Privacy Policy according to Art. 13/14 of the General Data Protection Regulation

Introduction

The following Privacy Policy informs you about the types of personal data (referred to in the following also as “data”) we process, for which purposes we do so and to what extent. The Privacy Policy applies to the processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (collectively referred to in the following as “online presence”). Additional privacy policies maintained by individual controllers or for particular processing operations are provided separately.

The terms used in this Privacy Policy are not intended to be gender-specific.

Version: 14 May 2020

Table of Contents

  • Introduction
  • Controllers
  • Overview of the processing operations
  • Relevant legal bases
  • Security measures
  • Transfer and disclosure of personal data
  • Data processing in third countries
  • Use of cookies
  • Commercial and business services
  • Contact
  • Communication via Messenger
  • Video conferences, online meetings, webinars and screen sharing
  • Provision of the online service and web hosting
  • Application procedure
  • Cloud services
  • Presence in social networks
  • Planning, organization and auxiliary tools
  • Erasure of data
  • Rights of data subjects
  • Amendment and updates of the Privacy Policy

Responsible Authorities

The websites are jointly operated by the following companies:

Germany

JOYNEXT GmbH

Business park Merbitz 5
D-01156 Dresden

Phone: 49 (0) 351 - 45 35 50
Fax: +49 (0) 351 - 45 355 40

Email address: info.de@joynext.com

 

Authorized representatives:

Stavros Mitrakis (CEO), Christoph Lenz (CFO)

Contact details for the Data Protection Officer

c/o The Data Protection Officer,
Gewerbepark Merbitz No. 5

D-01156 Dresden
Email: datenschutz.dresden@joynext.com

 

Poland

JOYNEXT Sp. z o.o.
Siemianice, Poznańska Street 4
PL-55-120 Oborniki Śląskie

Phone: +48 71 337 70 00
 

Email address: info_pl@joynext.com

 

Authorized representatives:

Bogdan Koziar (CEO), Mariusz Czarnocki (CFO)

Contact details for the Data Protection Officer
c/o Marta Hliwa
Siemianice, 4 Poznańsk Street
PL-55-120 Silesian Manure

Email: marta.hliwa@joynext.com

China

Ningbo Joynext Technology Co, Ltd.
No. 99, Qingyi Road, Hi-Tech Park,
Ningbo, Zhejiang, PRC, 315000

Email address: info_cn@joynext.com

Authorized representatives: Yuan Liu

(Board Director & CEO)

China

Shanghai Joynext Technology Co, Ltd.

No.269 Zhenyuan Road, Baoshan District,

Shanghai, PRC, 200444

Email address: info_cn@joynext.com

Authorized representatives: Yuan Liu

(Board Director & CEO)

 

Legal notice: https://www.joynext.com/impressum

Overview of the Processing Operations

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of Data Processed
  • Inventory data (e.g. names, addresses).
  • Content data (e.g. text entries, photographs, videos).
  • Contact details (e.g. email, telephone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Location data (data indicating the location of an end user’s device).
  • Contract data (e.g. object of the contract, term, customer category).
  • Payment data (e.g. bank details, invoices, payment history).
Categories of Data Subjects
  • Employees (e.g. salaried employees, former employees).
  • Business and contractual partners.
  • Interested parties.
  • Communication partners.
  • Customers.
  • Users (e.g. website visitors, users of online services).
Purposes of Processing
  • Provision of the online presence and services.
  • Office and organizational procedures.
  • Direct marketing (e.g. by email or by post).
  • Contact enquiries and communication.
  • Web analytics (e.g. access statistics, analysis of recurring visitors).
  • Security measures.
  • Reach measurement (e.g. access statistics, recognition of returning visitors).
  • Tracking (e.g. interest/behavioral profiling, use of cookies).
  • Contractual services and customer care.
  • Management and response to enquiries.

