Inhalt

Privacy Policy

Data Protection Statement Website

Introduction and general information

Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.

Controller within the meaning of data protection law

Brandification GmbH 
CEO: Christoph Hack
Bucher Str. 5
90419 Nuremberg 
Germany

Tel.: (+49) 911 – 350 64 9950
Mail: mail@brandification.com
Website: www.brandification.com

Contact details of the data protection officer

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

Definitions

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

Web Hosting

This website is hosted by an external service provider (hoster). This website is hosted in Frankfurt am Main, Germany. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website.

We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

Server- Logfiles

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server

  • Referrer (previously visited website)
  • Requested web page or file
  • Browser type and version
  • Operating system used
  • Type of device used
  • Time of access
  • IP address in anonymized form (only used to determine the location of the access)

 

We collect the listed data in order to guarantee a frictionless connection establishment and to enable a comfortable use of our website by the users. The log file also serves for evaluating system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data. The data is made anonymous by shortening the IP address at domain level, so that it is not possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.

Cookies

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.

You can set your browser to

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or  http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/ ).

Please note that if you disable cookies, the functionality of our website may be limited.

Changes to the cookie settings

You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via this link.

Contact form and contact by e-mail

If you send us requests via our contact form or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. You are required to provide an email address to contact us. Your name and telephone number are optional. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.

Appointment (Calendly)

On our website you have the possibility to make an appointment with us. We use “Calendly” for this purpose. Calendly is a service of Calendly, LLC, 1315 Peachtree St NE, Atlanta, GA 30309, https://calendly.com.

If you would like to make an appointment with us, you can do so using the form provided. The data you provide will then be transmitted to the respective contact person via Calendly and the data will be entered into our calendar (Outlook). In addition, the data can be viewed by us in the login area of Calendly and is stored there.

You will receive a confirmation of the appointment by e-mail, where you have the option to enter the data in your calendar.

The purpose of processing the data provided is to be able to make an appointment, process the contact request and get in touch with you.

The legal basis for the processing of personal data described here is Art. 6 (1) lit. f DSGVO. Our legitimate interest is to offer you the opportunity to independently arrange appointments with us. This simplifies the coordination regarding appointments and enables an efficient appointment arrangement.

The personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

We have concluded a commissioning agreement with Calendly so that the data you provide is processed for us in accordance with instructions and orders.

Since a transfer of personal data to the USA may occur, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.

Further information on this can be found in the order processing agreement (https://calendly.com/pages/dpa) and in the Calendly privacy policy (https://calendly.com/privacy) .

Comment function (blog)

As a user of our website, you have the option of leaving comments on individual content in our blog. For this, we need your name or a pseudonym and your e-mail address (will not be published). Furthermore, your IP address and the time of publication will be logged and stored for 7 days. This storage of the IP address is done for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a submitted comment. We need your e-mail address to contact you in case a third party objects to your published content as illegal.

The storage of comments is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

The storage of additional information (IP address and e-mail address) is based on our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO.

We reserve the right to delete comments if they are objected to by third parties as unlawful.

The collected IP and email addresses are deleted after 7 days.

If you would like us to delete one of your published comments, please contact us.

Sending applications

If you apply for a job at our company via contact form or by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and email address of the user) as well as other data provided by you regarding your background (e.g. CV, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability). Your personal data ordinarily is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is Art. 6 para. 1 lit. b GDPR in conjunction with § 26 para. 1 BDSG. In addition, consent in accordance with Art. 6 para. 1 lit. a, 7 GDPR in conjunction with § 26 para. 2 BDSG can be used as a data protection permission regulation. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

Within our company, only those persons and positions (e.g. human resources) have access to your personal data which absolutely need to carry out the application procedure or to fulfil our legal obligations. Your applications will be forwarded to the responsible person for examination. Under no circumstances will your personal data be passed on to third parties without authorisation.

Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after the application process has been completed. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. For this purpose, an informal e-mail to the contact details of the person responsible listed above is sufficient. If you are accepted, your application documents will be transferred to the personnel file.

Newsletter (Hubspot)

If you would like to receive the newsletter offered on our website with regular information about our offers and products, we need your email address as mandatory information.

Additional data is provided in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

For the dispatch of the newsletter we use the so-called double opt-in. This means that we will only send you our newsletter via email, if you have expressly confirmed that you agree to receive newsletters. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future. With the confirmation you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.

When you register for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address by which you registered for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later point in time.

You can unsubscribe from the newsletter at any time by clicking on the link included in each newsletter or by sending an email to the controller as described above. Once you have cancelled your subscription, your email address will be deleted from our newsletter list immediately, unless you have expressly consented to the continued use of the data collected.

