Home » Privacy policy
This privacy policy informs you about the type, scope and purpose of the processing of personal data (referred to simply as “data” hereafter) within our online offering and its associated websites, functions and contents as well as external websites, such as our social media profiles (hereinafter jointly referred to as “online offering”). In relation to other terms used, such as “processing” or “controller”, please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller
DA Downtown Apartments Berlin GmbH Oranienburger Straße 3 10178 Berlin Germany
Phone: +49 (0)30 58 58 4 96 98 Email: berlin@downtownapartments.de
Managing directors
Franz-Josef Marxen & Jürgen Kaape
Data protection officer
GFAD Datenschutz GmbH
Huttenstraße 34/35
10553 Berlin
Phone: 030 269 111 -1
Email: datenschutz@gfad.de
Types of data processed:
– Master data (e.g. names, addresses). – Contact data (e.g. email, phone numbers). – Content data (e.g. text input, photos, videos). – Usage data (e.g. websites visited, interest in contents, access times). – Meta-/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the online offering (hereinafter we refer to the data subjects collectively as “users”).
The purpose of processing
– Making available the online offering, its functions and contents. – Responding to enquiries and communication from customers. – Security measures. – Range measuring/marketing
Terms used
“Personal data” refers to any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” refers to every transaction or series of transactions performed, with or without assistance, in the context of personal data. The term is broad and basically covers all handling of data.
The “controller” is the natural person or legal entity, public authority, organisation or other body that solely or jointly with others decides on the purposes and means of processing personal data.
Applicable legal bases
In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing. To the extent that the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1(a) and Art. 7 GDPR; the legal basis for processing to provide our services and perform contractual measures as well as respond to enquiries is Art. 6 para. 1(b) GDPR; the legal basis for processing to meet our legal obligations is Art. 6 para. 1(c) GDPR; and the legal basis for processing to pursue our legitimate interests is Art. 6 para. 1(f) GDPR. If vital interests of the data subject or other natural persons require the processing of personal data, the legal basis for this is provided by Art. 6 para. 1(d) GDPR.
To cooperate with processors and third parties
To the extent that, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transfer the data to them or grant them access in another way, this only takes place where legally permissible (e.g. if a transfer to third parties, such as payment service providers is necessary to perform the contract in accordance with Art. 6 para. 1(b) GDPR), you have agreed to it, or a legal obligation requires this or on the basis of our legitimate interests (e.g. when using agents, web hosters etc.).
If we commission third parties with the processing of data on the basis of a “data processing agreement”, this takes place on the basis of Art. 28 GDPR.
Transfers to third countries
To the extent that we process data in a third country (i.e. outside of the European Union (EU) or European Economic Area (EEA)) or this happens in the context of utilising third-party services or disclosure, or data is transmitted to third parties, this only happens to meet our (pre-)contractual obligations, based on your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or let process the data in a third country if the special conditions of Art. 44 ff GDPR are met. That is, processing takes place, e.g. on the basis of special guarantees, such as an officially recognised data protection level corresponding to that in the EU (e.g. the “Privacy Shield” for the USA) or compliance with officially recognised special contractual obligation (called “standard contract clauses”).
Rights of the data subjects
You have the right to demand confirmation whether or not your personal data is being processed and to be informed of this data as well as additional information and be given a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to demand completion of your personal data or correction of any incorrect personal data.
In line with Art. 17 GDPR, you have the right to have the respective data deleted immediately or alternatively demand restriction of data processing in accordance with Art. 18 GDPR.
You have the right to receive a copy of your personal data that you have provided to us in accordance with Art. 20 GDPR and request that this data be transferred to other controllers.
As per Art. 77 GDPR, you do have the right to lodge a complaint with a competent data protection supervisory authority.
Right to withdrawal
You have the right to withdraw your consent to the use of your data with future effect in accordance with Art. 7 para. 3 GDPR.
Right to object
You have the right to object at any time to the future processing of your personal data as per Art. 21 GDPR. You may object, in particular, to processing for purposes of direct marketing.
