HappyStay Logo

Privacy policy

This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter “data”) in the context of providing our services as well as within our online offering and the associated websites, functions and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

HappyStay GmbH
Flutstraße 47A
47533 Kleve

Phone: +49 2821/7364995
Email: [email protected]

Responsible person: Sascha Hütte

Types of data processed

- Inventory data (e.g., personal master data, names or addresses).
- Contact data (e.g., email, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of the online offering (hereinafter we also collectively refer to the data subjects as “users”).

Purpose of processing

- Provision of the online offering, its functions and content.
- Responding to contact requests and communication with users.
- Security measures.
- Reach measurement/marketing

Definitions used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal bases

Pursuant to Art. 13 GDPR, we inform you of the legal bases of our data processing. For users from the scope of the GDPR, i.e., the EU and the EEA, the following applies insofar as the legal basis is not stated in the privacy policy:
The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR;
The legal basis for processing for the performance of our services and the implementation of contractual measures as well as responding to inquiries is Art. 6(1)(b) GDPR;
The legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR;
If processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.
The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) GDPR.
The legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR.
Processing of data for purposes other than those for which they were collected is determined in accordance with Art. 6(4) GDPR.
The processing of special categories of data (pursuant to Art. 9(1) GDPR) is determined in accordance with Art. 9(2) GDPR.

Security measures

In accordance with the legal requirements—taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons—we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as the related access, input, disclosure, securing of availability and separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data and response to threats to data. We also take data protection into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

Cooperation with processors, joint controllers and third parties

Where we disclose data to other persons and companies (processors, joint controllers or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if a transfer of data to third parties, such as payment service providers, is necessary for contract performance), if users have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

Where we disclose, transmit or otherwise grant access to data to other companies in our corporate group, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis that complies with legal requirements.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or this occurs in the context of using services of third parties or disclosure or transmission of data to other persons or companies, this is done only if it is necessary for the fulfillment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the legal requirements are met. That is, processing takes place, for example, on the basis of special safeguards such as an officially recognized determination of a level of data protection equivalent to that of the EU or compliance with officially recognized special contractual obligations.

Rights of data subjects

You have the right to request confirmation as to whether data concerning you are processed and to obtain information about such data as well as further information and a copy of the data in accordance with the legal requirements.

You have the right, in accordance with the legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.

In accordance with the legal requirements, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with the legal requirements, to demand restriction of processing of the data.

You have the right to receive the data concerning you that you have provided to us in accordance with the legal requirements and to request their transmission to other controllers.

You also have the right, in accordance with the legal requirements, to lodge a complaint with the competent supervisory authority.

Right to withdraw consent

You have the right to withdraw consent given with effect for the future.

Right to object

You may object at any time, in accordance with the legal requirements, to the future processing of data concerning you. The objection may in particular be made against processing for the purposes of direct advertising.

Cookies and the right to object to direct advertising

“Cookies” are small files that are stored on users’ devices. Various information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offering. “Temporary cookies”, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offering and closes their browser. For example, the contents of a shopping cart in an online shop or a login status can be stored in such a cookie. “Permanent” or “persistent” cookies are those that remain stored even after the browser is closed. For example, the login status can be stored if users visit the site again after several days. Likewise, users’ interests can be stored in such a cookie, which are used for reach measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the controller who operates the online offering (otherwise, if it is only their cookies, they are referred to as “first-party cookies”).

We may use temporary and permanent cookies and inform you about this within the scope of our privacy policy.

If users do not want cookies to be stored on their device, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional restrictions of this online offering.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that not all functions of this online offering may then be usable.

Deletion of data

The data we process are deleted or their processing is restricted in accordance with the legal requirements. Unless expressly stated within this privacy policy, data stored by us are deleted as soon as they are no longer required for their intended purpose and no statutory retention obligations prevent deletion.

If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. I.e., the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Changes and updates to the privacy policy

Please check regularly for the content of our privacy policy. We will adapt the privacy policy as soon as changes in our data processing make this necessary. We will inform you when such changes require cooperation on your part (e.g., consent) or other individual notification.

 

Business-related processing

 

In addition, we process
- Contract data (e.g., subject matter of the contract, term, customer category).
- Payment data (e.g., bank details, payment history)
from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

 

Order processing in the online shop and customer account

 

We process our customers’ data within the framework of order transactions in our online shop in order to enable them to select and order the selected products and services, as well as their payment and delivery or execution.

