morefire
MENU

 

Data protection

Data protection policy

Preamble

Below we would like to explain what data we collect, process and use when and for what purpose. The aim is to explain to you how our services on offer work, and how the protection of your personal data is guaranteed in this respect.

We only collect, process and use personal data where you have consented to it or legislation allows.

This data protection policy can be downloaded, saved and printed at any time via the URL https://www.more-fire.com/datenschutz/.

Controller’s name and address

The Controller in the sense of data protection legislation is:

morefire GmbH

Hohenstaufenring 29-37

50674 Köln (Cologne)

You can contact us at any time by telephone on +49 (0)221 / 584787-00 or by email at [email protected].

Name and address of the Data Protection Officer

Our Data Protection Officer’s contact details:

René Rautenberg GmbH

Hauptstrasse 28

15806 Zossen

www.er-secure.de

Email: [email protected]

General points about data protection

Scope of personal data processing

We only process our users’ personal data where required for providing an operational website as well as our content and services. As a rule, our users’ personal data is only processed after the user has consented. An exception applies in such cases where consent cannot be obtained beforehand for factual reasons, and processing of the data is permitted by statutory regulations.

Legal basis for processing personal data

Article 6 (1, a) of the EU General Data Protection Directive (DGPR) serves as the legal basis where we obtain a data subject’s consent for processing personal data.

Article 6 (1, b) GDPR serves as the legal basis where the processing of personal data is required for performing a contract where the data subject is a party to the contract. This also applies to processing required for implementing pre-contractual measures.

Article 6 (1, c) GDPR serves as the legal basis where the processing of personal data is required for performing a legal obligation that our company is subject to.

Where the processing is required for safeguarding a legitimate interest of our company or a third party, and the data subject’s interests and fundamental rights and freedoms do not outweigh the first-mentioned interest, Article 6 (1, f) GDPR serves as the legal basis for processing.

Data erasure and storage duration

The data subject’s personal data is erased or blocked as soon as the purpose of storage ceases to exist. Storage can also occur if intended by European or domestic legislators in Regulations, Laws or other requirements under EU Law to which the Controller is subject. Data is also deleted or erased if a storage period prescribed by the stated legislation has expired, unless there is a requirement for continued storage of the data for entering into or performing a contract.

Types of processed data:

– Inventory data (e.g. names, addresses).

– Contact details (e.g. email, telephone numbers).

– Content data (e.g. text entries, photographs, videos).

– Usage data (e.g., websites visited, interest in content, access times).

– Meta/communications data (e.g. device information, IP addresses).

Categories of data subjects

Visitors to and users of the online offer (we hereinafter also summarise the data subjects as ‘Users’).

Purpose of processing

– Provision of the online offer, its functions and content.

– Responding to contact enquiries and communication with users.

– Security measures.

– Audience gauging/marketing

Definitions used

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is far reaching and covers practically any dealing with data.

‘Controller’ refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant legal bases

In accordance with Article 13 DGPR, we are informing you if the legal bases of our data processing. The following applies where the legal basis is not stated in the data protection policy: The legal basis for obtaining consent is Article 6 (1, a) and Article 7 GDPR, the legal basis for processing for performing our services and implementing contractual measures, as well as responding to enquiries is Article 6 (1, b) GDPR, the legal basis for processing for complying with our legal obligations is Article 6 (1, c) GDPR, and the legal basis for processing for safeguarding our legitimate interests is Article 6 (1, f) GDPR.

Collaboration with processors and third parties

Where, when processing, we disclose data to other parties and companies (processors or third parties), or grant direct or other access to the data, this only occurs based on statutory permission (e.g. if transferring data to third parties, like a payment service provider, is required for performing a contract in accordance with Article 6 (1, b) GDPR, you have provided consent, a legal obligation is in place, or based on our legitimate interests (e.g. when using agents, web hosters etc.).

Where we commission third parties with the processing of data based on a so-called ‘processing agreement’, this occurs based on Article 28 GDPR.