Cookies and right to object to direct marketing
“Cookies” refer to small files stored on the users’ computers. Different types of information can be stored in cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during and also after their visit within an online offering. Temporary cookies or “session cookies” or “transient cookies” refer to cookies that are deleted once a user leaves the online offering and closes their browser. Such a cookie can be used to store e.g. the contents of a shopping cart in an online shop or the login status. “Permanent” or “persistent” cookies are those that remain stored even after the browser is closed. For example, the login status can be stored if users come back after several days. Such cookies that are stored in the users’ interest can also be used for range measurement and marketing purposes. “Third-party cookies” are cookies that are offered by parties other than the controller providing the online offering (otherwise, if all the cookies came from the controller they would be called “first-party cookies”). We mainly use the services of Google LLC (e.g. Google Analytics, DoubleClick etc.) on our website. For more information on this subject, refer to the data protection notes below.
On our website we use technically required cookies to provide our website as well as functional cookies to optimise our website offering and make it more user-friendly on the basis of our legitimate interests as per Art. 6 para. 1(f) GDPR. Those cookies that are session cookies are automatically deleted at the end of the session. All other cookies are deleted after 23 months at the latest. However, users are able to delete them earlier, at any time, by making the corresponding settings in the browser.
If users do not wish to have cookies stored on their computers, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can also be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions in this online offering.
A general objection to cookies used for online marketing purposes can be declared for a wide range of services, in particular tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, you can prevent cookies from being stored by deactivating them in the settings of your browser. Please note that this may result in not all functions of this online offering being available.
Deletion of data
The data we process is deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless specified explicitly in this privacy policy any data we store is deleted immediately once it is no longer required for its designated purposes and no legal retention periods prevent the deletion. If data is not deleted because it is required for other legally permissible purposes, the processing of this data is restricted. That is, the data is blocked and not processed for other purposes. The same applies to data that has to be stored for trade or tax law reasons.
According to legal requirements in Germany, documents are retained for 6 years as per section 257 para. 1 HGB (Commercial Code) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, posting documents etc.) and for 10 years as per section 147 para. 1 AO (TAX Code) (books, records, status report, trading and commercial letters, documents relevant to taxation etc.).
According to the legal requirements in Austria, the retention period is 7 years as per s 132(1) BAO (Austrian Fiscal Code) (accounting documents, receipts/invoices, accounts, documents, business papers, income and expense statements etc.), 22 years in connection with real estate and 10 years for documents related to services provided electronically, telecommunication, radio and television services that are provided to non-companies in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
Business-related processing
In addition, we process – Contract data (e.g. subject of the contract, term, customer category). – Payment data (e.g. bank details, payment history) of our customers, interested parties and business partners in order to provide contractual performance, service and customer care, marketing, advertising and market research.
Hosting
The hosting services we utilise are for the purpose of providing the following services: Infrastructure and platform services, computing capacity, data storage and database services, security services as well as technical maintenance services that we use to operate this online offering.
In this context we, or our hosting provider, process master data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors of this online offering on the basis of our legitimate interests in efficiently and securely making available this online offering as per Art. 6 para. 1(f) GDPR in connection with Art. 28 GDPR (entry into a data processing agreement).
Collection of access data and log files
Based on our legitimate interests as per Art. 6 para. 1(f) GDPR, we, or rather our hosting provider collects data about every access to the server on which the service is hosted (called log files) for the technical display of the website. The access data includes the name of the website accessed, file, date and time of the access, transmitted data volume, notification of successful retrieval, browser type and version, the operating system of the user, referrer URL (previously visited website), IP address and the requesting provider.
For security reasons (e.g. to clarify abuse or fraudulent actions), log file information is stored for a maximum duration of 7 days and is then deleted. Data that has to be retained for evidentiary purposes is excluded from the deletion until the final clarification of the respective incident.
