6. Contact form, email contact

 

(1) Our Website contains a contact form that you can use to get in touch with us electronically in an easy and convenient way. If a User uses this contact form, the data entered on the contact form will be transferred to us and stored. The data in question, in particular data pertaining to the person, address details, contact details and messages (free text field) can be seen directly on the respective contact form. When the form is sent, the following additional data will be stored:

• the User’s IP address
• date and time the form is sent

(2) When the contact form is sent, Users are referred to this Privacy Policy as regards the processing of the data. Alternatively, we can be contacted via the email addresses provided. In this case, the User’s personal data as transmitted in the email will be stored. The data will only be used to process the request.

(3) The legal basis for the processing of the data transferred in the context of using the contact form or sending an email is Article 6(1)(f) GDPR. If email contact is made with a view to entering into a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.

(4) We only process personal data from the contact form in order to deal with the contact request. If contact is made by email, this also constitutes the required legitimate interest in the processing of the data. The other personal data processed when the contact form is sent is used to prevent a misuse of the contact form and to safeguard the security of our IT systems.

(5) The data will be deleted as soon as it is no longer required for the purposes for which it was collected. With regard to the personal data from the contact form and the data transmitted by email, this is the case if the respective communication with the User has ended. A conversation is deemed to have ended if circumstances suggest that the matter at hand has been conclusively resolved. The additional personal data collected when the contact form is sent will be deleted no later than after seven days.

(6) We can also be contacted via the email addresses provided on the Website. In this case, the User’s personal data as transmitted in the email will be stored. The data will only be used to process the request. The legal basis for the processing of the data transferred in the context of sending an email is Article 6(1)(f) GDPR. If email contact is made with a view to entering into a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.

(7) The data will be deleted as soon as it is no longer required for the purposes for which it was collected. With regard to the personal data from the contact form and the data transmitted by email, this is the case if the respective communication with the User has ended. A conversation is deemed to have ended if circumstances suggest that the matter at hand has been conclusively resolved.

(8) 123formbuilder

a) For the forms on our website, we use 123FormBuilder of 123 FormBuilder, Flavia Palace, Vladimirescu n° 10, Ground Floor 300195, Timisoara, Romania, EU, in the context of our legitimate interest in an online offering that is both technically flawless and designed and optimised in an economically efficient way pursuant to Article 6(1)(f) GDPR www.123formbuilder.com.

b) 123 FormBuilder receives all data that you enter in our forms and also collects usage data in that regard. Before each use of a form, you must give your consent to the processing of your data within the scope of this Privacy Policy; in this respect, we refer to our general provisions regarding contact forms (para. 6 of this Privacy Policy).

c) For more information about 123 FormBuilder’s data processing, please see the data privacy policy of 123 FormBuilder at: www.123formbuilder.com/termsofservice.html

d) We have entered into a contract with 123 FormBuilder in accordance with which they will process the data on our behalf.

7.    Newsletter

7.1   Newsletter subscription

(1) You may consent to a subscription to our email newsletter (hereinafter referred to as the “Newsletter”), which we use to inform you about our products, services and promotions

(2) We use a double-opt-in procedure for subscriptions to our Newsletter. That means that, following your registration, we will send you an email to the email address you have provided, in which we ask you to confirm that you wish to subscribe to the Newsletter. If you do not confirm your registration within 14 days, your information will automatically be deleted. In addition, we store your IP addresses used at the time of registration and confirmation, and the time of registration and confirmation. The purpose of the procedure is to have a record of your registration and, where required, be able to investigate a possible misuse of your personal data.

(3) The only mandatory detail required for the mailing of the Newsletter is your email address. The provision of any other details is voluntary and will be used to address you in person. Once you have confirmed your subscription, we will store your email address for purpose of mailing you the Newsletter.

(4) The legal basis for the aforementioned processing operations in the context of the Newsletter subscription is your consent pursuant to Article 6(1)(a) GDPR.

