is logged as we are required to provide proof of registration. We also keep track of whether newsletters have been opened and whether links have been clicked. This information is stored per user for technical reasons, but is not used to monitor individual users, but to adapt e.g. content and offers to the users. Information that we should collect in addition to the e-mail address (e.g. name) is used to address users personally or to adapt the contents of the newsletter to the users.
- Newsletter content: As indicated in the registration form, otherwise information about our services and our company.
- Data processed: Inventory data (e-mail address), usage data (registration time, confirmation time double opt-in, IP address, opening of the e-mail, time and place, time and click on a link in the newsletter).
- Special categories of personal data: no.
- Legal bases: Art. 6 para. 1 lit. a, Art. 7 DSGVO and § 7 para. 2 no. 3 UWG (dispatch, analysis), Art. 6 para. 1 lit. f (recording).
- Persons affected: E-mail recipients
- Purpose of processing: newsletter dispatch, optimization, proof of consent.
- Type, scope, functionality of processing: Zähl-Pixel (Web-Bugs)
- Necessity / interest in processing: Only the e-mail information is required for sending, the other information is voluntary and serves to personalize and optimize the content based on the interests of the users; the obligation to provide proof of consent is the reason for logging; Success is measured on the basis of justified interests in optimizing the content for the users and based on business interests
- Special security measures: Data Processing Agreement
- Opt-Out: A cancellation link is included in every newsletter
- External disclosure and purpose: Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin
- Privacy Policy: https://www.newsletter2go.de/datenschutz/
- Protective measures: order processing contract.
- Processing in third countries: No.
- Retention of data: We may store the e-mail adresses and the log data for registration (time, IP adress) that have unsubscriped for up to two years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of these data is limited to the purpose of a possible defence against claims. An individual request for erasure is possible at any time, provided that at the same time the former existence of a consent is confirmed.
Sendinblue
This website uses Sendinblue for the sending of newsletters. The provider is the Sendinblue GmbH,
Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue services can, among other things, be used to organize and analyze the sending of newsletters.
The data you enter for the purpose of subscribing to the newsletter are archived on Sendinblue’s servers in
Germany.
Data analysis by Sendinblue
Sendinblue enables us to analyze our newsletter campaigns. For instance, it allows us to see whether a
newsletter message has been opened and, if so, which links may have been clicked. This enables us to
determine, which links drew an extraordinary number of clicks.
Moreover, we are also able to see whether once the e-mail was opened or a link was clicked, any previously
defined actions were taken (conversion rate). This allows us to determine whether you have made a
purchase after clicking on the newsletter.
Sendinblue also enables us to divide the subscribers to our newsletter into various categories (i.e., to
“cluster” recipients). For instance, newsletter recipients can be categorized based on age, gender, or place of
residence. This enables us to tailor our newsletter more effectively to the needs of the respective target
groups.
If you do not want to permit an analysis by Sendinblue, you must unsubscribe from the newsletter. We
provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the
newsletter right on the website.
For detailed information on the functions of Sendinblue please follow this link:
https://www.sendinblue.com/newsletter-software/.
Legal basis
The data is processed based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent you have
given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of
any data processing transactions that have taken place prior to your revocation.
Storage period
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you
unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter
distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain
unaffected.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the
newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only
for this purpose and not merged with other data. This serves both your interest and our interest in complying
with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f)
GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh
our legitimate interest.
For more details, please consult the Data Protection Regulations of Sendinblue at:
https://de.sendinblue.com/datenschutz-uebersicht/.
Data processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a
contract mandated by data privacy laws that guarantees that they process personal data of our website
visitors only based on our instructions and in compliance with the GDPR.
b) Communication via mail, e-mail, fax or telephone
Sending information material, making contact by telephone.
- Data processed: Inventory data, address and contact data, contract data.
- Special categories of personal data: no.
- Legal basis: Art. 6 para. 1 lit. a, Art. 7 DSGVO, Art. 6 para. 1 lit. f DSGVO in conjunction with legal requirements for advertising communications.
- Affected parties: customers, participants, interested parties, communication partners.
