We are very pleased with the interest you have shown in our company. Data protection is a particularly important priority for the management of EspacePlugins. The use of EspacePlugins’s Internet pages is possible without the indication of personal data; however, if a data subject wishes to use special company services via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, must always comply with the General Data Protection Regulations (GDPR) and the country-specific data protection regulations applicable to EspacePlugins. With this data protection declaration, our company wishes to inform the general public about the nature, scope and purpose of the personal data that we collect, use and process. In addition, data subjects are informed of their rights through this data protection declaration.
As data controller, EspacePlugins has implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed by this website. However, data transmissions over the Internet may in principle have security gaps, so that absolute protection may not be guaranteed. For this reason, each person concerned is free to transmit personal data to us by other means, for example by email.
1. Definitions
EspacePlugins’s data protection statement is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDR). Our data protection declaration must be legible and understandable for the general public as well as for our customers and business partners. To this end, we would first like to explain the terminology used.
In this data protection declaration, we use the following terms in particular:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
The data subject is any identified or identifiable natural person whose personal data are processed by the data controller.
c) Processing
Processing is any operation or set of operations carried out on personal data or sets of personal data, whether or not using automated processes, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or interconnection, limitation, erasure or destruction.
d) Restriction of processing
Limitation of processing is the marking of stored personal data for the purpose of limiting their processing in the future.
e) Profiling
Profiling is any form of automated processing of personal data that consists in using personal data to evaluate certain aspects of the personality of a natural person, in particular to analyze or predict aspects relating to that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific person without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that personal data is not attributed to an identified or identifiable natural person.
g) Controller or controller
The controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the law of the Union or of the Member States, the controller or the specific criteria for its appointment may be provided for by the law of the Union or of the Member States.
(h) Controller
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
i) Recipient
The recipient is a natural or legal person, public authority, agency or other body, to whom the personal data are communicated, whether or not it is a third party. However, public authorities which may receive personal data in the course of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by such public authorities must comply with the data protection rules applicable according to the purposes of the processing.
j) Third parties
A third party is a natural or legal person, a public authority, an agency or a body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process personal data.
k) Consent
The data subject’s consent is any freely given, specific, informed and unambiguous indication of the will of the data subject by which he or she signifies, by means of a clear declaration or affirmative action, his or her agreement to the processing of personal data concerning him or her.
2. Name and address of the data controller
Controller for the purposes of the General Data Protection Regulation (DPR), other data protection laws applicable in the Member States of the European Union and other data protection provisions is :
EspacePlugins
Email: contact@espaceplugins.com
Website: https://espaceplugins.com
3. Cookies
EspacePlugins’s Web pages use cookies. Cookies are text files that are stored in a computer system via a web browser.
Many websites and web servers use cookies. Many cookies contain a “cookie ID”. A cookie ID is a unique identifier for the cookie. It consists of a string of characters used to assign web pages and servers to the specific web browser in which the cookie is stored. This allows the websites and servers visited to differentiate the individual browser from the subject of dates from other web browsers that contain other cookies. A specific web browser can be recognized and identified using the unique ID of the cookie.
Through the use of cookies, EspacePlugins can provide users of this Web site with more user-friendly services that would not be possible without the setting of cookies.
With the help of a cookie, information and offers on our website can be optimized for the user. Cookies enable us, as mentioned above, to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. The website user who uses cookies, for example, does not need to enter access data each time he accesses the website, as this data is taken over by the website, and the cookie is therefore stored on the user’s computer system. Another example is the cookie from a shopping cart in an online store. The online store memorizes the items that a customer has placed in the virtual shopping cart thanks to a cookie.
The person concerned can at any time prevent the installation of cookies through our website by means of a corresponding setting in the Internet browser used, and can therefore permanently refuse the installation of cookies. In addition, already installed cookies can be deleted at any time by means of a web browser or other software. This is possible in all current Internet browsers. If the person concerned disables the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be fully used.
4. Collection of data and general information
The EspacePlugins website collects a series of general data and information when a person concerned or an automated system calls the site. This data and general information is stored in server log files. The data collected may include (1) the types and versions of browsers used, (2) the operating system used by the access system, (3) the website from which an access system accesses our website (the “referrers”), (4) sub-websites, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the provider of the access system, and (8) any other similar data and information that could be used in the event of an attack on our computer systems.
