Main Content

Privacy Policy

Last updated: 15 April 2020

We are delighted that you are interested in our website http://www.taconova.com/ (hereinafter the “Website”), products and services. In accordance with the applicable data protection provisions, we hereby inform you about the nature and scope of personal data that we or the service providers or third-party suppliers engaged by us collect in the context of

  • your visit to our Website,
  • the use of the contact form,
  • newsletter mailouts,
  • our social media presences,
  • use of the Taconova configurator

(hereinafter jointly referred to as the “Websites”), and for what purposes and upon what legal bases we will use this data.

A. General

1.    Controllers, EU representatives as per Article 27 GDPR, data protection officer

(1) Joint controllers for data protection purposes within the meaning of Article 4(7) GDPR are

Taconova Group AG

Neunbrunnenstrasse 40
8050 Zurich, Switzerland

Tel. +41 (0)44 735 55 55
group@taconova.com

Taconova GmbH

Rudolf-Diesel-Strasse 8
DE-78224 Singen

Tel. +49 7731 98 28 80
deutschland@taconova.com

(hereinafter also referred as “we” or “us” for short). For further details please refer to the site notice at: https://www.taconova.com/en/site-notice/.

(2) Taconova GmbH is the EU representative as per Article 27 GDPR of Taconova Group AG, Neunbrunnenstrasse 40, 8050 Zurich, Switzerland.

(3) You may contact the data protection officer of Taconova GmbH by post at the above address by adding “For the attention of the data protection officer” or by email to datenschutzbeauftragter[at]taconova.com.

2. Types of processed data, categories of data subjects

2.1 Types of processed data

  • Master data (e.g. customer data such as names and addresses)
  • Account data (login, PW hash)
  • Contact details (e.g. email, telephone numbers)
  • Content data (e.g. text entries, images, videos)
  • Communication data and history
  • Metadata/communication data (e.g. device information, IP addresses)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Geolocation (data that reveals the location of a user’s end device)
  • Tracking data
  • Social media posts

2.2 Categories of data subjects

  • Visitors and users of the Website
  • Customers, interested parties, suppliers and specialist trade partners
  • Service providers, in particular payment service providers and logistics partners
  • Applicants
  • Individuals who post or follow posts on our social media presences
  • Other communication partners

(Hereinafter, the data subjects are also jointly referred to as “Users”.)

 

3. Purpose of the processing

We use your personal data

  • to provide the Website and the online offering, its functions and content
  • to create and manage your personal customer account
  • for support purposes
  • to manage and respond to any contact enquiries and communications with Users
  • to provide contractual deliverables and services
  • to assert, enforce, exercise or defend against any legal claim(s) and legal disputes, and to detect, investigate and prevent any criminal offences
  • to implement security measures
  • to measure audience reach
  • for purposes of direct marketing, e.g. in the form of personalised adverts, an email newsletter or postal advertising, surveys, invitations to events
  • for purposes of running customer satisfaction surveys regarding products and services and analysing these

 

4. Provision of the Website and log files

(1) If you use the Website purely for purpose of obtaining information, i.e. if you do not register or transmit information to us in any other way, we will only collect personal data automatically transmitted to our server by your browser. If you want to look at our Website, we will collect the following data, which is technically required in order to display our Website to you and ensure that it is stable and secure (the legal basis is Article 6(1)(f) GDPR):

  • IP address
  • date and time of the request
  • time zone difference compared to Greenwich Mean Time (GMT)
  • requested content (specific page)
  • access status/http status code
  • data volume transmitted in each case
  • website from which the request originates
  • browser
  • operating system and its interface
  • language and version of the browser software
  • communications protocol

(2) The IP address of Users will be deleted or anonymised after use. Data is rendered anonymous by modifying the IP addresses so that the individual details concerning personal or material circumstances can no longer be attributed to an identified or identifiable individual or that they can only be so attributed using a disproportionately large amount of time, expense and labour.