- Purpose of processing: Advertising communication.
- Type, scope, function of processing: Contact is only established with the consent of the contact partners or within the scope of legal permits.
- Necessity / Interest in processing: Information and business interests.
- External disclosure and purpose: No.
- Processing in third countries: No.
- Deletion of data: With objection/ revocation or omission of the authorization bases.
c) Sweepstakes and competitions
In the context of sweepstakes and competitions ("sweepstakes" for short) we processed the data of the participants for the execution of the sweepstakes. Further information on the processing of your data within the scope of the individual competitions and any consent to the publication of their names or competition contributions will be provided to the users within the conditions of participation of the respective competitions.
- Data processed: Inventory data, contact data, content data (e.g. contributions to competitions).
- Special categories of personal data: no.
- Legal basis: 6 para. 1 lit. b DSGVO.
- Affected: Participants
- Purpose of the processing: Carrying out of the competitions, notification of prizes, dispatch of prizes, possibly presentation of winners.
- External disclosure and purpose: Forwarding companies for the purpose of sending profits, possibly partners and sponsors of profits.
- Processing in third countries: No, except sending prizes abroad.
- Deletion of the data: As soon as the data is not required for the execution of the competition (e.g. for questions regarding prizes); when winners or competition entries are published, they remain permanently online; in the event of a legal obligation (end of commercial law (6 years) and tax law (10 years) storage obligation).
VI Reach measurement, online marketing and technology partners
In this section we inform you which services of technology partners are used for reach measurement and online marketing purposes. Their use is based on Art. 6 Para. 1 letter f DSGVO and our interest in increasing user-friendliness, optimizing our offer and its economic efficiency. The data processed in all cases includes usage and metadata. Special categories of data are not processed. Affected are customers, interested parties and other visitors to our online offer. Further explanations can be found in the definitions of terms at the end of this data protection declaration, in particular with regard to their functions and protective measures. The deletion of the data is determined, unless otherwise stated, in accordance with the privacy statements of the technology partners.
a) Google
a) Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States. The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If the relevant consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.
b) Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is
Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that
end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the
utilized operating system and the user’s origin. Google may consolidate these data in a profile that is
allocated to the respective user or the user’s device.
Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the
user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by
Google is, as a rule transferred to a Google server in the United States, where it is stored.
This analysis tool is used on the basis of Art. 6(1)(f) GDPR. The operator of this website has a legitimate
interest in the analysis of user patterns to optimize both, the services offered online and the operator’s
advertising activities. If a corresponding agreement has been requested (e.g., an agreement to the storage of
cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be
revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European
Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.
IP anonymization
On this website, we have activated the IP anonymization function. As a result, your IP address will be
abbreviated by Google within the member states of the European Union or in other states that have ratified
the Convention on the European Economic Area prior to its transmission to the United States. The full IP
address will be transmitted to one of Google’s servers in the United States and abbreviated there only in
exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze
your use of this website to generate reports on website activities and to render other services to the
operator of this website that are related to the use of the website and the Internet. The IP address
transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in
Google’s possession.
Browser plug-in
You can prevent the recording and processing of your data by Google by downloading and installing the
browser plugin available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Data
Privacy Declaration at:
https://support.google.com/analytics/answer/6004245?hl=en.
Demographic parameters provided by Google Analytics
This website uses the “demographic characteristics” function of Google Analytics, to be able to display to the
website visitor compatible ads within the Google advertising network. This allows reports to be created that
contain information about the age, gender, and interests of the website visitors. The sources of this
information are interest-related advertising by Google as well as visitor data obtained from third-party
providers. This data cannot be allocated to a specific individual. You have the option to deactivate this
function at any time by making pertinent settings changes for advertising in your Google account or you can
generally prohibit the recording of your data by Google Analytics as explained in section “Objection to the
recording of data”.
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent
provisions of the German data protection agencies to the fullest when using Google Analytics.
