PRIVACY POLICY

This Privacy Policy provides you with details concerning the nature, extent and purposes for which personal data (hereafter “Data”) are processed in relation to our online presence and the related websites, functions and content as well as on external services such as e.g. our social medial profile (hereafter referred to collectively as the “Online Presence”). For definitions of the terms used, such as e.g. “processing” or “controller”, we refer to the definitions contained in Article 4 of the General Data Protection Regulation (GDPR).

CONTROLLER

Kunststoffwerk AG Buchs
Rheinaustrasse 7
9470 Buchs
Switzerland

Phone: +41 81 750 60 30
Fax: +41 81 750 60 39
Email: info@kwbswiss.com
Website: www.kwbswiss.ch

TYPES OF DATA PROCESSED:

– general data (e.g. names, addresses).
– contact data (e.g. email address, telephone numbers).
– content data (e.g. text entered, photographs, videos).
– usage data (e.g. websites visited, interests in content, times of access).
– metadata and communication data (e.g., device information, IP addresses).

CATEGORIES OF DATA SUBJECT

Visitors to and users of the Online Presence (we shall also refer to data subjects hereafter collectively as “Users”).

PURPOSE OF PROCESSING

– provision of the Online Presence, along with its functions and content.
– answering queries and communicating with Users.
– security measures.
– measurement of reach/marketing

TERMS USED

“Personal data” means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term has a broad reach and covers practically any handling of Data.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

RELEVANT LEGAL BASES

We inform you of the legal bases for data processing by us in accordance with Article 13 GDPR. The following applies in the event that the legal basis is not specified in the Privacy Policy: The legal basis for obtaining consent is point (a) of Article 6(1) and Article 7 GDPR, the legal basis for processing in order to provide our service and for the performance of a contract and for answering enquiries is point (b) of Article 6(1) GDPR, the legal basis for processing in order to comply with our legal obligations is point (c) of Article 6(1) GDPR, and the legal basis for processing in order to uphold our legitimate interests is point (f) of Article 6(1) GDPR. The legal basis is point (d) of Article 6(1) GDPR in the event that the processing of personal data is necessary in order to protect the vital interests of the Data Subject or of another natural person.

SEUCRITY MEASURES

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk pursuant to Article 32 GDPR.

The measures include in particular ensuring the confidentiality, integrity and availability of Data by controlling physical and remote access to and the entry and disclosure of Data, and ensuring the availability and separation of Data. We have also put in place procedures in order to ensure respect for the rights of Data Subjects, data erasure and a response in the event that any Data are at risk. We also take account of the need to protect personal data when developing and selecting hardware, software and processes in accordance with the principle of data protection by design and by default (Article 25 GDPR).

COOPERATION WITH PROCESSORS AND THIRD PARTIES

Where we disclose Data to other persons and undertakings in relation to our data processing operations (Processors or third parties), transfer Data to them or otherwise grant them access to Data, this only occurs to the extent permitted by law (e.g. if the transmission of Data to third parties, such as payment service providers, is necessary in accordance with point (b) of Article 6(1) GDPR for the performance of a contract), if you have consented, if obliged to do so by law or in order to uphold our legitimate interests (e.g. when using agents, web hosts, etc.).

If we instruct a third party to process Data on the basis of a so-called “data processing contract”, this occurs on the basis of Article 28 GDPR.

TRANSFERS TO THIRD COUNTRIES

If we process Data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in relation to the usage of third party services or the disclosure or transmission of Data to third parties, this only occurs if it is done in order to comply with our (pre-)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Unless we are permitted to do so by law or under contract, we only process Data in a third country or allow Data to be processed in a third party where the specific prerequisites laid down in Article 44 et seq GDPR are met. This means that processing occurs e.g. on the basis of special guarantees, such as an officially recognised decision that the level of data protection is equivalent to that in the EU (e.g. for the USA under the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

RIGHTS OF DATA SUBJECTS

You have the right to obtain confirmation as to whether or not personal data are being processed and to access these Data in addition to further information and copies of the Data in accordance with Article 15 GDPR.