 

5. Cookies

(1) When you use our Website, cookies will be stored on your computer in addition to the aforementioned log file data. Cookies are small text files that are stored on your hard drive and matched to the browser used by you and through which the entity that has placed the cookie (in this case us) receives certain information. Cookies are not able to run any programs or transfer viruses onto your computer. They are aimed at making the overall internet offering more user friendly and more effective and also collect information to that end.

(2) Use of cookies:
a) This Website uses the following types of cookies, whose scope and functionality are explained below:

  • session cookies (see b below)
  • permanent cookies (see c below).

b) Session cookies store what is known as a session ID which can be used to match different requests made by your browser to the same session. Session cookies are automatically deleted after 1 hour if you log off or close the browser. If you restart your browser and return to the Website, the Website will not recognise you. You need to log in again (if a login is required) or you need to reset any templates and preferences if the Website offers such functions. A fresh session cookie will then be generated, which will store your information and remain active until you leave the site and close your browser.

c) Permanent cookies are automatically deleted after a defined period of time, which may differ depending on the cookie. You may delete cookies at any time in the security settings of your browser.

(3) For what purposes do we use cookies?

We use cookies in order to personalise content and advertisements, to be able to offer social media functionality and to analyse access to our Website. In addition, we pass on information about your use of our Website to our partners to be used in social media and for purposes of advertising and conducting analyses. Our partners may combine this information with other data that you have provided to them or that they have collected in the context of your use of the services. By continuing to use our Website you are deemed to have consented to our cookies.

(4) Overview

Purpose

Description

Duration of storage

Cookies required for
technical reasons

Cookies required for technical reasons allow you to use our Website by enabling basic functions such as website navigation and access to secure parts of the Website. In the absence of such cookies our Website cannot be properly accessed.

Session cookies are deleted once the browser is closed.

Performance
(e.g. the User’s browser) and preferences

When using our Website, cookies are used (e.g. to recognise the browser) to improve performance (e.g. to load content faster). When you visit our Website, the country and language selection detected or made by you will be stored in cookies in order to save you the trouble of having to make these selections again on any subsequent visits. Checks are made in advance to see whether your browser supports cookies, and this information will be stored in another cookie. After that you will be shown contact information that has been localised in terms of country and language, which will also be stored. The legal basis for this is Article 6(1)(f) GDPR.

Session cookies – are deleted once the browser is closed.

Analysis cookies (statistics)

We use third-party analysis cookies in order to establish how visitors use our Website. This helps us to improve the quality and content of our Website. The aggregated statistical information comprises data such as the total number of visitors. We obtain information, for instance, on how often and in what order the individual pages were accessed and how much time visitors spent on our pages on average. We also learn whether Users have already visited our Website in the past. The legal basis for this is Article 6(1)(f) GDPR or Article 6(1)(a) GDPR, provided we request your express consent to the processing. For further information, please see section “B. Data processing by third parties”.

Permanent cookies will remain on the computer but will be automatically deleted after 26 months if the Website was not visited again, unless shorter storage times apply in certain cases. You may delete the cookies manually at any time.

Advertising
cookies

We use advertising cookies in order to assess the efficiency of our advertising measures and to identify scope for improvement. The legal basis for this is Article 6(1)(f) GDPR.

Permanent cookies will remain on the computer but will be automatically deleted no later than after 26 months if the Website was not visited again, unless shorter storage times apply in certain cases. You may delete the cookies manually at any time.

(5) Controlling cookies

You can set your browser so that you will be notified about the placing of any cookies and in order to allow cookies only in particular cases, to exclude the acceptance of cookies in certain cases or generally, and to activate the automatic deletion of cookies when the browser is closed. The deactivation of cookies may restrict the functionality of this Website.

 

6. Contact form, email contact

(1) Our Website contains a contact form that you can use to get in touch with us electronically in an easy and convenient way. If a User uses this contact form, the data entered on the contact form will be transferred to us and stored. The data in question, in particular data pertaining to the person, address details, contact details and messages (free text field) can be seen directly on the respective contact form. When the form is sent, the following additional data will be stored:

  • the User’s IP address
  • date and time the form is sent

(2) When the contact form is sent, Users are referred to this Privacy Policy as regards the processing of the data. Alternatively, we can be contacted via the email addresses provided. In this case, the User’s personal data as transmitted in the email will be stored. The data will only be used to process the request.

