Privacy Statement
This privacy statement clarifies the type, extent and purpose of processing personal data (hereinafter referred to as « data ») within our online offer and the associated websites, functions, contents and externally hosted online presences like social media profiles (hereinafter collectively referred to as “online offer“). the terminology used like “processing“ or “person in charge“, we explicitly refer to the definitions given in article 4 of the General Data Protection Regulation (GDPR).
Person in Charge
Silke Maurer
handle with care manufacturing
Prenzlauer Allee 193
10405 Berlin
Germany
silke@handlewithcare.de
http://www.handlewithcare.de
Data Protection Officer:
Raik Hölzel
datenschutz@handlewithcare.de
Types of Data Processed
– inventory data (e.g. names, addresses).
– contact data (e.g. email addresses, telephone numbers).
– content data (e.g. text entries, pictures, videos).
– usage data (e.g. websites visited, interest in content, access time).
– meta-/communications data (e.g., device information, IP addresses).
Categories of Data Subjects
Visitors and users of the online offer (data subjects are hereinafter collectively referred to as “users“).
Purpose of Processing
– provision of the online offer, its functions and contents.
– answering contact inquiries and communication with users.
– security measures.
– online reach measurement/marketing.
Terminology Used
“Personal data“ concerns all information referring to an identified or identifiable natural person (hereinafter “person concerned“); a natural person is deemed identifiable if she can be identified directly or indirectly, especially by assignment to an identifier like name, identification number, location data, online identification data (e.g. cookies) or to one or several other particular characteristics forming the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“Processing“ concerns every operation conducted with or without help of automated processes or any such operation sequence in connection with personal data. The term is far-reaching and practically includes any handling of personal data.
« Pseudonymization“ concerns the processing of personal data to the extent that any personal data can no longer be allocated to a specific person concerned without the involvement of additional information, as long as these additional information is kept separately and subject to technical and organizational measures which guarantee that that the personal data cannot be allocated to an identified or identifiable natural person.
« Profiling“ concerns any kind of automated processing of personal data with the purpose of evaluating certain personal aspects in relation to a natural person, especially to analyze and predict aspects regarding the performance, economic situation, health, personal preferences, interests, reliability, abode or change of location of this natural person.
“Person in charge“ refers to the natural or legal person, authority, institution or similar body solely or collectively deciding upon the purpose and means of processing personal data.
“Processor“ refers to the natural or legal person, authority, institution or similar body processing personal data on behalf of the person in charge.
Relevant Legal Foundation
We communicate the legal foundation of our data processing in accordance with article 13 GDPR. As long as the legal foundation is not mentioned in the privacy statement, the following shall apply: the legal foundation for obtaining the consents is Art. 6 Par. 1 lit. a and Art. 7 GDPR, the legal foundation for processing to fulfill our services and implement contractual measures as well as answering inquiries is Art. 6 Par. 1 lit. b GDPR, the legal foundation for processing to fulfill our legal obligations is Art. 6 Par. 1 lit. c GDPR, and the legal foundation for processing to safeguard our legitimate interests is Art. 6 Par. 1 lit. f GDPR. In case vital interests of the person concerned or any other natural person require the processing of personal data, Art. 6 Par.1 lit. d GDPR serves as legal foundation.
Security Measures
We take suitable technical and organizational measures in accordance with Art. 32 GDPR in consideration of the latest state of technology, the implementation costs and the type, extent, circumstances and purposes of processing as well as the different occurrence probabilities and seriousness of the risk for the rights and freedoms of natural persons to guarantee a level of protection adequate to the potential risk.
The measures particularly include the protection of confidentiality, integrity and availability of data by controlling the physical access as well as the respective data concerning access, entry, transfer, ensuring of availability and division. We furthermore set up procedures ensuring the exercise of rights by persons concerned, deletion of data and reaction to endangerment of data. We also consider the protection of personal data in the development and selection of hardware, software and procedures in accordance with the principles of data protection by means of technological design and privacy-friendly default settings (Art. 25 GDPR).
Cooperation with Processors and Third Parties
Provided we are revealing, transmitting or providing access to data in the course of processing towards other individuals or companies (processors or third parties), this solely happens on the basis of legal permission (e.g. when transmitting data to third parties, like payment service providers, is required for the fulfilment of contract in accordance with Art. 6 Par. 1 lit. b GDPR), you have given express consent, a legal obligation exists or on the basis of our legitimate interests (e.g. for the deployment of agents, webhosts, etc.).