By using this general data and information, EspacePlugins does not draw any conclusions about the person concerned. Rather, this information is necessary to (1) properly disseminate the content of our website, (2) optimize the content of our website and its advertising, (3) ensure the long-term viability of our computer systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. Consequently, EspacePlugins statistically analyzes the data and information collected anonymously, with the aim of increasing the protection and security of our company’s data and ensuring an optimal level of protection for the personal data we process. Anonymous data in the server log files is stored separately from any personal data provided by a data subject.
5. Registration on our website
The person concerned has the possibility to register on the website of the data controller by indicating his/her personal data. The personal data that is transmitted to the data controller is determined by the input mask used for registration. The personal data entered by the data subject is collected and stored exclusively for the internal use of the data controller and for its own purposes. The data controller may request the transfer to one or more processors (e.g. parcel service) who also use personal data for an internal purpose attributable to the data controller.
When registering on the website of the data controller, the IP address assigned by the Internet Service Provider (ISP) and used by the data subject – date and time of registration – is also stored. The storage of this data is in the context of the fact that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of violations. Insofar as the storage of this data is necessary to ensure the security of the data controller. This data is not passed on to third parties, unless there is a legal obligation to pass on the data or if the transfer serves the purpose of criminal prosecution.
The registration of the data subject, with voluntary indication of his or her personal data, is intended to enable the data controller to offer him or her content or services that can only be offered to registered users due to the nature of the subject matter. Registered users are free to change the personal data indicated during registration at any time or to have them completely deleted from the data controller’s data stock.
The data controller shall at any time provide each data subject who so requests with information on the personal data stored about him or her. In addition, the data controller is obliged to correct or delete personal data at the request or on the indication of the data subject, insofar as there is no legal obligation to store such data. All employees of the data controller are available to the data subject in this respect as contact persons.
6. Subscription to our newsletters
On the EspacePlugins website, users have the opportunity to subscribe to our company’s newsletter. The input mask used for this purpose determines which personal data is transmitted and when the newsletter is ordered from the data controller.
EspacePlugins regularly informs its customers and business partners about the company’s offers by means of a newsletter. The person concerned can only receive the company’s newsletter if (1) he or she has a valid e-mail address and (2) he or she registers for the newsletter. A confirmation e-mail will be sent to the e-mail address registered by the data subject for the first time for sending the newsletter, for legal reasons, as part of the double opt-in procedure. This confirmation e-mail is used to prove that the owner of the e-mail address, as the person concerned, is authorised to receive the newsletter.
When registering for the newsletter, we also record the IP address of the computer system assigned by the Internet Service Provider (ISP) and used by the person concerned at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to understand the (possible) misuse of a data subject’s e-mail address at a later date, and therefore serves the purpose of the legal protection of the data controller.
Personal data collected in the context of newsletter registration will only be used for the purpose of sending our newsletter. In addition, newsletter subscribers may be informed by e-mail, insofar as this is necessary for the operation of the newsletter service or for the registration in question, as may be the case in the event of changes to the newsletter offer, or in the event of a change in technical circumstances. Personal data collected by the newsletter service will not be transferred to third parties. The subscription to our newsletter can be terminated at any time by the person concerned. The permission to store personal data that the person concerned has given for sending the newsletter can be revoked at any time. A link to the revocation of consent can be found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the data controller, or to communicate it to the data controller in another way.
7. Follow-up of the newsletter
The EspacePlugins newsletter contains so-called tracking pixels. A tracking pixel is a thumbnail graphic embedded in these emails, which are sent in HTML format to allow log files to be saved and analyzed. This allows statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, EspacePlugins can see if and when an e-mail was opened by a concerned person, and which links in the e-mail were called up by the concerned persons.
This personal data collected in the tracking pixels contained in the newsletters is stored and analyzed by the data controller in order to optimize the sending of the newsletter, as well as to better tailor the content of future newsletters to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects have the right to revoke the corresponding separate declaration of consent at any time, issued by means of the double opt-in procedure. After revocation, the personal data will be deleted by the data controller. EspacePlugins automatically considers a withdrawal of receipt of the newsletter as a revocation.
8. Possibility of contact via the website
The EspacePlugins website contains information that allows for quick electronic contact with our company, as well as direct communication with us, which also includes a general e-mail address. If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. These personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of these personal data to third parties.