(3) The legal basis for the processing of the data transferred in the context of using the contact form or sending an email is Article 6(1)(f) GDPR. If email contact is made with a view to entering into a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.

(4) We only process personal data from the contact form in order to deal with the contact request. If contact is made by email, this also constitutes the required legitimate interest in the processing of the data. The other personal data processed when the contact form is sent is used to prevent a misuse of the contact form and to safeguard the security of our IT systems.

(5) The data will be deleted as soon as it is no longer required for the purposes for which it was collected. With regard to the personal data from the contact form and the data transmitted by email, this is the case if the respective communication with the User has ended. A conversation is deemed to have ended if circumstances suggest that the matter at hand has been conclusively resolved. The additional personal data collected when the contact form is sent will be deleted no later than after seven days.

(6) We can also be contacted via the email addresses provided on the Website. In this case, the User’s personal data as transmitted in the email will be stored. The data will only be used to process the request. The legal basis for the processing of the data transferred in the context of sending an email is Article 6(1)(f) GDPR. If email contact is made with a view to entering into a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.

(7) The data will be deleted as soon as it is no longer required for the purposes for which it was collected. With regard to the personal data from the contact form and the data transmitted by email, this is the case if the respective communication with the User has ended. A conversation is deemed to have ended if circumstances suggest that the matter at hand has been conclusively resolved.

7.    Newsletter

7.1   Newsletter subscription

(1) You may consent to a subscription to our email newsletter (hereinafter referred to as the “Newsletter”), which we use to inform you about our products, services and promotions

(2) We use a double-opt-in procedure for subscriptions to our Newsletter. That means that, following your registration, we will send you an email to the email address you have provided, in which we ask you to confirm that you wish to subscribe to the Newsletter. If you do not confirm your registration within 14 days, your information will automatically be deleted. In addition, we store your IP addresses used at the time of registration and confirmation, and the time of registration and confirmation. The purpose of the procedure is to have a record of your registration and, where required, be able to investigate a possible misuse of your personal data.

(3) The only mandatory detail required for the mailing of the Newsletter is your email address. The provision of any other details is voluntary and will be used to address you in person. Once you have confirmed your subscription, we will store your email address for purpose of mailing you the Newsletter.

(4) The legal basis for the aforementioned processing operations in the context of the Newsletter subscription is your consent pursuant to Article 6(1)(a) GDPR.

(5) You may revoke your consent to the mailing of the Newsletter at any time by unsubscribing from the Newsletter. You can unsubscribe by clicking on the link provided in every Newsletter email, or by sending a message to one of the contact addresses provided above in clause 1(1) of this Privacy Policy.

7.2. Newsletter mailout to existing customers following product purchase

(1) If you have purchased products or services, we will send you our Newsletter even if you have not previously registered to subscribe to the Newsletter; we will use the email address you provided when you made the purchase. This relates to Newsletters promoting similar products to those that you purchased.

(2) We will store this email address in our Newsletter address database for this purpose. In order to establish that the Newsletter mailout is legitimate, we also store the IP address used when making the purchase and the time of the purchase.

(3) The legal basis for the aforementioned processing operations in the context of the Newsletter mailout following a purchase is Article 6(1)(f) GDPR. Our legitimate interest in the data processing is the direct promotion of our products to our existing customers as well as their interest in offers and promotions.

(4) You may object to the mailout of the Newsletter at any time. You can submit your objection by clicking on the link provided in every Newsletter email, or by sending a message to one of the contact addresses provided above in clause 1 of this Privacy Policy.

7.3. Newsletter tracking

(1) Please note that we analyse User behaviour of Newsletter recipients; for details please refer to the information on the use of and data processing by Inxmail (see clause 13.4).