Security measures
As required by Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as any access related to it, data entry, forwarding, backup, availability and separation. We have also established procedures that guarantee affected parties can exercise their rights, data is deleted and we can respond to any risks to which the data might be exposed. In addition, we already take into account the protection of personal data during development, selection of hardware, software and procedures in accordance with the data protection principle requiring appropriate technology and data protection-friendly default settings (Art. 25 GDPR).
Security measures on our website
To secure our website, we use an SSL certificate with a 128-bit key, TLS 1.2. A website encrypted using SSL transfers personal data to the server in encrypted form to make it impossible for third parties to query or read such data. A certificate is used to verify our identity. Depending on the browser, the green address bar and/or the lock indicate a secure connection. You can click on the lock or the green address bar to view our online identity certificate. Thanks to the encryption of the transfer, you can rest assured that only we can read the data you enter. The green address bar shows that you are connected to our server and not the website of a third-party provider.
Contractual performance
We process master data (e.g. names and addresses as well as user contact data), contract data (e.g. services used, names of contact persons, payment information) to meet our contractual obligations and provide services as per Art. 6 para. 1(b) GDPR. Entries marked as mandatory in the online forms are required to enter into a contract.
In the context of utilising our online services, we store your IP address and the time of the respective user action. Storage takes place based on our legitimate interests and to protect users from abuse and other unauthorised use. In general, data is not forwarded to third parties unless it is required to pursue our entitlements or there is a legal obligation as per Art. 6 para. 1(c) GDPR.
We process usage data (e.g. websites of our online offering that were visited, interest in our products) and content data (e.g. entries in the contact form or user profile) for marketing purposes in a user profile in order e.g. to show the user product notifications based on the services used so far.
The data is deleted at the end of statutory warranty period or comparable duties; the necessity of storing the data is checked every three years; in case of the statutory archiving obligations, the data is deleted once at the end of these periods. Information in any possible customer account is retained until the account is deleted.
Contact
If you contact us (e.g. via the contact form, email, phone or via social media), the user information is processed to process the contact request and its handling as per Art. 6 para. 1 (b) GDPR, provided there is a business relation. Otherwise, enquiries are processed based on our legitimate interests in responding to incoming requests as per Art. 6 para. 1(f) GDPR. The user information can be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation.
We delete the enquiries as soon as they are no longer required. We check the necessity every two years; aside from that, the statutory retention periods apply.
Online booking portal cbooking for reserving our apartments
To book our apartments online, you are redirected to the posting portal on the website https://www.cbooking.de. To make a booking, the respective personal data required for the reservation (mandatory fields) must be entered on the input screen. You have the option of entering additional information, such as a phone number in case any questions arise. The data is transferred using an encrypted connection preventing unauthorised access by third parties.
The legal basis for this data processing is the preparation for entry into a contract to rent an apartment as per Art. 6 para. 1(b) GDPR. If a contract is executed, the collected data is used for performance for the duration of the contract concluded. At the end of the contract, the contract data is subject to a legal retention period of 6 years, data relevant for taxation is even subject to a retention period of 10 years. If no contract is concluded, the personal data is deleted once it no longer serve a purpose unless legal retention periods dictate otherwise.
Google Analytics
Based on our legitimate interests (i.e. interest to analyse, optimise and economically operate our online offering in the sense of Art. 6 para. 1(f) GDPR), we use Google Analytics, a web analysis service by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about your use of the online offering is generally transferred to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our request to analyse the use of our online offering by users, to compile reports on the activities within the online offering and to provide additional services related to the use of this online offering and internet use. In doing so, the processed data can be used to create user usage profiles with pseudonyms.
We use Google Analytics only with activated IP anonymisation. This means that Google will truncate the user’s IP address within the member states of the European Union or in other states of the treaty on the European Economic Area. It is only in exceptional cases that the full IP address is transferred to a Google server in the USA and truncated there.