The data processed include inventory data, communication data, contract data, payment data, and the data subjects include our customers, prospects and other business partners. Processing is carried out for the purpose of providing contractual services within the operation of an online shop, billing, delivery and customer service. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.

Processing is carried out for the performance of our services and the implementation of contractual measures (e.g., processing of order transactions) and insofar as it is legally required (e.g., legally required archiving of business transactions for commercial and tax purposes). The information marked as required is necessary for the conclusion and performance of the contract. We disclose data to third parties only within the framework of delivery, payment or within the scope of legal permissions and obligations, as well as where this is based on our legitimate interests, about which we inform you within this privacy policy (e.g., to legal and tax advisors, financial institutions, freight companies and authorities).

Users may optionally create a user account in which they can, in particular, view their orders. During registration, the required mandatory information is communicated to users. User accounts are not public and are not indexed by search engines. If users have terminated their user account, the data relating to the user account will be deleted, subject to retention being necessary for commercial or tax reasons. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation or our legitimate interests (e.g., in the event of legal disputes). It is the users’ responsibility to save their data before the end of the contract upon termination.

Within the scope of registration and renewed logins as well as the use of our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as those of users in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary for the pursuit of our claims as a legitimate interest or there is a legal obligation.

Deletion takes place after the expiry of statutory warranty and other contractual rights or obligations (e.g., payment claims or performance obligations from contracts with customers), whereby the necessity of retaining the data is reviewed every three years; in the case of retention due to statutory archiving obligations, deletion takes place after their expiry.

 

Agency services

 

We process our customers’ data within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.

In doing so, we process inventory data (e.g., customer master data such as names or addresses), contact data (e.g., email, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), usage and metadata (e.g., in the context of evaluating and measuring the success of marketing measures). We generally do not process special categories of personal data unless these are part of a commissioned processing. Data subjects include our customers, prospects and their customers, users, website visitors or employees as well as third parties. The purpose of processing is the provision of contractual services, billing and our customer service. The legal bases for processing result from Art. 6(1)(b) GDPR (contractual services), Art. 6(1)(f) GDPR (analysis, statistics, optimization, security measures). We process data that are necessary for the establishment and fulfillment of contractual services and point out the necessity of their provision. Disclosure to external parties takes place only if it is necessary within the scope of an assignment. When processing data provided to us as part of an assignment, we act in accordance with the client’s instructions and the legal requirements of commissioned processing pursuant to Art. 28 GDPR and do not process the data for any purposes other than those in accordance with the assignment.

We delete the data after the expiry of statutory warranty and comparable obligations. The necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry (6 years, pursuant to § 257(1) HGB; 10 years, pursuant to § 147(1) AO). In the case of data disclosed to us by the client as part of an assignment, we delete the data in accordance with the specifications of the assignment, generally after the end of the assignment.

 

Therapeutic services and coaching

 

We process the data of our clients and prospects and other clients or contractual partners (collectively referred to as “clients”) in accordance with Art. 6(1)(b) GDPR in order to provide our contractual or pre-contractual services to them. The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The data processed generally include the clients’ inventory and master data (e.g., name, address, etc.), as well as contact data (e.g., email address, telephone, etc.), contract data (e.g., services used, fees, names of contact persons, etc.) and payment data (e.g., bank details, payment history, etc.).

In the course of our services, we may also process special categories of data pursuant to Art. 9(1) GDPR, in particular information on the clients’ health, possibly with reference to their sex life or sexual orientation, ethnic origin or religious or philosophical beliefs. Where necessary, we obtain explicit consent from clients pursuant to Art. 6(1)(a), Art. 7, Art. 9(2)(a) GDPR and otherwise process the special categories of data for purposes of health care on the basis of Art. 9(2)(h) GDPR, § 22(1) No. 1(b) BDSG.

Where necessary for the fulfillment of the contract or by law, we disclose or transmit clients’ data in the context of communication with other professionals, to third parties necessarily or typically involved in the fulfillment of the contract, such as billing centers or comparable service providers, insofar as this serves the provision of our services pursuant to Art. 6(1)(b) GDPR, is required by law pursuant to Art. 6(1)(c) GDPR, serves our interests or those of the clients in an efficient and cost-effective health care as a legitimate interest pursuant to Art. 6(1)(f) GDPR or is necessary pursuant to Art. 6(1)(d) GDPR to protect the vital interests of the clients or another natural person, or on the basis of consent pursuant to Art. 6(1)(a), Art. 7 GDPR.

