Inhalt
Privacy Policy
Data Protection Statement Website
Introduction and general information
Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.
Controller within the meaning of data protection law
Brandification GmbHÂ
CEO: Christoph Hack
Bucher Str. 5
90419 NurembergÂ
Germany
Tel.: (+49) 911 – 350 64 9950
Mail: mail@brandification.com
Website: www.brandification.com
Contact details of the data protection officer
Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
Definitions
Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.
Web Hosting
This website is hosted by an external service provider (hoster). This website is hosted in Frankfurt am Main, Germany. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website.
We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.
Server- Logfiles
Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server
- Referrer (previously visited website)
- Requested web page or file
- Browser type and version
- Operating system used
- Type of device used
- Time of access
- IP address in anonymized form (only used to determine the location of the access)
Â
We collect the listed data in order to guarantee a frictionless connection establishment and to enable a comfortable use of our website by the users. The log file also serves for evaluating system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f GDPR.
For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data. The data is made anonymous by shortening the IP address at domain level, so that it is not possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.
Cookies
Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.
Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.
You can set your browser to
- be informed about the setting of cookies,
- only allow cookies in individual cases,
- exclude the acceptance of cookies for certain cases or generally,
- activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed under the following links for each browser:
You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.
For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:
Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/ ).
Please note that if you disable cookies, the functionality of our website may be limited.
Borlabs Cookie
Our website uses Borlabs Cookie’s cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, RĂĽbenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. This data is not passed on to the provider of Borlabs Cookie.
You can revoke your consent given via Borlabs Cookie at any time via the following link: Revoke cookie settings
The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://borlabs.io/kb/what-information-does-borlabs-cookie-store/.
Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR i.V.m. § 25 para. 1 TTDSG.
DoubleClick
This website uses the online marketing tool DoubleClick from Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter: Google). DoubleClick uses cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on the advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.
The legal basis for the processing of your data is the consent you have given via the cookie consent tool (Art. 6 para. 1 sentence 1 lit. a) GDPR). Information on the transfer to third countries can be found under “Third country transfer”. Further information on DoubleClick by Google can be found at https://www.google.com/doubleclick and http://support.google.com/adsense/answer/2839090, as well as on data protection at Google in general: https://www.google.com/intl/en/policies/privacy.
LinkedIn Ads
We use the Linkedin Ads advertising service. The service provider is the American company Linkedin Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn Ads are used exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Linkedin also processes your data in the USA, among other places. Linkedin is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Linkedin also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Through the EU-US Data Privacy Framework and the standard contractual clauses, Linkedin undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. You can find the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.
You can find more information on Linkedin’s standard contractual clauses at https://www.linkedin.com/legal/l/customer-sccs.
You can find out more about the data that is processed through the use of Linkedin Ads in the privacy policy at https://www.linkedin.com/legal/privacy-policy.
LinkedIn Analytics
We use the “LinkedIn Analytics” service on our website.
The service stores and processes information about your user behavior on our website. For this purpose, the service uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and that enable an analysis of your use of our website.
We use the service to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR (consent).
You can also prevent the cookies generated by this service from being saved by making the appropriate settings in your web browser.
We have concluded a so-called “data processing agreement” with LinkedIn.
Tidio
We use the Tidio live chat on our website. You can use this tool to contact us directly. To contact us via the chat tool, we need your e-mail address and a name. We also receive the information you enter in the chat tool. The chat function is an online service provided by Tidio Ltd United Kingdom, 220C Blythe Road, W14 OHH, London. All requests/online chats are sent via this external online service to the operator’s servers in Great Britain and processed there. The connection is encrypted using a 256bit SLL protocol.
You can prevent the tool by making the appropriate settings in your browser software or by switching off the tool in our cookie settings. Of course, you can also contact us directly by other means such as email or telephone.
The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Your request will be deleted after three months.
