Stand: 07. Dezember 2021
We are delighted that you are interested in our website http://www.taconova.com/ (hereinafter the “Website”), products and services. In accordance with the applicable data protection provisions, we hereby inform you about the nature and scope of personal data that we or the service providers or third-party suppliers engaged by us collect in the context of
- your visit to our Website,
- the use of the contact form,
- newsletter mailouts,
- our social media presences,
- use of the Taconova configurator
(hereinafter jointly referred to as the “Websites”), and for what purposes and upon what legal bases we will use this data.
1. Controllers, EU representatives as per Article 27 GDPR, data protection officer
(1) Joint controllers for data protection purposes within the meaning of Article 4(7) GDPR are
Taconova Group AG
8050 Zurich, Switzerland
Tel. +41 (0)44 735 55 55
Tel. +49 7731 98 28 80
(hereinafter also referred as “we” or “us” for short). For further details please refer to the site notice at: https://www.taconova.com/en/site-notice/.
(2) Taconova GmbH is the EU representative as per Article 27 GDPR of Taconova Group AG, Neunbrunnenstrasse 40, 8050 Zurich, Switzerland.
(3) You may contact the data protection officer of Taconova GmbH by post at the above address by adding “For the attention of the data protection officer” or by email to datenschutzbeauftragter[at]taconova.com.
2. Types of processed data, categories of data subjects
2.1 Types of processed data
- Master data (e.g. customer data such as names and addresses)
- Account data (login, PW hash)
- Contact details (e.g. email, telephone numbers)
- Content data (e.g. text entries, images, videos)
- Communication data and history
- Metadata/communication data (e.g. device information, IP addresses)
- Usage data (e.g. websites visited, interest in content, access times)
- Geolocation (data that reveals the location of a user’s end device)
- Tracking data
- Social media posts
2.2 Categories of data subjects
- Visitors and users of the Website
- Customers, interested parties, suppliers and specialist trade partners
- Service providers, in particular payment service providers and logistics partners
- Individuals who post or follow posts on our social media presences
- Other communication partners
(Hereinafter, the data subjects are also jointly referred to as “Users”.)
3. Purpose of the processing
We use your personal data
- to provide the Website and the online offering, its functions and content
- to create and manage your personal customer account
- for support purposes
- to manage and respond to any contact enquiries and communications with Users
- to provide contractual deliverables and services
- to assert, enforce, exercise or defend against any legal claim(s) and legal disputes, and to detect, investigate and prevent any criminal offences
- to implement security measures
- to measure audience reach
- for purposes of direct marketing, e.g. in the form of personalised adverts, an email newsletter or postal advertising, surveys, invitations to events
- for purposes of running customer satisfaction surveys regarding products and services and analysing these
4. Provision of the Website and log files
(1) If you use the Website purely for purpose of obtaining information, i.e. if you do not register or transmit information to us in any other way, we will only collect personal data automatically transmitted to our server by your browser. If you want to look at our Website, we will collect the following data, which is technically required in order to display our Website to you and ensure that it is stable and secure (the legal basis is Article 6(1)(f) GDPR):
- IP address
- date and time of the request
- time zone difference compared to Greenwich Mean Time (GMT)
- requested content (specific page)
- access status/http status code
- data volume transmitted in each case
- website from which the request originates
- operating system and its interface
- language and version of the browser software
- communications protocol
(2) The IP address of Users will be deleted or anonymised after use. Data is rendered anonymous by modifying the IP addresses so that the individual details concerning personal or material circumstances can no longer be attributed to an identified or identifiable individual or that they can only be so attributed using a disproportionately large amount of time, expense and labour.