Data are deleted when they are no longer required for the fulfillment of contractual or legal duties of care as well as for dealing with any warranty and comparable obligations, whereby the necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.

 

Contractual services

 

We process the data of our contractual partners and prospects as well as other clients, customers or contractual partners (collectively referred to as “contractual partners”) in accordance with Art. 6(1)(b) GDPR in order to provide our contractual or pre-contractual services to them. The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship.

The data processed include the master data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and telephone numbers) as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).

We generally do not process special categories of personal data unless these are part of a commissioned or contractual processing.

We process data that are necessary for establishing and fulfilling contractual services and indicate the necessity of their provision if this is not evident to the contractual partners. Disclosure to external persons or companies takes place only if it is necessary within the framework of a contract. When processing data provided to us within the scope of an assignment, we act in accordance with the instructions of the clients as well as the legal requirements.

Within the scope of the use of our online services, we may store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the users’ interests in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary for the pursuit of our claims pursuant to Art. 6(1)(f) GDPR or there is a legal obligation pursuant to Art. 6(1)(c) GDPR.

Data are deleted when they are no longer required for the fulfillment of contractual or legal duties of care as well as for dealing with any warranty and comparable obligations, whereby the necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.

 

External payment service providers

 

We use external payment service providers through whose platforms users and we can carry out payment transactions (each with a link to the privacy policy, e.g., Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)).

For the fulfillment of contracts, we use payment service providers on the basis of Art. 6(1)(b) GDPR. Otherwise, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers include inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered are processed and stored only by the payment service providers. That is, we do not receive any account or credit card information, but only information with confirmation or negative notification of the payment. Under certain circumstances, the payment service providers transmit the data to credit reference agencies. This transmission aims at identity and credit checks. For this, we refer to the terms and privacy notices of the payment service providers.

For payment transactions, the terms and privacy notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.

 

Administration, accounting, office organization, contact management

 

We process data as part of administrative tasks and the organization of our operations, accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The legal bases are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Customers, prospects, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in administration, accounting, office organization, archiving of data—i.e., tasks that serve to maintain our business activities, perform our duties and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information given for these processing activities.

In this context, we disclose or transmit data to the tax authorities, advisors such as tax consultants or auditors and other fee-collecting agencies and payment service providers.

Furthermore, on the basis of our business interests, we store information about suppliers, organizers and other business partners, e.g., for the purpose of later contact. These predominantly company-related data are generally stored permanently.

 

Business analytics and market research

 

In order to operate our business economically, recognize market trends and the wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data and metadata on the basis of Art. 6(1)(f) GDPR, with the data subjects being contractual partners, prospects, customers, visitors and users of our online offering.

The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with information, e.g., on the services they have used. The analyses serve us to increase user-friendliness, to optimize our offering and to ensure cost-effectiveness. The analyses are for our use only and are not disclosed externally unless they are anonymous analyses with aggregated values.

If these analyses or profiles are personal, they are deleted or anonymized upon termination by users, otherwise after two years from the conclusion of the contract. Otherwise, overall business analyses and general trend determinations are prepared anonymously where possible.

 

Participation in affiliate partner programs

 

Within our online offering, we use industry-standard tracking measures on the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offering) pursuant to Art. 6(1)(f) GDPR, insofar as these are necessary for the operation of the affiliate system. Below we inform users about the technical background.

The services offered by our contractual partners can also be advertised and linked on other websites (so-called affiliate links or after-buy systems, when, for example, links or services of third parties are offered after a contract has been concluded). The operators of the respective websites receive a commission if users follow the affiliate links and then use the offers.

In summary, it is necessary for our online offering that we can track whether users who are interested in affiliate links and/or the offers available from us subsequently use the offers at the instigation of the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented by certain values that can be part of the link or otherwise set, e.g., in a cookie. These values include, in particular, the originating website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising material ID, partner ID and categorizations.

The online identifiers of users that we use are pseudonymous values. That is, the online identifiers themselves do not contain personal data such as names or email addresses. They only help us to determine whether the same user who clicked on an affiliate link or was interested in an offer via our online offering has used the offer, i.e., for example, concluded a contract with the provider. However, the online identifier is personal insofar as the partner company and also we have the online identifier together with other user data. Only in this way can the partner company tell us whether the respective user has used the offer and we can, for example, pay out the bonus.