(5) You may revoke your consent to the mailing of the Newsletter at any time by unsubscribing from the Newsletter. You can unsubscribe by clicking on the link provided in every Newsletter email, or by sending a message to one of the contact addresses provided above in clause 1(1) of this Privacy Policy.

7.2. Newsletter mailout to existing customers following product purchase

(1) If you have purchased products or services, we will send you our Newsletter even if you have not previously registered to subscribe to the Newsletter; we will use the email address you provided when you made the purchase. This relates to Newsletters promoting similar products to those that you purchased.

(2) We will store this email address in our Newsletter address database for this purpose. In order to establish that the Newsletter mailout is legitimate, we also store the IP address used when making the purchase and the time of the purchase.

(3) The legal basis for the aforementioned processing operations in the context of the Newsletter mailout following a purchase is Article 6(1)(f) GDPR. Our legitimate interest in the data processing is the direct promotion of our products to our existing customers as well as their interest in offers and promotions.

(4) You may object to the mailout of the Newsletter at any time. You can submit your objection by clicking on the link provided in every Newsletter email, or by sending a message to one of the contact addresses provided above in clause 1 of this Privacy Policy.

7.3. Newsletter tracking

(1) Please note that we analyse User behaviour of Newsletter recipients; for details please refer to the information on the use of and data processing by Inxmail (see clause 13.4).

(2) The legal basis for the tracking as described above is Article 6(1)(f) GDPR. Our legitimate interest in the data processing in the context of tracking is our desire to better tailor our Newsletter to the interests of our customers.

(3) You can object to tracking as described above at any time by unsubscribing from the Newsletter. You can unsubscribe by clicking on the link provided in every Newsletter email, or by sending a message to one of the contact addresses provided above in clause 1 of this Privacy Policy. The information obtained by way of tracking will be stored for as long as you subscribe to the Newsletter. After you have unsubscribed we will store the data purely in statistical terms, aggregated and anonymously.

(4) Tracking is also not possible if you have disabled the display of images as standard in your email program. In this case you will not see all of the Newsletter and you may not be able to use all the functionalities of the Newsletter. If you manually choose to have images displayed, the aforementioned tracking will take place.

7.4 Print advertising

(1) We will also use the data provided by you in order to send print media.

(2) In order to carry out the aforementioned processing steps particularly with regard to sending out print media, we use the services and IT systems of various service providers whom we have engaged as commissioned data processors.

(3) The lawfulness of that processing is ensured by way of contracts in accordance with Article 28 GDPR as well as the EU standard model clauses.

(4) The legal basis for the aforementioned processing steps is our legitimate interest following a purchase, pursuant to Article 6(1)(f) GDPR. Our legitimate interest in the data processing is the promotion of our products and services as well as the improvement of the customer relationship.

8. Job advertisements

(1) We use our Website to advertise job vacancies. We collect, process and use your personal data in order to process your online application. The legal basis is Article 6(1)(b) GDPR. Where job vacancies have been posted at Taconova GmbH, section 26 German Data Protection Act (Bundesdatenschutzgesetz, BDSG) applies in addition. Your online application data will be transferred directly to the executive board. We have taken suitable technical and organisational measures to ensure that your personal data is treated confidentially in accordance with statutory provisions.

(2) Please note that data transfer by email is not encrypted and that the data may come to the attention of unauthorised persons or may be falsified. You are welcome to send us your documents by post. If you have applied for a specific position and this position happens to have already been filled or if we consider you to also be suited, or to be even better suited, to another position, we would like to forward your application within our company. The legal basis for this is Article 6(1)(f) GDPR for purpose of protecting your and our legitimate interests. Please let us know if you are not happy for us to proceed in this way. Once the application process has ended and no later than after 6 months, your personal data will be automatically deleted unless you expressly consent to storage for a longer period.

8.1 Recruitment platform – Join.com

(1) We use Join.com. Join.com is a recruitment workflow solution that supports us in managing job advertisements, reviewing and evaluating applications and communicating with applicants.

(2) The third-party provider is JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen, Switzerland. We have entered into a contract regarding commissioned data processing with JOIN Solutions AG pursuant to Article 28 GDPR.