(1) When you use our Website, cookies will be stored on your computer in addition to the aforementioned log file data. Cookies are small text files that are stored on your hard drive and matched to the browser used by you and through which the entity that has placed the cookie (in this case us) receives certain information. Cookies are not able to run any programs or transfer viruses onto your computer. They are aimed at making the overall internet offering more user friendly and more effective and also collect information to that end.
a) This Website uses the following types of cookies, whose scope and functionality are explained below:
- session cookies (see b below)
- permanent cookies (see c below).
b) Session cookies store what is known as a session ID which can be used to match different requests made by your browser to the same session. Session cookies are automatically deleted after 1 hour if you log off or close the browser. If you restart your browser and return to the Website, the Website will not recognise you. You need to log in again (if a login is required) or you need to reset any templates and preferences if the Website offers such functions. A fresh session cookie will then be generated, which will store your information and remain active until you leave the site and close your browser.
c) Permanent cookies are automatically deleted after a defined period of time, which may differ depending on the cookie. You may delete cookies at any time in the security settings of your browser.
Duration of storage
Cookies required for
Cookies required for technical reasons allow you to use our Website by enabling basic functions such as website navigation and access to secure parts of the Website. In the absence of such cookies our Website cannot be properly accessed.
Session cookies are deleted once the browser is closed.
When using our Website, cookies are used (e.g. to recognise the browser) to improve performance (e.g. to load content faster). When you visit our Website, the country and language selection detected or made by you will be stored in cookies in order to save you the trouble of having to make these selections again on any subsequent visits. Checks are made in advance to see whether your browser supports cookies, and this information will be stored in another cookie. After that you will be shown contact information that has been localised in terms of country and language, which will also be stored. The legal basis for this is Article 6(1)(f) GDPR.
Session cookies – are deleted once the browser is closed.
Analysis cookies (statistics)
We use third-party analysis cookies in order to establish how visitors use our Website. This helps us to improve the quality and content of our Website. The aggregated statistical information comprises data such as the total number of visitors. We obtain information, for instance, on how often and in what order the individual pages were accessed and how much time visitors spent on our pages on average. We also learn whether Users have already visited our Website in the past. The legal basis for this is Article 6(1)(f) GDPR or Article 6(1)(a) GDPR, provided we request your express consent to the processing. For further information, please see section “B. Data processing by third parties”.
Permanent cookies will remain on the computer but will be automatically deleted after 26 months if the Website was not visited again, unless shorter storage times apply in certain cases. You may delete the cookies manually at any time.
We use advertising cookies in order to assess the efficiency of our advertising measures and to identify scope for improvement. The legal basis for this is Article 6(1)(f) GDPR.
Permanent cookies will remain on the computer but will be automatically deleted no later than after 26 months if the Website was not visited again, unless shorter storage times apply in certain cases. You may delete the cookies manually at any time.
(5) Controlling cookies
You can set your browser so that you will be notified about the placing of any cookies and in order to allow cookies only in particular cases, to exclude the acceptance of cookies in certain cases or generally, and to activate the automatic deletion of cookies when the browser is closed. The deactivation of cookies may restrict the functionality of this Website.
a) This Website uses the services of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter: cookiebot.com).
b) In order for our Website to provide all technical functions and at the same time meet all legal requirements under the GDPR, Cookiebot ensures that cookies are only sent provided consent has been given.
c) Personal data may be transmitted to cookiebot.com. The legal basis for the data processing is Article 6(1)(f) GDPR.
e) You can prevent the collection as well as the processing of your data by cookiebot.com by disabling the execution of script code in your browser or by installing a script blocker in your browser.
f) Cybot states that it does not sell, trade or transfer user data.
h) Renew or change your consent to cookies under this link
6. Contact form, email contact
(1) Our Website contains a contact form that you can use to get in touch with us electronically in an easy and convenient way. If a User uses this contact form, the data entered on the contact form will be transferred to us and stored. The data in question, in particular data pertaining to the person, address details, contact details and messages (free text field) can be seen directly on the respective contact form. When the form is sent, the following additional data will be stored:
- the User’s IP address
- date and time the form is sent
(3) The legal basis for the processing of the data transferred in the context of using the contact form or sending an email is Article 6(1)(f) GDPR. If email contact is made with a view to entering into a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.
(4) We only process personal data from the contact form in order to deal with the contact request. If contact is made by email, this also constitutes the required legitimate interest in the processing of the data. The other personal data processed when the contact form is sent is used to prevent a misuse of the contact form and to safeguard the security of our IT systems.