You can find Tidio’s privacy policy here: https://www.tidiochat.com/en/privacy-policy
Meta Pixel (formerly Facebook Pixel)
We use the meta pixel on our website, a meta business tool from Meta Platforms Ireland Ltd (Ireland/EU). The meta pixel makes it possible to track the activities of visitors to our website. This tracking is called conversion tracking. The meta pixel collects and processes the following information (so-called event data) for this purpose:
- Â Information on the actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
- Specific pixel information such as the pixel ID and the Facebook cookie;
- Information about buttons clicked by visitors to the website;
- Information present in the HTTP headers, such as IP addresses, information about the web browser, the location of the page and the referrer;
- Information on the status of the deactivation/restriction of ad tracking.
Some of this event data is information that is stored on the device you are using. In addition, cookies are also used via the meta pixel to store information on the device you are using. Such storage of information by the meta pixel or access to information that is already stored on your device only takes place with your consent in accordance with Section 25 (1) of the German Data Protection Act (TTDSG).
Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing; Basis for third country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). Further information: Event user data, i.e. behavioural and interest data, is processed for the purposes of targeted advertising and target group formation on the basis of the joint controllership agreement (“Controller Addendum”, https://www.facebook.com/legal/controller_addendum). Joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.)
Changes to the cookie settings
You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via this link.
Contact form and contact by e-mail
If you send us requests via our contact form or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. You are required to provide an email address to contact us. Your name and telephone number are optional. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.
Comment function (blog)
As a user of our website, you have the option of leaving comments on individual content in our blog. For this, we need your name or a pseudonym and your e-mail address (will not be published). Furthermore, your IP address and the time of publication will be logged and stored for 7 days. This storage of the IP address is done for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a submitted comment. We need your e-mail address to contact you in case a third party objects to your published content as illegal.
The storage of comments is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.
The storage of additional information (IP address and e-mail address) is based on our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO.
We reserve the right to delete comments if they are objected to by third parties as unlawful.
The collected IP and email addresses are deleted after 7 days.
If you would like us to delete one of your published comments, please contact us.
Sending applications
If you apply for a job at our company via contact form or by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and email address of the user) as well as other data provided by you regarding your background (e.g. CV, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability). Your personal data ordinarily is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is Art. 6 para. 1 lit. b GDPR in conjunction with § 26 para. 1 BDSG. In addition, consent in accordance with Art. 6 para. 1 lit. a, 7 GDPR in conjunction with § 26 para. 2 BDSG can be used as a data protection permission regulation. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.
Within our company, only those persons and positions (e.g. human resources) have access to your personal data which absolutely need to carry out the application procedure or to fulfil our legal obligations. Your applications will be forwarded to the responsible person for examination. Under no circumstances will your personal data be passed on to third parties without authorisation.
Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after the application process has been completed. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. For this purpose, an informal e-mail to the contact details of the person responsible listed above is sufficient. If you are accepted, your application documents will be transferred to the personnel file.
Newsletter (Hubspot)
If you would like to receive the newsletter offered on our website with regular information about our offers and products, we need your email address as mandatory information.
Additional data is provided in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.
For the dispatch of the newsletter we use the so-called double opt-in. This means that we will only send you our newsletter via email, if you have expressly confirmed that you agree to receive newsletters. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future. With the confirmation you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.
When you register for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address by which you registered for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later point in time.
You can unsubscribe from the newsletter at any time by clicking on the link included in each newsletter or by sending an email to the controller as described above. Once you have cancelled your subscription, your email address will be deleted from our newsletter list immediately, unless you have expressly consented to the continued use of the data collected.
Our email newsletters are sent via a technical service provider to whom we pass on the data you provide when you register for the newsletter. We have concluded a data processing agreement with our e-mail service provider in which we bind him to protect the data of our customers and not to pass them on to third parties.
Service Provider: Hubspot
European office: HubSpot Ireland Limited at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
Address USA: HubSpot, Inc. at 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA.
Privacy Policy: https://legal.hubspot.com/de/privacy-policy
Suitable guarantee Data transfer: The provider based in the USA offers standard data protection clauses in accordance with Art. 46 Para. 2 lit. c DSGVO, which are intended to ensure compliance with the level of data protection applicable in the EU.