Provided we are assigning third parties with processing of data on the basis of an “order processing contract“, this happens on the basis of Art. 28 GDPR.
Transfers to Third Countries
Provided we are processing data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA) or in case this happens within the utilization of third party services or by disclosure and transmission of data to third parties, this only occurs for the purpose of fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of legal obligation or on the basis of our legitimate interest. Conditionally upon legal or contractual permissions, we process data or have data processed in a third country only in the presence of the particular preconditions given under Art. 44 ff. GDPR. This means the processing may occur on the basis of special guarantees, like the existence of an officially recognized data privacy standard similar to the GDPR (e.g. the “Privacy Shield“ for the US) or in compliance with particular, officially recognized contractual obligations ( so-called “standard contractual clauses“).
Legitimate Rights of the Persons Concerned
You have the right to obtain a confirmation whether or not respective data is processed and the right to obtain information about these data as well as the right to obtain a copy of these data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the completion and rectification of your incorrect personal data.
In accordance with Art. 17 GDPR, you have the right to have your personal data deleted immediately, or to demand a restricted processing of your data in accordance with Art. 18 GDPR.
In accordance with Art. 20 GDPR, you have the right to receive all personal data that you have provided and to request the transmission of the data to other persons in charge.
You also have the right to file a complaint before the responsible regulatory authority.
Right of Revocation
You have the right to revoke any consent in accordance with Art. 7 Par. 3 GDPR with effect for the future.
Right of Objection
You can object the future processing of your personal data in accordance with Art. 21 GDPR at any time. The objection may particularly occur against the processing for the purpose of direct marketing.
Cookies and Right of Objection for Direct Marketing
“Cookies“ are small files which are saved onto the users’ computers. Numerous pieces of information can be saved within cookies. A cookie primarily serves to safe user information (e.g. the device the cookie is saved on) during or after the visit of an online offer. Temporary cookies, “session cookies“ or “transient cookies“ are cookies which are deleted immediately after the user leaves an online offer or closes his browser. Such cookies safe the content of your shopping cart in an online shop or your login status for example. “Permanent“ or “persistent“ cookies are cookies which remain saved even after closing your browser. They serve to remember the login status for example, when users visit the website after several days again. Such cookies can also safe user interests useful for range measurements or marketing purposes. “Third-party cookies“ are cookies offered by providers not responsible for the online offer (cookies by the person in charge are referred to as “first-party cookies). We can deploy temporary and permanent cookies and hereby inform you with our privacy statement.
In case users do not want cookies to be saved on their computers, we kindly ask to deactivate the respective option in the system preferences of their browser. Cookies saved can be deleted in the browsers system preferences. Excluding cookies may lead to functional limitations of the online offer.
A general objection against the application of cookies used for online marketing purposes can be declared in a large number of services, especially regarding tracking, via the US-American website http://www.aboutads.info/choices/ or the European website http://www.youronlinechoices.com/. The storage of cookies can furthermore be achieved via deactivating the respective option in the system preferences of the browser. Please not that deactivating cookie storage may result in functional limitations of the online offer.
Deletion of Data
The data processed by us in accordance with Art. 17 and 18 GDPR are deleted or restricted in processing. As long as not explicitly stated within the frame of this privacy statement, the data stored by us is deleted when it is no longer necessary for its intended purpose and when no statutory storage obligations prevent it. Provided data is not deleted to their relevance for other and lawful purposes, their processing is limited. This means the data is locked and not processed for any other means. This particularly counts for data which has to be stored due to commerce and tax law reasons.
Following the legal specifications in Germany, storage takes place particularly for 10 years in accordance with §§ 147 Section 1 AO, 257 Section 1 No. 1 and 4, Section 4 German Commercial Code (books, records, status reports, vouchers, trading books, documents relevant for taxation, etc.). and 6 years in accordance with § 257 Section 1 No. 2 and 3, Section 4 German Commercial Code (commercial letters).
Following the legal specifications in Austria, storage takes place particularly for 7 years in accordance with § 132 Section 1 Austrian Federal Tax Code (accounting records, receipts/invoices, accounts, vouchers, business papers, statement of revenue and expenditure, etc.), for 22 years in connection with properties and for 10 years regarding documents in connection with electronically supplied services, telecommunication services, broadcasting and television services provided to non-entrepreneurs within EU countries and for those making use of the mini one-stop shop (MOSS).