 

Amazon partner program

 

On the basis of our legitimate interests (i.e., interest in the economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we are a participant in the Amazon EU partner program, which was designed to provide a medium for websites by means of which advertising fees can be earned by placing advertisements and links to Amazon.de (so-called affiliate system). That is, as an Amazon partner we earn from qualifying purchases.

Amazon uses cookies to be able to trace the origin of orders. Among other things, Amazon can recognize that you clicked the partner link on this website and subsequently purchased a product on Amazon.

Further information on data use by Amazon and opt-out options can be found in the company’s privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

 

Digistore24 partner program

 

On the basis of our legitimate interests (i.e., interest in the economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we are a participant in the partner program of Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany, which is designed to provide a medium for websites by means of which advertising fees can be earned by placing advertisements and links to Digistore24 (so-called affiliate system). Digistore24 uses cookies to be able to trace the origin of the contract conclusion. Among other things, Digistore24 can recognize that you clicked the partner link on this website and subsequently concluded a contract at or via Digistore24.

Further information on data use by Digistore24 and opt-out options can be found in the company’s privacy policy: https://www.digistore24.com/page/privacy.

 

Privacy information in application procedures

 

We process applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. The processing of applicant data is carried out to fulfill our (pre-)contractual obligations within the scope of the application procedure in the sense of Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR, insofar as the data processing becomes necessary for us, for example, in the context of legal proceedings (in Germany, § 26 BDSG additionally applies).

The application procedure requires that applicants provide us with applicant data. To the extent that we offer an online form, the necessary applicant data are marked; otherwise, they result from the job descriptions, and generally include personal details, postal and contact addresses, and the documents pertaining to the application, such as cover letter, CV and certificates. Applicants may also voluntarily provide us with additional information.

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application procedure as set out in this privacy policy in terms of type and scope.

Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR are voluntarily communicated in the context of the application procedure, their processing is additionally carried out in accordance with Art. 9(2)(b) GDPR (e.g., health data, such as information on severe disability or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR are requested from applicants in the context of the application procedure, their processing is additionally carried out in accordance with Art. 9(2)(a) GDPR (e.g., health data if these are required for the exercise of the profession).

Where provided, applicants can submit their applications to us via an online form on our website. The data are transmitted to us in encrypted form in accordance with the state of the art.
Applicants can also send us their applications by email. Please note, however, that emails are generally not sent in encrypted form and applicants themselves must ensure encryption. We can therefore assume no responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or postal mail. Instead of applying via the online form and email, applicants can still send us their application by post.

The data provided by applicants may be further processed by us for the purposes of employment if the application is successful. Otherwise, if the application to a job posting is unsuccessful, the applicants’ data will be deleted. Applicant data will also be deleted if an application is withdrawn, to which applicants are entitled at any time.

Deletion takes place, subject to a justified withdrawal by the applicants, after a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any travel expense reimbursements are archived in accordance with tax law requirements.

 

Registration function

 

Users can create a user account. During registration, the required mandatory information is communicated to users and processed on the basis of Art. 6(1)(b) GDPR for the purpose of providing the user account. The data processed include, in particular, the login information (name, password and an email address). The data entered during registration are used for the purposes of using the user account and its purpose.

Users may be informed by email about information relevant to their user account, such as technical changes. If users have terminated their user account, their data relating to the user account will be deleted, subject to a statutory retention obligation. It is the users’ responsibility to save their data before the end of the contract upon termination. We are entitled to irretrievably delete all data stored by the user during the contract period.

Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as those of users in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation pursuant to Art. 6(1)(c) GDPR. IP addresses are anonymized or deleted no later than 7 days.

 

Contact

 

When contacting us (e.g., via contact form, email, telephone or via social media), the user’s details are processed to handle the contact request and its processing pursuant to Art. 6(1)(b) (within contractual/pre-contractual relationships) and Art. 6(1)(f) (other inquiries) GDPR. User information may be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.

We delete inquiries insofar as they are no longer necessary. We review the necessity every two years; the statutory archiving obligations also apply.

 

Newsletter

 

The following information informs you about the contents of our newsletter as well as the registration, sending and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter: We send newsletters, emails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the content of the newsletter is specifically described in the course of subscribing to the newsletter, it is decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.

