This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as ‘data’) within our online service and the associated websites, features and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the ‘online service’). With regard to the terms used, such as ‘processing’ or ‘controller’, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Data Controller
Stauffacher Handels GmbH
Roland Hunkeler
Leuholz 14
8855 Wangen SZ
Switzerland
Types of data processed
- Master data (e.g. names, addresses)
- Contact details (e.g. email, telephone numbers)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
Categories of affected individuals
Visitors and users of the online service (hereinafter, we shall collectively refer to the data subjects as “users”).
Purpose of processing
- Provision of the online service, its functions and content.
- Responding to enquiries and communicating with users.
- Safety measures.
- Reach measurement/marketing
Terminology used
‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more specific characteristics that reflect the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is carried out on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
‘pseudonymisation’ means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organisational measures that ensure the personal data cannot be attributed to an identified or identifiable natural person.
‘Profiling’ means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person.
The term “controller” refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal bases
In accordance with Article 13 of the GDPR, we hereby inform you of the legal bases for our data processing activities. Where the legal basis is not specified in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing to fulfil our services, carry out contractual measures and respond to enquiries is Article 6(1)(b) of the GDPR; The legal basis for processing to fulfil our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
Safety measures
In accordance with Article 32 of the GDPR, and taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, and safeguarding the availability of the data, and its segregation. Furthermore, we have established procedures to ensure that data subjects’ rights are upheld, that data is deleted and that we respond to any data breaches. Furthermore, we take the protection of personal data into account right from the development and selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Article 25 of the GDPR).
Cooperation with data processors and third parties
Where, in the course of our data processing, we disclose data to other individuals and organisations (data processors or third parties), transfer it to them or otherwise grant them access to the data, this is done only on the basis of a legal authorisation (e.g. where the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract in accordance with Article 6(1)(b) of the GDPR), you have given your consent, a legal obligation requires it, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Where we commission third parties to process data on the basis of a so-called ‘data processing agreement’, this is done in accordance with Article 28 of the GDPR.
Transfers to third countries
Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where this occurs in connection with the use of third-party services, disclosure, or transfer of data to third parties, this will only take place if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual authorisations, we shall only process data in a third country, or have it processed there, where the specific conditions set out in Articles 44 et seq. of the GDPR are met. This means that processing takes place, for example, on the basis of specific safeguards, such as the officially recognised determination that an equivalent level of data protection to that of the EU exists (e.g. for the USA through the ‘Privacy Shield’) or compliance with officially recognised specific contractual obligations (so-called ‘standard contractual clauses’).
Rights of data subjects
You have the right to request confirmation as to whether the relevant data is being processed, and to access this data, as well as to receive further information and a copy of the data in accordance with Article 15 of the GDPR.
In accordance with Article 16 of the GDPR, you have the right to request that data relating to you be completed or that any inaccurate data relating to you be rectified.
In accordance with Article 17 of the GDPR, you have the right to request that the relevant data be erased without delay or, alternatively, in accordance with Article 18 of the GDPR, to request a restriction on the processing of the data.
You have the right to request that the data concerning you, which you have provided to us, be made available to you in accordance with Article 20 of the GDPR and to request that it be transferred to other data controllers.
You also have the right, in accordance with Article 77 of the GDPR, to lodge a complaint with the relevant supervisory authority.
Right of withdrawal
You have the right to withdraw any consent given in accordance with Article 7(3) of the GDPR with effect for the future.
Right to object
You may object at any time to the future processing of your personal data in accordance with Article 21 of the GDPR. In particular, you may object to processing for the purposes of direct marketing.