Transmission to third countries

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or this happens when used as part of third-party services or the disclosure or, as may apply, transfer of data to third parties, this only occurs if required to perform our (pre-)contractual duties, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to statutory or contractual permission, we only process, or arrange for data to be processed, in a third country where the specific requirements of Articles 44 et seq GDPR are in place. In other words, processing occurs, for example, based on particular guarantees such as the officially recognised determination of the data protection level corresponding to the EU (e.g. for the USA by the ‘Privacy Shield’) or compliance with officially recognised specific obligations (so-called ‘standard contract clauses’).

Rights of data subjects

You have the right to demand confirmation as to whether data in question is being processed and for information about this data, as well as further information and a copy of the data in accordance with Article 15 GDPR.

In accordance with Article 16 GDPR, you have the right to demand that data concerning you is completed, or incorrect data concerning you rectified.

In accordance with Article 17 GDPR, you have the right to demand the erasure of data concerning you without undue delay or, alternatively in accordance with Article 18 GDPR, restricted processing of the data.

You have the right to demand receipt of data that you have provided us with in accordance with Article 20 GDPR, and to request its transmission to another Controller.

You also have the right in accordance with Article 77 GDPR to lodge a complaint with the relevant supervisory body.

Revocation

You have the right to revoke consent granted in accordance with Article 7 (3) GDPR with future effect.

Right to object

In accordance with Article 21 GDPR, you can object to future processing of data concerning you. In particular, the objection can be against processing for the purposes of direct advertising.

Cookies and the right to object with direct advertising

Cookies refer to small files stored on users’ computers Different details can be stored within the cookies. A cookie serves primarily to store details about a user (or, as may apply the device on which the cookie is stored) during or even after his/her visit within an online offer. Cookies that are deleted after a user leaves an online offer and closes their browser are referred to as temporary cookies or, as may apply, session cookies. By way of example, a login status can be stored in such a cookie. Cookies that remain even after the browser has been closed are referred to as permanent or persistent. By way of example, this allows the login status to be stored if the user visits it after several days. The users’ interests for gauging the audience or marketing purposes can also be stored in such a cookie. Cookies offered by providers other than the controller operating the online offer are referred to as third-party cookies (otherwise first-party cookies if only its cookies exist).

We can use temporary and permanent cookies, and clarify this under our data protection policy.

Where users do not want cookies to be stored on their computer, they are requested to disable the corresponding option in the system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies can lead to restricted functioning of this online offer.

A general objection to the use of cookies placed for the purposes of online marketing can be declared with a wide range of services, above all in the event of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. In addition, the storage of cookies can be achieved by means disabling them in the browser’s settings. Please note that not all functions of this online offer may then be used.

When accessing our website, users are informed about the use of cookies for analysis purposes by an info banner referring to the data protection policy. In this respect, there is also a reference to how the storage of cookies can be prevented in the browser settings.  This so-called cookie tracking filter assists the user in saving which cookies are to be set. His/her own cookie is stored for this purpose. If you delete your cookies, you should not delete this cookie, as otherwise the cookie tracking filter is unable to recognise your preferences.

Erasing data

Data processed by us is erased in accordance with Articles 17 and 18 GDPR, or restricted in its processing. Unless expressly stated as part of the data protection policy, data stored with us is deleted as soon as it is not required for its purpose, and no statutory duties of retention stand in the way of deletion. Where data is not deleted because it is required for other statutory purposes permitted by legislation, its processing is restricted. In other words, the data is blocked and not processed for other purposes. By way of example, this applies to data needing to be retained under commercial or tax law.

In accordance with statutory requirements in Germany, retention is in particular for 6 years in accordance with Section 257 (1) German Commercial Code (trading books, inventories, opening balances, end-of-year financial statements, commercial correspondence, accounting vouchers etc.) as well as for 10 years in accordance with Section 147 (1) Tax Code (books, records, situation reports, accounting vouchers, trading and business correspondence, records relevant for taxation etc.).

In accordance with statutory requirements in Austria, retention is in particular for 7 years in accordance with Section 132 (1) Federal Tax Code (bookkeeping records, vouchers/invoices, accounts, vouchers, business documents, lists of revenue and outgoings, etc.), for 22 years in connection with land, and for 10 years for records in connection with electronically provided services, telecommunications, radio, and television services provided for non-entrepreneurs in EU Member States, and for which the Mini One-Stop-Shop (MOSS) is used.

Business-related processing

We also process

– contract data (e.g. contractual object, term, client category).