Our provider uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the evaluation the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on, if applicable. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on our website) was carried out after clicking on the link in the newsletter. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). The data is collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. These data are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you wish to object to the data analysis for statistical evaluation purposes, you must cancel the newsletter subscription.
Events and Websessions
We process your personal data to manage registrations and participation in events and web sessions. Your data is used to plan and execute events or web sessions for which you have registered or in which you participate.Â
We also use your data to send you relevant information about our products and services. We use your information to send you requested content and to send you marketing information, product recommendations, and other non-transactional communications (including newsletters) that we believe may be of interest to you. If you no longer wish to receive our marketing communications, you may unsubscribe at any time by clicking on the unsubscribe link at the bottom of our email or by contacting us. We process your data for this purpose on the basis of your consent or, where relevant and permitted by applicable law, on the basis of our legitimate interests.
Sweepstakes
When you enter a competition or promotion, we process the data and information you provide on the entry form. This includes the data required for participation, such as name and surname, company name, e-mail address and, if applicable, the data and information voluntarily provided by you as part of participation. Your personal data will be processed for the purpose of administering the competition or promotion, in particular for determining and notifying the winners. For the purpose of sending and delivering prizes, we may subsequently collect and process further data, e.g. your postal address.
The conditions of participation can be found in the respective competition.
We also use the data you provide to send you relevant information about our products and services. We use your data to send you marketing information, product recommendations and other non-transactional communications (including newsletters) that we think may be of interest to you. If you no longer wish to receive our marketing communications, you can unsubscribe at any time by clicking on the unsubscribe link at the bottom of our email or by contacting us. We process your data for this purpose on the basis of your consent or, where relevant and permitted by applicable law, on the basis of our legitimate interests.
External service providers
Use of external services
External services are used on our website. External services are services from third-party providers that are used on our website. This can be done for various reasons, for example for embedding videos or for the security of the website. When using these services, personal data is also passed on to the respective providers of these external services. If we do not have a legitimate interest in using these services, we will obtain your consent as a visitor to our website, which can be revoked at any time, before using them (Art. 6 para. 1 lit. a GDPR).
Airbrake
We use the analysis tool of Airbrake Technologies Inc, 98 San Jacinto Blvd, Suite 1300, Austin, TX 78701, USA (hereinafter “Airbrake”) on our website. This tool enables us to monitor errors smoothly and provides us with performance insights into the efficiency and performance of our website.
The legal basis for the data processing taking place in this context is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR to ensure the performance and functionality of our website with the help of an error analysis.
You can find Airbrake’s privacy policy at the following link: https://airbrake.io/privacy.
We have concluded a so-called “Data Processing Agreement” with Airbrake, in which we oblige Airbrake to protect our customers’ data and not to pass it on to third parties. Airbrake Technologies, Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection standards.
Amazon CloudFront
We use the content delivery network Amazon CloudFront CDN. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter “Amazon”). Amazon CloudFront CDN is a globally distributed content delivery network. The information transfer between your browser and our website is technically routed via the content delivery network. This enables us to increase the global accessibility and performance of our website.
The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
Further information on Amazon CloudFront CDN can be found here: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.
Amazon Web Services Inc., based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A “Data Processing Agreement” has been concluded with AWS.
Calendly (Appointment)
On our website you have the possibility to make an appointment with us. We use “Calendly” for this purpose. Calendly is a service of Calendly, LLC, 1315 Peachtree St NE, Atlanta, GA 30309, https://calendly.com.
If you would like to make an appointment with us, you can do so using the form provided. The data you provide will then be transmitted to the respective contact person via Calendly and the data will be entered into our calendar (Outlook). In addition, the data can be viewed by us in the login area of Calendly and is stored there.
You will receive a confirmation of the appointment by e-mail, where you have the option to enter the data in your calendar.
