Data protection information for the use of our website:
Your privacy and the associated protection of your data is important to us. This data protection notice explains how we handle your choices with regard to the collection, use and disclosure of certain information - your personal data - in relation to our online services. It goes without saying that we therefore take all available technical and organisational measures to protect your data from access by unauthorised third parties. To implement these measures, we strictly adhere to the legal provisions of the European General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (BDSG-Neu) and the German Telemedia Act (TMG), the latter if still applicable in this context.
We would like to take this opportunity to inform you about data processing during your visit to our website. We urge you to take the time to read this privacy policy carefully to ensure that you understand whether and, if so, to what extent we process your data and whether you agree with this procedure. We reserve the right to amend the privacy policy with effect for the future, in particular in the event of further development of the websites or apps, the use of new technologies or changes to the legal basis or the relevant case law. We recommend that you read the privacy policy again from time to time.
We would like to point out that this privacy policy only applies to our app, website and services. When using our services, you may come across links to other websites, apps and services or tools that allow you to share data with third parties. We assume no responsibility for the handling of personal data by these other websites, apps and services, and we therefore recommend that you check the privacy policies of the websites, apps or services concerned before connecting or transmitting personal data to third-party services.
For clarity and better navigation within this privacy policy, we would like to provide you with the following table of contents:
1. general information about the processing of your data
1.1 Data protection principles
For us, users come first. It is extremely important to us that you are able to understand what data is collected and processed about you, why this data is collected and how we use this data and pass it on to third parties. For this reason, we have compiled this privacy policy to provide you with simple, clear and binding information about how we handle our users' privacy and data protection.
It is also important to ensure that users have meaningful choices and options regarding their data that we collect, use and share with third parties. These choices can be found in this Privacy Policy or in your settings. We would be delighted if you make full use of these tools.
1.2 Controller responsible for data processing
The data controller for the processing of your personal data is
BMGRH Constructions Lda.
Rua do Ribeiro da Nora 22
9060-270 Funchal, Portugal
Managing Director: Ron Halili
Phone: DE: [+49 (0) 178 13 7777 5] PT: [+351 (0) 922 274 141]
E-mail: info@bmg-constructions.eu
The controller within the meaning of Art. 4 No. 7 GDPR is the person who alone or jointly with others determines the purposes and means of the processing of personal data. Please note that, for your and our security, we may be required to verify your identity before processing your enquiry if you contact us.
1.3 Data Protection Officer
The contact details of the Data Protection Officer are as follows
Named in 1.2
If you have any questions about data protection in connection with our online services, you can also contact our data protection officer at any time. He can be contacted at the above postal address and at the e-mail address given above. We expressly point out that if you use this e-mail address, the content will not be viewed exclusively by our data protection officer. If you wish to exchange confidential information, we therefore ask that you first contact us directly via this e-mail address.
1.4 Preamble to personal data
We process your personal data in order to be able to offer the range of functions provided and to fulfil the use we have entered into with you.
Personal data is only collected if you provide it to us voluntarily. No other personal data is collected. Any processing of your personal data that goes beyond the scope of legal authorisation is only carried out on the basis of your express consent. According to Art. 4 para. 1 GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person - an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We would now like to explain to you what types of your personal data we process, for what purposes and to what extent. This data protection information applies to all processing of personal data carried out by us. This includes the provision of our services - in particular as part of our online services - and also within external online presences, such as our social media profiles.
We also process your data if it is necessary to protect our legitimate interests or those of third parties in accordance with Art. 6 GDPR. This may be the case in particular
to ensure IT security and IT operations, in particular also for support requests,
to be able to prove facts in the event of legal disputes
to statistically analyse the use of the website and improve the user experience
to be able to respond to any feedback from you.
1.5 Legal bases and purposes of data processing
1.5.1 Relevant legal bases
We would like to provide you with an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that national data protection regulations also apply in addition to the provisions of the GDPR. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). The data protection laws of the individual federal states may also apply.
1.5.1.1 For the fulfilment of contractual obligations
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
1.5.1.2 As part of the balancing of interests
If processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for data processing. We use tools necessary for the operation of our online services on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to enable you to use our website more conveniently and individually and to make its use more time-saving and effective.
It is important to us to make our online services a safe place, whereby we are ideologically, party-politically and denominationally neutral and always act in favour of the free democratic basic order. We are committed to the principles of human rights and actively oppose racist, anti-constitutional and xenophobic endeavours as well as discriminatory or inhuman behaviour, in particular on the basis of nationality, origin, ethnicity, religion, gender, age, sexual identity or disability. In order to safeguard this interest within the meaning of Art. 6 para. 1 lit. f GDPR, we store the registration parameters of blocked users who have demonstrably violated our principles or whose behaviour was even abusive, in order to ensure and prevent any renewed registration and use of the associated online offers. The storage of personal data always takes place within the legal framework.
1.5.1.3 Based on your consent
The collection and use of our users' personal data only takes place regularly with the user's consent. Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data. We use all other tools, in particular those for marketing purposes, on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and in accordance with Section 15 para. 3 sentence 1 TMG, insofar as user profiles are created for advertising or market research purposes. Data processing using these tools only takes place if we have received your consent for this in advance.
1.5.1.4 Due to legal requirements or in the public interest
We disclose personal data, except in the cases mentioned below, only if and to the extent that we are required and obliged to do so by law or by court or official order. The legal basis for this is Art. 6 para. 1 para. 1 lit. c GDPR (legal obligation). Insofar as processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Art. 6 para. 1 lit. e GDPR serves as the legal basis.
1.5.1.5 On the basis of vital interests
The collection and use of personal data in accordance with Art. 6 para. 1 lit. d GDPR serves to safeguard, respect and protect the vital interests of data subjects or another natural person. All tools and processes used are based on the aforementioned legal basis, whereby their use requires processing for the protection of vital interests.