– payment data (e.g. bank details, payment history)

of our customers, potential clients, and business partners for the purpose of providing contractual services, servicing and customer care, marketing, advertising, and market research.

Hosting

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, memory space and database services, and security services as well as technical maintenance services that we use for the purpose of operating this online offer.

In doing so, we or, as my apply, our hosting provider process inventory data, contact details, content data, contract data, usage data, meta and communications data of customers and potential clients of and visitors to this online offer based on our legitimate interests in efficiently and securely providing this online offer in accordance with Article 6 (1, f) GDPR in conjunction with Article 28 GDPR (entering into a processing agreement).

Collection of access data and log files

Based on our legitimate interest in the sense of Article 6 (1, f) GDPR, we or, as may apply, our hosting provider collect data about any access to the server on which this service is located (so-called server log files). Access data includes the name of the website accessed, file, date and time of access, amount of data transferred, report of successful access, browser type along with version, user’s operating system, referrer URL (site previously visited), IP address and requesting provider.

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. The user’s IP address needs to remain stored for the duration of the session to allow this.

Storage takes place in log files to ensure the functionality of the website, above all for analysing an attack (DOS attack) and the misuse of tools provided.  The data also serves to optimise the website and ensure the security of our IT systems. Data is not evaluated for marketing purposes in this respect.

The data is erased as soon as it is no longer required for achieving the purpose of its collection.  This is generally the case after 30 days.

The collection of data for providing the website and storing the data in log files is mandatory for operating the website. As a result, the user is not able to object.

Providing contractual services

We process inventory data (e.g. names and addresses as well as contact details of customers) and contract data (e.g. services used, names of points of contact, payment information) for the purpose of performing our contractual obligations and services in accordance with Article 6 (1, b) GDPR. Entries marked as mandatory in online forms are required for entering into the contract.

When making use of our online services, we store the IP address and time of the respective user activity. Storage occurs based on our legitimate interests, as also to protect the user from misuse and other unauthorised usage. This data is in principle not disclosed to third parties, unless required for following up our claims or there is a statutory obligation in this respect in accordance with Article 6 (1, c) GDPR.

We process usage data (e.g. the websites visited of our online offer, interest in our products) and content data (e.g. entries in the contact form or user profile) for promotional purposes in a user profile to show users, by way of example, product information based on services previously made use of by it.

The data is deleted on expiry of statutory warranty and comparable duties, and the requirement to retain the data is checked every three years. In the event of statutory archiving duties, erasure is on its expiry. Details in any customer account remain until its deletion.

Administration, accounting, office organisation, contact administration

We process data as part of administrative tasks as well as the organisation of our operation, accounting, and compliance with statutory duties such as archiving. As such, we process the same data that we process when providing our contractual services. The bases for processing are Article 6 (1, c) GDPR and Article 6 (1, f) GDPR. Customers, prospective clients, business partners and visitors to the website are affected by processing. The purpose and interest in processing lies in the administration, accounting, office organisation, and archiving of data, i.e. tasks serving to maintain our business activities, perform our tasks, and provide our services. The erasure of data with regard to contractual services and communication corresponds to the details stated with these processing activities.

As such, we disclose or transmit data to the Tax Office, consultants such as tax advisers or auditors, and other charge collectors and payment service providers.

In addition, based on our commercial interests we store details about suppliers, organisers, and other business partners, for example for the purpose of subsequently making contact. In principle, we share this data relating on the whole to companies on a permanent basis.

Business analysis and market research

In order to be able to operate our business commercially and identify market trends, and customer and user wishes, we analyse the data available to us about business processes, contracts, enquiries etc. In doing so, we process inventory data, communications data, contract data, payment data, usage data, and meta data based on Article 6 (1, f) GDPR, where data subjects include customers, potential clients, business partners, and visitors to and users of the online offer.

Analysis takes place for the purpose of business evaluation, marketing, and market research. This allows us to consider the profiles of registered users with details such as their purchasing processes. Analysis serves us to increase user friendliness, and to optimise our offer and business efficiency. Analysis serves us alone and is not disclosed externally, unless it involves anonymised analysis with summarised values.

Where this analysis or profiles is/are personal, it/they is/are erased or anonymised on termination of the user, otherwise after two years as of terminating the contract. In addition, overall commercial analysis and general determination of trends is produced where possible.