(5) The data will be deleted as soon as it is no longer required for the purposes for which it was collected. With regard to the personal data from the contact form and the data transmitted by email, this is the case if the respective communication with the User has ended. A conversation is deemed to have ended if circumstances suggest that the matter at hand has been conclusively resolved. The additional personal data collected when the contact form is sent will be deleted no later than after seven days.
(6) We can also be contacted via the email addresses provided on the Website. In this case, the User’s personal data as transmitted in the email will be stored. The data will only be used to process the request. The legal basis for the processing of the data transferred in the context of sending an email is Article 6(1)(f) GDPR. If email contact is made with a view to entering into a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.
(7) The data will be deleted as soon as it is no longer required for the purposes for which it was collected. With regard to the personal data from the contact form and the data transmitted by email, this is the case if the respective communication with the User has ended. A conversation is deemed to have ended if circumstances suggest that the matter at hand has been conclusively resolved.
a) For the forms on our website, we use 123FormBuilder of 123 FormBuilder, Flavia Palace, Vladimirescu n° 10, Ground Floor 300195, Timisoara, Romania, EU, in the context of our legitimate interest in an online offering that is both technically flawless and designed and optimised in an economically efficient way pursuant to Article 6(1)(f) GDPR www.123formbuilder.com.
d) We have entered into a contract with 123 FormBuilder in accordance with which they will process the data on our behalf.
7.1 Newsletter subscription
(1) You may consent to a subscription to our email newsletter (hereinafter referred to as the “Newsletter”), which we use to inform you about our products, services and promotions
(2) We use a double-opt-in procedure for subscriptions to our Newsletter. That means that, following your registration, we will send you an email to the email address you have provided, in which we ask you to confirm that you wish to subscribe to the Newsletter. If you do not confirm your registration within 14 days, your information will automatically be deleted. In addition, we store your IP addresses used at the time of registration and confirmation, and the time of registration and confirmation. The purpose of the procedure is to have a record of your registration and, where required, be able to investigate a possible misuse of your personal data.
(3) The only mandatory detail required for the mailing of the Newsletter is your email address. The provision of any other details is voluntary and will be used to address you in person. Once you have confirmed your subscription, we will store your email address for purpose of mailing you the Newsletter.
(4) The legal basis for the aforementioned processing operations in the context of the Newsletter subscription is your consent pursuant to Article 6(1)(a) GDPR.
7.2. Newsletter mailout to existing customers following product purchase
(1) If you have purchased products or services, we will send you our Newsletter even if you have not previously registered to subscribe to the Newsletter; we will use the email address you provided when you made the purchase. This relates to Newsletters promoting similar products to those that you purchased.
(2) We will store this email address in our Newsletter address database for this purpose. In order to establish that the Newsletter mailout is legitimate, we also store the IP address used when making the purchase and the time of the purchase.
(3) The legal basis for the aforementioned processing operations in the context of the Newsletter mailout following a purchase is Article 6(1)(f) GDPR. Our legitimate interest in the data processing is the direct promotion of our products to our existing customers as well as their interest in offers and promotions.
7.3. Newsletter tracking
(1) Please note that we analyse User behaviour of Newsletter recipients; for details please refer to the information on the use of and data processing by Inxmail (see clause 13.4).
(2) The legal basis for the tracking as described above is Article 6(1)(f) GDPR. Our legitimate interest in the data processing in the context of tracking is our desire to better tailor our Newsletter to the interests of our customers.
(4) Tracking is also not possible if you have disabled the display of images as standard in your email program. In this case you will not see all of the Newsletter and you may not be able to use all the functionalities of the Newsletter. If you manually choose to have images displayed, the aforementioned tracking will take place.
7.4 Print advertising
(1) We will also use the data provided by you in order to send print media.
(2) In order to carry out the aforementioned processing steps particularly with regard to sending out print media, we use the services and IT systems of various service providers whom we have engaged as commissioned data processors.
(3) The lawfulness of that processing is ensured by way of contracts in accordance with Article 28 GDPR as well as the EU standard model clauses.
(4) The legal basis for the aforementioned processing steps is our legitimate interest following a purchase, pursuant to Article 6(1)(f) GDPR. Our legitimate interest in the data processing is the promotion of our products and services as well as the improvement of the customer relationship.