1.5.2 Purposes of data processing
Our users' master data (customer data) is used in accordance with the user's instructions, including any applicable terms in the user agreement and the user's use of the service functionalities and to the extent required by law. We are legally considered a processor of user data, with the user being considered the controller. We use information to further our legitimate interests in the course of operating our online offering and related services, websites and business.
We process personal data in accordance with the above-mentioned legal bases for the following purposes, among others:
Technical data - so that we can, for example, distinguish actual users from bots, prevent abusive use and block irregular content that is also reported by other users; in anonymised form also for statistical analysis purposes; the legal basis for processing is 6 para. 1 lit. f GDPR
Location data - to provide any localised and location-based information and thus to ensure full functionality; the legal basis for processing is 6 para. 1 lit. a GDPR
Contact data - to answer your enquiries and to check the situation, taking into account the regulations and circumstances applicable in your country; the legal basis for processing is and 6 para. 1 lit. a and Art. 6 para. 1 lit. f GDPR
Other data - to personalise the user experience and provide information that is tailored to the user. The corresponding data is used and analysed for improvement - for example, to better understand your interests, to support you in personalising the user experience or to offer functions specifically for you. We may also use information regarding your age to check whether you are old enough to use and utilise the services; the legal basis for processing is Art. 6 para. 1 lit. a and Art. 6 para. 1 lit. f GDPR.
In accordance with the aforementioned legal bases, we combine the purposes of (a) optimal provision, improvement and development of our online offering and (b) targeted personalisation of content, advertising and marketing in view of our legitimate interest in collecting the aforementioned data. To illustrate our legitimate interest with reference to the aforementioned data types, we combine the following purposes and data by way of example:
(a) To optimise the provision, improvement and development of our online offering:
To conduct surveys and studies, test features as they are developed and analyse existing data in order to evaluate and improve products and services, develop new features and conduct testing and troubleshooting.
Using the user's email address to notify them about updates to our services and essential notifications about the associated user account.
Use of age to implement an age restriction.
(b) For targeted personalisation of content, advertising and marketing:
Use of location data to provide personalised content as well as recommendations.
Use of automated processing for profiling and assignment to any user groups based on the information you provide to us, your interaction with our online offering and information collected by third parties to deliver personalised content, advertising and promotional messages.
Combining the data collected from you with data from business partners in order to use it to display more relevant adverts.
There is also the possibility of additional purposes that require separate consent for the further processing of personal data on the part of the user. The selection of the required data, which is processed on the basis of consent, depends on the purpose of the respective data processing. This usually includes the following purposes:
Subscription to the newsletter.
Participation in surveys and market studies.
Use of cookies and similar technologies according to your settings.
Furthermore, we process your data beyond the aforementioned purposes if this serves to protect our legitimate interests or the interests of third parties; the legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interests include in particular
the assertion of legal claims and defence in legal disputes
the prevention and investigation of criminal offences
the management and further development of our business activities, including risk management
to detect misuse and to recognise and rectify technical faults in the operation of our website.
For example, we use your data to effectively counteract any misuse of our online services in the interests of honest users and to protect us and our users from harm in such cases. This also includes the data processing required to enforce our rights and claims. If you make contact enquiries in our online services, we may automatically collect and temporarily store personal data such as your email address and first and last name. As a result, we try to recognise and block fraudulent contact requests in good time. At the same time, we can also analyse this data in order to send you a fraud warning. In addition, we use your data to identify faults and ensure system security, including detecting and tracking unauthorised access and attempted access to our servers.
1.6 Information security and security measures
We are committed to taking appropriate technical, logical, administrative and physical security measures designed to protect personal data in such a way that accidental, unlawful or unauthorised loss, access, disclosure, use, alteration or transmission is as unlikely as possible.
Even with intensive efforts, the current state of research makes it impossible to guarantee 100 per cent information security. This is particularly the case when mobile applications, websites, computer systems or the transmission of information via the Internet or another public network are used. Even if one hundred per cent security is impossible, we take into account the sensitivity of the data we collect, process and store and ensure the greatest possible security by adhering to the current state of the art. To maximise the security of personal data, our systems, data protection guidelines and security measures are regularly checked for potential vulnerabilities and attacks, monitored and, if necessary, appropriately updated and improved.
Technical, logical, administrative and physical safeguards include, but are not limited to
Restricted access - Access to personal data is restricted to authorised employees with a legitimate interest.
SSL/TLS encryption (https) - To protect our online services and the data transmitted, we use SSL/TLS encrypted communication between clients and servers.
IP address truncation - If it is not necessary to process a full IP address, it is truncated (‘IP masking’). The shortening of the IP address is intended to prevent or significantly complicate the identification of a person.
1.7 Data transfer to companies, persons, institutions or other recipients
In principle, we do not pass on any personal data to third parties without authorisation - unless you have expressly given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, this is permitted by law and is necessary for the processing of the contractual relationship with you in accordance with Art. 6 para. 1 lit. b GDPR, thus there is a legitimate interest in the disclosure in accordance with Art. 6 para. 1 lit. f GDPR, unless there is reason to assume that you have an overriding interest worthy of protection in not disclosing your data. With regard to the disclosure pursuant to Art. 6 para. 1 lit. c GDPR, there is a legal obligation. With regard to the transfer of data to recipients outside our company, we would like to inform you that we are obliged to maintain confidentiality about all user-related information, facts or assessments. We may only pass on information about you if this is required by law, if you have given your consent, if we are authorised to provide information and if processors commissioned by us guarantee compliance with the requirements of the GDPR.
1.7.1 Data transfer within the company and the group of companies
Certain personal data, such as data provided during registration, may be shared within the company and the group of companies for internal administrative purposes as well as for legitimate business and commercial interests, any contractual obligations including joint user support. Data will be passed on - subject to the consent of the data subject - if this is necessary for use and legal authorisation for use exists.
1.7.2 Processors as service providers bound by instructions
Other companies, vicarious agents or contractors support us in providing services on our behalf or in enabling us to provide you with our services. We engage service providers, for example, to provide marketing, advertising, communications, security, infrastructure and IT services, to customise, personalise and optimise our services, to provide customer services, to analyse data and to process and manage any customer surveys.