Registration function

Users have the option to create a user account in the blog. Users are provided with the required mandatory details when registering. Details input when registering are used for taking advantage of the offer. Users can receive emails relating to offers or registration such as changes to the scope of the offer or technical conditions. If users have cancelled their user account, their data with regard to the user account is erased, subject to retention being required for reasons under commercial or tax law in accordance with Article 6 (1, c) GDPR. It is a matter for users to safeguard their data before the end of the contract in the event of cancellation. We are entitled to irrevocably erase all of the user’s data stored during the contract.

When our registration and login functions are made use of, as well as when the user account is used, we store the IP address and the time of the respective user activity. Storage takes place not only based on our legitimate interests, but also the user to protect against abuse and other unauthorised usage. This data is in principle not disclosed to third parties unless required to follow up our claims or there is a statutory obligation in this respect in accordance with Article 6 (1, c) GDPR.

Contact

When contacting us (for example by means of the contact form, email, telephone, or via social media), the user’s details are processed for handling the contact enquiry and in accordance with Article 6 (1, b) GDPR. The user’s details can be stored in a customer relationship management system (CRM system) or comparable enquiry management system.

We delete the enquiries as soon as they are no longer required. We review the requirement every two years, and statutory archiving duties also apply.

Comments and contributions

If users leave comments or other contributions, their IP addresses are stored based on our legitimate interests in the sense of Article 6 (1, f) GDPR. This occurs for our security should someone leave unlawful content in comments and contributions (insults, forbidden political propaganda etc.). In this event, we ourselves can be sued for the comment or contribution, and are therefore interested in the identity of the author.

Comment subscription

Follow-up comments can be subscribed to by users with their consent in accordance with Article 6 (1, a) GDPR. Users receive a confirmation email to verify if they hold the email address provided. Users are able to unsubscribe from continual subscription to comments. The confirmation email will contain information on cancellation options.

Akismet anti-spam verification

Our online offer uses the ‘Akismet’ service offered by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Usage is based on our legitimate interests in the sense of Article 6 (1, f) GDPR. Comments by real people are distinguished from spam comments with the help of this service. To do this, all details of all comments are sent to a server in the USA where they are analysed and stored for four days for comparison purposes. Where a comment is classed as spam, the data is stored beyond this period. These details include the name, email address, IP address, contents of the comment, and referrer entered, details of the browser used and the computer system and time of entry.

Automattic is certified under the Privacy Shield framework and, as such, offers a guarantee to comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).

More detailed information about the collection and use of data by Akismet can be found in Automattic’s privacy policy: https://automattic.com/privacy/.

Users are free to use pseudonyms, or abstain from entering names or email addresses. They can completely avoid transferring data by not using the comments system. That would be a shame, but otherwise we see no alternative to being so effective.

Retrieving profile pictures with Gravatar

Within our online offer, and in particular the blog, we use the Gravatar service of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Gravatar is a service where users can log in and save profile pictures and their email addresses. If users leave contributions or comments with the respective email address on other online sites (above all blogs), their profile pictures can be shown along with the contributions or comments. To do this, the email addresses provided are sent encrypted to Gravatar for the purpose of verifying whether a profile is saved to it. This is the sole purpose or providing the email address, and is not used for other purposes, but erased afterwards.

Gravatar is used based on our legitimate interests in the sense of Article 6 (1, f) GDPR, as with the help of Gravatar we offer the authors of contributions and comments to the possibility of customising their contributions with a profile picture.

Automattic is certified under the Privacy Shield framework and, as such, offers a guarantee to comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).

By showing the pictures, Gravatar identifies users’ IP addresses, as this is necessary for communication between a browser and an online service. You will find more detailed information about the collection and use of data by Gravatar in Automattic’s privacy policy: https://automattic.com/privacy/.

If, as a user, you do not want a user picture linked to your email address appearing in the comments, you should use an email address not saved with Gravatar when commenting. We would also like to point out, that it is also possible to use an anonymous, or even no email address, in case the user does not want their own email address to be forwarded to Gravatar. Users are able to completely prevent the forwarding of data by not using our comments system.