The purpose of processing the data provided is to be able to make an appointment, process the contact request and get in touch with you.
The legal basis for the processing of personal data described here is Art. 6 (1) lit. f DSGVO. Our legitimate interest is to offer you the opportunity to independently arrange appointments with us. This simplifies the coordination regarding appointments and enables an efficient appointment arrangement.
The personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
We have concluded a commissioning agreement with Calendly so that the data you provide is processed for us in accordance with instructions and orders.
Since a transfer of personal data to the USA may occur, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
Further information on this can be found in the order processing agreement (https://calendly.com/pages/dpa) and in the Calendly privacy policy (https://calendly.com/privacy) .
Dreamdata
We use the “Dreamdata” service for analytical and statistical evaluations. Dreamdata is operated by Dreamdata Købmagergade 22, 2nd Floor, 1150 Copenhagen, Denmark. With the help of Dreamdata, we can determine how visitors to our website and customers interact with our website, which channel they used to reach our website and which pages are of particular relevance to them.
The following data is processed by Dreamdata IP addresses, browser information, usage data, date and time of visit, location information, cookie ID
The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR to improve our product and adapt it to the needs of our users.
Privacy policy: https://dreamdata.io/privacy-policy.
Google Analytics
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons.
Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.
We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.
We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
The terms of use of Google Analytics and information on data protection can be accessed via the following links:
http://www.google.com/analytics/terms/
https://policies.google.com/privacy
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.
Google Fonts
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. They are used without authentication. Furthermore, no cookies are sent. Even if you have an account with Google, none of your account data will be transmitted to Google when you use Google Fonts. Only the use of CSS and the fonts used are recorded and securely stored by Google. You can find out more about this at: https://developers.google.com/fonts/faq.
You can find out what data Google collects and what it is used for here: https://www.google.com/intl/en/policies/privacy.
Google Maps
We use Google Maps on our website. Google Maps is a map service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Maps enables us to better visualize locations. When Google Maps is used, data is transmitted to Google and stored on Google servers.
Although Google undertakes not to pass on any information to third parties as part of its own privacy policy, it does make exceptions to this. The data collected in this way may therefore be transferred to third parties if this is required by law in the USA or if third parties process the data on behalf of Google. You can find Google Inc.’s privacy policy here: https://www.google.com/policies/privacy/.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://policies.google.com/privacy?hl=en. Further opt-out options can be found at: https://safety.google/privacy/privacy-controls/. Google’s cookie policy can be found at: https://policies.google.com/technologies/cookies?hl=en. Google may also process your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the processing is Art. 6 para. 1 lit. a) GDPR.
Google Photos
We use the Google Photos image service for the integration of images and image galleries. The operating company of Google Photos is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. When accessing our website, the visitor’s web browser establishes a direct connection to these servers. Among other things, the visitor’s IP address is transmitted to Google and stored there. The legal basis for data processing is Art. 6 para. 1 f) GDPR. The legitimate interest lies in ensuring the functionality of our website. You can prevent the collection and processing of your data by Google Photos by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
Further information on data protection at Google: https://policies.google.com/privacy
Google Recaptcha
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM.
Further information about Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
Google Tag Manager
This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.
We use the Google Tag Manager on the basis of our legitimate interest under Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is to enable the technical integration of other website tools.
As the IP address is transferred to Google in the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.
hCaptcha
To protect our website from unsolicited, automated messages and/or attacks, we use the hCaptcha service. The service is provided by Intuition Machines, Inc., 350 Alabama St, #10, San Francisco, CA 94110, USA. As soon as you click on the “Load Captcha” button, your IP address is transmitted to hCaptcha. We base this on our legitimate interest according to Art. 6 para. 1 lit. f DSGVO, in order to be able to protect ourselves from the aforementioned attacks and thus offer a safer website experience.
hCaptcha is our processor and does not collect any data on its own behalf or for its own use. You can find hCaptcha’s privacy policy at https://www.hcaptcha.com/privacy.