During the provision of such services, these service providers may have access to your personal data. We do not authorise their use or disclosure except in connection with the provision of their services. These service providers have been carefully selected by us and we have also entered into data processing agreements with them. Without exception, these are service providers bound by instructions, which process data on our behalf and according to our instructions in accordance with Art. 28 and Art. 29 GDPR. Appropriate contractual arrangements under data protection law ensure that this data transfer and processing is permitted without a separate legal basis.
1.7.3 Disclosure to state authorities, to injured parties and for legal prosecution
If it is necessary and required to clarify illegal or improper use, we will transfer personal data to the responsible authorities and potentially injured third parties. However, this will only happen if we have reason to believe that there is evidence of unlawful or even abusive behaviour. Data is also passed on if this serves to enforce terms of use or other agreements.
The legitimate interest within the meaning of Art. 6 para. 1 f GDPR in data processing is to ensure the proper functioning of our online services and, if necessary, to assert, exercise or defend legal claims.
Furthermore, we are required by law within the meaning of Art. 6 para. 1 c GDPR to provide information to certain public authorities upon request. This includes law enforcement authorities, authorities that prosecute administrative offences subject to fines and the tax authorities.
1.7.4 Business transfers
In the event of a pending restructuring, reorganisation, merger, sale and the associated transfer of assets, we transfer your personal data to the parties involved in the transfer, provided that the recipient has given their consent, whereby we always do this in accordance with our data protection information.
1.8 Data transfer to countries outside the European Economic Area
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of orders or is required by law, if you have given us your consent or as part of commissioned data processing. If service providers are used in a third country, they are obliged to comply with the level of data protection in Europe in addition to written instructions by agreeing the EU standard contractual clauses. If the European Commission has not issued an adequacy decision for the above-mentioned countries in accordance with Art. 45 GDPR, we have already taken appropriate precautions for you to ensure an adequate level of data protection for any data transfers. If neither the above-mentioned adequacy decision pursuant to Art. 45 para. 1 GDPR in conjunction with Art. 45 para. 3 GDPR nor one of the appropriate guarantees pursuant to Art. 46 GDPR exists, we base the data transfer on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfilment of the contract or for the implementation of pre-contractual measures.
1.9 Storage period and deletion of personal data
The stored personal data will be deleted immediately if the user revokes their consent to storage in accordance with Art. 17 para. 1 b GDPR or if knowledge of this data is no longer required to fulfil the purpose pursued with the storage in accordance with Art. 17 para. 1 a GDPR, in particular if the user account is deleted or if its storage is inadmissible for other legal reasons in accordance with Art. 17 para. 1 d GDPR. If your data is transmitted to third parties when you use our online services, they are responsible for storing and deleting it. You will be informed of the contact details of these third parties when you use our online services so that you can exercise your rights directly against the respective third party.
In principle, personal data is only processed and stored for as long as is absolutely necessary to fulfil contractual or legal obligations and storage periods in accordance with Art. 17 para. 3 GDPR. In order to fulfil legal documentation obligations, data is stored for accounting reasons in some cases. The obligations arise from the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG). The periods specified there for the retention of documents are two to ten years. During the statutory retention period, your personal data is blocked and not used for any other data processing. Thereafter, the relevant data will be routinely blocked, deleted or anonymised in accordance with the statutory provisions.
1.10 Rights of data subjects
Users whose personal data is processed in certain countries, including the European Economic Area and the United Kingdom, have certain legal rights. Subject to any exceptions provided for by law, you have the right, for example, to request access to this information and to request that this information be updated, deleted or corrected. An overview of the main rights available to you as a user can be found below:
1.10.1 Right of access
In accordance with Art. 15 GDPR, you have the right to receive information about your personal data at any time. This also includes the question of whether we process your data at all. You may also be entitled to request copies of the data we have stored about you. You can also request information about the purposes of processing, the category of data concerned, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making.
1.10.2 Right to rectification and completion
In accordance with Art. 16 GDPR, you have the right to obtain without undue delay the rectification and completion of personal data concerning you if it is inaccurate or no longer accurate or incomplete.
1.10.3 Right to erasure (‘right to be forgotten’)
In accordance with Art. 17 GDPR, you have the right to erasure of your personal data stored by us, for example if your data is no longer required for the purposes for which it was collected or processed. However, your right to erasure may be excluded due to a conflicting interest. We may be obliged to continue to store some of your data concerned if this is necessary in appropriate circumstances. Reasons for continued storage include legal obligations (e.g. under applicable tax or commercial law or to prevent fraud and abuse and to maintain and improve security). If your data is not required until the expiry of the statutory limitation period for the proof of civil law claims or due to statutory retention obligations, we will delete it immediately.
1.10.4 Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data. This right exists in particular if the accuracy of the data concerned is disputed between the user and the online services offered, the continued existence of your data is no longer necessary or unlawful processing has taken place.
1.10.5 Right to data portability
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request its transmission to another controller, if and insofar as you have provided us with the data and we process it.
1.10.6 Right to lodge a complaint with a supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. This applies in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
1.10.7 Right to withdraw the consent given
In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent at any time. As a result, we will not continue the data processing based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
1.10.8 Right to object
In accordance with Art. 6 para. 1 e GDPR (data processing in the public interest) or Art. 6 para. 1 f GDPR (data processing on the basis of a balancing of interests), you have the right to object to the processing of your personal data in connection with Art. 21 GDPR if a special situation is indicated. This applies in particular to profiling within the meaning of Art. 4 para. 4 GDPR.
If your objection is directed against the processing of data for the purpose of direct marketing in accordance with Art. 21 para. 2 and 3 GDPR, we will cease processing immediately. In this case, it is not necessary to specify a particular situation. This also applies to the profiling described in Art. 4 para. 4 GDPR, insofar as it is associated with such direct advertising.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims pursuant to Art. 21 (1) GDPR. You can contact us at any time to exercise these rights and if you have any further questions about the processing of your data.