Newsletter/info mail/automated email communication

Below we would like to inform you about the content of our newsletter/info mail, as well as the procedures for logging in, sending and statistical evaluation as well as your rights to object. By subscribing to our newsletter/info mail, you state that you agree to receive them and the procedures set out.

Content of the newsletter/info mail: we send newsletters, emails and other electronic notifications with promotional information (hereinafter ‘newsletters/info mail’) only with the consent of the recipient or statutory permission. When, during registration for the newsletter its content is specifically paraphrased, it is decisive for the user’s consent. Otherwise, our newsletters/info mail contains information about our services.

Double opt-in and logging: Our newsletter/info mail is registered for in a so-called double opt-in procedure. In other words, after registration you receive an email asking you to confirm registration. This confirmation is necessary so that no-one is able to register with third-party email addresses. Registration to the newsletter is logged to allow evidencing of the registration process in accordance with statutory requirements. This includes storing the time of registration and confirmation, as well as the IP address. In the same way, changes to your data stored with the sending service provider are logged.

Registration data: Providing us with an email address is sufficient for registering for the newsletter/info mail. As an option, we ask you for a name for the purpose of being addressed personally in the newsletter.

Germany: The newsletter is sent and the associated success measured based on the recipient’s consent in accordance with Article 6 (1, a) and Article 7 GDPR in conjunction with Article 7 (2, 3) of the German Unfair Competition Act (UWG) or, as may apply, based on statutory permission in accordance with Article 7 (3) UWG.

The registration process is logged based on our legitimate interest in accordance with Article 6 (1, f) GDPR. Our interest is in the use of a user-friendly and secure newsletter/info mail system that both serves our business interests, and also meets the users’ expectations and also allows us to evidence consent.

Cancellation/revocation – you can cancel receipt of our newsletter/info mail at any time, i.e. revoke your consent. You will find a link for cancelling the newsletter/info mail at the end of each newsletter. We are able to store emails that have been finished with for up to three years based on our legitimate interests before we delete them for the purposes of sending the newsletter/info mail to be able to evidence previously issued consent. The processing of this data is restricted to the purpose of potentially defending against claims. An individual application for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time.

Newsletter – issuing service provider

The newsletter is issued by means of the Hubspot service provider. The issuing service provider is engaged based on our legitimate in accordance with Article 6 (1, f) GDPR and a processing agreement in accordance with Article 28 (3, 1) GDPR.

The issuing service provider can use the recipient’s data in a pseudonymised form, in other words without assigning it to a user, for optimising or improving its own services, for example for optimising the technique of sending and laying out the newsletter or for statistical purposes. The issuing service provider does not however use our newsletter recipient’s data for contacting it itself or forwarding the data to third parties.

Newsletter – measuring success

The newsletter contains a so-called pixel, i.e. a file with a large amount of pixels retrieved by its server when the newsletter is opened by our server or, as may apply, where we use an issuing service provider. When retrieved, technical information such as about the browser and your system is initially collected as well as about your IP address and the time of retrieval.

This information is used for improving service technology by means of technical data or the target audiences and their reading behaviour by using its place of retrieval (identifiable with the help of the IP address) or the access times. Statistical collection also includes determining whether the newsletter is opened, when it is opened, and which links are clicked on. For technical reasons, this information can be assigned to individual newsletter recipients. However, neither our efforts nor, where engaged, those of the issuing service providers, are to be observed by individual users. Evaluation serves us much more for identifying our users’ reading habits and adjusting our content to them or sending different content according to or users interests.

Further use of Hubspot

We do not just use Hubspot for sending our newsletter, but also for our online marketing activities.  This involves an integrated software solution with which we cover different aspects of our online marketing.

Among other things, this includes:

  • Content management (website and blog)
  • Email marketing (newsletter/info mail, as well as automated mailing, for example for providing downloads)
  • Social media publishing & reporting
  • Reporting (e.g. traffic sources, access, etc.)
  • Contact management (e.g. user segmentation & CRM)
  • Landing pages and contact forms

Our registration service allows visitors to our website to find out more about our company, download content, and provide their contact details and other demographic information.

This information as well as our website’s content is stored on servers of our software partner HubSpot. It can be used by us for contacting visitors to our website and identifying which of our company’s services are of interest for them. All information collected by us is subject to this data protection provision. We use all information collected solely for optimising our marketing.