Cookies and the right to object to direct marketing
The term “cookies” refers to small files that are stored on users’ computers. Various types of information can be stored within these cookies. A cookie serves primarily to store information about a user (or the device on which the cookie is stored) during or even after their visit to an online service. Cookies that are deleted once a user leaves an online service and closes their browser are known as temporary cookies, or “session cookies” or “transient cookies”. Such a cookie may, for example, store the contents of a shopping basket in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as ‘permanent’ or ‘persistent’. For example, a user’s login status may be stored so that it is retained when they return to the site several days later. Such a cookie may also store users’ interests, which are used for audience measurement or marketing purposes. ‘Third-party cookies’ are cookies provided by providers other than the controller operating the online service (whereas, if only the controller’s own cookies are used, these are referred to as ‘first-party cookies’).
We may use session and persistent cookies and provide further information on this in our privacy policy.
If users do not wish cookies to be stored on their computer, they are asked to disable the relevant option in their browser’s settings. Stored cookies can be deleted via the browser’s settings. Disabling cookies may result in functional limitations on this website.
A general objection to the use of cookies for online marketing purposes can be lodged with a number of services – particularly in the case of tracking – via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in your browser settings. Please note that, in such cases, you may not be able to use all the features of this website.
Data deletion
The data we process will be erased or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be erased as soon as it is no longer required for its intended purpose and there are no statutory retention obligations preventing its erasure. Where data is not erased because it is required for other, legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
In accordance with statutory requirements in Germany, records are retained for a period of 10 years in particular, pursuant to Sections 147(1) of the German Fiscal Code (AO), 257(1)(1) and (4), (4) of the German Commercial Code (HGB) (books, records, management reports, accounting documents, trading ledgers, documents relevant for taxation, etc.) and for 6 years in accordance with Section 257(1)(2) and (3), (4) of the German Commercial Code (HGB) (business correspondence).
In accordance with statutory requirements in Austria, records must be retained for 7 years in particular, pursuant to Section 132(1) of the Austrian General Tax Code (BAO) (accounting records, receipts/invoices, accounts, supporting documents, business papers, statements of income and expenditure, etc.), for 22 years in relation to immovable property, and for 10 years in the case of documents relating to services provided electronically, telecommunications, radio and television services provided to non-business customers in EU Member States for which the Mini One-Stop Shop (MOSS) is utilised.
Business-related processing
In addition, we process
- Contract details (e.g. subject matter of the contract, term, customer category).
- Payment details (e.g. bank details, payment history)
from our customers, prospective customers and business partners for the purposes of providing contractual services, customer care, marketing, advertising and market research.
Order processing in the online shop and customer account
We process our customers’ data as part of the ordering process in our online shop to enable them to select and order the chosen products and services, as well as to facilitate payment, delivery and fulfilment.
The data processed includes inventory data, communication data, contractual data and payment data; the data subjects affected by this processing include our customers, prospective customers and other business partners. The processing is carried out for the purpose of providing contractual services in connection with the operation of an online shop, billing, delivery and customer services. In doing so, we use session cookies to store the contents of the shopping basket and persistent cookies to store the login status.
Processing is carried out on the basis of Article 6(1)(b) (fulfilment of orders) and (c) (legally required archiving) of the GDPR. The information marked as required is necessary for the establishment and performance of the contract. We only disclose the data to third parties in connection with delivery or payment, or within the scope of statutory permissions and obligations towards legal advisers and public authorities. The data is only processed in third countries if this is necessary for the performance of the contract (e.g. at the customer’s request in connection with delivery or payment).
Users may optionally create a user account, which allows them, in particular, to view their orders. During the registration process, users are informed of the required mandatory details. User accounts are not public and cannot be indexed by search engines. Once users have closed their user account, their data relating to that account will be deleted, subject to any retention required for commercial or tax law purposes in accordance with Article 6(1)(c) of the GDPR. Information in the customer account remains there until it is deleted, after which it is archived in the event of a legal obligation. It is the users’ responsibility to back up their data prior to the end of the contract if they cancel their account.
As part of the registration process, subsequent logins and the use of our online services, we store the IP address and the time of the respective user action. This data is stored on the basis of our legitimate interests, as well as the users’ interests in protection against misuse and other unauthorised use. This data is not, as a matter of principle, disclosed to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6(1)(c) of the GDPR.