1.11 Access data and log files
When you use our online services, the operating system of your end device automatically stores various technical information (such as the type of message, date and time of the message, trigger of the message, app used, details of the content of the message) in so-called log files as access data. This is necessary for technical and security-related reasons so that the services function properly and you can use the desired services to their full extent. These log files are analysed exclusively for the purpose of detecting and handling possible errors or crashes. The legal basis is Art. 6 para. 1 lit. b GDPR.
1.12 Updating the privacy policy
Our online services are constantly being developed, in particular to improve services and functionalities. Laws, regulations and industry standards are also constantly changing in parallel with the online services. Other reasons that require an adjustment to our privacy policy may result from changes to additional services or even to the business model. This privacy policy will therefore be updated from time to time. We recommend that you inform yourself regularly about any changes so that you are always up to date with our privacy policy. When contacting us, please check the addresses and contact information of the selected recipients in particular, as these may also be affected by changes. We will of course inform you immediately if any action on your part (e.g. consent) is required or any other individual disadvantage arises as a result of amendments to this policy.
2 System authorisation and access rights
Our aim is to provide you with all functions at all times, to ensure user security and to be able to continuously develop them further. As part of this, our service accesses various interfaces on the end device you are using. These interfaces enable us to access your device. These interfaces and system functions are primarily of a technical nature. Depending on the underlying operating system, device access is only possible with your consent in relation to the respective functionalities. These consents are stored locally in your end device in the form of system settings and can be customised and revoked at any time. Below you will find more detailed information on which authorisations our service requires.
2.1 Legal basis of access rights
Access to system functionalities and the associated processing of personal data takes place on the basis of the legal bases already mentioned, here in particular taking into account our legitimate interest.
The provision of functionalities of our online offer is not exclusively linked to the processing of data, but it is our legitimate interest to ensure the security of our services and also to take legal and business considerations into account, even if the processing of data is not required for any other purposes.
At this point, we would like to assure our users that if they expressly revoke their consent to the processing of their data, we will immediately delete the stored personal data in accordance with the statutory retention obligations. Until the time of revocation, all processed data will be collected, evaluated, forwarded and analysed on the basis of the consent given. This will, of course, take place within the scope of your declaration of consent.
2.2 Categories of device authorisations
2.2.1 Identity and contacts
If the user uses a user account as part of this online service, access to the account information, such as the e-mail address, is required. As a user, you can then use your e-mail address or common ‘social logins’ to register. If you register using your email address, you will be asked for information such as your email address, first name and surname. The option of a ‘social login’ in the form of a single sign-on requires the authorisation ‘identity’ or its characteristics, so that a user account can be registered via social networking services such as Google, Facebook or Twitter.
2.2.2 Account and device ID
For security reasons and to create a user account, your device ID may be recorded. Access to your device identifier enables, among other things, user targeting, which prevents unauthorised login attempts and ensures the legitimate use of the user account.
2.2.3 Network connection information
This authorisation may be required to read out the signal strength of network connections in order to make system improvements and rectify errors.
2.2.4 Geo-based location data
This authorisation is always linked to the user's consent and allows your location to be localised and is used to provide services and any content of our online offering as well as to display information and services related to your location. Geo-based location services must be available and activated on your device so that they can be used for our online offering and the associated services.
2.2.5 Camera and microphone
This authorisation is always linked to the user's consent and is used in the context of using our online offering to process audio, image and video recordings of users by accessing the microphone and camera function.
2.2.6 Videos, photos and audio recordings
This authorisation allows access to the memory of your end device with the aim of processing the videos, photos and audio recordings contained therein and creating new media data. We are fully aware of the sensitivity involved in processing this category of personal data, which is why we only process it in accordance with its functionality.
2.2.7 Contact details
Granting this authorisation enables access to your contact directory. It is now possible to check whether other of your contacts are also using our online offering. A data comparison takes place on our servers, whereby this is used exclusively for the purpose of a comparison.
2.3 Age restriction and child protection
It is a matter of course for us to protect your privacy if you have decided to use our online services. We feel particularly obliged to protect the privacy of children if they intend to visit our services. We expressly ask all parents to regularly observe and monitor the activities of their children.
Children in particular deserve special protection when it comes to their personal data, as children may be less aware of the relevant risks, consequences and guarantees and their rights when it comes to the processing of personal data. Such special protection should in particular concern the use of children's personal data for advertising purposes or for the creation of personality or user profiles and the collection of personal data from children when using services offered directly to children. At this point, we strictly adhere to the provisions of Art. 8 GDPR. Art. 8 para. 1 GDPR sets out which regulations for personal data must be observed in connection with data protection for children. In this context, two basic distinctions can be made:
The child has reached the age of 16 - the processing of personal data is lawful.
The child has not yet reached the age of 16 - the lawfulness of the processing of children's personal data is dependent on the consent of the child's parents or with their consent.
The Federal Republic of Germany does not make use of the opening clause to reduce the minimum age in the context of data protection for children in need of protection. Accordingly, the minimum age of 16 years is decisive for us in the context of the age restriction.
Controllers pursuant to Art. 8 para. 2 GDPR are required to make appropriate technical efforts to ensure consent.
3. collection and analysis of personal data
The collection of personal data in the context of our online offers is generally linked to consent in accordance with Art. 6 para. 1 lit. a GDPR, is used for contract fulfilment and for pre-contractual enquiries in accordance with Art. 6 para. 1 lit. b GDPR, complies with legal obligations in accordance with Art. 6 para. 1 lit. c GDPR and is collected, processed and recorded to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. In addition, the protection of vital interests pursuant to Art. 6 para. 1 lit. d GDPR is observed and the protection of public interests pursuant to Art. 6 para. 1 lit. e GDPR is ensured. You can find more detailed information in the ‘Legal basis and purposes of data processing’ section of our privacy policy. If special categories of personal data are stored and processed as part of an application process in accordance with Art. 9 Para. 1 GDPR, their processing is based on the exceptions in accordance with Art. 9 Para. 2 lit. a GDPR, Art. 9 Para. 2 lit. b GDPR, Art. 9 Para. 2 lit. c GDPR and Art. 9 Para. 2 lit. h GDPR.