Hotjar
Our website uses the web analysis service Hotjar of Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe).
This tool allows us to track movements on the websites where Hotjar is used (so-called heat maps). For example, we can see how far users scroll and which buttons users click on how often. The tool also allows us to get feedback directly from the users of the website. Most importantly, Hotjar’s services can improve the functionality of the Hotjar-based website by making it more user-friendly, more valuable and easier for end users to use.
When using this tool, we take special care to protect your personal data. For example, we can only track which buttons are clicked, the mouse history, how far it scrolls, the screen size of the device, device type and browser information, geographic location (country only) and the preferred language to display our website. Areas of the websites where personal information about you or third parties is displayed are automatically hidden by Hotjar and therefore cannot be traced at any time. In order to exclude the possibility of direct personal references, IP addresses are only stored and processed anonymously. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that are transmitted by your browser as part of web page requests. These would be, for example, cookies or your IP address. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 letter a GDPR on the basis of your consent for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.
Hotjar stores the customer data in the European Union. In a few cases, customer data may be accessed from the USA or other countries whose data protection laws differ from the data protection laws at your place of residence, or other data (e.g. e-mail) may be transferred to such countries. Hotjar has taken reasonable precautions to ensure that your personal data remains protected and requires that Hotjar’s third party service providers and partners also take reasonable precautions.
Hotjar offers each user the option of using a “Do Not Track” header to prevent the use of the Hotjar tool, so that no data about the visit to the respective website is recorded. This is a setting that is supported by all common browsers in current versions. To do this, your browser sends a request to Hotjar to deactivate the tracking of the respective user. If you use our websites with different browsers/computers, you must set up the “Do Not Track” header separately for each of these browsers/computers.
When you visit a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to our opt-out page https://www.hotjar.com/policies/do-not-track/Â and clicking deactivate Hotjar.
For more information about Hotjar Ltd. and about the Hotjar tool, please visit
You can find the privacy policy of Hotjar Ltd:
https://www.hotjar.com/privacy
Â
HubSpot
We use HubSpot for marketing activities on our website. HubSpot is a software company from the USA with a branch office HubSpot Ireland Limited in 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. We use this integrated software solution for our own marketing, lead generation and communication purposes. This includes email marketing, which regulates the sending of newsletters and automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms. HubSpot uses cookies, which are stored locally in the cache of your web browser on your end device and enable us to analyze your use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages accessed) on our behalf so that we can generate reports on the visit and the pages visited. Information collected by HubSpot and the content of our website is stored on the servers of HubSpot’s service providers. If you have given your consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, the processing on this website is carried out for the purpose of website analysis.
Since personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.
OneTrust CMP
This website uses the cookie consent tool “CookiePro” from OneTrust LLC, 1200 Abernathy Rd NE, Sandy Springs, GA 30328, USA (“OneTrust”) to obtain effective user consent for cookies and cookie-based applications that require consent.
By integrating a corresponding JavaScript code, a banner is displayed to users when they access the page, in which consent for certain cookies and/or cookie-based applications can be given by ticking a box. The tool blocks the setting of all cookies requiring consent until the respective user gives their consent by ticking the appropriate box. This ensures that such cookies are only set on the user’s end device if consent has been granted.
So that the cookie consent tool can clearly assign page views to individual users and individually record, log and store the consent settings made by the user for the duration of a session, certain user information (including the IP address) is collected by the cookie consent tool when our website is accessed, transmitted to OneTrust servers and stored there.
This data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Another legal basis for the data processing described is Art. 6 para. 1 lit. c GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
OneTrust LLC. is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/participant?id=a2zt0000000GnPeAAK&status=Active
Further information on the use of data by OneTrust can be found in OneTrust’s privacy policy at https://www.cookiepro.com/privacy-notice/
Stripe
On this website we offer, among other things, payment with the services of Stripe. The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as “Stripe”).
When paying via Stripe, your payment data will be forwarded to Stripe via an interface on our website in order to process the payment. Details on this can be found in Stripe’s privacy policy at the following link: https://stripe.com/de/privacy.