8. Job advertisements
(1) We use our Website to advertise job vacancies. We collect, process and use your personal data in order to process your online application. The legal basis is Article 6(1)(b) GDPR. Where job vacancies have been posted at Taconova GmbH, section 26 German Data Protection Act (Bundesdatenschutzgesetz, BDSG) applies in addition. Your online application data will be transferred directly to the executive board. We have taken suitable technical and organisational measures to ensure that your personal data is treated confidentially in accordance with statutory provisions.
(2) Please note that data transfer by email is not encrypted and that the data may come to the attention of unauthorised persons or may be falsified. You are welcome to send us your documents by post. If you have applied for a specific position and this position happens to have already been filled or if we consider you to also be suited, or to be even better suited, to another position, we would like to forward your application within our company. The legal basis for this is Article 6(1)(f) GDPR for purpose of protecting your and our legitimate interests. Please let us know if you are not happy for us to proceed in this way. Once the application process has ended and no later than after 6 months, your personal data will be automatically deleted unless you expressly consent to storage for a longer period.
8.1 Recruitment platform – Join.com
(1) We use Join.com. Join.com is a recruitment workflow solution that supports us in managing job advertisements, reviewing and evaluating applications and communicating with applicants.
(2) The third-party provider is JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen, Switzerland. We have entered into a contract regarding commissioned data processing with JOIN Solutions AG pursuant to Article 28 GDPR.
(3) Which data will be processed?
b) Application documents provided:
- Data on the content of former/current employment relationships, e.g. work duties, performance data, positions held. (This data may be derived from your covering letter/CV/attached job references).
- In addition, we collect and process various other details regarding applications, such as earliest start date, regional mobility, desired number of hours and periods of deployment, previous employment, additional qualifications, references or information on how you became aware of the vacancy.
- Other voluntary information such as data on non-professional interests: hobbies, voluntary work.
- Other data that you voluntarily provide to us in the application process by uploading it or otherwise sending it to us, such as in your letter of application, CV or certificates, passport photograph.
c) Communications from and with applicants
(4) The legal basis for the data processing is Article 6(1)(b) GDPR. The processing of the data is necessary for the initiation and implementation of the employment relationship. The legal basis for the processing of voluntary data is your consent, which is documented in the transmission of the data to us as part of the application process. The legal basis for the processing of data in accordance with points 4, 5 and 6 can be found in the above provisions.
9. Duration of storage
We process and store your personal data for as long as this is necessary to meet our contractual and statutory obligations. We will delete your personal data as soon as it is no longer required for the purposes set out above. There may be occasions where personal data is stored for a period of time during which claims may be asserted against our companies (statutory limitation periods of between three and thirty years). Moreover, we will store your personal data if we are required to do so by statute. Provisions of commercial law, tax law and social security law may contain such accountability and retention obligations.
10. Automated decision making
We do not use any fully automatic decision making processes pursuant to Article 22 GDPR in order to establish and process the business relationship.
In order to be able to inform and advise you about our products and services in a targeted way, we may use service providers who act on our behalf, and potentially web analysis tools, in particular tracking technology. This allows us to communicate and advertise in a way that meets customers’ demands (see clauses 12 et seq. “Data processing by third parties”).
B. Data processing by third parties
12. Web analysis services
(2) You can prevent cookies being stored by adjusting your browser software accordingly; however, please note that in this case you may not be able to make use of the full scope of functions available on this Website. In addition, you can prevent the data generated by the cookie about your use of the Website (including your IP address) being sent to Google and the processing of this data by Google, by downloading and installing the browser plugin made available by Google
(3) This Website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP address are truncated before they are processed further; this means that they cannot be linked to a particular individual. If the data collected about you may be linked to you, this is thus immediately ruled out and the personal data is therefore immediately deleted.