The following list contains an overview of data collection and the associated data types, including potential personal data:
Contact details: Email address, telephone number, country of residence
Inventory data: Name, gender, age, address
Applicant data: Cover letter, CV, certificates, qualifications
Usage data: Access times, click rates, viewing habits, websites visited
Technical data / metadata: IP address; time of registration; operating system; device type
Location data: GPS data; WLAN connection data; radio cell queries; manual information
Interaction data: Inputs within the app; responses to surveys; language selection
Contract / payment data: Bank details, subject matter of contract, term, invoices
Particularly sensitive data: biometric data, such as fingerprints and iris patterns; data on ethnic and cultural origin, political, religious and philosophical beliefs, health, sexuality and trade union membership
We only store your personal data for as long as is necessary to provide the services or for other necessary purposes. This includes fulfilling our legal obligations, resolving disputes and enforcing our terms and conditions and policies. You can find more detailed information on possible purposes in the sections of this chapter and in the chapter ‘Purposes of data processing’.
3.1 Third-party providers and services
3.1.1 Cookies and tracking pixels
The use of cookies and tracking pixels enables the convenient use of websites and apps. Cookies are small text files that can be stored and read by a web server on your end device. Cookies do not cause any damage to your end device and do not contain viruses, Trojans or other malware. They are used to recognise you and to obtain user information. A tracking pixel or web beacon is a small graphic that is used in websites, emails and apps and is used to track service usage.
We would like to draw your attention to some important information below:
You may be assigned cookies and web beacons when you use online services.
Certain functions require the use of cookies or similar technologies.
‘Permanent cookies’ are stored permanently, for example to fill in login data.
‘Session cookies’ are stored for the duration of your visit to an online service.
‘First-party cookies’ are stored on your device by operators of the online offering.
‘Third-party cookies’ are mainly used by advertisers (so-called third parties).
Data from cookies and similar technologies can be combined with other data.
We would also like to inform you about typical purposes of use:
Identification of your person or your end device
Enabling access to and use of an online offer
Improvement of products, services and system security
Statistical measurement of the use of an online offer
Performance monitoring (e.g. data traffic and loading times)
Marketing through usage-based advertising
These technologies are used by third parties for tracking and tracing (real-time and follow-up tracking) of your online activities, among other things. Your user experience is subsequently personalised by any advertising networks based on your wishes and needs.
3.1.1.1 Technical cookies
Technically necessary cookies may be used for the provision and use of online services. Fields of application include identification and verification, the detection of errors and security-relevant anomalies as well as the enforcement of terms of use.
3.1.1.2 Functional cookies
Functionally necessary cookies can be used to provide improved, more personalised functions and to store information that has already been provided. Areas of application include, for example, the temporary storage of form entries and language settings as well as the provision of video and audio files.
3.1.1.3 Performance cookies
Performance cookies can be used to improve user-friendliness and performance. Fields of application include the collection of information about how the online offering is used (including click rates, viewing habits and error messages displayed).
3.1.1.4 Marketing cookies
Statistical, marketing and personalisation cookies can be used for marketing and market research purposes. Fields of application include the improvement of the target group approach, the personalisation of advertisements, the measurement of the effectiveness and reach of marketing campaigns as well as tracking and tracing across several online offers.
3.1.1.5 Settings for cookies
If you wish to prevent the use of cookies, you can do so by deactivating the respective cookie. You can give your consent for entire categories or have further information displayed and even select specific cookies. Furthermore, you still have the option to revoke your consent by deleting the device's internal app data.
3.1.2 Social media networks and plugins
To complete our online offering, it is possible to use social media and social networks. If we make use of this option, we may be represented online in these social networks. Our purpose is to communicate with interested parties and active users and also to inform them about our range of services. When using social networks, personal data may be transmitted and processed, for example in the context of third-party cookies and social media plugins. Normally, marketing cookies are used for market research and advertising purposes and thus potentially to analyse your usage behaviour. Furthermore, the integration of social media plugins can help us to log in to our app with existing user accounts (single sign-on) or to share posts and content via these networks, as well as to integrate other external media. We would like to point out that by using social media services, your data may be stored and processed in third countries in and outside the European Union. We cannot completely rule out potential risks to you in this context. This applies, for example, to the protection and enforcement of user rights.
For more detailed information, please refer to our statement on data transfer to countries outside the European Economic Area and in the section on cookies and tracking pixels as well as in the data usage guidelines of the respective social platform. The privacy policy of the respective responsible social network will provide you with comprehensive information about the contact options and setting options for adverts. Only the respective operators of the social platforms have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the operators of the social platforms. Should problems nevertheless arise, we will of course be happy to provide you with advice and assistance.
3.1.3 Cloud computing and software as a service (SaaS)
Software as a Service (SaaS) is a sub-area of cloud computing and describes a licence and sales model. SaaS offers the option of outsourcing software and associated services. IT service providers or third parties offer an underlying, external IT infrastructure (storage, server, network connection) and platform (operating system, middleware, runtime environment) as well as the software services (applications and data) based on it. Purposes of use include the storage, management and exchange of emails, documents, content and other information as well as the use of websites, forms, calendars, chats and participation in audio and video conferences.
As a result, personal data may be transmitted and processed - for example, for the aforementioned purposes and potentially associated third-party cookies from IT service providers. The processing may include the storage of master data, contact data and contract data on external third-party servers. IT service providers traditionally collect usage and metadata for security purposes and to optimise services. You can find more detailed information in our sections on data transfer to companies, persons, institutions or other recipients and in the section on cookies and tracking pixels as well as in the data usage guidelines of the respective SaaS provider.