HubSpot is a software company from the USA with a subsidiary in the Republic of Ireland.

Contact:

HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Republic of Ireland, Telephone: +353 1 5187500.

HubSpot is certified under the terms and conditions of the ‘EU – U.S. Privacy Shield Framework‘ and subject to the TRUSTe ’s Privacy Seal and the ‘US – Swiss Safe Harbor’ Framework.

Jetpack (WordPress Stats)

Based on our legitimate interests (i.e. interest in analysing, optimising, and commercially operating our online offer in the sense of Article 6 (1, f) GDPR), we use the Jetpack plugin (in this case the ‘WordPress Stats’ subfunction), which integrates a tool for the statistical evaluation of visitor access from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses so-called cookies, text files stored on your computer that allow analysis of your use of the website.

Automattic is certified under the Privacy Shield framework and, as such, offers a guarantee to comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).

Information generated by the cookie about your use of this online offer is stored on a server in the USA. This allows user usage profiles to be created from the data processed, where it is only used for analysis and not for advertising purposes. You will be provided with more information in Automattic’s privacy policy: https://automattic.com/privacy/ and details about Jetpack cookies: https://jetpack.com/support/cookies/.

Google Analytics

Based on our legitimate interests (i.e. interest in analysing, optimising, and commercially operating our online offer in the sense of Article 6 (1, f) GDPR), we rely on Google Analytics, a web analysis service from Google LLC (´Google’). Google uses cookies. As a rule, information generated by the user making use of the online offer is sent to and stored on a Google server in the USA.

Google is certified under the Privacy Shield Framework and, as such, offers a guarantee that European data protection legislation is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate how users make use of our online offer, to compile reports about activities within this online offer, and to provide us with other services associated with the use of this online offer and internet usage. This allows us to create pseudonymised usage profiles for the users from the data processed.

We only use Google Analytics with IP anonymisation enabled. This means that the user’s IP address is abbreviated by Google within Member States of the European Union or in other in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and abbreviated there.

The IP address sent from the user’s IP address is not mixed with other data by Google. Users are able to prevent the storage of cookies by appropriately adjusting their browser software. In addition, users are able to prevent the recording by Google of data generated and relating to their use of the online offer as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Alternatively, you can opt out of Google Analytics by clicking on this link.

You will find more information about the use of data by Google, and setting and objection options on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (‘use if data by Google when using apps or websites of our partners’), https://adssettings.google.de (‘use of data for the purpose of advertising’), (‘managing information used by Google for showing you advertising’).

Google Re/Marketing services

Based on our legitimate interests (i.e. interest in analysing, optimising, and commercially operating our online offer in the sense of Article 6 (1, f) GDPR), we use the marketing and remarketing services (in short ‘Google Marketing Services’) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (‘Google’)

Google is certified under the Privacy Shield Framework and, as such, offers a guarantee that European data protection legislation is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google Marketing Services allow us to display advertisements for and on our website in a targeted manner to only present to users what they may be interested in. Where, for example, a user is shown adverts for products for which he/she is interested in on other websites, this is called remarketing. For these purposes, when our or other websites are accessed on which Google Marketing Services are enabled, a Google code is immediately created by Google and so-called (re)marketing tags (unseen graphics or codes, also referred to as pixels) are integrated in the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technology can be used instead of cookies). Cookies can be placed by different domains, including by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file notes what websites the user has visited, in what content he is interested, and on what offers he has clicked, in addition to technical information about the browser, referring websites, time of visit, and other details about using the online offer. The user’s IP address is also recorded, where under Google Analytics we state that the IP address within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area is abbreviated and only sent in its entirety to a Google server in the USA and abbreviated there. The IP address is not combined with the user’s data within other Google offers. The aforementioned information can also be associated by Google with such information from other sources. If the user then visits other websites, he/she can be shown adverts tailored to him/her according to his/her interests.

The user’s data is processed under Google Marketing Services in a pseudonymised manner. In other words, and by way of example, Google does not store the user’s name or email address, rather it processes the relevant data related to cookies within a pseudonymised user profile. In other words, from Google’s point of view, the adverts are not managed and shown for a specific identified person, rather for the cookie holder, regardless of who the cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this anonymisation. Information collected by Google Marketing Services about the user is sent to Google and stored on Google servers in the USA.