(2) The legal basis for the tracking as described above is Article 6(1)(f) GDPR. Our legitimate interest in the data processing in the context of tracking is our desire to better tailor our Newsletter to the interests of our customers.

(3) You can object to tracking as described above at any time by unsubscribing from the Newsletter. You can unsubscribe by clicking on the link provided in every Newsletter email, or by sending a message to one of the contact addresses provided above in clause 1 of this Privacy Policy. The information obtained by way of tracking will be stored for as long as you subscribe to the Newsletter. After you have unsubscribed we will store the data purely in statistical terms, aggregated and anonymously.

(4) Tracking is also not possible if you have disabled the display of images as standard in your email program. In this case you will not see all of the Newsletter and you may not be able to use all the functionalities of the Newsletter. If you manually choose to have images displayed, the aforementioned tracking will take place.

7.4 Print advertising

(1) We will also use the data provided by you in order to send print media.

(2) In order to carry out the aforementioned processing steps particularly with regard to sending out print media, we use the services and IT systems of various service providers whom we have engaged as commissioned data processors.

(3) The lawfulness of that processing is ensured by way of contracts in accordance with Article 28 GDPR as well as the EU standard model clauses.

(4) The legal basis for the aforementioned processing steps is our legitimate interest following a purchase, pursuant to Article 6(1)(f) GDPR. Our legitimate interest in the data processing is the promotion of our products and services as well as the improvement of the customer relationship.

8. Job advertisements

(1) We use our Website to advertise job vacancies. We collect, process and use your personal data in order to process your online application. The legal basis is Article 6(1)(b) GDPR. Where job vacancies have been posted at Taconova GmbH, section 26 German Data Protection Act (Bundesdatenschutzgesetz, BDSG) applies in addition. Your online application data will be transferred directly to the executive board. We have taken suitable technical and organisational measures to ensure that your personal data is treated confidentially in accordance with statutory provisions.

(2) Please note that data transfer by email is not encrypted and that the data may come to the attention of unauthorised persons or may be falsified. You are welcome to send us your documents by post. If you have applied for a specific position and this position happens to have already been filled or if we consider you to also be suited, or to be even better suited, to another position, we would like to forward your application within our company. The legal basis for this is Article 6(1)(f) GDPR for purpose of protecting your and our legitimate interests. Please let us know if you are not happy for us to proceed in this way. Once the application process has ended and no later than after 6 months, your personal data will be automatically deleted unless you expressly consent to storage for a longer period.

9. Duration of storage

We process and store your personal data for as long as this is necessary to meet our contractual and statutory obligations. We will delete your personal data as soon as it is no longer required for the purposes set out above. There may be occasions where personal data is stored for a period of time during which claims may be asserted against our companies (statutory limitation periods of between three and thirty years). Moreover, we will store your personal data if we are required to do so by statute. Provisions of commercial law, tax law and social security law may contain such accountability and retention obligations.

10. Automated decision making

We do not use any fully automatic decision making processes pursuant to Article 22 GDPR in order to establish and process the business relationship.

11. Profiling

In order to be able to inform and advise you about our products and services in a targeted way, we may use service providers who act on our behalf, and potentially web analysis tools, in particular tracking technology. This allows us to communicate and advertise in a way that meets customers’ demands (see clauses 12 et seq. “Data processing by third parties”).

 

B. Data processing by third parties

12.   Web analysis services

Google Analytics

(1) This Website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”). Google Analytics uses cookies, i.e. text files that are stored on your computer and help analyse how you use the Website. The information gathered by the cookie about your usage of this website will generally be transferred to a Google server in the USA and stored there. In the event that IP anonymisation has been activated on this Website, however, your IP address will first be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area. In exceptional cases only, the full IP address is transferred to a Google server in the USA and shortened there. On behalf of the operator of this Website, Google will use this information to analyse your usage of the Website, compile reports about Website activities and provide the Website operator with further services related to the use of the Website and the internet.