(4) The legal basis for the processing is your express consent pursuant to Article 6(1)(a) GDPR
12.2 Google Tag Manager
(2) For further information on Google Tag Manager, please refer to: https://www.google.com/analytics/tag-manager/use-policy/
12.3 Google AdWords
(1) This Website uses the online advertising program “Google AdWords” and, as part of that, conversion tracking. This involves Google AdWords placing a cookie on your computer if you have accessed our Website via a Google advert. These cookies become invalid after 30 days and are not used for personal identification. If the User visits certain pages of our Website and the cookie has not yet expired, we and Google are able to see that the User has clicked on the advert and was redirected to this page. Each AdWords customer receives a different cookie. It is therefore not possible to track cookies via the websites of AdWords customers
(2) The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who opted for conversion tracking. The customers know the total number of Users who clicked on their advert and were redirected to a page with a conversion tracking tag. They will not, however, receive any information that can be used to identify Users personally
12.3 Facebook Pixel - Facebook Pixel, Facebook Custom Audiences and Facebook-Conversion
(1) This Website uses the “Facebook Pixel” of the social network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, bzw.,Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland.
(2) Facebook uses the Facebook pixel to identify you as a visitor to our Website as a target group for the display of advertisements (“Facebook ads”). We can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (“conversion”).
(3) Data is processed by Facebook within the scope of Facebook’s data policy. For general information on the display of Facebook ads, please refer to Facebook’s data policy. Specific information and details on the Facebook Pixel and how it works can be found in the Facebook help section.
(4) The legal basis for the use of the Facebook Pixel and the storage of “conversion cookies” is the consent given to us (Article 6(1)(a) GDPR).
(5) You may object to being logged by the Facebook Pixel and to the use of your data for the display of Facebook ads. In order to define which types of advertisements you are shown within Facebook, you can visit the page set up by Facebook and follow the instructions on how to set ad preferences.
13. Plug-ins and service providers
13.1 Google Maps
(1) The Website uses Google Maps to display interactive maps and prepare travel directions. Google Maps is a map services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this Website including your IP address and the (starting) address entered into the route planner may be transferred to Google in the USA. If you access one of our web pages that contains Google Maps, your browser establishes a direct connection with the servers of Google. Google will send the content of the map directly to your browser and will be integrated from there into the Website. We therefore cannot influence the scope of the data collected by Google in this way. According to our current information this includes at least the following data:
- data and time of the visit to the respective Website,
- internet address or URL of the Website accessed,
- IP address, (starting) address entered into the route planner
(2) We have no influence over the further processing and use of the data by Google and we therefore cannot be held responsible for this.
(4) For details regarding the purpose and scope of the collection of data and its further processing and use by Google as well as your rights and settings options to protect your privacy, please refer to: https://www.google.com/intl/de/policies/privacy/.
13.2. Google Fonts
(1) This Website uses web fonts provided by Google to ensure a uniform display of fonts. When accessing a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
(1) Our Website uses the YouTube embedding function in connection with the “extended data protection mode” in order to stream YouTube videos. YouTube is a service provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
(2) In order for an embedded video to be played, a connection to the YouTube server is established. YouTube videos are embedded on our Website in “extended data protection mode”. This “extended data protection mode” is provided by YouTube, and YouTube represents and warrants that no cookies containing personal data are stored on your end device. However, when you watch the video, your IP address and the website visited by you will be stored and processed by YouTube. However, this information cannot be attributed to your person provided that, at the time you access the video, you are not logged in to YouTube or another Google service. If, however, you are logged in to YouTube or Google, YouTube will link the connection data to your YouTube account and only cookies that do not include any personally identifiable data will be stored on your end device. If you wish to prevent this, you either need to log out of YouTube prior to visiting our Website or adjust the settings in your User account accordingly.
(3) Moreover, every time you access this Website, a connection is established to the Google DoubleClick network, which happens regardless of whether a video is being streamed. By connecting to the Google Network, other data processing operations will be triggered without our input.
(4) Through certification under the EU-US data privacy agreement, “Privacy Shield”, Google LLC domiciled in the USA and the subsidiary YouTube guarantee that the data protection provisions applicable in the EU are complied with.
(1) This Website uses Inxmail to mail out Newsletters. This service is offered by Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany. Inxmail is a service that allows the mailing of Newsletters to be organised and analysed. The data provided by you for purposes of receiving the Newsletter (e.g. email address) will be stored on the servers of Inxmail in the EU. In addition, the data required for the mailout of Newsletters to existing customers (see clause 7.2) will be stored; we transmit this data to Inxmail for this purpose.