3.1.4 Tools and widgets
We would like to take this opportunity to inform you that our website and the associated app may use scripts, programming interfaces, software development kits and similar technologies. These technologies are offered by third parties or programmed in-house, whereby they access in particular the identification numbers stored in the end device (including device ID, advertising ID and instance ID). Furthermore, widgets can be used to supplement the functionality and content of our online offers. The corresponding content of the widget is displayed within the online offers and includes conventionally changing information. An active data connection to the servers of the respective widget provider is essential for accessing current content and functions. By using cookies, widget providers can obtain information about whether and, if so, to what extent users have visited and used our online offering.
Personal data that can be collected may include in particular
User data (name, email address, location, language setting, location)
Data on the initial start and the app (version and versions)
Data on the number of users and sessions (duration and time)
Technical data, such as information about the end device (operating system, IP address and device type)
Usage data, such as interactions with the app (content viewed and click rates)
The categories of tools that can be used are listed below.
3.1.4.1 Technical tools
Technically necessary tools may be used to provide and use our online services. Fields of application include login authentication, language settings and the storage of other details and information already provided until the next visit to the app.
3.1.4.2 Functional tools
Functionally necessary cookies can be used to provide improved, more personalised functions. Fields of application include the provision of additional communication, display and payment channels as well as the optimisation of usability.
3.1.4.3 Analysis tools
Analysis tools may be used to further develop our online offering. Fields of application include the statistical recording and analysis of user behaviour and the evaluation of various marketing channels.
3.1.4.4 Marketing tools
Marketing tools can be used for advertising and market research purposes. Fields of application include the recording of customer satisfaction, improvement of the target group approach, the personalisation of advertisements and the measurement of the effectiveness and reach of marketing campaigns.
3.1.5 Advertising networks and online marketing
When you use our online services, we may collect data about your activities in connection with advertising networks in order to measure the effectiveness of our marketing and to offer you personalised advertising - including on other online services. These advertising networks track your activities over a longer period of time and collect data by using cookies, tracking pixels, marketing tools and server logs. If online offers visited are part of the advertising network, user behaviour can be analysed and evaluated across websites and apps.
We may process your personal data for online marketing purposes (e.g. marketing advertising space or displaying advertising content). As part of marketing, user profiles may be created and stored in a cookie - alternatively, similar processes with the same purpose may be used. Profile information may include content viewed, location data and technical details of the end device. Furthermore, your IP address may be stored and a so-called IP masking procedure (shortening of the IP address for pseudonymisation) may be used as a security measure for your personal protection. When using online marketing, we only receive access to information about the effectiveness of our advertisements and any conversation rates to analyse the marketing measures used.
You can find more detailed information in our explanations on data transfer and in the sections on cookies and tracking pixels, access data and log files, marketing tools, cloud computing, surveys and in the data usage guidelines of the respective advertising networks. The privacy policy of the respective responsible network will inform you in detail about the contact options and setting options for adverts. Only the respective operators of the platforms have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the operators of the advertising networks. Should problems nevertheless arise, we will of course be happy to provide you with advice and assistance.
3.2 Communication and marketing
3.2.1 Customer relationship management and contact channels
To maintain our customer relationships, we enable you to contact us as part of our customer relationship management. Contact can potentially be made in various ways, for example by email, telephone, fax, form enquiry or via the social media we use. If you send us an enquiry, your details and data will be used and stored for the purpose of processing and solving any problems. Please use the contact options provided in our online offers.
3.2.1.1 Instant messenger
Contacts initiated by using messenger services - for example via the messengers of established social media networks such as WhatsApp and Facebook Messenger - are conventionally end-to-end encrypted. Your message content and attachments sent to us, as well as any personal data, cannot be viewed directly by the messenger operator. However, it is possible for the messenger provider to indirectly collect personal data - so-called metadata. Identification of the sender and the addressee, the date and time, technical device data and location data are possible metadata. If you do not agree with the type of data collection, please use an alternative contact method.
Further information can be found in our statement on social media networks and plugins. The privacy policy of the respective responsible messenger service provider will provide you with comprehensive information about the contact options. Only the respective operators of the messenger services have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the messenger providers. Should problems nevertheless arise, we will of course be happy to provide you with advice and assistance.
3.2.1.2 Virtual chat assistants
Contact initiation via chat services and virtual chat assistants includes text-based automated dialogue systems. These information systems allow communication with a technical system via the input and output of a natural language. Chat assistants act as interactive agents to answer users' questions and concerns. Solutions to problems and information about our online services can thus be provided without waiting times. The collection of personal data is essential for the functionality of the online chat. We also store and log the content of your conversations via the chat services. The collected data and information can be used to address users personally, to transmit any requested content and solutions to problems, to interact with other information systems on behalf of the user if necessary and also to improve the artificial intelligence of the chat assistant. The latter enables chatbots to learn answers to frequently asked questions and recognise unanswered queries so that personal contact can be suggested. Therefore, if you do not agree with the type of data collection, please use an alternative contact channel.
We would also like to point out that chatbots may be offered by third parties and therefore the data protection guidelines of the respective provider apply. Only the respective operators of the virtual assistants have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the chatbot providers. Should problems nevertheless arise, we will of course be happy to provide you with advice and assistance.
3.2.1.3 Push messages
Contact initiation via push messages are one-way communication channels. These messages show you current information and news on your end device without you having to open the corresponding app. Push notifications are usually sent automatically. If you no longer wish to receive these notifications at a later date, you can use the settings on your mobile device to deactivate them. The associated collection of personal data potentially serves advertising and marketing purposes, the processing of location data if messages are sent based on location, as well as analysis and performance measurement for optimisation purposes. Messages can be statistically recorded and evaluated, for example to identify data on the usage habits of users (including retrieval behaviour and time of display) and to personalise push messages. Therefore, if you do not agree with the type of data collection, please use an alternative contact channel.
We would also like to point out that push messages may be offered by third-party providers and therefore the data protection guidelines of the respective provider apply. Only the respective operators of the messages have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the providers. Should problems nevertheless arise, we will of course provide you with advice and assistance.
