The purpose of this Privacy Statement is to explain to you the nature, scope and purpose of the processing of personal data (hereinafter referred to in short as “Data”) within our online offer and the related websites, functions and content as well as our external online presence, such as our social media profiles (hereinafter jointly referred to as our “Online offering”). With regard to the terms used, such as “processing” or “party responsible”, we refer to the definitions contained in Art. 4 of the General Data Protection Regulation (GDPR). We also hereby inform you in the following of the external components that we use for optimisation purposes and for increasing quality of use (as long as it makes the processing of third-party data the responsibility of the respective third parties once again).
The party responsible under data protection legislation (in particular the EU’s General Data Protection Regulations, GDPR) is:
60325, Frankfurt, Germany
E-mail address: firstname.lastname@example.org
Managing Director / owner: Rafeh, Ghulam
You can exercise the following rights at any time using the contact details provided for our Data Protection Officers:
If you have given us consent, you can revoke it any time, with future effect. You can refer a complaint to a regulatory authority at any time,such as to the competent supervisory authority of the Federal State of your place of residence or to our relevant responsible office with competent authority status. A list of regulatory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Visitors to and users of our online offering (we hereinafter also refer to persons concerned collectively as “Users”).
Provision of the online offering, and its functions and contents Answering contact requests and communication with users Security measures Reach measurement/marketing.
“Personal Data” means all information relevant to an identified or identifiable natural person (hereinafter known as the “person concerned”); a natural person is accepted as identifiable if they can be identified, directly or indirectly, in particular by means of relation to an identifier, such as a name, an identification number, location data, an online identifier (e.g. cookies) or by one or more particular features which constitute an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of the said natural person.
“Processing” means any process or sequence of processes in connection with personal data, performed with or without the aid of automated procedures. The term has a broad meaning; it includes practically every process related to data.
“Pseudonymisation” means the processing of personal data in such a way that personal data can no longer be assigned to a specific person concerned without the need for additional information, provided that the said additional information is stored separately and there are technical and organisational measures in place which guarantee that the said personal data cannot be assigned to any identified or identifiable natural person.
“Profiling” means any type of automated processing of personal data with the intent of using the said personal data to evaluate certain personal aspects relevant to a natural person, in particular aspects pertinent to analysing or predicting elements of the said natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or change of location.
A “party responsible” means the natural or legal person, authority, institution or other body which, whether alone or together with others, makes decisions regarding the purposes and the means for processing of personal data. “Processor” means a natural or legal person, authority, institution or other body which processes personal data on behalf of the party responsible.
Pursuant to Art. 13 of the GDPR, we inform you of the legal bases for our data processing means. If the legal basis should not be mentioned in the Privacy Statement, the following shall apply:
The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 of the GDPR; the legal basis for the processing of data as part of the fulfilment of our services and the execution of contractual measures and for answering queries is Art. 6 (1) (b) of the GDPR; the legal basis for the processing of personal data as part of the fulfilment of our legal obligations is Art. 6 (1) (c) of the GDPR; and the legal basis for the processing of personal data for the purpose of safeguarding our legitimate interests is Art. 6 (1) (f) of the GDPR. In the event that vital interests of any given person concerned or another natural person make the processing of personal data necessary, Art. 6 (1) (d) of the GDPR shall serve as the legal basis in this regard.
We take appropriate technical and organisational measures under Art. 32 of the GDPR – taking into consideration technological status, implementation costs, and the type and scope and conditions and purposes for the processing of personal data, as well as varying risk probability and severity with regard to natural persons’ rights and liberties – in order to guarantee a level of protection appropriate to the risk.
These measures include the following in particular: securing confidentiality, integrity and availability of data by monitoring physical access to it, including the access conditions with respect to the latter and its input, disclosure, protection of availability and separation. We have also established procedures that guarantee observance of the rights of persons concerned, the deletion of data and response to compromised data. We also take into account the protection of personal data during the development/selection of hardware or software and individual procedures, in accordance with the principle of data protection through technology design and privacy-friendly default settings (Art. 25 of the GDPR).
If we disclose data to other persons and companies (processors or third parties) as part of our data processing, forward it to them or otherwise grant them access to data, this may be done only on the basis of a statutory permit (e.g. if it is necessary to transfer data to third parties, or to lettershops (as per Art. 6 (1) (b) of the GDPR) for the purpose of contractual fulfilment), you have consented, there is a legal obligation mandating it or if it is relevant to our legitimate interests (e.g. when using agents, web hosters, etc.).
If we commission third parties to process data on the basis of a so-called “order processing agreement”, this shall be performed on the basis of Art. 28 of the GDPR.
If we process data in a third party country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or this happens in the context of use of third party services or of disclosure or transmission of data to third parties, this may be done only for the purpose of fulfilment of our (pre)-contractual obligations, or on the basis of your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permission, we will process data (or allow it to be processed) in a third party country only if the special conditions included in Art. 44 ff. of the GDPR apply. That is to say: such processing can be carried out on the basis of special guarantees, such as the officially recognised establishment of an EU-standard data protection level (e.g. with the “Privacy Shield” in the case of the USA) or the observation of officially recognised special contractual obligations (so-called “standard contractual clauses”).