(3) Which data will be processed?

a) Data pursuant to clauses 4, 5 and 6 of this Privacy Policy

b) Application documents provided:

• Data on the content of former/current employment relationships, e.g. work duties, performance data, positions held. (This data may be derived from your covering letter/CV/attached job references).
• In addition, we collect and process various other details regarding applications, such as earliest start date, regional mobility, desired number of hours and periods of deployment, previous employment, additional qualifications, references or information on how you became aware of the vacancy.
• Other voluntary information such as data on non-professional interests: hobbies, voluntary work.
• Other data that you voluntarily provide to us in the application process by uploading it or otherwise sending it to us, such as in your letter of application, CV or certificates, passport photograph.

c) Communications from and with applicants

(4) The legal basis for the data processing is Article 6(1)(b) GDPR. The processing of the data is necessary for the initiation and implementation of the employment relationship. The legal basis for the processing of voluntary data is your consent, which is documented in the transmission of the data to us as part of the application process. The legal basis for the processing of data in accordance with points 4, 5 and 6 can be found in the above provisions.

(5) For more information on data processing by “Join.com”, please refer to the privacy policy of JOIN Solutions AG at: https://join.com/privacy-policy/ and https://join.com/de/datenschutz/. For the terms of use of Join, please click here: https://join.com/de/terms-corporate/. Prior to an application, consent to the processing of the applicant’s data that is collected as per the privacy policy of Join.com must be given.

9. Duration of storage

We process and store your personal data for as long as this is necessary to meet our contractual and statutory obligations. We will delete your personal data as soon as it is no longer required for the purposes set out above. There may be occasions where personal data is stored for a period of time during which claims may be asserted against our companies (statutory limitation periods of between three and thirty years). Moreover, we will store your personal data if we are required to do so by statute. Provisions of commercial law, tax law and social security law may contain such accountability and retention obligations.

10. Automated decision making

We do not use any fully automatic decision making processes pursuant to Article 22 GDPR in order to establish and process the business relationship.

11. Profiling

In order to be able to inform and advise you about our products and services in a targeted way, we may use service providers who act on our behalf, and potentially web analysis tools, in particular tracking technology. This allows us to communicate and advertise in a way that meets customers’ demands (see clauses 12 et seq. “Data processing by third parties”).

 

B. Data processing by third parties

12.   Web analysis services

Google Analytics

(1) This Website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”). Google Analytics uses cookies, i.e. text files that are stored on your computer and help analyse how you use the Website. The information gathered by the cookie about your usage of this website will generally be transferred to a Google server in the USA and stored there. In the event that IP anonymisation has been activated on this Website, however, your IP address will first be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area. In exceptional cases only, the full IP address is transferred to a Google server in the USA and shortened there. On behalf of the operator of this Website, Google will use this information to analyse your usage of the Website, compile reports about Website activities and provide the Website operator with further services related to the use of the Website and the internet.

(2) You can prevent cookies being stored by adjusting your browser software accordingly; however, please note that in this case you may not be able to make use of the full scope of functions available on this Website. In addition, you can prevent the data generated by the cookie about your use of the Website (including your IP address) being sent to Google and the processing of this data by Google, by downloading and installing the browser plugin made available by Google

(3) This Website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP address are truncated before they are processed further; this means that they cannot be linked to a particular individual. If the data collected about you may be linked to you, this is thus immediately ruled out and the personal data is therefore immediately deleted.

(4) The legal basis for the processing is your express consent pursuant to Article 6(1)(a) GDPR

12.2 Google Tag Manager

(1) As part of Google Analytics, this Website uses Google Tag Manager. Tags are small code elements which are used, amongst other things, to measure traffic and visitor behaviour, record the effects of online advertising and social media, in remarketing and targeted marketing campaigns, and to test and optimise the Website. Google Tag Manager is a solution to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a domain that does not use cookies. The tool triggers other tags, which in turn may log data. Google Tag Manager does not access this data. If tags were deactivated at domain level or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager

(2) For further information on Google Tag Manager, please refer to: https://www.google.com/analytics/tag-manager/use-policy/