Contractual Services
We process the data of our contractual partners and interested parties as well as other customers, clients and contractual partners (uniformly referred to as “contractual partners“) in accordance with Art. 6 Par. 1 lit. b GDPR, to fulfil our contractual or pre-contractual services towards you. The personal data processed in the course, the type, extent, purpose and necessity of their processing are determined on the basis of the underlying contractual relationship.
Among the processed data are the master data of our contractual partners (e.g: names and addresses), contact data (e.g. email addresses and telephone numbers) as well as contractual data (e.g. services delivered, contractual content, contractual communication, names of contact persons) and payment details (e.g. bank accounts, payment history).
Generally, we do not process any particular categories of personal data, except they are components of an assigned or contractual processing.
We process data necessary for the justification and fulfilment of our contractual services and always indicate the necessity of disclosure, as long as it is not evident for the contractual partner. Disclosure to external persons or companies solely takes place if it is necessary in the course of contracting. In processing the data given to us in the course of an order, we act according to the instructions of the customer and legal requirements.
In the course of using of our online offer, we can save the IP address and time of the respective user action. Storage happens in accordance with our legitimate interest as well as the users’ interest for protection against misuse and other unauthorized utilization. Transferring data to third-parties does not happen generally, except necessary for the pursuance of our claims in accordance with Art. 6 Par.1 lit. f. GDPR or in case a legal obligation exists in accordance with Art. 6 Par. 1 lit. c GDPR.
In the course of using of our online offer, we can save the IP address and time of the respective user action. Storage happens in accordance with our legitimate interest as well as the users’ interest for protection against misuse and other unauthorized utilization. Transferring data to third-parties does not happen generally, except necessary for the pursuance of our claims in accordance with Art. 6 Par.1 lit. f. GDPR or in case a legal obligation exists in accordance with Art. 6 Par. 1 lit. c GDPR. The deletion of the data is carried out when it is no longer required for the fulfilment of contractual or legal obligations as well as the handling of possible warranty or other obligations. Storage necessity of personal data is reviewed every three years. Otherwise, the statutory preservation duties apply.
External Payment Service Providers
We are applying external payment service providers on whose platforms users and ourselves can carry out payment transactions (e.g. each with link to privacy statement, PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill
(https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay
(https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard
(https://www.mastercard.de/de-de/datenschutz.html), American Express
(https://www.americanexpress.com/de/content/privacy-policy-statement.html)
In the course of contractual fulfilment, we apply external payment service providers on the basis of Art. 6 Par. 1 lit. b. GDPR. We furthermore apply external payment service providers on the basis of our legitimate interest in accordance with Art. 6 Par. 1 lit. b. GDPR to offer our clients effective and secure payment methods. Among the personal data processed by the external payment service providers are inventory data, e.g. name and address, bank data, e.g. account number and credit card number, passwords, transaction numbers and checksums as well as contractual, amount and recipient-related information. This information is necessary to conduct the transaction. The personal data entered is thus only processed and stored by the external payment service provider. This means we do not receive any bank account- or credit card-related information, but solely information regarding the confirmation or cancellation/refusal of the payment. This data is eventually transmitted to credit agencies by the external payment service provider. This transmission serves the identity verification and credit assessment. To that end, we refer to the general terms and conditions and privacy terms of the external payment service provider. The payment transactions are subject to the terms and conditions and privacy terms of the respective external payment service provider and are retrievable from the respective websites or transaction applications. We also refer to these statements regarding any additional information and assertion of rights of revocation, rights of information as well as any other rights of the persons affected.
Administration, Accounting, Office Organization, Contact Management
We process personal data in the course of administrative tasks like organization of our company, accounting and fulfilment of legal obligations, e.g. filing. Here we process the exact same data which we process in the course of fulfilling our contractual services. The legal foundation for processing the data are Art. 6 Par. 1 lit. c. GDPR and Art. 6 Par. 1 lit. f. GDPR. Processing affects customers, interested parties, business partners and website visitors. The purpose and interest of the data processing is in administration, accounting, office organization and filing of data, all of them tasks which serve the preservation of our business activities, carrying out our responsibilities and providing our services. Deleting data with regard to contractual services and contractual communication conforms to the activities mentioned under these processing operations.
We hereby disclose or transmit data to the financial management, consultants, e.g. tax consultants or auditors as well as other toll-gate systems and external payment service providers.