(2) You can prevent cookies being stored by adjusting your browser software accordingly; however, please note that in this case you may not be able to make use of the full scope of functions available on this Website. In addition, you can prevent the data generated by the cookie about your use of the Website (including your IP address) being sent to Google and the processing of this data by Google, by downloading and installing the browser plugin made available by Google

(3) This Website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP address are truncated before they are processed further; this means that they cannot be linked to a particular individual. If the data collected about you may be linked to you, this is thus immediately ruled out and the personal data is therefore immediately deleted.

(4) The legal basis for the processing is your express consent pursuant to Article 6(1)(a) GDPR

12.2 Google Tag Manager

(1) As part of Google Analytics, this Website uses Google Tag Manager. Tags are small code elements which are used, amongst other things, to measure traffic and visitor behaviour, record the effects of online advertising and social media, in remarketing and targeted marketing campaigns, and to test and optimise the Website. Google Tag Manager is a solution to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a domain that does not use cookies. The tool triggers other tags, which in turn may log data. Google Tag Manager does not access this data. If tags were deactivated at domain level or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager

(2) For further information on Google Tag Manager, please refer to: https://www.google.com/analytics/tag-manager/use-policy/

12.3 Google AdWords

(1) This Website uses the online advertising program “Google AdWords” and, as part of that, conversion tracking. This involves Google AdWords placing a cookie on your computer if you have accessed our Website via a Google advert. These cookies become invalid after 30 days and are not used for personal identification. If the User visits certain pages of our Website and the cookie has not yet expired, we and Google are able to see that the User has clicked on the advert and was redirected to this page. Each AdWords customer receives a different cookie. It is therefore not possible to track cookies via the websites of AdWords customers

(2) The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who opted for conversion tracking. The customers know the total number of Users who clicked on their advert and were redirected to a page with a conversion tracking tag. They will not, however, receive any information that can be used to identify Users personally

(3) If you do not wish to participate in the tracking procedure, you can simply deactivate the Google conversion tracking cookie via the user settings of your internet browser. This will mean that you will not be included in the conversion tracking statistics. You can find more information about Google’s privacy policy at http://www.google.com/policies/privacy/

 

13. Plug-ins and service providers

13.1 Google Maps

(1) The Website uses Google Maps to display interactive maps and prepare travel directions. Google Maps is a map services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this Website including your IP address and the (starting) address entered into the route planner may be transferred to Google in the USA. If you access one of our web pages that contains Google Maps, your browser establishes a direct connection with the servers of Google. Google will send the content of the map directly to your browser and will be integrated from there into the Website. We therefore cannot influence the scope of the data collected by Google in this way. According to our current information this includes at least the following data:

  • data and time of the visit to the respective Website,
  • internet address or URL of the Website accessed,
  • IP address, (starting) address entered into the route planner

(2) We have no influence over the further processing and use of the data by Google and we therefore cannot be held responsible for this.

(3) If you do not wish Google to collect, process or use data about you via our online presence, you can deactivate JavaScript via your browser settings. In this case, however, you will not be able to use the map display.

(4) For details regarding the purpose and scope of the collection of data and its further processing and use by Google as well as your rights and settings options to protect your privacy, please refer to: https://www.google.com/intl/de/policies/privacy/.

13.2. Google Fonts

(1) This Website uses web fonts provided by Google to ensure a uniform display of fonts. When accessing a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

(2) In order to do this, the browser used by you needs to establish a connection with the servers of Google. This will make Google aware of the fact that your IP address was used to access our Website. Google Web Fonts are used in the interest of a uniform and attractive display of our online offering. This represents a legitimate interest within the meaning of Article 6(1)(f) GDPR. If your browser does not support web fonts, your computer will use a standard font. For details on Google Web Fonts, please refer to developers.google.com/fonts/faq and to Google’s privacy policy: https://www.google.com/policies/privacy/.