You can revoke future processing of data applicable to you, at any time, pursuant to Art. 21 of the GDPR. Such a revocation can be initiated in particular to prevent processing of data for direct marketing purposes.
“Cookies” are small files stored on users’ computers. Different kinds of information can be stored within cookies. The primary purpose of a cookie is to save information on a user (or on the device on which the cookie is saved) during or after their visit as part of an online offering. Cookies that are deleted after a user has left an online offering and closed their browser are labelled as temporary cookies, “session cookies” or “transient cookies”. Aspects that can be saved in such a cookie include the content of a shopping cart in an online shop or a login status. Cookies are known as “permanent” or “persistent” if they remain saved after the browser has been closed. With this, login status, for example, can be saved if the users visit again after several days. The interests of users can also be saved in such a cookie, for use for range measurement or marketing purposes. Cookies offered by providers other than the party responsible (i.e. that has provided the online offering), are known as “third-party cookies” (otherwise, if it’s only their own cookies, these are known as “first-party cookies”).
We can use temporary and permanent cookies – we clarify them in the context of our Privacy Statement.
If you, as the user, do not want cookies to be stored on your computer, you will be asked to deactivate the appropriate option in the system settings of your browser. Saved cookies can be deleted in the system settings of your browser. Exclusion of cookies can lead to functional restrictions with the online offering.
The data processed by us shall be deleted, or have its processing restricted, in accordance with Art. 17 and 18 of the GDPR. Unless explicitly stated in this Privacy Statement, data saved with us shall be deleted as soon as it is no longer required for its intended purpose and such deletion does not conflict with any statutory retention requirements. If such data is not deleted – because it is required for other, legally permitted, purposes – its processing shall be restricted. That is to say, the data shall be disabled and not processed for other purposes. This applies, for example, for data which needs to be retained for commercial or tax law reasons.
In accordance with existing legal requirements in Germany, the period for such storage may be 10 years (pursuant to §§ 147 (1) of the German Fiscal Code, 257 (1) (1) and (4) of the German Commercial Code (for books, records, status reports, accounting documents, trading books, for taxation of relevant documents, etc.)) or 6 years (pursuant to § 257 (1) nos. (2) and (3) of and Clause 4 of the German Commercial Code (business letters)).
We also process
We process our clients’ data as part of our contractual services – this includes conceptual and strategic advice, campaign planning, software and design development/advice or care, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.
As part of this, we process inventory data (e.g. customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), contract data (e.g. object of contract, duration period), payment data (e.g. bank details, payment history), usage and metadata (e.g. as part of evaluation and performance measurement of marketing measures). There are certain categories of personal data which we will absolutely not process unless the components in question are of commissioned processing. Persons concerned include our clients and prospective customers, as well as their clients, users, website visitors or colleagues, as well as third parties. The purpose of the processing is the provision of contractual services, accounting, and our customer service. The legal bases for processing are covered in Art. 6 (1) (b) of the GDPR (contractual services), Art. 6 (1) (f) of the GDPR (analysis, statistics, optimisation, safety measures). We process data necessary for the justification and fulfilment of contractual services, with reference to the of processing it. It may be disclosed to external parties only if this is necessary as part of an order. During processing of the data transferred to us as part of an order, we will act in a manner consistent with the instructions of the client as well as with the legal requirements recognised with order processing as per Art. 28 of the GDPR, and we will not process such data for any purposes other than those specified in the order.
We will delete the data upon the expiry of the statutory warranty obligations and comparable obligations. The necessity for retention of the data shall be checked every three years; with statutory archiving obligations, it shall be deleted after they expire (6 years, in accordance with § 257 (1) of the German Commercial Code, or 10 years, in accordance with § 147 (1) of the German Fiscal Code). With data which was disclosed to us by the client as part of an order, we shall delete this data in accordance with the specifications of the order (or, in any case, after the end of the order).
We process the data of our contractual partners and prospective clients, as well as that of other clients, customers or contractual partners (together designated as “contractual partners”) as per Art. 6 (1) (b) of the GDPR, for the purpose of providing you with our contractual or pre-contractual services. The data that is processed in this respect, and the type and scope and purpose and necessity of its processing, are determined by the underlying contractual relationship.
The data to be processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) and contract data (e.g. services requested, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).
There are certain categories of personal data which we absolutely will not process unless the components in question are part of contracted or contractual processing.
We process data which is necessary for justification and fulfilment of the contractual obligations and refer to the requirement should this not be evident to the contractors. It may be disclosed to external persons or companies only if this is necessary as part of a contract. During processing of the data transferred to us as part of an order, we will act in accordance with the instructions of the client as well as the relevant legal requirements.