Google Analytics E-Commerce-Tracking
This website uses the “E-Commerce Tracking” function of Google Analytics. With the assistance of ECommerce
Tracking, the website operator is in a position to analyze the purchasing patterns of website
visitors with the aim of improving the operator’s online marketing campaigns. In this context, information,
such as the orders placed, the average order values, shipping costs and the time from viewing the product to
making the purchasing decision are tracked. These data may be consolidated by Google under a transaction
ID, which is allocated to the respective user or the user’s device.
c) Google Ads
The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland
Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user
enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based
on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the
website operator, we can analyze these data quantitatively, for instance by analyzing which search terms
resulted in the display of our ads and how many ads led to respective clicks.
The use of Google Ads is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in
marketing the operator’s services and products as effectively as possible.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European
Commission. Details can be found here:
https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.
Google Remarketing
This website uses the functions of Google Analytics Remarketing. The provider of these solutions is Google
Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user patterns on our website (e.g., clicks on specific products), to allocate
a certain advertising target groups to you and to subsequently display matching online offers to you when
you visit other online offers (remarketing or retargeting).
Moreover, it is possible to link the advertising target groups generated with Google Remarketing to device
encompassing functions of Google. This makes it possible to display interest-based customized advertising
messages, depending on your prior usage and browsing patterns on a device (e.g., cell phone) in a manner
tailored to you as well as on any of your devices (e.g., tablet or PC).
If you have a Google account, you have the option to object to personalized advertising under the following
link:
https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest
in the marketing of the operator’s products that is as effective as possible. If a respective declaration of
consent was requested, processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given
consent may be revoked at any time.
For further information and the pertinent data protection regulations, please consult the Data Privacy
Policies of Google at:
https://policies.google.com/technologies/ads?hl=en.
Formation of Target Groups with Customer Reconciliation
For the formation of target groups, we use, among other things, the Google Remarketing customer
reconciliation feature. To achieve this, we transfer certain customer data (e.g., email addresses) from our
customer lists to Google. If the respective customers are Google users and are logged into their Google
accounts, matching advertising messages within the Google network (e.g., YouTube, Gmail or in a search
engine) are displayed for them to view.
Google Conversion-Tracking
This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited
(“Google”), Gordon House, Barrow Street, Dublin 4, Ireland
With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has
completed certain actions. For instance, we can analyze the how frequently which buttons on our website
have been clicked and which products are reviewed or purchased with particular frequency. The purpose of
this information is to compile conversion statistics. We learn how many users have clicked on our ads and
which actions they have completed. We do not receive any information that would allow us to personally
identify the users. Google as such uses cookies or comparable recognition technologies for identification
purposes.
We use Google Conversion Tracking on the basis of Art. 6(1)(f) GDPR. The operator of the website has a
legitimate interest in the analysis of the user patterns with the aim of optimizing both, the operator’s web
presentation and advertising. If a respective declaration of consent was requested (e.g., concerning the
storage of cookies), processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent
may be revoked at any time.
For more information about Google Conversion Tracking, please review Google’s data protection policy at:
https://policies.google.com/privacy?hl=en
d) Facebook Pixels and Facebook Customer Audience Pixels
Facebook Pixel
To measure conversion rates, this website uses the visitor activity pixel of Facebook. The provider of this
service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s
statement the collected data will be transferred to the USA and other third-party countries too.
This tool allows the tracking of page visitors after they have been linked to the website of the provider after
clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical
and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at
any conclusions as to the identity of users. However, Facebook archives the information and processes it, so
that it is possible to make a connection to the respective user profile and Facebook is in a position to use the
data for its own promotional purposes in compliance with the
Facebook Data Usage Policy. This enables Facebook to display ads on Facebook pages as well as in locations
outside of Facebook. We as the operator of this website have no control over the use of such data.
The use of Facebook Pixel is based on Art. 6(1)(f) GDPR. The operator of the website has a legitimate
interest in effective advertising campaigns, which also include social media. If a corresponding agreement
has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on
the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European
Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum und
https://de-de.facebook.com/help/566994660333381.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to
Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively
to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place
after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have
been set out in a joint processing agreement. The wording of the agreement can be found under:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for
providing the privacy information when using the Facebook tool and for the privacy-secure implementation
of the tool on our website. Facebook is responsible for the data security of Facebook products. You can
assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with
Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy
at:
https://www.facebook.com/about/privacy/.