Your data is transmitted to Stripe on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and on the basis of our legitimate interest in the use of reliable and secure payment processes (Art. 6 para. 1 lit. f GDPR).
WordPress Static Files
Our website uses WordPress as a content management platform to manage and provide content. The provider is Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA; the use of WordPress static files enables efficient provision of website content and improves loading times for visitors to our website.
When using WordPress, so-called “static files” are used. These files contain static content such as images, CSS files and JavaScript files that are required to display the website, Art. 6 para. 1 sentence 1 lit. f) GDPR. These static files are stored on our own servers or, if necessary, on an external content delivery network (CDN). A CDN can be used to optimize the delivery of the static files by storing them on servers in different locations worldwide.
When using WordPress Static Files, no personal data is collected or processed unless you actively provide such data via forms or other interactions on the website. In this case, the relevant data protection provisions apply in accordance with our privacy policy.
WordPress undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. In addition, we have concluded a so-called “Data Processing Agreement” with WordPress.
The Data Processing Agreements, which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.
You can find out more about the data that is processed through the use of WordPress.com in the privacy policy at https://de.wordpress.org/about/privacy/.
YouTube
We have integrated YouTube videos into our online offering, which are stored on https://www.youtube.com and can be played directly from our website.
The social network is operated by YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066, USA and represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“YouTube “). For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible for the processing of data and compliance with applicable data protection laws. YouTube collects, processes and uses personal data independently and at its own discretion. YouTube’s data processing is governed by its privacy policy: https://policies.google.com/privacy?hl=en
The videos are all integrated into our website in “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube before you play the videos. To make our website more attractive, we operate channels on the YouTube platform, which we populate with videos from our facilities.
The legal basis for the processing of personal data when using the YouTube API is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
External links
On our website Social Media (Facebook, Instagram, LinkedIn) is solely embedded as a link to the respective service. After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will be only transferred after the redirection to the respective provider. Information regarding the use of your personal data through the use of the website can be found in the privacy policies of the visited websites.
Appearances in social media
In the following, you will find information on the handling of your data that is collected through your use of our social media appearances on social networks and platforms. Your data will be processed in accordance with the statutory regulations.
Providers
Facebook fan page
Responsible entity
In case you provide us with data, which is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing, in accordance with the GDPR, in addition to or instead of us. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint controllership for data processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. See the following link to consult this agreement: https://www.facebook.com/legal/terms/page_controller_addendum.
Since a transfer of personal data by Facebook Ltd. to the U.S. is made to Facebook Inc. among others, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To ensure this, the provider uses standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe.
If you, as a visitor to the site, wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint with a supervisory authority, objection or withdrawal), you can contact both, Facebook and us.
You can edit your advertising preferences in your account settings. Click on the following link and log in to your account to change your settings:
https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com
For further details, please see Facebook’s privacy policy: https://www.facebook.com/about/privacy/
Â
Facebook’s Data Protection Officer
You can use Facebook’s online form to contact Facebook’s data protection officer. To access it, please use of the following link: https://www.facebook.com/help/contact/540977946302970.
Data processing for statistical purposes using Page Insights
Facebook provides Page Insights Data for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page, and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created on the basis of user behaviour and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data, that is gathered from memberships on other platforms. Legal basis of the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimised presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Facebook. As a result, we cannot provide any access about where, for how long and to which extent Facebook retains the data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data being processed by Facebook, please contact us by other means.Â
Other social media providers
Responsible entity
If your personal data is processed by one of the providers listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion of your rights, please contact the respective provider. Only they have access to the data collected from you. However, if you need any assistance, please contact us any time.