3.2.1.4 Newsletter
Contact initiation via newsletters are one-way communication channels. These e-mails may contain regular information and updates on our online offers. In order to receive newsletters, a valid email address is required - and therefore also processing for sending the newsletter - as well as consent and authorisation for the delivery itself.
Your consent to the processing of your email address for the receipt of the newsletter can be revoked at any time, either by using the unsubscribe link in the newsletter or by contacting the provider personally in another way - details of the controller and the data protection officer can be found in the newsletter provider's privacy policy. This does not affect the lawfulness of the processing that has taken place on the basis of your consent up to the time of your cancellation.
For your protection, it is necessary to carry out a double opt-in procedure to receive newsletters. To implement the double opt-in procedure, you will receive another email/SMS to confirm your registration (second opt-in) after you have registered for the newsletter (first opt-in), so that misuse of email addresses is prevented. Furthermore, your IP address, the date and time of registration and the time of confirmation are recorded for logging the registration procedure in order to prevent any misuse.
As the provider or user of a newsletter service, we are obliged to comply with legal obligations in the context of newsletter subscriptions and thus support you in protecting your interests when forwarding your personal data. We are therefore committed to the following security measures:
Deactivated checkbox for data protection consent including a link to data protection
Deactivated checkbox for newsletter registration
For non-anonymous tracking, deactivated checkbox for user consent to tracking
Use of unique and independent checkboxes
Application of the minimum principle for data collection in the registration form
No advertising in the confirmation email of the double opt-in procedure
You are not obliged to provide your personal data during the registration process. However, if you do not provide the required personal data, it may not be possible to process your subscription in full or at all. Your data will then be stored for the duration of the newsletter delivery. If you do not respond to the confirmation email, your data will be deleted after a legally reasonable period of time. The range of the aforementioned period takes into account the fact that the sender of the newsletter must comply with statutory and, if applicable, contractual retention obligations. The processing of the aforementioned data takes place for the establishment, exercise and defence of legal claims.
User behaviour can be analysed in a specific or anonymous manner. The analysis may include, for example, the opening rates of newsletters, the number of clicks on integrated links, the reach or the reading time. We are happy to tailor the offers and information sent to you to your personal interests and to optimise our content and communication on an ongoing basis. The analysis is carried out with the help of tracking pixels embedded in the newsletter. If you do not wish your usage behaviour to be analysed, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default.
We would also like to point out that newsletters may be offered by third-party providers and therefore the data protection guidelines of the respective provider apply. Only the respective operators of the newsletters have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the providers. Should problems nevertheless arise, we will of course provide you with advice and assistance.
3.2.2 Affiliate marketing
Affiliate programmes and networks can be used in the context of referral marketing for our online offers. Affiliate links and similar references (e.g. search masks and widgets) can refer to third-party offers and services. In return for the successful marketing of third-party offers - users follow affiliate links or subsequently take up the offers - we receive a commission.
As part of commission settlements, the respective third-party provider receives information about whether and, if so, in what way users have taken up the third-party offer - pay per click (user clicks on link), pay per lead (user provides contact details), pay per sale (user buys) and pay per view (user sees adverts on our online offer). Technically, this requires the use of cookies, comparable recognition technologies or the customisation of the link (e.g. by adding an online app identifier, the app provider or the user).
More detailed information can be found in our explanations on data transfer and in the sections on cookies and tracking pixels and marketing tools as well as in the data usage guidelines of the respective third-party providers. The privacy policy of the respective responsible provider will inform you in detail about the contact options. Only the respective third parties have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the providers. Should problems nevertheless arise, we will of course be happy to provide you with advice and assistance.
3.2.3 Publication media
Readers' personal data may be processed in connection with publication media, such as blogs, podcasts or forums. The purpose of processing lies in the presentation and communication between authors and readers or in the context of necessary information security measures.
If the publication medium offers the option of leaving contributions, your IP address may be stored for security reasons. If an author publishes illegal content - for example, insults or prohibited political propaganda - the IP address can be used to forward the identity of the author to the relevant authorities and to ensure self-protection against legal consequences for third-party content. In addition, processing can be used to recognise and eliminate spam or prevent multiple voting in surveys, for example. It is in our legitimate interest to permanently store contributions and associated comments, including potentially contained information on websites, apps and contact details, for the complete preservation of the publication medium until the user objects.
If the publication medium also offers the option of subscribing to articles and comments, various implementations are conceivable. For example, the subscription can be integrated into the app and additionally linked to push notifications or sent as a newsletter to an email address. We ask you to read the sections on newsletters and push notifications accordingly, as these may be relevant to post and comment subscriptions. In particular, please note the explanations on functions, purposes of use, data processing and the right of cancellation.
Finally, we would like to point out that publication media may be offered by third-party providers and therefore the data protection guidelines of the respective provider apply. Only the respective operators of the media have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the providers. Should problems nevertheless arise, we will of course be happy to provide you with advice and assistance.
3.2.4 Conference platforms
Personal data of conference participants may be processed in the context of video and audio conferences, such as webinars, meetings and online workshops. The type and scope of processing and storage duration depend on the data requirements of the respective conference and the functions used (including screen sharing, chat, surveys and recording functions) as well as any service optimisations and security measures in the context of information security and law.
We would like to encourage you to also comply with data protection measures when using conference platforms. For the duration of a conference, please observe data and privacy protection, particularly in the background of your recordings (including images and involuntary participants) and that unauthorised disclosure of access data to conference rooms is not permitted. Finally, we would like to point out that conference platforms may be offered by third-party providers and therefore the data protection guidelines of the respective provider apply. Only the respective operators of the platforms have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the providers. Should problems nevertheless arise, we will of course be happy to provide you with advice and assistance.