The IP address transferred by the user’s browser is not merged with other Google data. Users can prevent the storing of cookies by making the corresponding setting in their browser software, however. Users can also prevent the sending of data generated by the cookie and related to their use of the online offering to Google as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For more information on data protection by Google, setting and objection options, refer to the Google websites: https://policies.google.com/technologies/partner-sites?hl=en (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“Use of data for advertising”) http://www.google.com/settings/ads (“Control the information Google uses to show you ads”).
As of 22 January 2019, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the responsible “Data Controller” for Google services within the EEA and Switzerland.
Google re-/marketing services
Based on our legitimate interests (i.e. interest to analyse, optimise and economically operate our online offering in the sense of Art. 6 para. 1(f) GDPR), we use marketing and remarketing services (in short “Google marketing services”) by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google marketing services enable us to display more targeted advertising for and on our website, which potentially matches the users’ interests. For example, if a user is shown ads for products in which they were interested on other websites, this is called “remarketing”. For these purposes, Google directly executes Google source code, and (re-)marketing tags (invisible graphics or code, also called “web beacons”) are integrated into the website when our website or other websites on which Google marketing services are active are called up. This is used to set a personalised cookie, i.e. a small file, on the user’s devices (comparable technologies may also be used instead of cookies). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file records which websites the user visits, in what content they have shown interest and on which offers they have clicked. It also records technical information on the browser and operating system, referring websites, visit duration as well as other information on the use of the online offering. The user’s IP address is also recorded whereby we note that, in the context of Google Analytics, the user’s IP address will be truncated within the member states of the European Union or in other states of the treaty on the European Economic Area and it is only in exceptional cases that it is forwarded to a Google server in the USA and truncated there. The IP address is not merged with user data from other Google offerings. Google may also combine the aforementioned information with information from other sources. If a user then visits other websites, tailored ads based on their interest can then be displayed to the user.
In the context of Google marketing services, the data is processed using a pseudonym. That is, Google does not store and process, e.g. the names and email addresses of the users but processes the relevant data in relation to cookies within users’ profiles with pseudonyms. That is, from Google’s perspective, the ads are not managed and displayed for a uniquely identified person but for the cookie’s owner, irrespective of who this cookie owner is. This does not apply if a user explicitly allows Google to process this data without using a pseudonym. The information about the users collected by Google marketing services is transferred to Google and stored on Google servers in the USA. As of 22 January 2019, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the responsible “Data Controller” for Google services within the EEA and Switzerland.
The Google marketing services we use include, among others, the online advertising program “Google AdWords”. With Google AdWords, every AdWords customer receives a different “conversion cookie”. Cookies can therefore not be traced across websites of AdWords customers. The information collected using the cookie is used to generate conversion statistics for AdWords customers that have opted to use conversion tracking. AdWords customers are informed of the total number of users who have clicked on their ad and were redirected to a website with a conversion tracking tag. However, they do not receive any information that could be used to identify the users personally.
We are able to integrate third-party advertising on the basis of Google’s “AdSense” marketing service. AdSense uses cookies that enable Google and its partner websites to show ads based on user visits to this website or other websites on the internet.
We can also use the “Google Tag Manager” to integrate and manage the Google analysis and marketing services on our website.
For more information on Google’s use of data for marketing purposes, see the overview: https://www.google.com/policies/technologies/ads; Google’s privacy policy is available at https://www.google.com/policies/privacy.
If you want to object to interest-based ads by Google marketing services, you can use the settings and opt-out options offered by Google: http://www.google.com/ads/preferences.
Facebook Pixel, Custom Audiences and Facebook Conversion
Within our online offering, based on our legitimate interests to analyse, optimise and economically operate our online offering in accordance with Art. 6 para. 1(f) GDPR we use the “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you reside in the EU by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
Facebook is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
The Facebook Pixel enables Facebook, on the one hand, to determine visitors of our online offering as a target group for displaying ads (called “Facebook Ads”). Hence, we use the Facebook Pixel to show our Facebook Ads only to those Facebook users who have shown interest in our online offering or have certain characteristics (e.g. interest in certain topics or products, which are determined based on the websites visited), which we transfer to Facebook (called “Custom Audiences”). By using the Facebook Pixel, we also want to ensure that our Facebook Ads match the users’ potential interest and do not annoy. In addition, the Facebook pixel enables us to monitor the effectiveness of Facebook ads for statistical and market research purposes because we can see whether users have been redirected to our website after clicking on a Facebook ad (this is called “conversion”).