9. Routine deletion and blocking of personal data
The data controller shall only process and store the personal data of the data subject for the time necessary to achieve the purpose of the storage, or for the time allowed by the European or other legislators in the laws or regulations to which the data controller is subject.
If the purpose of the retention is not applicable, or if a retention period prescribed by the European or other competent legislator expires, the personal data will be systematically blocked or deleted in accordance with legal requirements.
10. Rights of the data subject
a) Right of Confirmation
Each data subject has the right, granted by the European legislator, to obtain confirmation from the data controller that personal data concerning him/her are or are not being processed. If a data subject wishes to avail himself of this right of confirmation, he may, at any time, contact any employee of the data controller.
b) Right of access
Every data subject has the right, granted by the European legislator, to obtain from the data controller free information on his personal data stored at any time and a copy of this information. In addition, European directives and regulations grant the data subject access to the following information:
the purposes of the processing ;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations ;
if possible, the period envisaged for the retention of personal data or, if this is not possible, the criteria used to determine that period ;
the existence of the right to request or object to the controller’s rectification or erasure of personal data or the restriction of the processing of personal data concerning the data subject;
the existence of the right to lodge a complaint with a supervisory authority ;
where the personal data are not obtained from the data subject, any available information as to their source ;
the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the IHR and, at least in such cases, useful information on the logic involved and the meaning and consequences envisaged for the data subject of such processing.
In addition, the data subject has the right to obtain information as to whether personal data are transferred to a third country or to an international organization. If this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to make use of this right of access, he or she may, at any time, contact any employee of the controller.
c) Right of rectification
Each data subject has the right, granted by the European legislator, to obtain from the controller, without undue delay, the rectification of inaccurate personal data concerning him/her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing an additional declaration.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact any employee of the controller.
d) Right of erasure (Right to be forgotten)
Every data subject has the right, granted by the European legislator, to obtain from the controller the erasure without delay of personal data concerning him/her, and the controller has the obligation to erase personal data without delay where one of the following grounds applies, as long as the processing is not necessary :
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
The data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) of the GDPS or Article 9(2)(a) of the GDPS and where there is no other legal ground for the processing.
The data subject objects to the processing on the basis of Article 21(1) of the GDPR and where there are no compelling legitimate grounds for the processing, or the data subject objects to the processing on the basis of Article 21(2) of the GDPR.
The personal data have been processed unlawfully.
Personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.
The personal data have been collected in the context of the provision of information society services referred to in Article 8(1) of the GDPR.
If one of the above-mentioned reasons applies, and if a data subject wishes to request the deletion of personal data stored by EspacePlugins, he or she may, at any time, contact any employee of the data controller. A EspacePlugins employee is responsible for ensuring that the request for deletion is acted upon immediately.
Where the data controller has made personal data public and is required under Article 17(1) to erase such data, the data controller shall take reasonable steps, including technical measures, to inform other personal data controllers that the data subject has requested erasure by those controllers of any link to such personal data, or of any copy or reproduction of such data, to the extent that processing is not required. A EspacePlugins employee will take the necessary steps in individual cases.
e) Right to restrict processing
Each data subject has the right, granted by the European legislator, to obtain from the data controller a limitation of the processing when one of the following conditions applies :
The accuracy of the personal data is contested by the data subject, for a period of time allowing the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject objects to the deletion of the personal data and instead requests the limitation of its use.
The controller no longer needs the personal data for the purpose of processing, but they are required by the data subject for the establishment, exercise or defence of a legal claim.
The data subject has objected to the processing on the basis of Article 21(1) of the PDSG pending verification whether the legitimate grounds of the controller outweigh those of the data subject.
If one of the above conditions is met and a data subject wishes to request the limitation of the processing of personal data stored by EspacePlugins, he or she may at any time contact any employee of the controller. The EspacePlugins employee will take the necessary steps to limit the processing.
f) Right to data portability
Each data subject has the right, granted by the European legislator, to receive personal data concerning him/her, which has been provided to a data controller, in a structured, commonly used and machine-readable format. He or she has the right to pass on such data to another controller without being obstructed by the controller to whom the personal data have been disclosed, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPS or Article 9, (2)(a) of the GDPS, or a contract under Article 6(1)(b) of the DPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in the exercise of his right to data portability in accordance with Article 20(1) of the GDPS, the data subject has the right to have personal data transmitted directly from one controller to another, where this is technically possible and does not adversely affect the rights and freedoms of others.