We are present on social media platforms of the following providers:
- Instagram Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
- LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- XING SE, DammtorstraĂźe 29-32, 20354 Hamburg, Germany
- Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
Data Protection Officer
Information on how to contact the Data Protection Officer of the respective social media providers can be found here:
- Instagram Inc.: https://de-de.facebook.com/help/instagram/155833707900388
- LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
- YouTube: Um den Datenschutzbeauftragten von YouTube zu kontaktieren, wenden Sie sich bitte an Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
- XING SE:Â Datenschutzbeauftragter@xing.com
- Twitter Inc.:Â https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp
General information on social media platforms
Responsible entity
The responsible party for data processing within the meaning of the GDPR is the entity named at the beginning of this privacy policy, insofar as data transmitted by you via one of the social media platforms is processed by us ourselves.
Our Data Protection Officer
If you have any concerns about data processing carried out by us as the data controller, you can contact our data protection officer using the contact details provided at the beginning of this privacy policy.
General data processing on social media platforms
Data processing for market research and advertising
Organisations generally process data for market research and promotional purposes. Therefore, website providers use cookies, which load on to your browser and detect your return to the same URL. The recorded data is used to create user profiles. User profiles may be used for targeted advertisements within or outside the platform. In addition, user profiles may contain data, that is gathered from memberships on other platforms.
Data processing thorugh making contact
We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request aimed at the conclusion of a contract. Unless there are compelling reasons, your data will be erased after final processing. We assume the processing is finalized, when the regarding circumstances are clarified.
Data processing for contract management
If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data in order to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. Your data will be erased if they are no longer necessary for the fulfilment of the contract or if it is certain, that pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of establishing the contact. Please take into account, that it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations even after the conclusion of contract.
Data processing on the legal basis of consent
If the respective platform providers request you to give consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time.
Data transfer and recipient
When visiting and using the above-mentioned platforms, personal data may be transferred to the U.S. or other third countries outside the EU, therefore further appropriate safeguards are required to ensure the level of data protection under the GDPR. Further information on whether and what suitable guarantees the providers can provide in this regard can be found in the list below.
We have no influence on the processing and handling of your personal data by the respective providers as well as we have no information on this matter. Please consider the privacy policy of the providers for further information:
- Instagram
- Privacy Policy/Opt-Out: http://instagram.com/about/legal/privacy/
- Instagram (Facebook), according to its privacy policy, uses standard data protection clauses to ensure an adequate level of data protection as required by the GDPR for data transfers to the US or other third countries outside the EU: http://instagram.com/about/legal/privacy/
- LinkedIn
- Privacy policy: https://www.linkedin.com/legal/privacy-policy
- Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- LinkedIn, according to its privacy policy, uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de
- YouTube/Google
- Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
- Opt-out: https://adssettings.google.com/authenticated
- The use of YouTube results in a transfer of personal data to the USA. YouTube cannot currently provide any guarantees provided by the GDPR for a data transfer to the USA. Please note that there is a risk to you for such transfers of personal data without the existence of an adequacy decision and without appropriate safeguards. The risk is that, due to legislation in the USA, American authorities (in particular the intelligence services) may access the personal data. Legal protection options or information on the handling of your data with the US authorities are only possible to a very limited extent or not at all. Accordingly, a level of data protection in accordance with the requirements of the DSGVO cannot be guaranteed.
- XING
- Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
- Opt-out: https://nats.xing.com/optout.html?popup=1&locale=de_DE
- According to its privacy policy, XING uses standard data protection clauses to ensure an appropriate level of data protection in accordance with the requirements of the DSGVO for data transfers to the USA or other third countries outside the EU: https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender
- Twitter
- Privacy policy: https://twitter.com/de/privacy
- Opt-out: https://twitter.com/personalization
- According to its privacy policy, Twitter uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://twitter.com/de/privacy
Data Transfer and Recipients
Your personal data is not transferred to third parties, unless
- we have explicitly pointed this out in the description of the respective data processing.
- you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
- there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
- required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.
Data security
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
Duration of the storage of personal data
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.
Your Rights
In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:
The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.
The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to object
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.
If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to mail@brandification.com.
Legal obligations
The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.
Automated decision making
Automated decision making or profiling according to Art. 22 GDPR does not take place.