Relevant Legal Bases

The following sets out the legal bases defined in the General Data Protection Regulation (GDPR), according to which we process personal data. Please note that in addition to the provisions contained in the GDPR, national data protection regulations may apply in your or our country of residence and domicile. Our Privacy Policy will inform you if more specific legal bases are additionally applicable in individual cases.

 

  • Consent (Art. 6 para. 1 sentence 1 point a) GDPR) – The data subject has provided consent to the processing of personal data concerning them for one or several specific purposes.
  • Performance of a contract or to take steps prior to entering into a contract (Art. 6 para. 1 sentence 1 point b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or for taking steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 sentence 1 point c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR) – Processing is necessary to protect the legitimate interests of the controller or of a third party unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data outweigh the processing.
  • Art. 9 para. 1 sentence 1 point b) GDPR (application procedure as a contractual relationship or for taking steps prior to entering into a contract) (Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data, such as severely handicapped status, or ethnic origin) are requested from applicants during the application procedure in order to enable the data controller or the data subject to exercise the rights arising from employment law and social security and social protection rights and to fulfil their obligations in this respect, they are processed in accordance with Article 9 paragraph 2 point b) GDPR, in the case of protection of vital interests of applicants or other persons pursuant to Art. 9 para. 2 point c) GDPR or for the purposes of health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnosis, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 point h) GDPR. In the case of communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9 para. 2 point a) GDPR).

Additional national data protection regulations:

National data protection regulations in Germany: National regulations on data protection apply in Germany, in addition to the provisions of data protection set out in the General Data Protection Regulation. These include in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes and transfer, as well as on automated decision making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. State data protection laws enacted by the individual federal states may apply additionally.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection commensurate with the risk.

In particular, the measures include the safeguarding of confidentiality, integrity and availability of data by controlling physical and electronic access to data, as well as personal access, input, disclosure, safeguarding of availability and separation of data in this regard. Furthermore, we have established procedures to ensure that the rights of data subjects are exercised, data is erased and that responses are undertaken to any threats to the data. Furthermore, by designing technology and by using default settings that facilitate data protection, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection by design.

SSL encryption (https): We use SSL encryption to protect your data that is transferred via our online presence. You can recognize these encrypted connections by the prefix https:// in the address line of your browser.

Transfer and Disclosure of Personal Data

It is possible that within the framework of our processing of personal data, the data may be transferred or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we will adhere to the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data which serve to protect your data.

Transfer of data within the group of companies: We may transfer personal data to other companies within our group of companies or grant them access to such data. If this transfer is for administrative purposes, the transfer of the data is based on our legitimate entrepreneurial and business interests or takes place if it is necessary for compliance with our contractual obligations, with the consent of the data subject or when permitted by law.

Data Processing in Third Countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if processing takes place in the context of the use of services by third parties or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in compliance with the legal requirements.

Subject to express consent or transfer required by contract or by law, we process or allow the data to be processed only in third countries with a recognized level of data protection, including US processors certified under the Privacy Shield, or on the basis of special guarantees, such as contractual obligations under standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after their visit to an online presence. The stored information can include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was viewed. The term “cookies” also extends to other technologies that perform the same functions as cookies (e.g. when user information is stored by means of pseudonymous online identifiers, also known as “user IDs”).

At present, no cookies are used on the websites. If cookies are used in the future, the following information will apply:

The following cookie types and functions are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online presence and closed their browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser has been closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. These cookies may also store user interests for the purposes of reach measurement or marketing.
  • First-party cookies: First-party cookies are placed by us.
  • Third party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential) cookies: Cookies can be absolutely necessary for the operation of a website (e.g. to store logins or other user entries or for security reasons).
  • Statistical, marketing and personalization cookies: Furthermore, cookies are generally used in the context of reach measurement and if user interests or behavior (e.g. viewing certain contents, using functions etc.) are stored in a user profile on individual web pages. Among other things, profiles of this kind are used to display content to users that correspond to their potential interests. This procedure is also known as “tracking”, i.e. following the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our Privacy Policy or when you provide your consent.