13.3. YouTube

(1) Our Website uses the YouTube embedding function in connection with the “extended data protection mode” in order to stream YouTube videos. YouTube is a service provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

(2) In order for an embedded video to be played, a connection to the YouTube server is established. YouTube videos are embedded on our Website in “extended data protection mode”. This “extended data protection mode” is provided by YouTube, and YouTube represents and warrants that no cookies containing personal data are stored on your end device. However, when you watch the video, your IP address and the website visited by you will be stored and processed by YouTube. However, this information cannot be attributed to your person provided that, at the time you access the video, you are not logged in to YouTube or another Google service. If, however, you are logged in to YouTube or Google, YouTube will link the connection data to your YouTube account and only cookies that do not include any personally identifiable data will be stored on your end device. If you wish to prevent this, you either need to log out of YouTube prior to visiting our Website or adjust the settings in your User account accordingly.

(3) Moreover, every time you access this Website, a connection is established to the Google DoubleClick network, which happens regardless of whether a video is being streamed. By connecting to the Google Network, other data processing operations will be triggered without our input.

(4) Through certification under the EU-US data privacy agreement, “Privacy Shield”, Google LLC domiciled in the USA and the subsidiary YouTube guarantee that the data protection provisions applicable in the EU are complied with.

(5) For further information, please refer to the privacy policy of YouTube at: https://policies.google.com/privacy?hl=de.

13.4. Inxmail

(1) This Website uses Inxmail to mail out Newsletters. This service is offered by Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany. Inxmail is a service that allows the mailing of Newsletters to be organised and analysed. The data provided by you for purposes of receiving the Newsletter (e.g. email address) will be stored on the servers of Inxmail in the EU. In addition, the data required for the mailout of Newsletters to existing customers (see clause 7.2) will be stored; we transmit this data to Inxmail for this purpose.

(2) Inxmail uses this data to send and analyse the Newsletters on our behalf. According to Inxmail, they may use this data in order to improve their own services, for instance to optimise the sending and the display of the Newsletter in technical terms, or for commercial purposes to determine the countries in which recipients are located. Inxmail will not, however, use this data in order to contact recipients itself or pass it on to third parties. For further information on data processing by Inxmail, please refer to https://www.inxmail.de/datenschutz.

(3) Please note that, when sending out the Newsletter, we will analyse your User behaviour. The Newsletters contain a web beacon, i.e. a pixel-sized file, which is retrieved by the server of Inxmail GmbH when the Newsletter is opened. This retrieval allows us to initially collect technical information such as data regarding the browser and your system, as well as your IP address and the time of retrieval. This information is used to improve the services in technical terms based on the technical data or the target groups and your reading habits.

(4) The statistical surveys also include determining whether the Newsletters were opened, when they were opened and which links were clicked on. This information is not assigned to individual Newsletter recipients but is only processed anonymously. The aim of the analyses is to identify the reading habits of our Users and to adapt our content to you.

(5) There are cases in which we redirect Newsletter recipients to a website of Inxmail. For instance, our Newsletters contain a link which Newsletter recipients can use to access the Newsletters online (e.g. in the event that there are problems with displaying them in the email program).

(6) You have the option of unsubscribing to our Newsletter at any time by revoking your consent. You can use the link at the end of every Newsletter if you wish to unsubscribe. By clicking the link you withdraw your consent to receiving the Newsletter via Inxmail and to the statistical analyses.

14. Presences on social networks

We have online presences on social networks to communicate with Users who are active on those networks or to offer information about ourselves. Please note that this may involve User data being processed outside of the European Union. With regard to US providers who are certified under the Privacy Shield or who provide equivalent guarantees in terms of secure data protection levels, we would like to point out that they thereby undertake to comply with EU data protection standards. For a detailed explanation of the respective types of processing and the options to opt-out, we refer you to the privacy policies and information provided by the operators of the networks in question, as follows:

14.1. LinkedIn

(1) We use “LinkedIn Conversion Tracking and Retargeting” provided by LinkedIn Ireland (Wilton Plaza, Wilton Place, Dublin 2, Ireland) (“LinkedIn”) to measure the results of our advertising campaigns on LinkedIn, optimise the relevance of these advertising campaigns and re-target visitors to our Website with personalised advertisements on LinkedIn or other websites.