Our email newsletters are sent via a technical service provider to whom we pass on the data you provide when you register for the newsletter. We have concluded a data processing agreement with our e-mail service provider in which we bind him to protect the data of our customers and not to pass them on to third parties.

Service Provider: Hubspot

European office: HubSpot Ireland Limited at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

Address USA: HubSpot, Inc. at 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA.

Privacy Policy: https://legal.hubspot.com/de/privacy-policy

Suitable guarantee Data transfer: The provider based in the USA offers standard data protection clauses in accordance with Art. 46 Para. 2 lit. c DSGVO, which are intended to ensure compliance with the level of data protection applicable in the EU.

Our provider uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the evaluation the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on, if applicable. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). The data is collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. These data are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you wish to object to the data analysis for statistical evaluation purposes, you must cancel the newsletter subscription.

Events and Websessions

We process your personal data to manage registrations and participation in events and web sessions. Your data is used to plan and execute events or web sessions for which you have registered or in which you participate. 

We also use your data to send you relevant information about our products and services. We use your information to send you requested content and to send you marketing information, product recommendations, and other non-transactional communications (including newsletters) that we believe may be of interest to you. If you no longer wish to receive our marketing communications, you may unsubscribe at any time by clicking on the unsubscribe link at the bottom of our email or by contacting us. We process your data for this purpose on the basis of your consent or, where relevant and permitted by applicable law, on the basis of our legitimate interests.

Sweepstakes

When you enter a competition or promotion, we process the data and information you provide on the entry form. This includes the data required for participation, such as name and surname, company name, e-mail address and, if applicable, the data and information voluntarily provided by you as part of participation. Your personal data will be processed for the purpose of administering the competition or promotion, in particular for determining and notifying the winners. For the purpose of sending and delivering prizes, we may subsequently collect and process further data, e.g. your postal address.

The conditions of participation can be found in the respective competition.

We also use the data you provide to send you relevant information about our products and services. We use your data to send you marketing information, product recommendations and other non-transactional communications (including newsletters) that we think may be of interest to you. If you no longer wish to receive our marketing communications, you can unsubscribe at any time by clicking on the unsubscribe link at the bottom of our email or by contacting us. We process your data for this purpose on the basis of your consent or, where relevant and permitted by applicable law, on the basis of our legitimate interests.

Chat function (Hubspot)

This website uses live chat to ensure the best possible user experience. In order to answer live enquiries, your chat name (first and last name) as well as the personal data and other information communicated through your messages are collected.

In principle, we answer your enquiry within the chat tool. However, you can also voluntarily provide your e-mail address and/or telephone number to enable us to process your enquiry in this way.

The legal basis for processing the data is our legitimate interest in answering the enquiry made on the user’s initiative in accordance with Art. 6 (1) lit. f DSGVO.

In order to improve our customer service, we carry out statistical analyses of user behaviour on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO. Only aggregated data records are used for this purpose.

If the request or the messages are directed towards the fulfilment of a contract or the implementation of pre-contractual measures, the legal basis for the processing is Art. 6 (1) lit. b DSGVO.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected, i.e. the reason for the request has been conclusively answered. In any case, the collected data will be deleted immediately as soon as we or you have ended the chat conversation.

An exception to this is data that is subject to longer storage periods due to legal obligations or to protect or defend against legal claims.

Cookies are used to operate the chat function. Cookies are small text files that are stored locally in the cache of the site visitor’s Internet browser. The cookies make it possible to recognise the site visitor’s Internet browser in order to distinguish between the individual users of the chat function of our website. The information generated by the cookies about your use of this website (including your IP address) is transmitted to a server of the chat service provider and stored there. Insofar as these cookies are technically necessary for offering the chat function, their use is based on our legitimate interest according to Art. 6 (1) lit. f DSGVO. If the cookies are used for purposes beyond this technical aspect, the cookies will only be played with your consent. The legal basis for this is thus your consent according to Art. 6 para. 1 lit. a DSGVO.

In order to avoid the storage of cookies, you can set your Internet browser so that no more cookies can be stored on your computer in the future or so that cookies that have already been stored are deleted. However, switching off all cookies may mean that the chat function on our website can no longer be carried out.

The processing of personal data, which is processed on the basis of a legitimate interest, can be objected to at any time. In such a case, the conversation cannot be continued.

Service provider: Hubspot

European branch: HubSpot Ireland Limited at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

Address USA: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA.