In order to assert his or her right to data portability, the data subject may at any time contact any EspacePlugins employee.
g) Right to object
Every data subject has the right, granted by the European legislator, to object at any time, on grounds relating to his or her particular situation, to the processing of personal data relating to him or her, a right which is based on Article 6(1)(e) or (f) of the GDPS. This also applies to profiling based on these provisions.
EspacePlugins will no longer process personal data in the event of an objection, unless we can demonstrate the existence of legitimate and compelling reasons justifying processing that overrides the interests, rights and freedoms of the data subject, or the establishment, exercise or defence of a legal right.
If EspacePlugins processes personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing. This applies to profiling insofar as it relates to such direct marketing. If the data subject objects to the processing for direct marketing purposes, EspacePlugins will no longer process personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of his or her personal data by EspacePlugins for the purposes of scientific or historical research, or for statistical purposes, in accordance with Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
In order to exercise his/her right of objection, the data subject may contact any EspacePlugins employee. In addition, the data subject is free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right of opposition by automated means using technical specifications.
h) Automated individual decision making, including profiling
Each data subject has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her, provided that this decision (1) is not necessary for the purposes of taking or executing the decision, a contract between the data subject and a controller, or (2) is not permitted by Union or Member State law to which the controller is subject and which also provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is not based on the explicit consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and a controller, or (2) is based on the explicit consent of the data subject, EspacePlugins implements appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, at least the right to obtain humane intervention by the controller, to express his or her views and to challenge the decision.
If the data subject wishes to exercise the rights relating to automated individual decision-making, he or she may, at any time, contact any EspacePlugins employee.
i) Right to withdraw data protection consent
Each data subject has the right, granted by the European legislator, to withdraw his or her consent to the processing of his or her personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact a EspacePlugins employee at any time.
11. Data protection provisions regarding the application and use of Facebook
On this site, the controller has integrated elements of the Facebook company. Facebook is a social network.
A social network is a place for social meetings on the Internet, an online community, which generally allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences, or allow the Internet community to provide personal or professional information. Facebook allows social network users to create private profiles, upload photos and create networks through friend requests.
Facebook’s operating company is Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. If a person lives outside the United States or Canada, the controller is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Upon each call to one of the individual pages of this website, which is managed by the controller and in which a Facebook component (Facebook plug-ins) has been integrated, the web browser of the person’s computer system is automatically prompted to download the display of the corresponding Facebook component from Facebook via the Facebook component. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/. During this technical procedure, Facebook is informed of the specific subsite of our website that was visited by the person concerned.
If the person concerned is logged on to Facebook at the same time, Facebook detects with each call to our website by the person concerned – and for the duration of his or her stay on our website – which specific subsite of our website was visited by the person concerned. This information is collected via the Facebook component and associated with the respective Facebook account of the person concerned. If the data subject clicks on one of the Facebook buttons on our website, for example the “Like” button, or if the data subject submits a comment, then Facebook associates this information with the data subject’s personal Facebook user account and stores the personal data.
Facebook always receives, via the Facebook component, information about the visit to our website by the data subject, when the data subject is simultaneously logged on to Facebook at the time of the call to our website. This occurs regardless of whether or not the person concerned clicks on the Facebook component. If such transmission of information to Facebook is undesirable for the data subject, the data subject can prevent this by logging out of his or her Facebook account before placing an order on our website.
Facebook’s published data protection guideline, which is available at https://facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. In addition, it explains what setting options Facebook offers to protect the privacy of the person concerned. In addition, various configuration options are offered to enable the deletion of data transmission to Facebook. These applications can be used by the data subject to delete a data transmission to Facebook.
12. Data protection provisions regarding the application and use of Google Analytics (with anonymization function)
On this site, the controller has integrated the Google Analytics component (with the anonymity function). Google Analytics is a web analytics service. Web analytics is the collection, collation and analysis of data on the behavior of website visitors. A web analytics service collects, among other things, data about which website a person comes from (the “referrer”), which sub-pages have been visited, or how often and for how long a sub-page has been visited. Web analytics is mainly used to optimize a website and to perform a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For web analysis through Google Analytics, the controller uses the application “_gat. _anonymizeIp”. By means of this application, the IP address of the data subject’s Internet connection is abbreviated by Google and made anonymous when accessing our websites from a member state of the European Union or another contracting state of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the data and information collected, among other things, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our website for us.