(2) Inxmail uses this data to send and analyse the Newsletters on our behalf. According to Inxmail, they may use this data in order to improve their own services, for instance to optimise the sending and the display of the Newsletter in technical terms, or for commercial purposes to determine the countries in which recipients are located. Inxmail will not, however, use this data in order to contact recipients itself or pass it on to third parties. For further information on data processing by Inxmail, please refer to https://www.inxmail.de/datenschutz.
(3) Please note that, when sending out the Newsletter, we will analyse your User behaviour. The Newsletters contain a web beacon, i.e. a pixel-sized file, which is retrieved by the server of Inxmail GmbH when the Newsletter is opened. This retrieval allows us to initially collect technical information such as data regarding the browser and your system, as well as your IP address and the time of retrieval. This information is used to improve the services in technical terms based on the technical data or the target groups and your reading habits.
(4) The statistical surveys also include determining whether the Newsletters were opened, when they were opened and which links were clicked on. This information is not assigned to individual Newsletter recipients but is only processed anonymously. The aim of the analyses is to identify the reading habits of our Users and to adapt our content to you.
(5) There are cases in which we redirect Newsletter recipients to a website of Inxmail. For instance, our Newsletters contain a link which Newsletter recipients can use to access the Newsletters online (e.g. in the event that there are problems with displaying them in the email program).
(6) You have the option of unsubscribing to our Newsletter at any time by revoking your consent. You can use the link at the end of every Newsletter if you wish to unsubscribe. By clicking the link you withdraw your consent to receiving the Newsletter via Inxmail and to the statistical analyses.
14. Presences on social networks
We have online presences on social networks to communicate with Users who are active on those networks or to offer information about ourselves. Please note that this may involve User data being processed outside of the European Union. With regard to US providers who are certified under the Privacy Shield or who provide equivalent guarantees in terms of secure data protection levels, we would like to point out that they thereby undertake to comply with EU data protection standards. For a detailed explanation of the respective types of processing and the options to opt-out, we refer you to the privacy policies and information provided by the operators of the networks in question, as follows:
(1) We use “LinkedIn Conversion Tracking and Retargeting” provided by LinkedIn Ireland (Wilton Plaza, Wilton Place, Dublin 2, Ireland) (“LinkedIn”) to measure the results of our advertising campaigns on LinkedIn, optimise the relevance of these advertising campaigns and re-target visitors to our Website with personalised advertisements on LinkedIn or other websites.
(2) We have therefore embedded a tracking pixel (LinkedIn Insight Tag) in our Website. The “LinkedIn Insight Tag” allows LinkedIn to store a third-party supplier cookie in your browser and to collect and store the following information: your IP address and patterns of use on our Website as well as on other websites which include a LinkedIn tracking pixel. When you log on to your LinkedIn account, LinkedIn may link the collected data with your account and display targeted advertisements for you on our behalf or on behalf of other advertisers. You may see these advertisements on LinkedIn or on websites of third-party suppliers.
(3) The information collected may also be transferred to the servers of LinkedIn in the USA (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA). Given that LinkedIn acts in accordance with the “EU-US Privacy Shield”, this transfer is based on Article 45 GDPR ((https://www.privacyshield.gov/EU-US-Framework)).
(4) Visitors to the Website remain anonymous given that we only have access to tracking data in aggregated form.
(6) The processing of your personal data is necessary for the protection of legitimate interests after weighing up different interests (Article 6(1)(f) GDPR).
(1) Facebook: social network; service provider: Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, bzw.,Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland;
(2) Types of processed data: master data (e.g. names, addresses), contact details (e.g. email, telephone numbers), contact details of contacts, personal profile, content data (e.g. text entered, photographs, videos, posts), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
(3) Data subjects: Users (e.g. website visitors, users of online services, followers).
(5) Legal basis: legitimate interests (Article 6(1)(f) GDPR).