Privacy Policy: https://legal.hubspot.com/de/privacy-policy

Suitable guarantee Data transfer: The provider based in the USA offers standard data protection clauses in accordance with Art. 46 Para. 2 lit. c DSGVO, which are intended to ensure compliance with the level of data protection applicable in the EU.

hCaptcha

To protect our website from unsolicited, automated messages and/or attacks, we use the hCaptcha service. The service is provided by Intuition Machines, Inc., 350 Alabama St, #10, San Francisco, CA 94110, USA. As soon as you click on the “Load Captcha” button, your IP address is transmitted to hCaptcha. We base this on our legitimate interest according to Art. 6 para. 1 lit. f DSGVO, in order to be able to protect ourselves from the aforementioned attacks and thus offer a safer website experience.

hCaptcha is our processor and does not collect any data on its own behalf or for its own use. You can find hCaptcha’s privacy policy at https://www.hcaptcha.com/privacy.

Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.

We use the Google Tag Manager on the basis of our legitimate interest under Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is to enable the technical integration of other website tools.

As the IP address is transferred to Google in the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/

https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

Hotjar

Our website uses the web analysis service Hotjar of Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe).

This tool allows us to track movements on the websites where Hotjar is used (so-called heat maps). For example, we can see how far users scroll and which buttons users click on how often. The tool also allows us to get feedback directly from the users of the website. Most importantly, Hotjar’s services can improve the functionality of the Hotjar-based website by making it more user-friendly, more valuable and easier for end users to use.

When using this tool, we take special care to protect your personal data. For example, we can only track which buttons are clicked, the mouse history, how far it scrolls, the screen size of the device, device type and browser information, geographic location (country only) and the preferred language to display our website. Areas of the websites where personal information about you or third parties is displayed are automatically hidden by Hotjar and therefore cannot be traced at any time. In order to exclude the possibility of direct personal references, IP addresses are only stored and processed anonymously. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that are transmitted by your browser as part of web page requests. These would be, for example, cookies or your IP address. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 letter a GDPR on the basis of your consent for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.

Hotjar stores the customer data in the European Union. In a few cases, customer data may be accessed from the USA or other countries whose data protection laws differ from the data protection laws at your place of residence, or other data (e.g. e-mail) may be transferred to such countries. Hotjar has taken reasonable precautions to ensure that your personal data remains protected and requires that Hotjar’s third party service providers and partners also take reasonable precautions.

Hotjar offers each user the option of using a “Do Not Track” header to prevent the use of the Hotjar tool, so that no data about the visit to the respective website is recorded. This is a setting that is supported by all common browsers in current versions. To do this, your browser sends a request to Hotjar to deactivate the tracking of the respective user. If you use our websites with different browsers/computers, you must set up the “Do Not Track” header separately for each of these browsers/computers.

When you visit a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to our opt-out page https://www.hotjar.com/policies/do-not-track/ and clicking deactivate Hotjar.

For more information about Hotjar Ltd. and about the Hotjar tool, please visit

https://www.hotjar.com

You can find the privacy policy of Hotjar Ltd:

https://www.hotjar.com/privacy

 

External links

On our website Social Media (Facebook, Instagram, LinkedIn) is solely embedded as a link to the respective service. After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will be only transferred after the redirection to the respective provider. Information regarding the use of your personal data through the use of the website can be found in the privacy policies of the visited websites.

Appearances in social media

In the following, you will find information on the handling of your data that is collected through your use of our social media appearances on social networks and platforms. Your data will be processed in accordance with the statutory regulations.

Providers
Facebook fan page

Responsible entity

In case you provide us with data, which is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing, in accordance with the GDPR, in addition to or instead of us. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint controllership for data processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. See the following link to consult this agreement: https://www.facebook.com/legal/terms/page_controller_addendum.

Since a transfer of personal data by Facebook Ltd. to the U.S. is made to Facebook Inc. among others, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To ensure this, the provider uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe.

If you, as a visitor to the site, wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint with a supervisory authority, objection or withdrawal), you can contact both, Facebook and us.

You can edit your advertising preferences in your account settings. Click on the following link and log in to your account to change your settings:

https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

For further details, please see Facebook’s privacy policy: https://www.facebook.com/about/privacy/

 

Facebook’s Data Protection Officer

You can use Facebook’s online form to contact Facebook’s data protection officer. To access it, please use of the following link: https://www.facebook.com/help/contact/540977946302970.

Data processing for statistical purposes using Page Insights

Facebook provides Page Insights Data for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page, and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created on the basis of user behaviour and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data, that is gathered from memberships on other platforms. Legal basis of the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimised presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Facebook. As a result, we cannot provide any access about where, for how long and to which extent Facebook retains the data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data being processed by Facebook, please contact us by other means. 

Other social media providers

Responsible entity

If your personal data is processed by one of the providers listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion of your rights, please contact the respective provider. Only they have access to the data collected from you. However, if you need any assistance, please contact us any time.