The data is processed by Facebook in the context of Facebook’s Data Policy. Accordingly, general information about displaying Facebook ads is available in Facebook’s Data Policy: https://www.facebook.com/policy.php. For specific information and details on the Facebook Pixel and the way it works, refer to Facebook’s help section: https://www.facebook.com/business/help/651294705016616.
You may object to the recording and use of your data by Facebook Pixel in order to display Facebook ads. To set which types of advertising may be displayed to you within Facebook, you can call up the page set up by Facebook and follow the instructions for settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are made independent of the platform; that is, they are applied to all devices, such as desktop computers or mobile devices.
You may also object to the use of cookies used for range measurement or advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Bing Ads
Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads places a cookie on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone clicked on an ad, was redirected to our website and reached a previously determined target page (conversion page). We only find out the total number of users who clicked on a Bing ad and were then forwarded to the conversion page. No personal information about the identity of the user is disclosed. If you do not want to participate in the tracking process, you can also reject the setting of a cookie required for this – for example via a browser setting that generally disables the automatic setting of cookies.
The legal basis for the use of Bing Ads is your consent pursuant to Art. 6 Para. 1 lit. a GDPR.
Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement
Online presence on social media (Facebook, Instagram)
We maintain online presences within social networks and platforms on Facebook and Instagram to enable us to communicate with customers, interested parties and users active on these platforms and inform them about our services. When you call up the respective networks and platforms, the terms and conditions and privacy policies of their respective operators apply. These are used for public relations work and are operated based on our legitimate interests as per Art. 6 para. 1(f) GDPR.
Unless specified otherwise in the context of our privacy policy, we process the user data if users communicate with us within social networks and platforms, e.g. write comments on our online presences or send us messages.
Integration of third-party services and contents
Within our online offering and based on our legitimate interests (i.e. interest to analyse, optimise and economically operate our online offering in the sense of Art. 6 para. 1(f) GDPR), we use content and service offerings from third-party providers to integrate their contents and services, such as videos or fonts (hereinafter collectively referred to as “contents”).
The prerequisite for this is that the third-party providers of these contents register the user’s IP address because they cannot send content to the respective browser without the IP address. The IP address is therefore required to display these contents. We strive to only use contents whose providers merely use the IP address to deliver the contents. Furthermore, third-party providers can use “pixel tags” (invisible graphics that are also called “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyse information like visitor traffic on pages of this website. The pseudonymised information can also be stored in cookies on the user’s device and contain e.g. technical information on the browser and operating system, referring websites, time of visit and other information about the use of our online offering, and also be linked to such information from other sources.
Google Maps
To make it easier for you to find us, we have, on the basis of our legitimate interest as per Art. 6 para 1(f) GDPR, integrated in our website map material from Google LLC’s Google Maps service via an API for visual display of geographic information in interactive maps. To be able to display the contents in your browser, Google needs to receive your IP address because it would not be able to deliver the integrated contents without it. In addition to this, to the best of our knowledge, use of Google Maps results in the following additional data being transferred to Google LLC:
By using Google Maps, users enter into a direct user relationship with Google. The legal basis for this data processing is Art. 6 para. 1(b) GDPR as the IP address is required in order to deliver the contents to you. In this processing, we cooperate with Google on the basis of an agreement entered into with Google in relation to the joint responsibility as per Art. 26 GDPR, available at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.
For the transfer of data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, the Privacy Shield certification offers an adequate EU data protection level. As of 22 January 2019, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the responsible “Data Controller” for Google services within the EEA and Switzerland.