Information on legal bases: The legal basis on which we process your personal data by means of cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the aid of cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online service and its improvement) or if the use of cookies is necessary for the fulfilment of our contractual obligations.

General information on withdrawal and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the right at any time to withdraw your given consent or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You may initially declare your objection using the browser settings, e.g. by deactivating the use of cookies (although this may also restrict the functionality of our online presence). An objection to the use of cookies for online marketing purposes can also be submitted in regard to a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you may receive further notices concerning your rights of objection in the information offered by the service providers and their cookies.

Processing of cookie data based on consent: We ask for the consent of our users – which may be withdrawn at any time – before processing or commissioning the processing of data obtained through the use of cookies. We will only use cookies prior to the issue of consent if their use is necessary for the operation of our online presence. Their use is based on our interest and the interest of the users in the expected functionality of our online presence.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 point a) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Commercial and Business Services

We process data concerning our contractual and business partners, e.g. customers and prospective customers (collectively referred to as “contractual partners”) within the scope of contractual and comparable legal relationships, as well as associated measures, and within the scope of communication with the contractual (or pre-contractual) partners, e.g. to respond to enquiries.

We process this data for the fulfilment of our contractual obligations, to safeguard our rights, for the purposes of administrative tasks associated with this data and for the purposes of business organization. Within the framework of applicable law, we only transfer data concerning our contractual partners to third parties to the extent that this is necessary for the aforementioned purposes, for compliance with legal obligations or with the consent of the contractual partners (e.g. transfer of data to participating telecommunications, transport and other auxiliary services, as well as to subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this Privacy Policy.

Prior to or during data collection, e.g. in online forms, we use special markings (e.g. colors), symbols (e.g. asterisks or similar) or personal information to notify the contractual partners of which data is required for the above-mentioned purposes.

We erase the data after expiry of legal warranty and comparable obligations, i.e. as a rule after 4 years, unless the data is stored in a customer account, e.g. for as long as it must be kept for compliance with legal archiving requirements (e.g. usually 10 years for tax purposes). We will erase data that has been disclosed to us by the contractual partner within the scope of an order in accordance with the specifications of the order, as a rule once the order is complete.

If we use third-party providers or platforms for the delivery of our services, the terms and conditions and privacy policies of the respective third-party providers or platforms shall apply to the relationship between the users and the providers.

Project and development services: We process the data of our customers as well as clients (referred to collectively in the following as “customers”) in order to enable them to select, acquire or commission the chosen services or works and related activities, as well as to pay for them, make them available and execute or perform them.

The compulsory information is identified as such in the context of the order, job or equivalent contractual arrangement and includes the information required for the provision of services and invoicing, as well as contact information to enable consultation with the customer if necessary. Insofar as we have access to information concerning the end customers, employees or other persons, we process this information in compliance with the legal and contractual requirements.

Offer of software and platform services: We process the data of our users, registered users and any trial users (hereinafter referred to collectively as “users”) in order to enable the delivery of our contractual services and on the basis of legitimate interests in the assurance of security of our presence and its optimization. The compulsory information is identified as such within the scope of the conclusion of the order, job or equivalent contractual arrangement and includes the information required for the provision of services and invoicing, as well as contact information to enable consultation with the customer if necessary.

  • Types of data processed: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. email, telephone numbers), contract data (e.g. object of the contract, term, customer category), location data (data indicating the location of an end user’s device).
  • Data subjects: Interested parties, business and contractual partners.
  • Purposes of processing: Contractual services and assistance, contact enquiries and communication, office and organizational procedures, management and responses to requests.
  • Legal bases: Performance of contracts or for taking steps prior to entering into a contract (Art. 6 para. 1 sentence 1 point b) GDPR), legal obligations (Art. 6 para. 1 sentence 1 point c) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR)

Contact

When contacting us (e.g. by means of the contact form, by email, telephone or via social media), the data concerning the persons submitting the enquiry will be processed to the extent that is necessary to respond to the contact enquires and to perform any requested measures.