Google Analytics places a cookie on the person’s computer system. The definition of cookies is explained above. By installing the cookie, Google is able to analyze the use of our website. Whenever a user calls up one of the individual pages of this website, which is operated by the data controller and in which a Google Analytics component has been integrated, the Internet browser of the computer system of the person concerned automatically transmits data via the Google Analytics component for the purpose of online advertising and the payment of commissions to Google. In the course of this technical procedure, Google acquires knowledge of personal information, such as the IP address of the person concerned, which enables Google, among other things, to understand the origin of visitors and clicks, and then to establish commission payments.
The cookie is used to store personal information, such as the time of access, the place from which the access was made and the frequency of visits to our website by the person concerned. With each visit to our website, this personal data, including the IP address of the Internet access used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer this collected personal data to third parties through the technical procedure.
As mentioned above, the person concerned can prevent the installation of cookies through our website at any time by making a corresponding setting in the Internet browser used and thus definitively refuse the installation of cookies. Such a setting of the Internet browser used would also prevent Google Analytics from installing a cookie on the computer system of the person concerned. In addition, cookies already used by Google Analytics can be deleted at any time by means of a web browser or other software.
In addition, the person concerned has the option of objecting to the collection of data generated by Google Analytics in connection with the use of this website and to the processing of this data by Google. For this purpose, the data subject must download and install a browser plug-in under the link https://tools.google.com/dlpage/gaoptout. This browser add-on indicates to Google Analytics by means of JavaScript that data and information about visits to the website should not be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s computer system is subsequently deleted, formatted or newly installed, then the data subject must reinstall the browser add-ons in order to deactivate Google Analytics. If the data subject or any other person under his or her responsibility has uninstalled or deactivated the browser add-on, the re-installation or reactivation of the browser add-ons can be carried out.
Further information and Google’s applicable data protection provisions can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/us.html. Google Analytics is explained in more detail under the following link https://www.google.com/analytics/.
13. Data protection provisions regarding the application and use of Google+.
On this website, the controller has integrated the Google+ button as a component. Google+ is a so-called social network. A social network is a social meeting place on the Internet, an online community, which generally allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences, or allow the Internet community to provide personal or professional information. Google+ allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Google+ is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Upon each call to one of the individual pages of this website, which is operated by the controller and on which a Google+ button has been integrated, the Internet browser of the computer system of the person concerned automatically downloads a display of the corresponding Google+ button from Google via the corresponding Google+ button component. During this technical procedure, Google is informed of the specific sub-page of our website that was visited by the person concerned. More detailed information about Google+ is available under https://developers.google.com/+/.
If the person concerned is connected to Google+ at the same time, Google recognises with each call to our website by the person concerned and during the entire period of his or her stay on our website which specific sub-pages of our website were visited by the person concerned. This information is collected via the Google+ button and Google associates it with the Google+ account corresponding to the person concerned.
If the person concerned clicks on the Google+ button integrated into our website and thus gives a Google+ 1 recommendation, then Google assigns this information to the personal Google+ user account of the person concerned and saves the personal data. Google records the Google+ 1 recommendation of the data subject and makes it publicly available in accordance with the terms and conditions accepted by the data subject in this regard. Subsequently, a Google+ 1 recommendation given by the data subject on this website as well as other personal data, such as the Google+ account name used by the data subject and the recorded picture, are stored and processed on other Google services, such as Google search engine results, the data subject’s Google account or at other locations, for example on web pages, or in connection with advertisements. Google may also link the visit to this website to other personal data stored by Google. In addition, Google records this personal information in order to improve or optimize the various Google services.
With the Google+ button, Google receives information about the visit to our website by the person concerned, if this person is connected to Google+ at the time of the visit to our website. This happens regardless of whether or not the person concerned clicks on the Google+ button.
If the person concerned does not wish to transmit personal data to Google, he or she can prevent this transmission by logging out of his or her Google+ account before calling up our website.
Further information and Google’s data protection provisions can be found at https://www.google.com/intl/en/policies/privacy/. Further references from Google regarding the Google+ 1 button can be obtained under https://developers.google.com/+/web/buttons-policy.