If you do not want Google to collect, process or use data about your visit to our online presence, you can deactivate JavaScript in your browser settings. However, in this case you cannot use the map display. Or you can use the following opt-out: https://adssettings.google.com/authenticated. The purpose and scope of the collection, further processing and use of the data by Google as well as your rights in this regard and possible settings for protecting your privacy are available in Google’s Privacy Policy (https://policies.google.com/privacy?hl=de).
Google reCAPTCHA
Google reCAPTCHA is a service offered by Google LLC that website operators can use to check whether a user on their website is human or a bot. The purpose of this is to ensure that no bots automatically interact with the website.
Our website uses reCAPTCHA V2. To this end, there is a query by reCAPTCHA where merely a checkmark has to be set by means of a mouse-click to confirm that the user is not a robot. In this context Google processes, among other things, the cursor movements and IP address of the user. During the check through reCAPTCHA, website operators and also Google record a range of user data. Google reCAPTCHA collects, among other things, information about
The purpose of reCAPTCHA is to check whether the data entries on our websites (e.g. through a contact form) are made by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor by means of various characteristics. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, time the website visitor spends on the page or mouse movements executed by the user). The data recorded in the analysis is forwarded to Google.
Data processing takes place on the basis of Art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in protecting its web offering from abusive automated spying and SPAM.
For more information on Google reCAPTCHA and Google’s privacy policy, refer to the following links: https://policies.google.com/privacy?hl=de und
https://www.google.com/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
For the transfer to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, the Privacy Shield certification offers an adequate EU data protection level. As of 22 January 2019, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the responsible Data Controller for Google services within the EEA and Switzerland.
If you do not want Google to collect, process or use data about your visit to our online presence, you can delete or even block cookies in your browser settings. Or you can use the following opt-out: https://adssettings.google.com/authenticated to object.
Use of Facebook Social Plugins
Based on our legitimate interests (i.e. our interests to analyse, optimise and economically operate our online offering in accordance with Art. 6 para. 1(f) GDPR), we use the Social Plugins (“plugins”) of the social network Facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can represent interactive elements or contents (e.g. videos, graphics or text contributions) and can be recognised by the Facebook logo (white “f” on a blue tile, the terms “Like”, “Gefällt mir” or a “thumbs up” symbol) or are marked with the addition “Facebook Social Plugin”. You can take a look at the list and design of the Facebook Social Plugins at: https://developers.facebook.com/docs/plugins/.
If a user calls up a function of this online offering that contains such a plugin, their device establishes a direct connection to the servers of Facebook. Facebook transmits the content of the plugin directly to the user’s device which then integrates it into the online offering. In doing so, the processed data can be used to create user usage profiles. We therefore have no influence on the scope of data that Facebook collects by means of this plugin and thus inform the users to the best of our knowledge.
By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the online offering. If the user is logged into Facebook, then Facebook can assign the visit to their Facebook account. If users interact with the plugins, e.g. press the Like button or write a comment, their device directly transmits the corresponding information from their device to Facebook where it is then stored. Even if a user does not have a Facebook account, Facebook can determine and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany.
The purpose and scope of the collection, further processing and use of the data by Facebook as well as your rights in this regard and possible settings for protecting your privacy are available in Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/.
If a user has a Facebook account and does not want Facebook to collect data about them via this online offering and link such data to their Facebook member data, they have to log out from Facebook and delete their cookies prior to using our online offering. Additional settings and options to object to the use of data for marketing purposes are available within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are made independent of the platform; that is, they are applied to all devices, such as desktop computers or mobile devices.
Our social media appearances
Data processing through social networksWe maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
Legal basisOur social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).
Responsibility and assertion of rightsIf you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Storage timeThe data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).
Individual social networksFacebookWe have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.
You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.
InstagramWe have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For details on how they handle your personal information, see the Instagram Privacy Policy: https://help.instagram.com/519522125107875.
PinterestWe have a profile at Pinterest. The operator is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Details on how they handle your personal data can be found in the privacy policy of Pinterest: https://policy.pinterest.com/de/privacy-policy.
LinkedInWe have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal information, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