We respond to contact enquiries within the framework of contractual relationships or to take steps prior to entering into a contract in order to fulfil our contractual obligations or to respond to enquiries prior to entering into a contract and otherwise on the basis of our legitimate interest in responding to the enquiries.

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact enquiries and communication.
  • Legal bases: Performance of contracts or for taking steps prior to entering into a contract (Art. 6 para. 1 sentence 1 point b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR)

Communication via Messenger

We use Messenger for communication purposes and therefore request that you take note of the information below regarding the functionality of Messenger, encryption, use of communication metadata and your right to object.

You may also contact us by alternative means, e.g. by telephone or email. Please use the contact details provided to you or the contact details listed in our online presence.

In the case of end-to-end encryption of content (i.e. the content of your message and attachments), please note that the communication content (i.e. the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the providers of the Messenger app. You are advised to use a current version of Messenger with encryption enabled at all times to ensure that the message content is encrypted.

Nonetheless, we would like to inform our communication partners that although the providers of the Messenger app cannot view the content, they are able to determine that and when communication partners correspond with us, to obtain technical information on the device used by the communication partners and, depending on the settings of their device, to process location information (so-called metadata).

Information on legal bases: If we request the consent of our communication partners prior to communicating with them via Messenger, their consent shall be the legal basis for our processing of their data. Otherwise, if we do not ask for your consent and you contact us, for example, on your own initiative, we will use Messenger as a contractual measure in dealings with our contractual partners as well as in the context of taking steps prior to entering into a contract and – when dealing with interested parties and communication partners – based on our legitimate interest in fast and efficient communication and for fulfilment of the needs of our communication partners to communicate via Messenger. Furthermore, we would like to point out that without your consent, we will not transfer the contact data provided to us for the first time via Messenger.

Withdrawal, objection and erasure: You may withdraw your given consent at any time and object to communication with us via Messenger at any time. Where we communicate via Messenger, we erase the messages in accordance with our General Erasure Policy (i.e. as described above, after the end of contractual relationships, in the context of archiving requirements, etc.). We otherwise erase the messages as soon as we can assume that we have answered any information requested by the communication partners, if no reference to a previous conversation should be expected and no legal retention requirements would obstruct erasure.

Reservation of our right to revert to other communication channels: Finally, we would like to point out that for reasons of your security, we reserve the right to refrain from responding to enquiries directed at us via Messenger. This is the case if, for example, internal contractual matters require special confidentiality or if a reply via Messenger would not satisfy the formal requirements. We will refer you to more adequate communication channels in these cases.

Skype: Skype's end-to-end encryption function requires activation (unless it is enabled by default).

  • Types of data processed: Contact data (e.g. email, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. text entries, photographs, videos).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact enquiries and communication, direct marketing (e.g. by email or by post)
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 point a) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Used services and service providers:

Video Conferences, Online Meetings, Webinars and Screen Sharing

We use platforms and applications by other providers (referred to in the following as "third-party providers”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. We comply with the legal requirements when selecting third-party providers and their services.

In this context, data concerning the communication participants is processed and stored on the servers of third-party providers as far as they are part of our communication processes. This data may include, in particular, registration and contact data, visual and vocal contributions, as well as entries in chats and shared screen content.

The third-party providers may process usage data and metadata for security, service optimization or marketing purposes if users are referred to third-party providers, their software or platforms in the course of communication, business or other relations with us. We therefore request that you take note of the privacy policies maintained by the individual third-party providers.

Information on legal bases: If we ask users for their consent for the use of third-party providers or certain functions (e.g. consent to a recording of conversations), the legal basis for processing is consent. Furthermore, the use of these third-party services may be integral to the steps we take prior to entering into a contract, provided that use of the third-party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. In this context, we would like to refer you additionally to the information on the use of cookies in this Privacy Policy.