Google marketing services used by us include, among other things, the online advertising program ‘Google AdWords’. In the case of Google AdWords, every AdWords customer receives a conversion cookie. As such cookies cannot be tracked via AdWords customers’ websites. Information obtained with the help of cookies serves to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are provided with the total number of users who have clicked on their advert and been directed to a page provided with a conversion tracking tag. Nevertheless, they receive no information allowing users to be personally identified.

In addition, we use the Google Tag Manager for integrating and managing Google analysis and marketing services in our website.

You can find out more about the use of data for marketing purposes by Google at the overview page: https://www.google.com/policies/technologies/ads, Google’s privacy policy can be accessed under https://www.google.com/policies/privacy.

If you would like to object to advertising based on interests by Google Marketing Services you can use setting and opt-out options provided by Google: http://www.google.com/ads/preferences.

Facebook pixel, custom audiences and Facebook conversion

Based on our legitimate interest in analysing, optimising and commercially operating our online offer and, for this purpose, the so-called Facebook pixel of the Facebook social network, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland (‘Facebook’), is used within our online offer.

Facebook is certified under the Privacy Shield Framework, and as such offers a guarantee of complying with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

With the help of the Facebook pixel, it is on the one hand possible for Facebook to identify visitors to our online offer as a target group for showing adverts (so-called Facebook Ads). Accordingly we use the Facebook pixel to show Facebook Ads activated by us only to such Facebook users having shown an interest in our online offer, or with the specific characteristics (e.g. interests in specific themes or products determined by means of the websites visited) that we send to Facebook (so-called custom audiences). With the help of the Facebook pixel, we would like to ensure that our Facebook ads match the user’s potential interest without a damaging effect. The Facebook pixel also allows us to track the effectiveness of Facebook advertisements by showing us whether users have been directed to our website after clicking on a Facebook advertisement (so-called conversion).

Data is processed by Facebook in line with Facebook’s data usage policy. As such, general information in Facebook’s data usage policy about showing Facebook ads: https://www.facebook.com/policy.php. You will find specific information and details about Facebook pixels and their function in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.

You can object to Facebook pixels collecting and using you data for showing Facebook ads. In order to set the type of adverts shown to you within Facebook, you can access the page set up by Facebook and follow the instructions there about settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are independent of the platform, i.e. they are accepted by all devices, such as desktops or mobile devices.

You can object to the use of cookies serving to gauge the audience and for advertising purposes via the network advertising initiative’s deactivation page (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Bing ADs

Data is collected and stored on our website with Bing Ad technology, from which usage profiles are created by using pseudonyms. This involves a service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service allows us to track user activity on our website if obtained via Bing ads. If you go via such an advert on our website, a cookie is placed on your computer. A Bing UET tag is integrated on our website. This involves a code via which non-personal cookie-related data is stored about use of the website. This includes, among other things, the stay on the website, what sections of the website of the website are accessed, and via which adverts the user arrived at the website. Information about your identity is not collected.

The information collected is sent to Microsoft servers in the USA and, in principle, stored there for a maximum of 180 days. You can prevent the collection of data relating to your use of the website created by the cookie by disabling the placing of cookies. Under certain circumstances, this can restrict the website’s functionality.

Under certain circumstances, Microsoft can also track your usage behaviour over several of your electronic devices by so-called cross device tracking and, as such, is able to show personalised advertising on or in Microsoft websites and apps. You can disable this behaviour under http://choice.microsoft.com/de-de/opt-out.

You can find more detailed information about Bing’s analysis services on the Bing Ads website ( https://help.bingads.microsoft.com/#apex/3/de/53056/2 ). You can find more detailed information about data protection with Microsoft and Bing in Microsoft’s privacy policy ( https://privacy.microsoft.com/de-de/privacystatement).

Online presence in social media

We maintain online presences within social networks and platforms to communicate there with active customers, potential clients, and users and inform them about our services. The respective operator’s terms and conditions and data processing policies apply when each network and platform is accessed.

Unless otherwise stated as part of our data protection policy, we process users’ data where they communicate with us within the social networks and platforms, for example by making contributions on our online presences or sending us messages.