We furthermore store information on suppliers, operators and other business partners on the basis of our business interests, e.g. for the purpose of contact at a later date. This predominantly company-related data is generally stored permanently.
Business Analysis and Market Research
In order to run our business economically and to recognize market trends as well as desires of contract partners and users, we analyze the personal data available to us with regard to business transactions, contracts, inquiries, etc. We hereby process inventory data, communication data, contract data, payment details, user data, metadata on the basis of Art. 6. Par. 1 lit. f. GDPR, whereas persons affected are contract partners, interested parties, customers, visitors and users of our online offer.
Analyses happen for the purpose of business assessment, marketing and market research. We can herby take profiles of registered users into account, including the information on services used for example. Analyses serve the increase of user-friendliness as well as optimizing our proposals and our business efficiency. These analyses are intended solely for ourselves and are not disclosed externally, as long as these are not anonymous analyses with summarized values.
Provided these analyses or profiles are personal, they are deleted with termination of the user or anonymized, two years after conclusion of contract the latest. Total business analyses and general tendency determinations are otherwise created anonymously as far as possible.
Contacting
During the initial contact with us (e.g. via contact form, email, telephone or via social media) personal data of the user is stored for processing the contact request in accordance with Art. 6 Par. 1 lit. b. GDPR. The user data can be stored in a customer-relationship-management system (CRM system) or in comparable request organization systems.
Inquiries are deleted as long as they are no longer required. The storage necessity is reviewed every two years. Legal archiving obligations furthermore apply.
Newsletter
The subsequent information is intended to inform you about the contents of our newsletter, the procedure of registration, dispatch and analysis as well as your rights of objection. By signing up for our newsletter, you automatically agree to the reception and the procedures described.
Content of the newsletter: we dispatch newsletters, emails and other electronic notifications with promotional information (hereinafter referred to as « newsletter“) only with consent of the recipient or on the basis of legal permission. Provided the contents of a newsletter are specifically outlined during the course of registration, they are relevant for the user’s consent. Our newsletters furthermore contain information on our services and ourselves.
Double opt-in process and logging: the registration for our newsletter uses the so-called double opt-in process. This means you are receiving an email after your registration in which you are asked for the confirmation of your email address. This confirmation is necessary, to avoid registrations with foreign email addresses. Newsletter registrations are logged in order to prove the registration process in accordance with legal requirements. This requires the storage of the application date, application time as well as the IP address. Your changes are furthermore logged in the personal data stored by the mail-handling service provider.
Registration data: in order to register for the newsletter, it is sufficient to enter your email address. We optionally ask you to enter a name for the purpose of personal address in the newsletter.
Dispatching the newsletter and the related performance measurement happens on the basis of consent by the recipient in accordance with Art. 6 Par. 1 lit. a., Art. 7 GDPR in connection with § 7 Section 2 No. 3 AAUC or in case consent is not necessary, on the basis of our legitimate interest in direct marketing in accordance with Art.6 Par. 1 lit. f. GDPR in connection with §7 Section 3 AAUC.
Logging the registration procedure happens on the basis of our legitimate interest in accordance with Art. 6 Par. 1 lit. f. GDPR. Our interest is directed towards a user-friendly and secure newsletter system, which serves our business interests as well as the expectations of the users and which also allows proofs of consents.
Termination/revocation: you can always terminate the subscription to our newsletter, i.e. revoke your consent. A link to terminate your subscription of the newsletter can be found at the very end of every newsletter. We can store the signed out email addresses for up to three years on the basis of our legitimate interests before deleting them in order to prove a previously given consent. Processing this data is limited to the purpose of a potential defense of claims. An individual request for deletion is possible at any time, as long as the existence of a previously given consent is confirmed.
Newsletter – Mailchimp
The dispatch of our newsletters is carried out with help of the mail-handling service provider “MailChimp“, a newsletter dispatch platform from US service provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, United States. The privacy terms of the mail-handling service provider can be examined under the following link: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and is thus guaranteeing to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The mail-handling service provider is applied on the basis of our legitimate interest in accordance with Art. 6 Par. 1 lit. f. GDPR and a job processing contract in accordance with Art. 28 Par. 3 p. 1 GDPR.
The mail-handling service provider can utilize the personal data of the recipients in pseudonymous form, i.e. without allocation to a user for the optimization or improvement of his services, e.g. for technical optimization of the dispatch and the representation of the newsletter or for statistical purposes. The mail-handling service provider does not utilize the personal data of our newsletter recipients however, to directly contact them or to pass on their personal data to third parties.