(2) We have therefore embedded a tracking pixel (LinkedIn Insight Tag) in our Website. The “LinkedIn Insight Tag” allows LinkedIn to store a third-party supplier cookie in your browser and to collect and store the following information: your IP address and patterns of use on our Website as well as on other websites which include a LinkedIn tracking pixel. When you log on to your LinkedIn account, LinkedIn may link the collected data with your account and display targeted advertisements for you on our behalf or on behalf of other advertisers. You may see these advertisements on LinkedIn or on websites of third-party suppliers.

(3) The information collected may also be transferred to the servers of LinkedIn in the USA (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA). Given that LinkedIn acts in accordance with the “EU-US Privacy Shield”, this transfer is based on Article 45 GDPR ((https://www.privacyshield.gov/EU-US-Framework)).

(4) Visitors to the Website remain anonymous given that we only have access to tracking data in aggregated form.

(5) For further information on how to deactivate interest-based and targeted advertising for LinkedIn, please see: ad settings for LinkedIn account holders and guests[A1] . For further information regarding the processing of personal data on by LinkedIn, please refer to the privacy policy of LinkedIn (https://www.linkedin.com/legal/privacy-policy).

(6) The processing of your personal data is necessary for the protection of legitimate interests after weighing up different interests (Article 6(1)(f) GDPR).

14.2. Facebook

(1) Facebook: social network; service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA.

(2) Types of processed data: master data (e.g. names, addresses), contact details (e.g. email, telephone numbers), contact details of contacts, personal profile, content data (e.g. text entered, photographs, videos, posts), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

(3) Data subjects: Users (e.g. website visitors, users of online services, followers).

(4) Purposes of processing: contact requests and communication, tracking (e.g. interest-related and behavioural profiling, use of cookies), advertising and re-marketing, measuring reach (e.g. access statistics, recognition of recurring visitors).

(5) Legal basis: legitimate interests (Article 6(1)(f) GDPR).

(6) Website: www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; Privacy Shield (guaranteeing data protection levels when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out: Ad settings: https://www.facebook.com/settings?tab=ads; additional information on data protection: agreement on the joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms /page_controller_addendum, data protection notice for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

14.3 Instagram

(1) We use the Instagram service on our Website. Instagram is a service provided by Instagram Inc. service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; website: https://www.instagram.com.

(2) Through the integration of the “Insta” button on our Website, Instagram will be notified that you have accessed the respective page on our Website. If you are logged in to Instagram, Instagram is able to attribute this visit to our Website to your Instagram account and thereby link the data. The data transmitted by clicking the “Insta” button is stored by Instagram. You can obtain further information on the purpose and scope of the data collection, processing and use and your rights and setting options in this regard to protect your privacy in the Instagram data privacy notice, which you can access via the following[A2]  data protection notice: https://de-de.facebook.com/help/instagram/155833707900388.

(3) In order to prevent Instagram linking your visit to our Website with your Instagram account, you need to log out of your Instagram account prior to visiting our Website.

14.4 Agorapulse

(1) We use Agorapulse. Agorapulse is a social media management software, which supports us in the management of social profiles, planning, placing and analysing advertising campaigns, as well as communications with Users and followers.

(2) The third-party provider is Agorapulse SAS, 132 Rue de Rivoli, 75001 Paris, legal@agorapulse.com, https://www.agorapulse.com

(3) What customer content is processed and for what purposes?

a) If customers link a social profile with the service, they can stipulate whether the service should immediately collect, process, share and access data of the social profile (subject to the terms of use and data protection provisions of the supported platform). In this way, our customers[A3]  receive, use and analyse data from the supported platforms of their choice and create, post, transmit, read, visualise or share data and/or information about the service.

b) Types of data affected:

  • content generated by customers (e.g. messages [including direct or private messages], contributions, comments, profile pictures, photographs, feeds or communication via the supported platforms),
  • messages and/or name of the end users,
  • URL of the social profiles of the end users on the supported platforms,
  • user ID on the supported platforms.

c) Agorapulse uses customer content for the following purposes:

  • to identify the author of an end user message,
  • to compile all end user messages of one individual and the history of the entire conversation between an end user and a customer.