As part of the use of our online services, we may, if appropriate, save the IP address and the time of known user action. Saving shall be done on the basis of our legitimate interests, as well as users’ interests, as a means of protection against abuse and other unauthorised use. This data absolutely may not be forwarded to third parties, unless this is a requirement pursuant to our claims under Art. 6 (1) (f) of the GDPR or if there is a legal obligation to do the same under Art. 6 (1) (c) of the GDPR.
Data shall be deleted if it is no longer required for the fulfilment of our contractual or legal care responsibilities or for dealing with any warranty obligations or comparable obligations, in which case the necessity for storage of the data shall be checked every three years; otherwise, the statutory storage obligations shall apply.
We process data as part of administrative tasks, as well as the organisation of our operations, financial accounting and compliance with legal obligations, such as archiving; whereby we process the same data that we process in the provision of our contractual services. The basic data processing principles recognised hereby are Art. 6 (1) (c) of the GDPR and Art. 6 (1) (f) of the GDPR. Said data processing pertains to clients, prospective clients, business partners and website visitors. The purpose for such processing/our interest in it concerns the administration, financial accounting, office organisation and archiving activities recognised with such data i.e. tasks pursuant to maintaining our business activities, the acknowledgement of our tasks and the provision of our services. Deletion of data pursuant to contractual services and communication shall be in accordance with the information stated as part of such processing activities.
As part of the same, we will disclose or transmit data to the financial authorities or consultants, such as tax consultants or auditors, as well as other bodies and service providers.
We will also save information concerning suppliers, organisers and other business partners based on our business interests, such as for the purpose of subsequent contact. We will save this (mostly company-related) data indefinitely as a matter of principle.
For the purpose of operating our business economically (including recognition of market trends and the requests of contract partners and users), we will analyse the data that we have which covers business transactions, contracts, queries etc. We will, as part of this, process inventory data, communication data, contract data, payment data, usage data and metadata in accordance with Art. 6 (1) (f) of the GDPR – the persons concerned include contract partners, prospective clients, clients, visitors and users of our online offering.
Analyses are carried out for the purpose of business analysis, marketing and market research. We may, as part of it, consider the profiles of registered users, including information regarding the services that they use for example. We make use of these analyses in order to increase user-friendliness, and optimise our offering and operating profitability. These analyses are for our benefit only; they are not to be disclosed externally.
If such analyses or profiles are personal in nature, they shall be deleted or anonymised upon termination of use, or otherwise removed no later than two years after the conclusion of the contract. Furthermore, overall business analyses and general trend determination shall always be drafted anonymously whenever possible.
When we are contacted (e.g. via contact form, e-mail, telephone or social media), the information of the user in question shall be processed as part of the processing of the contact request and its conclusion in accordance with Art. 6 (1) (b) (as part of contractual/pre-contractual relationships) or Art. 6 (1) (f) of the GDPR (in connection with our own legitimate interests). User information can be saved in a customer relationship Management system (“CRM system”) or a comparable queries system. Your data will be deleted as soon as your request has been finally answered and such deletion is not precluded by any statutory retention obligations e.g. with any subsequent contract
The hosting services that we use serve the purpose of provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatching, security services and technical maintenance services that we employ as part of the operation of this online offering.
As part of this, we/our hosting provider process inventory data, contact data, content data, contract data, usage data, and metadata and communication data of clients and prospective clients and visitors to this online offering, on the basis of our legitimate interests pertinent to providing this online offering in an efficient and secure manner as per Art. 6 (1) (f) of the GDPR in conjunction with Art. 28 of the GDPR.
We/our hosting provider collect data on each access to the server which hosts this service, on the basis of our legitimate interests as per Art. 6 (1) (f) of the GDPR (so-called server log files). Said access data includes: name of the requested website, file, date and time of the request, volume of transferred data, notification of successful request, browser type and version, the user’s operating system, the referrer URL (the site visited previously), the IP address and the requesting provider.
Log file information shall be saved for a maximum period of 7 days, for security reasons (e.g. in the interests of investigation of abuse or fraud), after which it shall be deleted. Data which needs to be retained for longer for evidence purposes shall be exempt from such deletion up until the time of the final clarification of the incident in question
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f. of the German Civil Code), we make use of the information provided on this website. DSGVO) the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield Agreement and therefore offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the Google AdWords online marketing process to place ads on the Google Advertising Network (e.g., in search results, videos, websites, etc.) so that they are displayed to users who have a suspected interest in the ads. This allows us to display ads within our online offering in a more targeted manner in order to present users only with ads that potentially match their interests.
We also receive an individual “conversion cookie”. The information obtained with the help of the cookie is used by Google to compile conversion statistics for us. However, we only know the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any personally identifiable information.
User information is processed pseudonymously within the Google Advertising Network. This means, for example, that Google does not store and process the user’s name or e-mail address, but processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google’s point of view, the ads are not administered and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the United States.
You can also prevent or restrict the installation of cookies by making the appropriate settings in your Internet browser. At the same time, you can delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support.
Google also offers the following services and further information on this topic and in particular on the possibilities of preventing the use of data.