12.3 Google AdWords

(1) This Website uses the online advertising program “Google AdWords” and, as part of that, conversion tracking. This involves Google AdWords placing a cookie on your computer if you have accessed our Website via a Google advert. These cookies become invalid after 30 days and are not used for personal identification. If the User visits certain pages of our Website and the cookie has not yet expired, we and Google are able to see that the User has clicked on the advert and was redirected to this page. Each AdWords customer receives a different cookie. It is therefore not possible to track cookies via the websites of AdWords customers

(2) The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who opted for conversion tracking. The customers know the total number of Users who clicked on their advert and were redirected to a page with a conversion tracking tag. They will not, however, receive any information that can be used to identify Users personally

(3) If you do not wish to participate in the tracking procedure, you can simply deactivate the Google conversion tracking cookie via the user settings of your internet browser. This will mean that you will not be included in the conversion tracking statistics. You can find more information about Google’s privacy policy at http://www.google.com/policies/privacy/

12.3 Facebook Pixel - Facebook Pixel, Facebook Custom Audiences and Facebook-Conversion

(1) This Website uses the “Facebook Pixel” of the social network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, bzw.,Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland.

(2) Facebook uses the Facebook pixel to identify you as a visitor to our Website as a target group for the display of advertisements (“Facebook ads”). We can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (“conversion”).

(3) Data is processed by Facebook within the scope of Facebook’s data policy. For general information on the display of Facebook ads, please refer to Facebook’s data policy. Specific information and details on the Facebook Pixel and how it works can be found in the Facebook help section.

(4) The legal basis for the use of the Facebook Pixel and the storage of “conversion cookies” is the consent given to us (Article 6(1)(a) GDPR).

(5) You may object to being logged by the Facebook Pixel and to the use of your data for the display of Facebook ads. In order to define which types of advertisements you are shown within Facebook, you can visit the page set up by Facebook and follow the instructions on how to set ad preferences.

(6) You can also object to the use of cookies for the measurement of audience reach and for advertising purposes via the opt-out page of the Network Advertising Initiative and additionally via the US website aboutads.info or via the European website youronlinechoices.com.

 

13. Plug-ins and service providers

13.1 Google Maps

(1) The Website uses Google Maps to display interactive maps and prepare travel directions. Google Maps is a map services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this Website including your IP address and the (starting) address entered into the route planner may be transferred to Google in the USA. If you access one of our web pages that contains Google Maps, your browser establishes a direct connection with the servers of Google. Google will send the content of the map directly to your browser and will be integrated from there into the Website. We therefore cannot influence the scope of the data collected by Google in this way. According to our current information this includes at least the following data:

• data and time of the visit to the respective Website,
• internet address or URL of the Website accessed,
• IP address, (starting) address entered into the route planner

(2) We have no influence over the further processing and use of the data by Google and we therefore cannot be held responsible for this.

(3) If you do not wish Google to collect, process or use data about you via our online presence, you can deactivate JavaScript via your browser settings. In this case, however, you will not be able to use the map display.

(4) For details regarding the purpose and scope of the collection of data and its further processing and use by Google as well as your rights and settings options to protect your privacy, please refer to: https://www.google.com/intl/de/policies/privacy/.

13.2. Google Fonts

(1) This Website uses web fonts provided by Google to ensure a uniform display of fonts. When accessing a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

(2) In order to do this, the browser used by you needs to establish a connection with the servers of Google. This will make Google aware of the fact that your IP address was used to access our Website. Google Web Fonts are used in the interest of a uniform and attractive display of our online offering. This represents a legitimate interest within the meaning of Article 6(1)(f) GDPR. If your browser does not support web fonts, your computer will use a standard font. For details on Google Web Fonts, please refer to developers.google.com/fonts/faq and to Google’s privacy policy:

https://www.google.com/policies/privacy/.