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners, users (e.g. website visitors, users of online services).
  • Purposes of processing: Contractual services and customer care, contact enquiries and communication, office and organizational procedures.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 point a) GDPR), performance of the contract and enquiries prior to entering into a contract (Art. 6 para. 1 sentence 1 point b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Used services and service providers:

Provision of the Online Presence and Web Hosting

In order to provide our online presence securely and efficiently, we use the services of one or several web hosting providers from whose servers (or servers managed by them) the online presence can be accessed. We may use infrastructure and platform services, computing capacity, storage space and database services, as well security and technical maintenance services for these purposes.

The data processed within the framework of providing hosting services may include all data relating to the users of our online presence that is generated in connection with use and communication. This will ordinarily include the IP address, which is necessary to be able to deliver the contents of online presence to browsers, and all entries made within our online presence or from websites.

Collection of access data and log files: We (or our web hosting provider) collect data concerning every access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, date and time of access, data volume transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the most recently visited page) and, as a rule, IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of malicious attacks, so-called DDoS attacks), as well as to ensure capacity utilisation of the servers and their stability.

  • Types of data processed: Content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Application Procedure

During an application procedure, candidates will be required to provide us with the data that is necessary for their assessment and selection. The necessary information is listed in the job description or, in the case of online forms, in the information provided there. Any privacy policies that apply to the application procedure will be provided separately where necessary and will comply with national data protection regulations.

Cloud Services

We use software services that are accessible on the Internet and that run on the servers of their providers (known as “cloud services” and also referred to as “software as a service”) for the following purposes: document storage and management, calendar management, emailing, spreadsheets and presentations, exchanging documents, content and information with specific recipients or the publication of  web pages, forms or other content and information, as well as chats and participating in audio and video conferences.

In this context, personal data may be processed and stored on the servers of the providers, as far as they are part of communication processes with us, or otherwise processed by us as described in this Privacy Policy. This data may include, in particular, master data and contact data concerning the users, data on procedures, contracts, other processes and their contents. The providers of cloud services also process usage data and metadata that they use for security purposes and service optimization.

If we use cloud services to provide other users or publicly accessible websites with forms or other documents and content, the providers may store cookies on the users’ devices for web analysis purposes or to remember user settings (e.g. in the case of media control).

Information on legal bases: If we request your consent for the use of cloud services, the legal basis for processing is consent. Furthermore, their use may be integral to our steps prior to entering into a contract, provided that the use of cloud services has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient and secure administration and collaboration processes).

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Customers, employees (e.g. employees, applicants, former employees), interested parties, communication partners.
  • Purposes of processing: Office and organizational procedures.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 point a) GDPR), performance of the contract and enquiries prior to entering into a contract (Art. 6 para. 1 sentence 1 point b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f. GDPR).

Used services and service providers:

Presence in Social Networks

We maintain online presences within social networks and process user data in this context in order to communicate with users who are active there or to offer information about us.

Please be aware that user data may be processed outside the European Union. This may result in risks for the users, as the exercise of user rights may be more difficult in this case. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they thereby undertake to comply with the data protection standards of the EU.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. Hence, for example, user profiles may be created that reflect user behavior and their corresponding interests. In turn, the profiles can be used, for example, to place advertisements inside and outside of the networks that presumably reflect the interests of the users. For these purposes, cookies are ordinarily placed on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data may also be stored in the user profiles, regardless of which devices are used to access the services (especially if the users are members of the individual platforms and are logged in to them).

For a detailed description of the respective forms of processing and the possibilities to object (opt-out), we refer to the privacy policies and the information provided by the operators of the individual networks.

In regard to requests for information and the assertion of data subject rights, we would also like to point out that these rights and request can best be exercised towards the providers. Only the providers have access to the user data of the users, can take appropriate measures and provide information directly. You may also contact us if you require assistance.

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Contact enquiries and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Used services and service providers:

Plugins, Embedded Functions and Content

Our online presence has integrated functional and content elements that are obtained from the servers of the respective providers (referred to in the following as “third-party providers”). They may include artwork, videos or social media buttons, as well as contributions (collectively referred to in the following as “content”).