Data will be deleted once statutory warranty obligations and comparable obligations have expired; the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place upon their expiry (end of the retention period under commercial law (6 years) and tax law (10 years)).
Agency services
We process our customers’ data as part of our contractual services, which include conceptual and strategic consultancy, campaign planning, software and design development/consultancy or maintenance, the implementation of campaigns and processes/handling, server administration, data analysis/consultancy services and training services.
In doing so, we process master data (e.g. customer master data such as names or addresses), contact details (e.g. email addresses, telephone numbers), content data (e.g. text entries, photographs, videos), contract data (e.g. subject matter of the contract, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. in the context of evaluating and measuring the success of marketing measures). As a general rule, we do not process special categories of personal data, unless these form part of commissioned processing. Data subjects include our customers, prospective customers and their own customers, users, website visitors or employees, as well as third parties. The purpose of the processing is to provide contractual services, carry out billing and deliver our customer service. The legal bases for processing are set out in Article 6(1)(b) of the GDPR (contractual services) and Article 6(1)(f) of the GDPR (analysis, statistics, optimisation, security measures). We process data that is necessary for the establishment and fulfilment of contractual services and indicate that the provision of such data is required. Disclosure to external parties takes place only where necessary within the scope of a contract. When processing data provided to us in the context of a contract, we act in accordance with the client’s instructions and the legal requirements for data processing on behalf of a client pursuant to Article 28 of the GDPR, and we do not process the data for any purposes other than those specified in the contract.
We delete the data once statutory warranty obligations and comparable obligations have expired. The necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place once these have expired (6 years, in accordance with Section 257(1) of the German Commercial Code (HGB), 10 years, in accordance with Section 147(1) of the German Fiscal Code (AO)). In the case of data disclosed to us by the client in the context of a contract, we delete the data in accordance with the terms of the contract, generally upon completion of the contract.
External payment service providers
We use external payment service providers via whose platforms users and we can carry out payment transactions (e.g., each with a link to the privacy policy, PayPal, Visa, Mastercard, American Express
In the context of fulfilling contracts, we use payment service providers on the basis of Article 6(1)(b) of the GDPR. Furthermore, we use external payment service providers on the basis of our legitimate interests in accordance with Article 6(1)(b) of the GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes personal details, such as name and address; bank details, such as account numbers or credit card numbers; passwords, TANs and checksums; as well as information relating to the contract, amounts and recipients. This information is required to process the transactions. However, the data entered is processed and stored solely by the payment service providers. This means that we do not receive any account- or credit card-related information, but only information confirming or rejecting the payment. In some circumstances, the data may be transferred by the payment service providers to credit reference agencies. The purpose of this transfer is to verify identity and creditworthiness. In this regard, we refer you to the terms and conditions and privacy policies of the payment service providers.
Payment transactions are subject to the terms and conditions and privacy policies of the respective payment service providers, which are available on their respective websites or within the transaction applications. We also refer you to these for further information and for the exercise of your rights of withdrawal, access and other data subject rights.
Participation in affiliate programmes
Within our online offering, we use industry-standard tracking measures on the basis of our legitimate interests (i.e. our interest in the analysis, optimization and commercial operation of our online offering) in accordance with Article 6(1)(f) of the GDPR, insofar as these are necessary for the operation of the affiliate system. Below, we explain the technical background to users.
The services offered by our contractual partners may also be advertised and linked to on other websites (so-called affiliate links or after-purchase systems, where, for example, third-party links or services are offered after a contract has been concluded). The operators of the respective websites receive a commission if users follow the affiliate links and subsequently take up the offers.