13.3. YouTube

(1) Our Website uses the YouTube embedding function in connection with the “extended data protection mode” in order to stream YouTube videos. YouTube is a service provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

(2) In order for an embedded video to be played, a connection to the YouTube server is established. YouTube videos are embedded on our Website in “extended data protection mode”. This “extended data protection mode” is provided by YouTube, and YouTube represents and warrants that no cookies containing personal data are stored on your end device. However, when you watch the video, your IP address and the website visited by you will be stored and processed by YouTube. However, this information cannot be attributed to your person provided that, at the time you access the video, you are not logged in to YouTube or another Google service. If, however, you are logged in to YouTube or Google, YouTube will link the connection data to your YouTube account and only cookies that do not include any personally identifiable data will be stored on your end device. If you wish to prevent this, you either need to log out of YouTube prior to visiting our Website or adjust the settings in your User account accordingly.

(3) Moreover, every time you access this Website, a connection is established to the Google DoubleClick network, which happens regardless of whether a video is being streamed. By connecting to the Google Network, other data processing operations will be triggered without our input.

(4) Through certification under the EU-US data privacy agreement, “Privacy Shield”, Google LLC domiciled in the USA and the subsidiary YouTube guarantee that the data protection provisions applicable in the EU are complied with.

(5) For further information, please refer to the privacy policy of YouTube at: https://policies.google.com/privacy?hl=de.

13.4. Inxmail

(1) This Website uses Inxmail to mail out Newsletters. This service is offered by Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany. Inxmail is a service that allows the mailing of Newsletters to be organised and analysed. The data provided by you for purposes of receiving the Newsletter (e.g. email address) will be stored on the servers of Inxmail in the EU. In addition, the data required for the mailout of Newsletters to existing customers (see clause 7.2) will be stored; we transmit this data to Inxmail for this purpose.

(2) Inxmail uses this data to send and analyse the Newsletters on our behalf. According to Inxmail, they may use this data in order to improve their own services, for instance to optimise the sending and the display of the Newsletter in technical terms, or for commercial purposes to determine the countries in which recipients are located. Inxmail will not, however, use this data in order to contact recipients itself or pass it on to third parties. For further information on data processing by Inxmail, please refer to https://www.inxmail.de/datenschutz.

(3) Please note that, when sending out the Newsletter, we will analyse your User behaviour. The Newsletters contain a web beacon, i.e. a pixel-sized file, which is retrieved by the server of Inxmail GmbH when the Newsletter is opened. This retrieval allows us to initially collect technical information such as data regarding the browser and your system, as well as your IP address and the time of retrieval. This information is used to improve the services in technical terms based on the technical data or the target groups and your reading habits.

(4) The statistical surveys also include determining whether the Newsletters were opened, when they were opened and which links were clicked on. This information is not assigned to individual Newsletter recipients but is only processed anonymously. The aim of the analyses is to identify the reading habits of our Users and to adapt our content to you.

(5) There are cases in which we redirect Newsletter recipients to a website of Inxmail. For instance, our Newsletters contain a link which Newsletter recipients can use to access the Newsletters online (e.g. in the event that there are problems with displaying them in the email program).

(6) You have the option of unsubscribing to our Newsletter at any time by revoking your consent. You can use the link at the end of every Newsletter if you wish to unsubscribe. By clicking the link you withdraw your consent to receiving the Newsletter via Inxmail and to the statistical analyses.

14. Presences on social networks

We have online presences on social networks to communicate with Users who are active on those networks or to offer information about ourselves. Please note that this may involve User data being processed outside of the European Union. With regard to US providers who are certified under the Privacy Shield or who provide equivalent guarantees in terms of secure data protection levels, we would like to point out that they thereby undertake to comply with EU data protection standards. For a detailed explanation of the respective types of processing and the options to opt-out, we refer you to the privacy policies and information provided by the operators of the networks in question, as follows:

14.1. LinkedIn

(1) We use “LinkedIn Conversion Tracking and Retargeting” provided by LinkedIn Ireland (Wilton Plaza, Wilton Place, Dublin 2, Ireland) (“LinkedIn”) to measure the results of our advertising campaigns on LinkedIn, optimise the relevance of these advertising campaigns and re-target visitors to our Website with personalised advertisements on LinkedIn or other websites.