Hosting and E-Mail Dispatch
The hosting services used by us serve the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services as well as technical maintenance services which we utilize for the purpose of operating this online offer.
We, or rather our hosting service provider thereby processes inventory data, contact data, content data, contract data, user data, meta and communication data of clients, interested parties and visitors of this online offer on the basis of our legitimate interest in an efficient and secure provision of this online offer in accordance with Art. 6 Par. 1 lit. f. GDPR in connection with Art. 28 GDPR (signing of an order data processing contract).
Collection of Access Data and Log Files
We, or rather our hosting service provider collects data about every access on the server on which the respective service is hosted on the basis of our legitimate interest in accordance with Art. 6 Par. 1 lit. f. GDPR (so-called server log files). Access data include e.g. name of the website retrieved, data file, date and time of access, data volume transferred, report on successful access, browser type and version, the operating system of the user, referrer URL (the previously visited website), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for solution and prevention of abuses or defraudation) for a maximal duration of 7 days and subsequently deleted. Data requiring ongoing storage for evidentiary purposes is excluded from erasure until the final clarification of the respective incident.
Google Analytics
We utilize Google Analytics, a web analysis service by Google LLC (“Google”) on the basis of our legitimate interest (i.e. interest in the analysis, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GDPR). Google uses cookies. The information created by the cookie about the use of the online offer by the user is generally transmitted to and stored at a Google server in the US.
Google is is certified under the Privacy Shield agreement and is thus guaranteeing to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf to analyze the use of our online offer by the user, to create reports about the activities within this online offer and to deliver us additional services in connection with the use of this online offer and the internet usage. Pseudonymous user profiles can thereby be created on the basis of the data processed.
We only apply Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other signatories of the agreement on the European Economic Area (EEA). The complete IP address is only transmitted to and stored at a Google server in the US in exceptional cases.
The IP address transmitted by the users browser is not combined with any other data from Google. Users can prevent cookie storage by appropriately adjusting their browser software; users can furthermore prevent the collection of data created by the cookie referring to their use of the online offer and the processing of this data by Google through downloading and installing the browser plugin available under the following link:
http://tools.google.com/dlpage/gaoptout?hl=de.
Additional information on data usage by Google, configuration options and possibilities of appeal can be found in the privacy statement by Google (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertisings by Google (https://adssettings.google.com/authenticated). Personal data of users are deleted or anonymized after 14 months.
Google Universal Analytics
We apply Google Analytics in the form of “Universal-Analytics“. “Universal Analytics“ describes a procedure by Google Analytics in which user analysis happens on the basis of pseudonymous user IDs, and in which pseudonymous profiles of the users are created with information from the application of different devices (so-called cross-device tracking).
Reach Measurement with Matomo
In the course of the reach measurement by Matomo, the following data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GDPR): the type of browser you are using and the browser version, the operating system you are using, your country of origin, date and time of the server request, the number of visits, your length of stay on the website as well as the external links activated by yourself. The IP address of the user is anonymized before storage.
Matomo uses cookies which are saved on the users’ computers and which enable the analysis of the usage of our online offer by the user. Pseudonymous usage profiles of the users can thereby be created on the basis of the data processed. The cookies have a storage period of one week. The information created by the cookie on your use of this website is only stored on our server and not transmitted to third parties.
Users can always disagree with the anonymous data collection by the program Matomo with effect for the future by following the link below. In this case, a so-called opt-out cookie is stored in your browser resulting in Matomo not collecting session data anymore. If users delete their cookies, this also means that the opt-out cookie will be deleted and therefore requires reactivation by the users.
The logs containing user data are deleted after 6 months the latest.
Online Presences in Social Media
We maintain online presences within social media networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing these networks and platforms, the terms and conditions and privacy terms of the respective operator apply.
As long as not stated otherwise within our privacy terms, we process the data of the users when they communicate with us within the social networks and platforms, e.g. writing posts on our online presences or contacting us via messages.
Integration of Third Party Content and Services
We integrate content and service offers by third parties within our online offer on the basis of our legitimate interests (i.e. interest in the analyses, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GDPR) to integrate their contents and services, e.g. videos or fonts (hereinafter uniformly referred to as “contents“).