(4) Third-party applications and social networks

Agorapulse activates an interface in which you can establish a connection to the supported platforms. Below you will find links to the privacy policies of the social media platforms currently supported:

https://www.youtube.com/yt/about/policies/#community-guidelines

https://twitter.com/privacy

https://www.facebook.com/policy.php

https://help.instagram.com/402411646841720

https://www.linkedin.com/legal/privacy-policy

http://www.google.com/policies/privacy

(5) For the terms of use of Agorapulse (effective date: March 2018), please click here: https://www.agorapulse.com/Nutzungsbedingungen. The privacy policy can be found here: https://www.agorapulse.com/Datenschutzerklarung

15. Links to other websites

(6) Our Website may contain links to websites operated by third parties that may not fall under this Privacy Policy. These third-party websites have their own data protection policies and may, in certain cases, also use cookies and other tracking technologies. The respective operator or the data controller of the respective website is responsible.

(7) We check any links to external websites before putting them in place. We are not able, however, to ensure that their operators comply with data protection provisions. When we become aware of breaches or violations of the law, we will remove such links.

 

C. Rights of the data subjects

16. Your rights

a)  Rights under Article 15 et seq. GDPR

The data subject has the right to request confirmation from the controller as to whether or not personal data concerning him or her is being processed. If this is the case, the data subject has a right to access this personal data and to receive the information listed in detail in Article 15 GDPR. Provided certain statutory conditions are met, you have a right to rectification pursuant to Article 16 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR. Moreover, you have the right to receive the personal data provided by you in a structured, commonly used and machine-readable format (right to data portability) pursuant to Article 20 GDPR if the processing is carried out by automated means and is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) GDPR.

b)  Withdrawal of consent pursuant to Article 7(3) GDPR

Where processing is based on consent, you may withdraw your consent to the processing of personal data at any time by notifying us. Please note that such withdrawal is only effective for the future and not retrospectively. Any processing that has taken place prior to the withdrawal is not affected by this.

c)  Right to lodge a complaint

You have the opportunity to lodge a complaint with us or with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for the EU representative in the German state of Baden-Wuerttemberg is: the Landesbeauftragter für den Datenschutz und die Informationsfreiheit, PO Box 10 29 32, 70025 Stuttgart, Germany, tel.: +49 711/615541-0, fax: +49 711/615541-15, email: poststelle@lfdi.bwl.de.

d)  Right to object pursuant to Article 21 GDPR

In addition to the aforementioned rights, you have a right to object, as follows:

Right to object in a particular situation

You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) GDPR (processing of data in the public interest) and Article 6(1)(f) GDPR (data processing based on a weighing up of interests); this also applies to any profiling within the meaning of Article 4(4) GDPR that is based on those provisions. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the data is processed for reasons of asserting, exercising or defending against legal claims.

Right to object to the processing of data for marketing purposes

In some cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

 

D. Final provisions

17. Security

(1) We have taken technical and organisational security measures pursuant to Articles 24, 32 GDPR in order to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and all third parties involved in the processing of data have been placed under an obligation to comply with the requirements of the GDPR and the confidential treatment of personal data.

(2) SSL or TLS encryption: For reasons of security and in order to protect the transfer of confidential content, for instance any order or requests you send to us in our capacity as the site operator, this Website uses SSL or TLS encryption. You can ascertain whether a connection is encrypted by checking whether the address bar of the browser has changed from “http://” to “https://” and whether there is a padlock icon in the address bar of the browser. If SSL or TLS encryption has been enabled, any data you transmit to us cannot be read by third parties.

 

18. Changes to our data protection provisions

We reserve the right to make changes to our security and data protection measures where this is required due to technical developments or changes in the law. In these cases we will also amend our Privacy Policy accordingly. Please therefore always refer to the most recent version of our Privacy Policy.