14. Data protection provisions regarding the application and use of Google-AdWords
On this site, the controller has integrated Google AdWords. Google AdWords is an Internet advertising service that allows the advertiser to place ads in the results of the Google search engine and in the Google advertising network. Google AdWords allows an advertiser to predefine specific keywords with which an ad in Google’s search results is only displayed afterwards, when the user uses the search engine to retrieve a search result relevant to the keyword. In Google’s advertising network, ads are displayed on relevant web pages using an automatic algorithm, taking into account the pre-defined keywords.
The operating company of Google AdWords is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is the promotion of our website by inserting relevant advertising on third party websites and in Google search engine results and inserting third party advertising on our website.
If a relevant person reaches our website through a Google ad, a conversion cookie is stored in the computer system of the relevant person through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the person concerned. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, for example the shopping basket of an online store system, have been called up on our website. Thanks to the conversion cookie, both Google and the data controller can understand whether a person who has accessed an AdWords ad on our website has generated sales, i.e. whether he or she has executed or cancelled a sale of goods.
The data and information collected by means of the conversion cookie is used by Google to create statistics about the visit to our website. These visit statistics are used to determine the total number of users who have been served by AdWords ads, to verify the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive personally identifiable information from Google.
The conversion cookie stores personal information, such as the web pages visited by the person concerned. Each time we visit our web pages, personal data, including the IP address of the Internet access used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer this personal data collected through the technical procedure to third parties.
The person concerned can at any time prevent the installation of cookies by our website, as described above, by means of a corresponding setting on the Internet browser used and thus definitively refuse the installation of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the computer system of the person concerned. In addition, a cookie set by Google AdWords can be deleted at any time via the Internet browser or other software.
The person concerned has the opportunity to object to interest-based advertising by Google. Therefore, the person concerned must access the link www.google.de/settings/ads from each of the browsers used and set the desired parameters.
Further information and Google’s applicable data protection provisions can be found at https://www.google.com/intl/en/policies/privacy/.
15. Data protection provisions concerning the application and use of Instagram
On this site, the controller has integrated elements of the Instagram service. Instagram is a service that can be described as an audio-visual platform, which allows users to share photos and videos, as well as broadcast these data in other social networks.
The operating company for the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Upon each call to one of the individual pages of this website, which is operated by the data controller and on which an Instagram component (Insta button) has been integrated, the Internet browser of the data subject’s computer system is automatically prompted to download a display of the corresponding Instagram component. In the course of this technical procedure, Instagram becomes aware of the specific sub-page of our website that has been visited by the data subject.
If the data subject is logged on to Instagram at the same time, Instagram detects at each call from our website by the data subject – and during the entire duration of his stay on our website – which specific sub-page of our Internet page has been visited by the data subject. This information is collected through the Instagram component and is associated with the individual’s respective Instagram account. If the data subject clicks on one of the Instagram buttons on our website, Instagram then matches this information with the data subject’s personal Instagram user account and stores the personal data.
Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is connected to Instagram at the time of the call on our website. This occurs regardless of whether or not the person clicks on the Instagram button. If such transmission of information to Instagram is undesirable for the individual, the individual may prevent this by logging out of his or her Instagram account before calling our web site.
Additional information and Instagram’s applicable data protection provisions can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
16. Data protection provisions regarding the application and use of Jetpack for WordPress
On this site, the controller integrated Jetpack. Jetpack is a WordPress plug-in, which offers additional functionality to the operator of a WordPress-based website. Jetpack allows the website operator, among other things, to have an overview of the website visitors. By displaying messages and related publications, or the ability to share content on the page, it is also possible to increase the number of visitors. In addition, security features are built into Jetpack, so a site using Jetpack is better protected against brute force attacks. Jetpack also optimizes and speeds up the loading of images onto the website.
The operating company of Jetpack Plug-Ins for WordPress is Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company uses tracking technology created by Quantcast Inc. 201 Third Street, San Francisco, CA 94103, USA.
Jetpack places a cookie on the computer system used by the individual. The definition of cookies is explained above. Upon each call to one of the individual pages of this website, which is operated by the data controller and on which a Jetpack component has been integrated, the web browser of the data subject’s computer system is automatically prompted to submit data to Automattic through the Jetpack component for analysis. During this technical procedure, Automattic receives data which is used to create an overview of the visits to the website. The data obtained in this way is used to analyze the behavior of the data subject, who has access to the web page of the data controller and is analyzed for the purpose of optimizing the website. The data collected through the Jetpack component is not used to identify the data subject without the prior, separate explicit consent of the data subject. The data is also made known to Quantcast. Quantcast uses the data for the same purposes as Automattic.