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings
section under
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.
If you do not have a Facebook account, you can deactivate any user-based advertising by Facebook on the
website of the European Interactive Digital Advertising Alliance:
http://www.youronlinechoices.com/de/praferenzmanagement/.
Section IV - Definitions
This section provides an overview of the terms used in this privacy statement. Many of the terms are taken from the law and are defined above all in Art. 4 DSGVO. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for the sake of understanding. The terms are sorted alphabetically.
- A/B tests
- A/B tests serve to improve the user-friendliness and performance of online offers. For example, users are shown different versions of a website or its elements, such as input forms, on which the placement of the content or labels of the navigation elements can differ. Subsequently, the behaviour of the users, e.g. longer stays on the website or more frequent interaction with the elements, can be used to determine which of these websites or elements rather meet the needs of the users. - Affiliate links
- Affiliate links" are links with the help of which the linking websites refer users to websites with product or other offers. The operators of the respective linked websites can receive a commission if users follow the affiliate links and then take advantage of the offers. This requires providers to be able to track whether users who are interested in certain offers subsequently take advantage of the affiliate links. Therefore, the functionality of affiliate links requires that they be supplemented by certain values that become part of the link or are otherwise stored, e.g. in a cookie. The values include in particular the initial website (referrer), the time, an online identification of the operator of the website on which the affiliate link was located, an online identification of the respective offer, an online identification of the user, as well as tracking specific values such as, for example, advertising material ID, partner ID and categorisations. . - After-Sales
- After sales" are marketing procedures in which, for example, customers of an online shop are presented with advertising offers from other providers (which are usually based on the services or products purchased in the online shop). In addition, the functionality of after-sales corresponds to the functionality of affiliate links. - Aggregated data
Aggregated data are aggregated data that do not allow any conclusion to a person and are therefore not personal. For example, visit times on a website can be saved as averages. - Anonymous Data
- Anonymity is when a person cannot at least be identified by the responsible person with the means at his disposal on the basis of a date. In particular, aggregated data may be anonymous. - Order processing/contractor
A "processor" is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller. - Special categories of personal data
Such data includes data revealing racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, genetic data, biometric data to uniquely identify a natural person, health data or data on a natural person's sex life or sexual orientation. - Advanced matching
.The "advanced matching" is a Facebook pixel option which means that inventory data such as phone numbers, email ddresses or Facebook IDs of users are transmitted to Facebook in encrypted form to form target groups for Facebook ads and are used only for this purpose.
- Affected person/ concerning
See "personal date". - Clicktracking
"Clicktracking" allows you to keep track of the movements of users within an entire online offering. Since the results of these tests are more accurate if the interaction of users can be tracked over time (e.g. if a user likes to return), cookies are usually stored on users' computers for these test purposes. - Conversion
"Conversion" or "conversion measurement" refers to a procedure with which the effectiveness of marketing measures can be determined. As a rule, a cookie is stored on the users' devices within the websites on which the marketing activities take place and then retrieved again on the target website (e.g. this enables us to determine whether the ads we placed on other websites were successful). - Cookies
Cookies" are small files that are stored on the user's computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies" are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping basket in an online shop or a login jam within a community can be stored. Cookies are defined as permanent or persistent and remain stored even after the browser is closed. For example, the login status can be saved in a community if users visit it after several days. Likewise, the interests of users used for range measurement or marketing purposes (see e.g. remarketing) may be stored in such a cookie. As a third party cookie, cookies will be offered by providers other than the person responsible for operating the online offer (otherwise, if they are only its cookies, we speak of first-party cookies). - Cross device tracking
Cookies and fingerprints are device-related. Cross-device tracking is required to evaluate the interests of users using smartphones for advertising on desktop PCs. Logins in social networks such as Facebook can be used for this purpose. Alternatively, location data, IP addresses and user behavior are used to achieve up to 98% more precise user restriction. Cookies and web beacons are usually used for cross-device tracking purposes. - Custom Audiences