In summary, it is necessary for our online service that we are able to track whether users who are interested in affiliate links and/or the offers available from us subsequently take up those offers as a result of the affiliate links or our online platform. To this end, the affiliate links and our offers are supplemented with certain values, which may form part of the link or be set elsewhere, e.g. in a cookie. These values include, in particular, the referring website (referrer), the time, an online identifier for the operator of the website on which the affiliate link was located, an online identifier for the relevant offer, an online identifier for the user, as well as tracking-specific values such as advertising material ID, partner ID and categorisations.
The online identifiers we use for users are pseudonymous values. This means that the online identifiers themselves do not contain any personal data such as names or email addresses. They merely help us to determine whether the same user who clicked on an affiliate link or expressed an interest in an offer via our website has taken up that offer – for example, by entering into a contract with the provider. However, the online identifier is personal insofar as both the partner company and we have access to the online identifier alongside other user data. This is the only way the partner company can inform us whether that user has taken up the offer and we can, for example, pay out the bonus.
Amazon Associates Programme
We are, on the basis of our legitimate interests (i.e. our interest in the commercial operation of our online service within the meaning of Article 6(1)(f) GDPR) that we are participants in the Amazon EU Partner Programme, which is designed to provide a platform for websites through which advertising revenue can be earned by placing advertisements and links to Amazon.de (the so-called affiliate system). Amazon uses cookies to track the origin of orders. Among other things, Amazon can recognize that you have clicked on the affiliate link on this website and subsequently purchased a product from Amazon.
Further information on Amazon’s use of data and your options for objecting can be found in the The company’s privacy policy.
Contact us
When you contact us (e.g. via the contact form, by email, telephone or via social media), the information you provide will be processed in accordance with Article 6(1)(b) of the GDPR for the purpose of handling your enquiry and processing it. Users’ details may be stored in a customer relationship management system (“CRM system”) or a comparable enquiry management system.
We delete the requests once they are no longer required. We review the necessity of retaining them every two years; furthermore, statutory archiving obligations apply.
Newsletter
The following information explains the content of our newsletter, as well as the registration, distribution and statistical analysis procedures, and your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of the newsletter: We send out newsletters, emails and other electronic notifications containing promotional information (hereinafter “newsletters”) only with the consent of the recipients or where permitted by law. Where the content of the newsletter is specifically described as part of the subscription process, this content forms the basis for the user’s consent. Furthermore, our newsletters contain information about our services and us Double opt-in and logging: Subscription to our newsletter takes place via a so-called double opt-in procedure. This means that, after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can subscribe using someone else’s email address. Newsletter subscriptions are logged so that we can provide evidence of the subscription process in accordance with legal requirements. This includes storing the time of subscription and confirmation, as well as the IP address. Any changes to your data stored with the mailing service provider are also logged.
Subscription details: To subscribe to the newsletter, simply provide your email address. We also ask you to provide a name, if you wish, so that we can address you personally in the newsletter.
The dispatch of the newsletter and the associated performance measurement are carried out on the basis of the recipients’ consent in accordance with Article 6(1)(a), Article 7 of the GDPR in conjunction with Section 7(2)(3) of the UWG; or, where consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Article 6(1)(f) GDPR in conjunction with Section 7(3) of the UWG.
The logging of the registration process is carried out on the basis of our legitimate interests in accordance with Article 6(1)(f) of the GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that both serves our business interests and meets users’ expectations, whilst also enabling us to provide evidence of consent.
Unsubscribe/Withdrawal - You may unsubscribe from our newsletter at any time, i.e. withdraw your consent. A link to unsubscribe from the newsletter can be found at the end of every newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for erasure may be made at any time, provided that the prior existence of consent is confirmed at the same time.
Newsletter - Measuring Success
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file which is retrieved from our server – or, if we use a mailing service provider, from their server – when the newsletter is opened. As part of this retrieval, technical information – such as details about your browser and system – as well as your IP address and the time of retrieval are initially collected.