The person concerned can, as stated above, prevent the installation of cookies through our website at any time by means of a corresponding setting in the web browser used and thus permanently refuse the installation of cookies. Such an adjustment of the web browser used would also prevent Automattic/Quantcast from installing a cookie on the computer system of the person concerned. In addition, cookies already used by Automattic/Quantcast can be deleted at any time by means of a web browser or other software.
In addition, the person concerned has the possibility to object to the collection of data relating to the use of this website that is generated by the Jetpack cookie as well as to the processing of this data by Automattic/Quantcast and the possibility to object to this. To this end, the person concerned must press the “opt-out” button located under the link https://www.quantcast.com/opt-out/, which allows a deactivation cookie to be installed. The deactivation cookie placed for this purpose is placed on the computer system used by the person concerned. If the cookies are deleted from the data subject’s system, the data subject must then recall the link and set a new deactivation cookie.
However, with the setting of the deactivation cookie, it is possible that the websites of the data controller may no longer be fully usable by the data subject.
Automattic’s applicable data protection provisions can be consulted on the site https://automattic.com/privacy/. Quantcast’s applicable data protection provisions can be consulted at https://www.quantcast.com/privacy/.
17. Data protection provisions concerning the application and use of LinkedIn
The controller has integrated elements of the LinkedIn company on this site. LinkedIn is a web-based social network that allows users with existing business contacts to connect and make new business contacts. More than 400 million registered users in over 200 countries use LinkedIn. As a result, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.
The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy issues outside the U.S., LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.
Upon each call to one of the individual pages of this website, which is operated by the data controller and on which a LinkedIn component (LinkedIn plug-in) has been integrated, the Internet browser of the data subject’s computer system is automatically prompted to download a display of the corresponding LinkedIn component from LinkedIn. Further information on the LinkedIn plug-in can be found at https://developer.linkedin.com/plugins. During this technical procedure, LinkedIn makes it possible to find out which specific sub-page of our website was visited by the person concerned.
If the person concerned is simultaneously logged on to LinkedIn, LinkedIn detects each time the person concerned calls up our website – and during his or her entire stay on our website – which specific sub-page of our website has been visited by the person concerned. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the person concerned. If the data subject clicks on one of the LinkedIn buttons on our website, LinkedIn assigns this information to the data subject’s personal LinkedIn user account and stores the personal data.
LinkedIn receives, via the LinkedIn component, information indicating that the data subject has visited our website, provided that the data subject is connected to LinkedIn at the time of the call to our website. This occurs regardless of whether or not the person clicks on the LinkedIn button. If such transmission of information to LinkedIn is not desirable for the person concerned, the person concerned can prevent this by logging out of his LinkedIn account before placing an order on our website.
LinkedIn offers, under https://www.linkedin.com/psettings/guest-controls, the possibility to unsubscribe from e-mail messages, SMS and targeted advertisements, as well as the possibility to manage the parameters of the advertisements. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame. The setting of these cookies can be refused on https://www.linkedin.com/legal/cookie-policy. The privacy policy applicable to LinkedIn is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.
18. Data protection provisions regarding the application and use of Twitter
On this site, the controller has integrated elements of Twitter. Twitter is a publicly accessible multilingual microblogging service, where users can publish and broadcast “tweets”, i.e. short messages limited to 280 characters. These short messages are accessible to everyone, including those who are not connected to Twitter. The tweets are also displayed for the attention of the “followers” of the user concerned. Followers are other Twitter users who follow a user’s tweets. In addition, Twitter makes it possible to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Each time a call is made to one of the individual pages of this website, which is operated by the data controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser of the data subject’s computer system is automatically prompted to download a display of the corresponding Twitter component from Twitter. Further information on Twitter buttons is available at https://about.twitter.com/de/resources/buttons. During this technical procedure, Twitter makes it possible to find out which specific sub-page of our website was visited by the person concerned. The integration of the Twitter component is intended to relay the content of this website in order to enable our users to present this website to the digital world and to increase the number of our visitors.