Custom audiences (or user-defined target groups) are defined when target groups are intended for advertising purposes, e.g. insertion of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it may be concluded that the user is interested in advertisements for similar products or the online shop in which he has viewed the products. Lookalike audiences (or similar target groups) are users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of creating custom audiences and lookalike audiences. Custom Audiences from Website means that the target groups are formed on the basis of the visitors of your own website. Custom Audiences from File means that e.g. a list with e-mail addresses is uploaded to the respective advertising network or platform to form the target groups. - Demographic data
Demographic data are general information about groups of people or persons, e.g. characteristics such as age, gender, place of residence and social characteristics such as occupation, marital status or income. Demographic data is collected as part of range measurement and online marketing for the purposes of interest-based marketing or for business analyses that are used, for example, to determine target groups. - third
A third party is a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons authorised to process the personal data under the direct responsibility of the data processor or data processor. - third country
Third countries are states in which the DSGVO is not directly applicable law, i.e. in principle states which are not members of the European Union (EU) or the European Economic Area (EEA). - Consent
An “consent“ of the data subject is any voluntary statement of intent in the particular case, in an informed and unequivocal manner, in the form of a statement or other clear affirmative act, with which the data subject indicates that he/she agrees to the processing of personal data concerning him/her. - Embedding
In embedding, external content or software functions (see plug-ins) are integrated into one's own online presence in such a way that they are displayed or executed on this website. No copy of the content is created because it is accessed from the original server (e.g. videos, pictures, posts on social networks, widgets with ratings). With embedding, it is technically necessary for the provider of the content to collect the IP address of the user in order to display the embedded content in the user's browser. Furthermore, the content provider may store e.g. cookies on the user's devices. - Extended comparison
The advanced matching is an option of the Facebook pixel, which means that inventory data such as phone numbers, e-mail addresses or Facebook IDs of users are encrypted to Facebook to form target groups for Facebook ads and only used for this purpose. - Error tracking
During error tracking, for example, incorrectly executed program code is recognized in order to eliminate it and thus ensure the functionality and security of online offers. - Fingerprints and other online identifiers
Fingerprints correspond in their function to cookies, whereby the storage of a file on the user's device is waived. These digital fingerprints can be individually created as cross sums of individual factors of devices, e.g. computing power or browser plug-ins for devices and thus used for range measurement, profiling, remarketing, interest and behaviour-related advertising. - First party cookies
See Cookies - Heatmaps
Heatmaps are mouse movements of the users, which are combined to an overall picture, with the help of which e.g. it is possible to recognize which website elements are preferred and which website elements users prefer less. - IP address
The IP address (IP stands for Internet Protocol) is a sequence of numbers that can be identified by the devices connected to the Internet. When a user visits a website on a server, he informs the server of his IP address. The server then knows that it must send the data packets with the content of the website to this address. - IP masking
IP masking is a method in which the last octet, i.e. the last two digits of an IP address, are deleted so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing methods, especially in online marketing. - Interest-based marketing and behavioral advertising
Interest- and/or behaviour-related advertising is the term used when profiling is used to determine the potential interest of users in advertisements (Online Behavioral Advertising, OBA for short). Cookies and web beacons are usually used for these purposes. - Lookalike Audiences
See Custom Audiences. - Opt-in
The term opt-in means, depending on the context, as much as registration or consent. If a registration is confirmed (e.g. by entering an e-mail address in an online form field) by sending a confirmation e-mail to the owner of the e-mail address, one speaks of a Double-Opt-In (DOI). - Opt-Out
The term opt-out means unsubscription and may represent an objection (e.g. against tracking) or a termination (e.g. for newsletter subscriptions). - Opt-out cookie
An opt-out cookie is a small file (see cookies) that is stored in your browser and in which it is noted, for example, that a tracking service should not process your data. The opt-out cookie only applies to the browser in which it was saved, i.e. in which you clicked the opt-out link. If cookies are deleted in this browser, you must click the opt-out link again. Furthermore, an opt-out link can only be limited to the domain on which the opt-out link was clicked. - permanent cookies
See Cookies - Personal date/ personal reference