(2) We have therefore embedded a tracking pixel (LinkedIn Insight Tag) in our Website. The “LinkedIn Insight Tag” allows LinkedIn to store a third-party supplier cookie in your browser and to collect and store the following information: your IP address and patterns of use on our Website as well as on other websites which include a LinkedIn tracking pixel. When you log on to your LinkedIn account, LinkedIn may link the collected data with your account and display targeted advertisements for you on our behalf or on behalf of other advertisers. You may see these advertisements on LinkedIn or on websites of third-party suppliers.

(3) The information collected may also be transferred to the servers of LinkedIn in the USA (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA). Given that LinkedIn acts in accordance with the “EU-US Privacy Shield”, this transfer is based on Article 45 GDPR ((https://www.privacyshield.gov/EU-US-Framework)).

(4) Visitors to the Website remain anonymous given that we only have access to tracking data in aggregated form.

(5) For further information on how to deactivate interest-based and targeted advertising for LinkedIn, please see: ad settings for LinkedIn account holders and guests[A1] . For further information regarding the processing of personal data on by LinkedIn, please refer to the privacy policy of LinkedIn (https://www.linkedin.com/legal/privacy-policy).

(6) The processing of your personal data is necessary for the protection of legitimate interests after weighing up different interests (Article 6(1)(f) GDPR).

14.2. Facebook

(1) Facebook: social network; service provider: Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, bzw.,Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland;

(2) Types of processed data: master data (e.g. names, addresses), contact details (e.g. email, telephone numbers), contact details of contacts, personal profile, content data (e.g. text entered, photographs, videos, posts), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

(3) Data subjects: Users (e.g. website visitors, users of online services, followers).

(4) Purposes of processing: contact requests and communication, tracking (e.g. interest-related and behavioural profiling, use of cookies), advertising and re-marketing, measuring reach (e.g. access statistics, recognition of recurring visitors).

(5) Legal basis: legitimate interests (Article 6(1)(f) GDPR).

(6) Website: www.facebook.com; privacy policy:

https://www.facebook.com/about/privacy; Privacy Shield (guaranteeing data protection levels when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out: Ad settings: https://www.facebook.com/settings?tab=ads; additional information on data protection: agreement on the joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms /page_controller_addendum, data protection notice for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

14.3 Instagram

(1) We use the Instagram service on our Website. Instagram is a service provided by Instagram Inc. service provider: IMeta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, bzw.,Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland;

(2) Through the integration of the “Insta” button on our Website, Instagram will be notified that you have accessed the respective page on our Website. If you are logged in to Instagram, Instagram is able to attribute this visit to our Website to your Instagram account and thereby link the data. The data transmitted by clicking the “Insta” button is stored by Instagram. You can obtain further information on the purpose and scope of the data collection, processing and use and your rights and setting options in this regard to protect your privacy in the Instagram data privacy notice, which you can access via the following data protection notice: https://de-de.facebook.com/help/instagram/155833707900388.

(3) In order to prevent Instagram linking your visit to our Website with your Instagram account, you need to log out of your Instagram account prior to visiting our Website.

14.4 Agorapulse

(1) We use Agorapulse. Agorapulse is a social media management software, which supports us in the management of social profiles, planning, placing and analysing advertising campaigns, as well as communications with Users and followers.

(2) The third-party provider is Agorapulse SAS, 132 Rue de Rivoli, 75001 Paris, legal@clutteragorapulse.com, https://www.agorapulse.com

(3) What customer content is processed and for what purposes?

a) If customers link a social profile with the service, they can stipulate whether the service should immediately collect, process, share and access data of the social profile (subject to the terms of use and data protection provisions of the supported platform). In this way, our customers receive, use and analyse data from the supported platforms of their choice and create, post, transmit, read, visualise or share data and/or information about the service.

b) Types of data affected:

• content generated by customers (e.g. messages [including direct or private messages], contributions, comments, profile pictures, photographs, feeds or communication via the supported platforms),
• messages and/or name of the end users,
• URL of the social profiles of the end users on the supported platforms,
• user ID on the supported platforms.

c) Agorapulse uses customer content for the following purposes:

• to identify the author of an end user message,
• to compile all end user messages of one individual and the history of the entire conversation between an end user and a customer.