Double opt-in and logging: Subscription to our newsletter takes place in a so-called double opt-in procedure. That is, after subscribing you will receive an email asking you to confirm your subscription. This confirmation is necessary so that no one can subscribe with someone else’s email address. Subscriptions to the newsletter are logged in order to be able to prove the subscription process in accordance with the legal requirements. This includes storing the subscription and confirmation time, as well as the IP address. Changes to your data stored with the shipping provider are also logged.

Registration data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for the purpose of personal addressing in the newsletter.

Sending of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6(1)(a), Art. 7 GDPR in conjunction with § 7(2) No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.

Logging of the subscription process is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest is in the use of a user-friendly and secure newsletter system that both serves our business interests and meets the expectations of users and also allows us to prove consent.

Unsubscription/withdrawal – You can cancel the receipt of our newsletter at any time, i.e., withdraw your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove previously given consent. The processing of this data is limited to the purpose of a possible defense of claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

 

Newsletter – shipping provider

 

The newsletter is sent using the shipping provider [NAME, ADDRESS, COUNTRY]. You can view the shipping provider’s privacy policy here: [LINK TO PRIVACY POLICY]. The shipping provider is used on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR and a data processing agreement pursuant to Art. 28(3) sentence 1 GDPR.

The shipping provider may use the data of recipients in pseudonymous form, i.e., without assignment to a user, to optimize or improve its own services, e.g., for the technical optimization of shipping and the presentation of newsletters or for statistical purposes. However, the shipping provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

 

Newsletter – performance measurement

 

The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our server, or, if we use a shipping provider, from the provider’s server when the newsletter is opened. As part of this retrieval, technical information is first collected, such as information about the browser and your system, as well as your IP address and the time of retrieval.

This information is used to improve the technical services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical collection also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can indeed be assigned to individual newsletter recipients. However, it is neither our aim nor, if used, that of the shipping provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

A separate withdrawal of performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled.

 

Hosting and email delivery

 

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services that we use for the purpose of operating this online offering.

In doing so, we and/or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

 

Collection of access data and log files

 

We and/or our hosting provider collect data about each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR. Access data include the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g., to clarify acts of misuse or fraud) and then deleted. Data whose further retention is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

 

Google Analytics

 

On the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use Google Analytics, a web analytics service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is generally transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate users’ use of our online offering, to compile reports on activities within this online offering and to provide us with further services related to the use of this online offering and the internet. In doing so, pseudonymous usage profiles of users can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that users’ IP addresses are shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offering by Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data use by Google, settings and opt-out options can be found in Google’s privacy policy (https://policies.google.com/privacy) and in the settings for the display of ads by Google (https://adssettings.google.com/authenticated).

Users’ personal data are deleted or anonymized after 14 months.

 

Google AdSense with personalized ads

 

On the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the AdSense service, with the help of which ads are displayed on our website and we receive compensation for their display or other use. For these purposes, usage data such as clicks on an ad and users’ IP addresses are processed, with the IP address being shortened by the last two digits. Data processing is therefore pseudonymized.

We use AdSense with personalized ads. In doing so, Google infers users’ interests based on the websites they visit or apps used and the user profiles thus created. Advertisers use this information to tailor their campaigns to these interests, which is beneficial for both users and advertisers. For Google, ads are personalized if collected or known data determine or influence ad selection. This includes, among other things, previous search queries, activities, website visits, use of apps, demographic and location information. Specifically, this includes: demographic targeting, targeting of interest categories, remarketing as well as targeting of customer match lists and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.

Further information on data use by Google, settings and opt-out options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of ads by Google (https://adssettings.google.com/authenticated).

 

Facebook Pixel, Custom Audiences and Facebook Conversion

 

Within our online offering, the “Facebook Pixel” of the social network Facebook is used for our legitimate interests in analytics, optimization and the economic operation of our online offering and for these purposes. It is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

Facebook is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

With the help of the Facebook Pixel, Facebook is able, on the one hand, to determine the visitors to our online offering as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products, determined on the basis of the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to users’ potential interests and do not have a harassing effect. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).

Facebook’s processing of data is carried out within the framework of Facebook’s data use policy. Accordingly, general information on the display of Facebook Ads can be found in Facebook’s data use policy: https://www.facebook.com/policy. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.

You can object to the collection by the Facebook Pixel and the use of your data for the display of Facebook Ads. To set which types of advertisements are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e., they are adopted for all devices, such as desktop computers or mobile devices.

You may also object to the use of cookies used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the U.S. website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Created with Datenschutz-Generator.de by Dr. Thomas Schwenke, Attorney at Law