If the person concerned is simultaneously connected to Twitter, Twitter detects with each call to our website by the person concerned and during his or her entire stay on our website which specific sub-page of our website has been visited by the person concerned. This information is collected through the Twitter component and associated with the respective Twitter account of the person concerned. If the data subject clicks on one of the Twitter buttons on our website, then Twitter assigns this information to the data subject’s personal Twitter user account and stores the personal data.
Twitter receives, via the Twitter component, information that the data subject has visited our website, provided that the data subject is logged on to Twitter at the time of the call to our website. This occurs regardless of whether or not the person clicks on the Twitter component. If such transmission of information to Twitter is not desirable for the data subject, the data subject can prevent this by logging out of his or her Twitter account before placing an order on our website.
The applicable data protection provisions of Twitter can be found at https://twitter.com/privacy?lang=en.
19. Method of payment : Data protection provisions regarding the use of PayPal as a means of payment
On this site, the controller has integrated elements of PayPal. PayPal is a provider of online payment services. Payments are processed through PayPal accounts, which are virtual private or business accounts. PayPal is also able to process virtual credit card payments when a user does not have a PayPal account. A PayPal account is managed via an email address, so there are no traditional account numbers. PayPal allows you to trigger online payments to third parties or to receive payments. PayPal also accepts proxy functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Co. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the person concerned chooses “PayPal” as the method of payment in the online store during the order process, we automatically transmit the data of the person concerned to PayPal. By choosing this payment option, the data subject agrees to the transfer of the personal data necessary to process the payment.
The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, cell phone number or other data necessary for processing the payment. The processing of the purchase contract also requires such personal data, which is related to the respective order.
The transmission of this data is for the purpose of payment processing and fraud prevention. The data controller will transfer the personal data to PayPal, in particular, if a legitimate interest is given to the transmission. The personal data exchanged between PayPal and the controller for data processing will be transmitted by PayPal to the economic credit agencies. This transmission is intended for identity and creditworthiness checks.
If necessary, PayPal will transmit personal data to its subsidiaries and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data processing within the scope of the order.
The data subject has the possibility to revoke the consent of PayPal for the processing of personal data at any time. A revocation has no effect on the personal data to be processed, used or transmitted in accordance with (contractual) payment processing.
The applicable data protection provisions of PayPal can be found at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
20. Legal basis for processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, where the processing operations are necessary for the supply of goods or the provision of any other service, the processing is based on Article 6(1)(b) of the PDSR. The same applies to processing that is necessary for the execution of pre-contractual measures, for example in the case of requests for our products or services. Is our company subject to a legal obligation that the processing of personal data is necessary, e.g. for the fulfilment of tax obligations, the processing is based on Article 6, paragraph 1, point b) of the Data Protection Act. 6(1) lit. c PIBR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor was injured in our company and his name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. In this case, treatment would be based on Art. 6(1) lit. d of the GDPR.
Finally, the processing could be based on Article 6(1)(f) of the GDPR. This legal basis is used for processing operations that are not covered by any of the above-mentioned legal bases, if the processing is necessary for the fulfilment of legitimate interests pursued by our company or by a third party, unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data outweigh those interests. Such processing is particularly permitted because it has been specifically mentioned by the European legislator. It considered that a legitimate interest could be presumed if the data subject is a customer of the controller (recital 47, second sentence of the GDPR).
21. Legitimate interests pursued by the controller or by a third party
Where the processing of personal data is based on Article 6(1)(f) of the Directive, our legitimate interest is to conduct our activities for the well-being of all our employees and shareholders.
22. Period of retention of personal data
The criterion used to determine the retention period of personal data is the respective legal retention period. After the expiry of this period, the corresponding data is systematically deleted as long as it is no longer required for the execution of the contract or the conclusion of a contract.
23. Provision of personal data as a legal or contractual requirement; requirement necessary for the conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of a failure to provide such data
We point out that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information about the contractual partner).
It may sometimes be necessary to enter into a contract in which the data subject provides us with personal data, which we then process. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him/her. Failure to provide personal data would result in the contract with the data subject not being concluded.
Before providing personal data, the data subject must contact any employee. The employee shall inform the data subject whether the provision of the personal data is required by law or the contract or whether it is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of not providing the personal data.
24. Existence of an automated decision-making process
As a responsible company, we do not use automatic decision making or profiling.