To enable integration, the third-party providers of this content must always process the IP address of the user, as they are unable to send content to the user’s browser without the IP address. The IP address is therefore necessary in order to display this content or functions. We make efforts to select only providers whose individual operators use the IP addresses exclusively for the specified content. Third parties may also use so-called pixel tags (concealed graphic elements, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referrer websites, visiting times and other information about the use of our website and may be linked to this kind of information from other sources.

Information on legal bases: If we request consent from our users (e.g. in the context of “cookie banner consent”), the legal basis for processing is this consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and efficient operation of our online presence). In this context, we would like to refer you additionally to the information on the use of cookies in this Privacy Policy.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user’s device).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online presence and usability, contractual services and support.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 point a) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Used services and service providers:

Planning, Organization and Auxiliary Tools

We use the services, platforms and software made available by other providers (collectively referred to in the following “third-party providers”) for the purposes of organizing, managing, planning and delivering our services. We comply with the legal requirements for the selection of third-party providers and their services.

In this context, personal data may be processed and stored on the servers of third-party providers. This may affect various data which we process in accordance with this Privacy Policy. This data may include, in particular, master data and contact data of users, data on procedures, contracts, other processes and their contents.

If users are referred to the third-party providers or their software or platforms in the course of communication, business or other relations with us, the third-party providers may process usage data and metadata for security, service optimization or marketing purposes. We therefore request that you observe the privacy policies of the individual third-party providers.

Information on legal bases: If we request your consent for the use of third-party providers, the legal basis for processing data is consent. Furthermore, their use may be integral to our services prior to entering into a contract, provided that use of the third-party providers has been agreed in this context. Otherwise, the users’ data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and audience-friendly services). In this context, we would like to refer you additionally to the information on the use of cookies in this Privacy Policy.

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners, users (e.g. website visitors, users of online services).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 point a) GDPR), performance of the contract and enquiries prior to entering into a contract (Art. 6 para. 1 sentence 1 point b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 point f) GDPR).

Used services and service providers:

Erasure of Data

The data processed by us will be erased in accordance with the legal requirements as soon as the consent to its processing is withdrawn or other permissions cease to apply (e.g. if the purpose for which the data was processed ceases to apply or if it is not necessary for the purpose).

Where the data is not erased because it is required for other and legally permissible purposes, its processing shall be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or that must be stored for the purpose of establishing, exercising or defending legal claims or protecting the rights of another natural or legal person.

For further information on the erasure of personal data, please refer to the individual information on data protection notes in this Privacy Policy.

Rights of Data Subjects

As a data subject, you have a variety of rights that are defined in the GDPR and which result in particular from Articles 15 to 18 and 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on these provisions. Where the data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent at any time.
  • Right of access: You have the right, in accordance with legal requirements, to obtain confirmation as to whether or not relevant data is being processed and to obtain information on such data, as well as further information and a copy of the data.
  • Right to rectification: You have the right, in accordance with the legal requirements, to have incomplete data about you completed or to obtain rectification of incorrect data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to obtain erasure of the data concerning you without delay or alternatively to obtain restriction of processing of the data in accordance with the legal requirements.
  • Right to data portability: You have the right, in accordance with the legal requirements, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
  • Complaints to the supervisory authority: You also have the right, in accordance with the legal requirements, to lodge a complaint with a supervisory authority, in particular in the Member State in which you are habitually resident, your place of work or the place where the alleged infringement is committed, if you consider that the processing of personal data relating to you infringes the GDPR.

Amendment and Update of the Privacy Policy

We request that you return to this Privacy Policy in regular intervals to ensure that you are familiar with the latest version. We will adapt the Privacy Policy whenever changes in our processing of data necessitate such amendments. We will notify you as soon as these changes require action on your part in regard to cooperation (e.g. to give your consent) or whenever separate notification is necessary.

Where we provide addresses and contact information for companies and organizations in this Privacy Policy, please note that the addresses may change over time, so kindly check the information before making contact.