This information is used to technically improve our services based on technical data or to analyze target groups and their reading behavior based on their location (which can be determined using the IP address) or access times. The analytics also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be attributed to individual newsletter recipients. However, it is neither our intention, nor – where applicable – that of the mailing service provider, to monitor individual users. Rather, the analyses serve to help us identify our users’ reading habits and adapt our content accordingly, or to send different content based on our users’ interests.
Hosting
The hosting services we use are intended to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we utilise for the purpose of operating this online service.
In doing so, we, or our hosting provider, process master data, contact details, content data, contractual data, usage data, meta and communication data relating to customers, prospective customers and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR (conclusion of a data processing agreement).
Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), on the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and commercial operation of our online service within the meaning of Article 6(1)(f) of the GDPR). Google uses cookies. The information generated by the cookie regarding users’ use of the online service is usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze how users use our website, to compile reports on activity within the website, and to provide us with other services relating to the use of this website and internet usage. In doing so, pseudonymous user profiles may be created from the processed data.
We only use Google Analytics with IP anonymisation enabled. This means that users’ IP addresses are truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
The IP address transmitted by the user’s browser is not combined with any other data held by Google. Users can prevent the storage of cookies by adjusting their browser settings accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online service, as well as the processing of this data by Google, by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on Google’s use of data, as well as options for adjusting settings and opting out, can be found in Google’s Privacy Policy (https://policies.google.com/technologies/ads) and in the settings for the display of adverts by Google (https://adssettings.google.com/authenticated).
Users’ personal data is deleted or anonymised after 14 months.
Google AdWords and conversion tracking
On the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and commercial operation of our online offering within the meaning of Article 6(1)(f) of the GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use Google’s “AdWords” online marketing service to place ads on the Google Display Network (e.g. in search results, in videos, on websites, etc.) so that they are shown to users who are likely to be interested in them. This enables us to display ads for and within our online service in a more targeted manner, so as to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which they have expressed an interest on other websites, this is referred to as “remarketing”. For these purposes, when our website or other websites on which the Google advertising network is active are accessed, a Google code is executed directly by Google, and so-called (re)marketing tags (invisible graphics or code, also known as "Web Beacons") are embedded in the website. With the help of these, an individual cookie—i.e., a small file—is stored on the user’s device (comparable technologies may also be used instead of cookies). This file records which websites the user has visited, what content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, the time of the visit and further details regarding the use of the online service.
We also receive an individual “conversion cookie”. Google uses the information collected via this cookie to generate conversion statistics for us. However, we are only provided with the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. We do not, however, receive any information that could be used to personally identify users.
User data is processed pseudonymously within the Google advertising network. This means that Google does not, for example, store or process users’ names or email addresses, but instead processes the relevant data on a cookie-by-cookie basis within pseudonymous user profiles. This means that, from Google’s perspective, the ads are not managed and displayed for a specifically identified individual, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google’s servers in the USA.
Further information on Google’s use of data, as well as options for adjusting settings and opting out, can be found in Google’s Privacy Policy (https://policies.google.com/technologies/ads) and in the settings for the display of adverts by Google (https://adssettings.google.com/authenticated).
Facebook Pixel, Custom Audiences and Facebook Conversion
Within our online service, the so-called "Facebook Pixel" of the social network Facebook – operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used.
Facebook is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook Pixel, Facebook is able, firstly, to identify visitors to our online presence as a target group for the display of ads (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to ensure that the Facebook Ads we place are shown only to those Facebook users who have demonstrated an interest in our online offering or who exhibit certain characteristics (e.g. interests in specific topics or products, determined on the basis of the webpages visited), which we transmit to Facebook (so-called “Custom Audiences”). We also use the Facebook Pixel to ensure that our Facebook Ads match users’ potential interests and do not come across as intrusive. Furthermore, using the Facebook Pixel, we can track the effectiveness of Facebook adverts for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advert (known as a ‘conversion’).