This always requires that the third-party providers of these contents recognize the IP address of the user, as their contents cannot be send to the user’s browser without the IP address. The IP address is therefore necessary for the display of these contents. We endeavor to only apply such contents whose respective providers solely use the IP address for delivering their contents. Third-party providers can furthermore use so-called pixel tags (invisible graphics, also referred to as “web beacons“) for statistical reasons or marketing purposes. Pixel tags may help to analyze information like visitor traffic on the pages of this website. This pseudonymous information can also be stored in cookies on the device of the user and can contain technical information regarding the browser and operating system, linking websites, time of access as well as additional information regarding the use of our online offer and can also be linked to such information from different sources.
Vimeo
We can integrate videos of the platform “Vimeo“ by the service provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, United States. Privacy terms: https://vimeo.com/privacy. We point out that Vimeo might apply Google Analytics and hereby refer to the privacy terms (https://www.google.com/policies/privacy) as well as the opt-out possibilities for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or the settings by Google for the use of data for marketing purposes (https://adssettings.google.com/.).
YouTube
We integrate videos of the platform “YouTube“ by the service provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Privacy terms: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google Maps
We integrate maps of the service “Google Maps“ by the service provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Among the personal data processed are particularly the IP addresses and user location data, which are not collected without consent however (normally in the course of the mobile device settings). The data may be processed in the United States. Privacy terms: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Typekit – Fonts by Adobe
On the basis of our legitimate interests (i.e. interests in the analysis, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GPDR), we integrate external “Typekit“ fonts by the service provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield agreement and is thus guaranteeing to comply with the European level of data protection
(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Utilization of Facebook Social Plugins
On the basis of our legitimate interests (i.e. interests in the analysis, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GPDR), we are using social plugins (“plugins“) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“). The plugins can display interaction elements or contents (e.g. videos, graphics or texts) and are recognizable via one of the Facebook logos (white “f“ on blue tile, the terms “Like“, “Gefällt mir“ or a “thumb up“-sign) or are marked with the amendment “Facebook Social Plugin“. The list and layout of the Facebook Social Plugins can be reviewed under the following link: https://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield agreement and is thus guaranteeing to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
When a user accesses a function of this online offer which contains such a plugin, his device will automatically establish a direct connection to the servers of Facebook. The content of the plugin is directly transmitted to the device of the user by Facebook and integrated into the online offer through the device. Thereby, usage profiles of the users can be created from the personal data processed. We therefore have no influence on the extent of data Facebook is collecting with the help of this plugin and want to inform the users accordingly.
By implementing plugins, Facebook receives the information that a user has visited the respective website of the online offer. If the user is logged in to Facebook, Facebook can allocate the visit to a Facebook account. When users interact with the plugins, for example pressing the like button or writing a comment, the respective information is directly transmitted from their device to Facebook and stored. Even if a user is not a member of Facebook, there is still the possibility that Facebook might find out and store his IP address. Following official statements of Facebook, only anonymized IP addresses are stored in Germany.
The purpose and extent of the collected data, the processing and application of this data through Facebook, as well as the referring rights and configuration options for protecting the user privacy can be reviewed in the privacy terms of Facebook: https://www.facebook.com/about/privacy/.
If a user is Facebook-member but does not want Facebook to collect data via this online offer about him and to allocate this data with his membership details from Facebook, he needs to logout from Facebook prior using our online offer and delete his cookies. Additional settings and objections to the application of personal data for advertising purposes are possible within the Facebook profile settings:
https://www.facebook.com/settings?tab=ads or via the US American website http://www.aboutads.info/choices/ or the European website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are saved and adopted for every device, e.g. desktop computer or mobile devices.
Within our online offer, functions and contents of the service Twitter can be integrated, provided by the Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. This content may include pictures, videos, texts and buttons with which users can share contents of this online offer within Twitter. As long as users are members of the Twitter platform, Twitter can allocate the access to the abovementioned contents and functions to the respective user profiles. Twitter is certified under the Privacy Shield agreement and is thus guaranteeing to comply with the European level of data protection
(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Privacy terms:
https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.
Within our online offer, functions and contents of the service Instagram can be integrated, provided by the Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States. This content may include pictures, videos, texts and buttons with which users can share contents of this online offer within Instagram. As long as users are members of the Instagram platform, Instagram can allocate the access to the abovementioned contents and functions to the respective user profiles. Privacy terms of Instagram: http://instagram.com/about/legal/privacy/.