We are present on social media platforms of the following providers:

  • Instagram Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • XING SE, DammtorstraĂźe 29-32, 20354 Hamburg, Germany
  • Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland

Data Protection Officer

Information on how to contact the Data Protection Officer of the respective social media providers can be found here:

General information on social media platforms

Responsible entity

The responsible party for data processing within the meaning of the GDPR is the entity named at the beginning of this privacy policy, insofar as data transmitted by you via one of the social media platforms is processed by us ourselves.

Our Data Protection Officer

If you have any concerns about data processing carried out by us as the data controller, you can contact our data protection officer using the contact details provided at the beginning of this privacy policy.

General data processing on social media platforms

Data processing for market research and advertising

Organisations generally process data for market research and promotional purposes. Therefore, website providers use cookies, which load on to your browser and detect your return to the same URL.  The recorded data is used to create user profiles. User profiles may be used for targeted advertisements within or outside the platform. In addition, user profiles may contain data, that is gathered from memberships on other platforms.

Data processing thorugh making contact

We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request aimed at the conclusion of a contract. Unless there are compelling reasons, your data will be erased after final processing. We assume the processing is finalized, when the regarding circumstances are clarified.

Data processing for contract management

If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data in order to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. Your data will be erased if they are no longer necessary for the fulfilment of the contract or if it is certain, that pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of establishing the contact. Please take into account, that it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations even after the conclusion of contract.

Data processing on the legal basis of consent

If the respective platform providers request you to give consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time.

Data transfer and recipient

When visiting and using the above-mentioned platforms, personal data may be transferred to the U.S. or other third countries outside the EU, therefore further appropriate safeguards are required to ensure the level of data protection under the GDPR. Further information on whether and what suitable guarantees the providers can provide in this regard can be found in the list below.

We have no influence on the processing and handling of your personal data by the respective providers as well as we have no information on this matter. Please consider the privacy policy of the providers for further information:

Data Transfer and Recipients

Your personal data is not transferred to third parties, unless

  • we have explicitly pointed this out in the description of the respective data processing.
  • you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
  • there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.

Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Duration of the storage of personal data

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

Your Rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:

The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.

The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.

The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to mail@brandification.com.

Legal obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

Subject to change

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy policy: 21.05.2021

Privacy Policy Internal Branding Platform (Brandification App)

Introduction and general information

Thank you for your interest in our app. The protection of your personal data is very important to us. Below you will find information on how we handle your data that is collected through your use of our app. Your data will be processed in accordance with the legal regulations on data protection.

Controller within the meaning of data protection law

Brandification GmbH 

Bucher Str. 5
90419 Nuremberg 

Tel.: (+49) 911 – 350 64 9950
Mail: mail@brandification.com
Website: www.brandification.com

Contact details of the data protection officer

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich

datenschutzbeauftragter@datenschutzexperte.de

Definitions

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

Web Hosting

This website is hosted by an external service provider (Amazon Web Services). This website is hosted in Frankfurt am Main. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website. 

We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

Cookies

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.

You can set your browser to 

  • be informed about the setting of cookies, 
  • only allow cookies in individual cases, 
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or  http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/ ).

Please note that if you disable cookies, the functionality of our website may be limited.

Data processing in the context of using the app

In addition to the data mentioned here in the declaration, we also collect the following personal data in order to provide you with access as well as the use of our app:

  • E-mail address
  • username
  • As well as all data that you provide in the context of using Brandification (e.g. creation of “Brand Touchpoints”, participation in brand challenges, answering quiz questions, etc.).

This data is necessary to provide you and your company with the offers of our App. The processing takes place for the following purposes:

  • Creation and management of the user account.
  • To provide app functions such as the creation and evaluation of brand touchpoints and the completion of brand challenges.

These processing operations are based on the contractual relationship between us and your company and are therefore legitimized according to Art. 6 para. 1 sentence 1 lit. b GDPR.

Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons. 

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties. 

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The terms of use of Google Analytics and information on data protection can be accessed via the following links: 

http://www.google.com/analytics/terms

https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.

We use the Google Tag Manager on the basis of our legitimate interest under Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is to enable the technical integration of other website tools.

As the IP address is transferred to Google in the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

Data Transfer and Recipients

Your personal data is not transferred to third parties, unless

  • we have explicitly pointed this out in the description of the respective data processing.
  • you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
  • there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.

Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Duration of the storage of personal data

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

Your Rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:

The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.

The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.

The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work. 

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to mail@brandification.com.

 

Legal obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

Subject to change

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy policy: 16.02.2021

Brand Implementation Reinvented

Stay curious and let yourself be inspired!

Our newsletter gives you new input on how to take your brand implementation to the next level. 🚀