3.2.5 Applicants and candidate pool
A basic requirement of application procedures is the transmission of applicant data for the purpose of assessment, comparison and selection. Depending on the advertised position, we request the information required for the application. We are aware that, among other things, particularly sensitive categories of data are transferred. We would also like to point out that we apply the minimum principle when transferring data. Please also note that application data sent by e-mail is generally encrypted during transport (end-to-end), but not necessarily on the servers. We therefore cannot guarantee secure transmission by e-mail and the associated responsibility. Alternatively, you can apply by post or online form. If offered, voluntary inclusion in an applicant pool is based on consent. However, participation in an applicant pool has no influence on the ongoing application process and can be withdrawn by you at any time.
For your own security, we will delete your personal data if your application is unsuccessful or if you withdraw your consent. The storage period and deletion is also based - subject to a justified cancellation - on our legitimate interest (including follow-up questions about the application) and on a legally reasonable period of time to comply with our obligations to provide evidence (including regulations on equal treatment of applicants). Finally, we would like to inform you that recruitment software and platforms as well as services from third-party providers may be used and that the data protection guidelines of the respective provider therefore apply. Only the respective operators have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the providers. Should problems nevertheless arise, we will of course provide you with advice and assistance.
3.4 Analysis of visitor flows and behaviour
Your personal data may be collected and analysed in the course of evaluating the flow of visitors to our online offering. Among other things, behaviour, interests and demographic information are analysed. The analysis produces findings about the time at which our offers and their functions or content are most frequently used and which areas require optimisation. As part of the analysis, user profiles can be created (profiling) and stored in a cookie - alternatively, similar processes with the same purpose can be used. Profile information may include content viewed, location data and technical details of the end device. Furthermore, your IP address may be stored and a so-called IP masking procedure (shortening of the IP address for pseudonymisation) may be used as a security measure for your personal protection.
For more detailed information, please refer to our statements on cookies and tracking pixels, cloud computing, app tools and widgets, surveys and the data usage guidelines of potential external providers. The privacy policy of the respective responsible provider will inform you in detail about the contact options. Only the respective third parties have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the providers. Should problems nevertheless arise, we will of course be happy to provide you with advice and assistance.
4 Overview and listing of (third-party) providers and services
In the following section, we would like to provide you with a summarised overview and list of the service providers and services we use. The cooperation with third-party providers and external service providers is carefully considered, opportunities and risks are weighed up and standards for compliance with data protection regulations are applied. For reasons of transparency, we list relevant information on all service providers and services used in the following overview - it goes without saying that we have data processing agreements with them. To make it easier for you to classify the content and for your personal convenience, we have summarised the individual providers alphanumerically in accordance with the table of contents of this privacy policy:
Chapter
Service (provider)
Information & explanation
1. general information about the processing of your data
1.11 Provision of our services
1.11.1
Worldsoft AG
Provision of information technology infrastructure and related services | Summelenweg 91, CH-8808 Pfäffikon SZ | Website: https://www.worldsoft.info | Privacy Policy: https://www.worldsoft.info/datenschutz
3 Collection and analysis of personal data
3.1 Third-party providers and services
3.1.2
Instagram
Social network; service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy
3.1.2
Facebook
Social network; Service provider: Facebook Ireland Ltd, 4 Grand Canal Squ-are, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Opt-Out: Settings for adverts: https://www.facebook.com/adpreferences/ad_settings (login to Facebook is required)
3.1.2
Twitter
Social network | Service provider: Twitter International Company, One Cum-berland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA | Privacy Policy: https://twitter.com/de/privacy
3.1.2 YouTube Social network and video platform; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Opt-Out: https://adssettings.google.com/authenticated.
3.3 Communication and marketing
3.3.1.1
Instagram
Sending messages via the social network Instagram; Service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
3.3.1.1
Facebook Messenger
Facebook Messenger with/without end-to-end encryption | Service provider: https://www.facebook.com, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA | Website: https://www.facebook.com | Privacy policy: https://www.facebook.com/about/privacy | Opt-out: https://www.facebook.com/adpreferences/ad_settings
3.3.1.4
Google Analytics
Newsletter analysis service | Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | Website: https://marketingplatform.google.com/intl/de/about/analytics/ | Privacy policy: https://policies.google.com/privacy | Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of adverts: https://adssettings.google.com/authenticated
3.4 Analysis of visitor flows and behaviour
3.4
Google Analytics
Range measurement and web analysis; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy.
In addition to the specific data protection guidelines above, the data protection information in accordance with the EU General Data Protection Regulation also applies with regard to data processing in connection with the use and provision of our services. If you are not satisfied with the data protection measures described here, or if you have any questions regarding the collection, processing and use of your personal data, please do not hesitate to contact us - we are always happy to hear from you. Please address your data protection issues to the contact persons listed above. They will deal with your request as quickly as possible. Finally, please note that the privacy policy of the respective responsible provider will provide you with comprehensive information about contact options. Only the respective third parties have access to the data concerning you and are in a position to take direct action and provide information, so we expressly request that any requests for information and assertion of user rights be addressed directly to the providers. Should problems nevertheless arise, we will of course provide you with advice and assistance.
5 Glossary
This glossary provides you with an overview of the most important and central terms used in this privacy policy and also contains explanations for you. Below you will find an alphanumeric list of all relevant definitions:
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Data subject’ means an identified or identifiable natural person to whom personal data relates.
‘Special categories of personal data’ means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
‘Cookie’ is a small file containing a string of characters that is sent to your end device when you access a website or app. The next time you visit the online service, it can recognise your device using the cookie. Cookies can store user settings and other information. Your device can be configured so that all cookies can be rejected separately. Some of our online services may not be fully functional without cookies.
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed.
‘IP address’ is a number assigned to each device that is connected to the internet. This is referred to as an Internet Protocol (IP) address. These numbers are usually assigned in blocks that are allocated to specific geographical areas. The IP address can often be used to identify the location from which the device connects to the Internet.
‘Personal data’ means any data and information relating to an identified or identifiable natural person (‘data subject’). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ means any operation which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
We reserve the right to amend this privacy policy at any time in compliance with the applicable data protection regulations. Current status is July 2022.
Data protection created by: devocom GmbH