Inclusion of third-party services and content

Based on our legitimate interests (i.e. interest in analysing, optimising and commercially operating our online offer in the sense of Article 6 (1, f) GDPR), within our online offer we use content or services offered by third parties to integrate them such as videos or fonts (hereinafter referred to as ‘content’).

This always requires the third-party provider of this content to note the user’s IP address, as without the IP address it could not send content to the browser. As such, the IP address is required for showing this content. We make every effort to only use such content whose respective provider uses the IP address solely for providing content. Third-party providers can also use so-called pixel tags (hidden graphics, also referred to as pixels) for statistical of marketing purposes. Pixel tags allow information such as visitor traffic to this website’s pages to be evaluated. The pseudonymised information can also be stored in cookies on the user’s device and, among other things, contain technical information about the browser and operating system, referring websites, visiting time, and other details about the usage of our online offer, as well as be combined with sources from other sources.

YouTube

We include videos from the ‘YouTube’ platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt out: https://adssettings.google.com/authenticated.

Google Fonts

We include Google Fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt out: https://adssettings.google.com/authenticated.

Use of Facebook Social plugins

Based on our legitimate interests (i.e. interest in analysing, optimising and commercially operating our online offer in the sense of Article 6 (1, f) GDPR, we use the social network facebook.com operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland (‘Facebook’). The plugins can represent interactive elements or content (e.g. videos, graphics, or text contributions) and can be identified by one of Facebook’s logos (white ‘F’ on a blue tile, the term ‘Like’, or a ‘thumbs up’ sign) or by adding ‘Facebook social plugin’. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Framework, and as such offers a guarantee of complying with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

If a user access a function of this online offer containing a social plugin, his/her device establishes a direct connection with the Facebook servers. The plugin’s content is sent by Facebook directly to the user’s device and integrated by it into the online offer. This allows user usage profiles to be created from the processed data. We therefore have no influence on the scope of the data collected by Facebook with the help of this plugin, and therefore inform the user according to our level of knowledge.

Integrating the plugin informs Facebook that a user has accessed the corresponding page of the online offer. Where the user is logged into Facebook, Facebook can assign the visit to his/her Facebook account. If users interact with the plugins, for example they activate the Like button or post a comment, the corresponding information is sent directly from your device to Facebook and stored there. Where a user is not a member of Facebook, there is still the possibility of Facebook being made aware of and storing his/her IP address. According to Facebook, only an anonymised IP address is stored in Germany.

The purpose and extent of data collection and the further processing and use of data processing as well as the law and setting options for protecting users’ privacy can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is on Facebook and does not want Facebook to collect data via it about this online offer and link him/her to his/her member data stored with Facebook, he/she must log out of Facebook and delete its cookies before using our online offer. Other settings and objections to the use of data for advertising purposes are possible within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads  or via the US page http://www.aboutads.info/choices/  or the EU page http://www.youronlinechoices.com/. The settings are independent of the platform, i.e. they are accepted by all devices, such as desktops or mobile devices.

Twitter

Within our online offer, functions and content can be integrated of the Twitter service offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By way of example, this may include content such as images, videos or text and buttons, with which users can show what they think of content, and with which they can follow authors of the content or our contributions. Where the users are on the Twitter platform, Twitter can assign access to the aforementioned content and functions to the user profiles there. Twitter is certified under the Privacy Shield Framework and, as such, offers a guarantee to comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, Opt out: https://twitter.com/personalization.

Instagram

Within our online offer, functions and content can be integrated of the Instagram service offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. By way of example, this may include content such as images, videos or text and buttons, with which users can show what they think of content, and with which they can follow authors of the content or our contributions. Where the users are on the Instagram platform, Twitter can assign access to the aforementioned content and functions to the user profiles there. Instagram policy: http://instagram.com/about/legal/privacy/.

LinkedIn

Within our online offer, functions and content can be integrated of the LinkedIn service LinkedIn offered by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. By way of example, this may include content such as images, videos or text and buttons, with which users can show what they think of content, and with which they can follow authors of the content or our contributions. Where the users are on the LinkedIn platform, LinkedIn can assign access to the aforementioned content and functions to the user profiles there. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.. LinkedIn is certified under the Privacy Shield Framework and, as such, offers a guarantee to comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://twitter.com/de/privacy, Opt out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.