Subject to change
We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.
Status of this privacy policy: 21.05.2021
Privacy Policy Internal Branding Platform (Brandification Software)
Introduction and general information
Thank you for your interest in our software. The protection of your personal data is very important to us. Below you will find information on how we handle your data that is collected through your use of our software. Your data will be processed in accordance with the legal regulations on data protection.
Controller within the meaning of data protection law
Brandification GmbHÂ
Bucher Str. 5
90419 NurembergÂ
Tel.: (+49) 911 – 350 64 9950
Mail: mail@brandification.com
Website: www.brandification.com
Contact details of the data protection officer
Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
Definitions
Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.
Web Hosting
This website is hosted by an external service provider (Amazon Web Services). This website is hosted in Frankfurt am Main. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website.Â
We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.
Cookies
Our software uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.
Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.
You can set your browser to
- be informed about the setting of cookies,
- only allow cookies in individual cases,
- exclude the acceptance of cookies for certain cases or generally,
- activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed under the following links for each browser:
You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.
For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:
Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/ ).
Please note that if you disable cookies, the functionality of our website may be limited.
Data processing in the context of using the software
In addition to the data mentioned here in the declaration, we also collect the following personal data in order to provide you with access as well as the use of our software:
- E-mail address
- username
- As well as all data that you provide in the context of using Brandification (e.g. creation of “Brand Touchpoints”, participation in brand challenges, answering quiz questions, etc.).
This data is necessary to provide you and your company with the offers of our software. The processing takes place for the following purposes:
- Creation and management of the user account.
- To provide software functions such as the creation and evaluation of brand touchpoints and the completion of brand challenges.
These processing operations are based on the contractual relationship between us and your company and are therefore legitimized according to Art. 6 para. 1 sentence 1 lit. b GDPR.
Google Analytics
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons.Â
Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.
We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.
We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.Â
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
The terms of use of Google Analytics and information on data protection can be accessed via the following links:Â
http://www.google.com/analytics/terms
https://policies.google.com/privacy
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.
Google Tag Manager
This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.
We use the Google Tag Manager on the basis of our legitimate interest under Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is to enable the technical integration of other website tools.
As the IP address is transferred to Google in the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.
Google Gemini (Artificial Intelligence)
For our software, we use the AI service Gemini from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,Ireland (“Google”).
In certain areas of our software, we utilize the Google Gemini AI model to enable functionalities such as brand touchpoint optimizations and various types of analysis. This AI model is trained on a wide range of data and can recognize and respond to patterns to provide high-quality services.
Brandification does not transmit personal data such as names, email addresses, or IP addresses to the AI model. Even if personal data is stored in the Brandification software, it is never forwarded to Google in the course of using AI services.
Customer data transmitted by Brandification to Google in the course of using the AI services is not used by Google to train AI models.
OpenAI ChatGPT (Artificial Intelligence)
For our software, we use the AI service GPT from OpenAI Ireland Ltd, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland.
In certain areas of our software, we utilize the GPT AI model to enable functionalities such as brand touchpoint optimizations and various types of analysis. This AI model is trained on a wide range of data and can recognize and respond to patterns to provide high-quality services.
Brandification does not transmit personal data such as names, email addresses, or IP addresses to the AI model. Even if personal data is stored in the Brandification software, it is never forwarded to OpenAI in the course of using AI services.
Customer data transmitted by Brandification to OpenAI in the course of using the AI services is not used by OpenAI to train AI models.
Data Transfer and Recipients
Your personal data is not transferred to third parties, unless
- we have explicitly pointed this out in the description of the respective data processing.
- you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
- there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
- required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.
Data security
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
Duration of the storage of personal data
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.
Your Rights
In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:
The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.
The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.Â
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to object
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.
If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to mail@brandification.com.
Â
Legal obligations
The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.
Automated decision making
Automated decision making or profiling according to Art. 22 GDPR does not take place.
Subject to change
We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.
Status of this privacy policy: 16.02.2021