Facebook processes data in accordance with its Data Use Policy. Accordingly, general information on the display of Facebook ads can be found in Facebook’s Data Use Policy: https://www.facebook.com/policy.php. Specific information and details regarding the Facebook Pixel and how it works can be found in the Facebook Help Centre.
You can object to the collection of data by the Facebook Pixel and the use of your data for the display of Facebook ads. To control the types of ads shown to you on Facebook, you can visit the page set up by Facebook and follow the instructions there regarding usage-based advertising settings: https://www.facebook.com/settings?tab=ads. These settings apply across all platforms, i.e. they are applied to all devices, such as desktop computers or mobile devices.
You can also object to the use of cookies for audience measurement and advertising purposes via the Network Advertising Initiative’s opt-out page (http://optout.networkadvertising.org/) and, additionally, the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Social media presence
We maintain an online presence on social networks and platforms in order to communicate with customers, prospective customers and users active on these platforms and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Unless otherwise stated in our Privacy Policy, we process users’ data where they communicate with us via social networks and platforms, e.g. by posting on our online presence or sending us messages.
Integration of third-party services and content
Within our online offering, we rely on our legitimate interests (i.e. our interest in the analysis, optimisation and commercial operation of our online offering within the meaning of Article 6(1)(f) of the GDPR) to incorporate content or services from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”).
This always presupposes that the third-party providers of this content collect users’ IP addresses, as they would be unable to send the content to users’ browsers without them. The IP address is therefore necessary for the display of this content. We endeavor to use only such content where the respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so called pixel tags (invisible graphics, also known as "Web Beacons") for statistical or marketing purposes. These "pixel tags" enable information, such as visitor traffic on the pages of this website, to be analysed. This pseudonymous information may also be stored in cookies on the user’s device and may include, amongst other things, technical information about the browser and operating system, referring websites, time of visit and further details regarding the use of our online service, as well as being linked to such information from other sources.
Google Fonts
We integrate fonts ("Google Fonts") provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google Maps
We integrate maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, users’ IP addresses and location data; however, this data is not collected without their consent (which is usually given via the settings on their mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Use of Facebook Social Plugins
We use, on the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and commercial operation of our online offering within the meaning of Article 6(1)(f) of the GDPR), social plugins ("plugins") from the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins may display interactive elements or content (e.g. videos, graphics or text posts) and can be recognised by one of the Facebook logos (a white ‘f’ on a blue tile, the terms ‘Like’, "Like" or a “thumbs-up” symbol) or are labeled "Facebook Social Plugin". The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user accesses a feature of this online service that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online service. In the process, user profiles may be created from the data processed. We therefore have no influence over the scope of the data that Facebook collects via this plugin and are therefore informing users in accordance with the information available to us.
By integrating the plugins, Facebook receives information that a user has accessed the relevant page of the website. If the user is logged into Facebook, Facebook can associate the visit with their Facebook account. When users interact with the plugins, for example, by clicking the ‘Like’ button or posting a comment, the relevant information is transmitted directly from their device to Facebook and stored there. Even if a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany.
The purpose and scope of data collection, as well as the further processing and use of the data by Facebook, and the relevant rights and settings options for protecting users’ privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not wish Facebook to collect data about them via this online service and link it to their membership data stored on Facebook, they must log out of Facebook and delete their cookies before using our online service. Further settings and the option to object to the use of data for advertising purposes are available within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. These settings apply across all platforms, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Our online service may incorporate features and content from Twitter, a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, content such as images, videos or text, as well as buttons that allow users to express their appreciation of the content, follow the authors of the content or subscribe to our posts. If users are members of the Twitter platform, Twitter may associate their access to the aforementioned content and features with their profiles on that platform. Twitter is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.
Our online offering may incorporate features and content from the Instagram service, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as images, videos or text, as well as buttons that allow users to express their appreciation of the content, follow the authors of the content or subscribe to our posts. If users are members of the Instagram platform, Instagram may associate their interaction with the aforementioned content and features with their profiles on that platform. Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.