Personal data; all information relating to an identified or identifiable natural person (hereinafter referred to as the data subject); an identifiable person is a natural person who, directly or indirectly, in particular by assignment to an identification such as a name, to an identification number, to location data, to an online identification (e.g.B. Cookie) or to one or more special characteristics which are expressions of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person. - Plugins/ Social Plugins
Plugins (or social plugins; in the case of social functions) are third-party software functions that are integrated into the online offering. They can be used to output interaction elements (e.g., a like button) or content (e.g., external commenting function or posts in social networks). - Processor
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Processing
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Profiling
Profiling is defined as any type of automated processing of personal data consisting in the use of such personal data to analyse, evaluate or predict (e.g. to predict) certain personal aspects relating to a natural person (depending on the type of profiling, information regarding age, gender, location and movement data, interaction with websites and their content, shopping behaviour, social interactions with other people).B. the interests in certain contents or products, the click behaviour on a website or the location). Cookies and web beacons are often used for profiling purposes. - Pseudonymization/ Pseudonyms
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately, it is ensured that the personal data is not assigned to an identified or identifiable natural person; D.h. if an exact interest profile of the computer user is stored in a cookie (quasi a “marketing avatar“), but not the name of the user, then data is processed pseudonymously. If his name is stored, e.g. as part of his e-mail address or his IP address, then processing is no longer pseudonymous. - range measurement
The range measurement serves to evaluate the visitor flows of an online offer and can include their behaviour, interests or demographic information, e.g. age or gender. With the help of range analysis, website owners, for example, can identify what types of people visit their website at what time and what content they are interested in. This enables them, for example, to better optimise the content of the website to the needs of their visitors. Cookies and web beacons are often used for range analysis purposes. - Remarketing/ Retargeting
Remarketing or retargeting is the term used, for example for advertising purposes, for which products a user is interested in on a website in order to remind the user on other websites of these products, e.g. in advertisements. Cookies are usually used for profiling purposes. - Session Cookies
See Cookies - Single sign-on
Single sign-on or single sign-on authentication is a procedure that allows users to log on to an online offer, including other online offers, with the help of a user account. A prerequisite for Single-Sign-On authentication is that users are registered with the respective Single-Sign-On provider and enter the required access data on the web form provided for this purpose. Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in under this user ID at the respective single sign-on provider and an ID that can no longer be used by us (so-called user handle). Whether we receive further data depends solely on the single sign-on procedure used, the selected data releases as part of authentication and also which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the choice of users, it can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on procedure is neither visible to us nor is it stored by us. Users are asked to note that their data stored with us can be automatically compared with their user account with the Single Sign-On provider, but this is not always possible or actual. If, for example, the e-mail addresses of users change, users must manually change these in their user account with us. Should users decide that they no longer wish to use their user account link with the Single-Sign-On provider for the Single-Sign-On procedure, they must cancel this link within their user account with the Single-Sign-On provider. If users whose data is stored with us, they must cancel their registration with us. - Third Party Cookies
See Cookies. - Tracking
Tracking is when the behaviour of users can be traced across several online offers, e.g. for remarketing purposes. The behavioral and interest information collected with regard to the online offers used is stored as user profiles in cookies or on the servers of marketing service providers (e.g. Google or Facebook). - Universal Analytics
Universal Analytics is a process by Google Analytics in which the user analysis is based on a pseudonymous user ID and a pseudonymous profile of the user with information from the use of various devices is created (cross-device tracking). - Controller
"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- responsible
The person responsible is the natural or legal person, authority, institution or other body which alone or together with others decides on the purposes and means of the processing of personal data. - processing
Processing means any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data. The term goes far and covers practically every handling of data. - Web beacons
see pixel-code - Widgets
See Embedding. - pixel-code
Counting pixels (also: pixels, measuring pixels, web beacon or web bug) are small, pixel-sized graphics that are integrated into web pages or HTML e-mails. For example, they allow you to determine whether an e-mail has been opened (at least if the image display in e-mails is activated) or how often a website is accessed by a user.