(4) Third-party applications and social networks

Agorapulse activates an interface in which you can establish a connection to the supported platforms. Below you will find links to the privacy policies of the social media platforms currently supported:

https://www.youtube.com/yt/about/policies/#community-guidelines

https://twitter.com/privacy

https://www.facebook.com/policy.php

https://help.instagram.com/402411646841720

https://www.linkedin.com/legal/privacy-policy

http://www.google.com/policies/privacy

(5) For the terms of use of Agorapulse (effective date: March 2021), please click here: https://www.agorapulse.com/terms-of-service/. The privacy policy can be found here: https://www.agorapulse.com/privacy-policy/.

15. Links to other websites

(6) Our Website may contain links to websites operated by third parties that may not fall under this Privacy Policy. These third-party websites have their own data protection policies and may, in certain cases, also use cookies and other tracking technologies. The respective operator or the data controller of the respective website is responsible.

(7) We check any links to external websites before putting them in place. We are not able, however, to ensure that their operators comply with data protection provisions. When we become aware of breaches or violations of the law, we will remove such links.

 

C. Rights of the data subjects

16. Your rights

a)  Rights under Article 15 et seq. GDPR

The data subject has the right to request confirmation from the controller as to whether or not personal data concerning him or her is being processed. If this is the case, the data subject has a right to access this personal data and to receive the information listed in detail in Article 15 GDPR. Provided certain statutory conditions are met, you have a right to rectification pursuant to Article 16 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR. Moreover, you have the right to receive the personal data provided by you in a structured, commonly used and machine-readable format (right to data portability) pursuant to Article 20 GDPR if the processing is carried out by automated means and is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) GDPR.

b)  Withdrawal of consent pursuant to Article 7(3) GDPR

Where processing is based on consent, you may withdraw your consent to the processing of personal data at any time by notifying us. Please note that such withdrawal is only effective for the future and not retrospectively. Any processing that has taken place prior to the withdrawal is not affected by this.

c)  Right to lodge a complaint

You have the opportunity to lodge a complaint with us or with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for the EU representative in the German state of Baden-Wuerttemberg is: the Landesbeauftragter für den Datenschutz und die Informationsfreiheit, PO Box 10 29 32, 70025 Stuttgart, Germany, tel.: +49 711/615541-0, fax: +49 711/615541-15, email: poststelle@lfdi.bwl.de.

d)  Right to object pursuant to Article 21 GDPR

In addition to the aforementioned rights, you have a right to object, as follows:

Right to object in a particular situation

You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) GDPR (processing of data in the public interest) and Article 6(1)(f) GDPR (data processing based on a weighing up of interests); this also applies to any profiling within the meaning of Article 4(4) GDPR that is based on those provisions. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the data is processed for reasons of asserting, exercising or defending against legal claims.

Right to object to the processing of data for marketing purposes

In some cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

 

D. Final provisions

17. Security

(1) We have taken technical and organisational security measures pursuant to Articles 24, 32 GDPR in order to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and all third parties involved in the processing of data have been placed under an obligation to comply with the requirements of the GDPR and the confidential treatment of personal data.

(2) SSL or TLS encryption: For reasons of security and in order to protect the transfer of confidential content, for instance any order or requests you send to us in our capacity as the site operator, this Website uses SSL or TLS encryption. You can ascertain whether a connection is encrypted by checking whether the address bar of the browser has changed from “http://” to “https://” and whether there is a padlock icon in the address bar of the browser. If SSL or TLS encryption has been enabled, any data you transmit to us cannot be read by third parties.

 

18. Changes to our data protection provisions

We reserve the right to make changes to our security and data protection measures where this is required due to technical developments or changes in the law. In these cases we will also amend our Privacy Policy accordingly. Please therefore always refer to the most recent version of our Privacy Policy.