(1) We use the Instagram service on our Website. Instagram is a service provided by Instagram Inc. service provider: IMeta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, bzw.,Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland;
(2) Through the integration of the “Insta” button on our Website, Instagram will be notified that you have accessed the respective page on our Website. If you are logged in to Instagram, Instagram is able to attribute this visit to our Website to your Instagram account and thereby link the data. The data transmitted by clicking the “Insta” button is stored by Instagram. You can obtain further information on the purpose and scope of the data collection, processing and use and your rights and setting options in this regard to protect your privacy in the Instagram data privacy notice, which you can access via the following data protection notice: https://de-de.facebook.com/help/instagram/155833707900388.
(3) In order to prevent Instagram linking your visit to our Website with your Instagram account, you need to log out of your Instagram account prior to visiting our Website.
(1) We use Agorapulse. Agorapulse is a social media management software, which supports us in the management of social profiles, planning, placing and analysing advertising campaigns, as well as communications with Users and followers.
(3) What customer content is processed and for what purposes?
b) Types of data affected:
- content generated by customers (e.g. messages [including direct or private messages], contributions, comments, profile pictures, photographs, feeds or communication via the supported platforms),
- messages and/or name of the end users,
- URL of the social profiles of the end users on the supported platforms,
- user ID on the supported platforms.
c) Agorapulse uses customer content for the following purposes:
- to identify the author of an end user message,
- to compile all end user messages of one individual and the history of the entire conversation between an end user and a customer.
(4) Third-party applications and social networks
Agorapulse activates an interface in which you can establish a connection to the supported platforms. Below you will find links to the privacy policies of the social media platforms currently supported:
15. Links to other websites
(7) We check any links to external websites before putting them in place. We are not able, however, to ensure that their operators comply with data protection provisions. When we become aware of breaches or violations of the law, we will remove such links.
C. Rights of the data subjects
16. Your rights
a) Rights under Article 15 et seq. GDPR
The data subject has the right to request confirmation from the controller as to whether or not personal data concerning him or her is being processed. If this is the case, the data subject has a right to access this personal data and to receive the information listed in detail in Article 15 GDPR. Provided certain statutory conditions are met, you have a right to rectification pursuant to Article 16 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR. Moreover, you have the right to receive the personal data provided by you in a structured, commonly used and machine-readable format (right to data portability) pursuant to Article 20 GDPR if the processing is carried out by automated means and is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) GDPR.
b) Withdrawal of consent pursuant to Article 7(3) GDPR
Where processing is based on consent, you may withdraw your consent to the processing of personal data at any time by notifying us. Please note that such withdrawal is only effective for the future and not retrospectively. Any processing that has taken place prior to the withdrawal is not affected by this.
c) Right to lodge a complaint
You have the opportunity to lodge a complaint with us or with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for the EU representative in the German state of Baden-Wuerttemberg is: the Landesbeauftragter für den Datenschutz und die Informationsfreiheit, PO Box 10 29 32, 70025 Stuttgart, Germany, tel.: +49 711/615541-0, fax: +49 711/615541-15, email: firstname.lastname@example.org.
d) Right to object pursuant to Article 21 GDPR
In addition to the aforementioned rights, you have a right to object, as follows:
Right to object in a particular situation
You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) GDPR (processing of data in the public interest) and Article 6(1)(f) GDPR (data processing based on a weighing up of interests); this also applies to any profiling within the meaning of Article 4(4) GDPR that is based on those provisions. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the data is processed for reasons of asserting, exercising or defending against legal claims.
Right to object to the processing of data for marketing purposes
In some cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
D. Final provisions
(1) We have taken technical and organisational security measures pursuant to Articles 24, 32 GDPR in order to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and all third parties involved in the processing of data have been placed under an obligation to comply with the requirements of the GDPR and the confidential treatment of personal data.
(2) SSL or TLS encryption: For reasons of security and in order to protect the transfer of confidential content, for instance any order or requests you send to us in our capacity as the site operator, this Website uses SSL or TLS encryption. You can ascertain whether a connection is encrypted by checking whether the address bar of the browser has changed from “http://” to “https://” and whether there is a padlock icon in the address bar of the browser. If SSL or TLS encryption has been enabled, any data you transmit to us cannot be read by third parties.
18. Changes to our data protection provisions