You have the right according to Article 16 GDPR to have incomplete personal data concerning you completed or to obtain the rectification of inaccurate personal data concerning you.

You have the right according to Article 17 GDPR to obtain the erasure of personal data without undue delay, or alternatively according to Article 18 GDPR to obtain the restriction of processing.

You have the right to receive the personal data concerning you that you have provided to us in accordance with Article 20 GDPR and to transmit those Data to another controller.

You also have the right according to Article 77 GDPR to lodge a complaint with the competent supervisory authority.

RIGHT TO WITHDRAW CONSENT

You have the right to withdraw any previously granted consent in accordance with Article 7(3) GDPR with future effect.

RIGHT TO OBJECT

You can object at any time to the processing in future of any personal data concerning you in accordance with Article 21 GDPR. The objection may concern in particular processing for the purposes of direct marketing.

COOKIES AND RIGHT TO OBJECT TO DIRECT MARKETING

The term “cookies” means small files that are stored on User’s computers. Various information may be stored within cookies. A cookie is intended primarily to store information relating to a User (or the device on which the cookie is stored) during or also after his or her visit to an online presence. Temporary, “session” or “transient” cookies mean cookies that are erased when the User leaves an online presence and closes his or her browser. Such cookies can store for example the content of a basket in an online shop or login status. “Permanent” or “persistent” cookies mean cookies that remain stored also after the browser is closed. This makes it possible for instance to save a login status if the User returns after several days. Cookies of this type can also store the User’s interests, which may be used in order to measure reach or for marketing purposes. “Third party cookies” mean cookies offered by providers other than the Controller operating the Online Presence (otherwise, if the cookies are operated by the Controller, they are referred to as “first party cookies”).

We can use temporary and permanent cookies and provide clarification concerning this within our Privacy Policy.

If the User does not wish cookies to be saved on his or her computer, he or she is invited to disable the relevant option in the browser’s system settings. Any cookies that have been stored may be deleted through the browser’s system settings. If cookies are disabled this may impair the proper functioning of this Online Presence.

It is possible to object in general to the usage of cookies stored for the purposes of online marketing using a variety of services, in particular in relation to tracking cookies through the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. In addition, it is possible to delete cookies by disabling them within the browser settings. Please note that, if this is done, it may not be possible to use all functions of this Online Presence.

DATA ERASURE

The Data processed by us may be erased or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly specified in this Privacy Policy, the Data stored by us will be erased once the processing thereof is no longer necessary for the intended purpose, unless erasure is not possible on account of statutory retention requirements. If Data are not erased because they are necessary for other purposes permitted by law, their processing will be restricted. This means that the Data will be blocked and will not be processed for other purposes. This applies for instance for Data that must be retained under commercial or tax law.

According to statutory requirements in Germany, a specific 10-year retention period applies pursuant to § 147(1) of the German Tax Code, and § 257(1) nos. 1 and 4 and (4) of the German Commercial Code (books, records, status reports, accounting documents, trading books, documentation relevant for tax purposes, etc.), whilst a 6-year period applies pursuant to § 257(1) nos. 2 and 3 and (4) of the German Commercial Code (commercial letters).

According to statutory requirements in Austria, a 7-year retention period applies pursuant to § 132(1) of the Austrian Federal Tax Code (accounting documentation, documents/invoices, accounts, documents, business papers, list of revenue and expenditure, etc.), a 22-year period in relation to real property and a 10-year period in relation to services provided electronically and telecommunications, radio and television services provided to consumers in EU Member States for which a mini one stop shop (MOSS) is used.

PROCESSING IN RELATION TO TRANSACTIONS

We also process the
– contractual data (e.g., contractual object, term, customer category).
– payment data (e.g., bank details, payment history)
of our actual customers, prospective customers and business partners for the purpose of contractual performance, providing services, customer care, marketing, advertising and market research.

ORDER PROCESSING WITHIN THE ONLINE SHOP AND CUSTOMER ACCOUNT

We process our customers’ Data in relation to orders placed in our online shop in order to enable them to select and order the products and services selected, and also in order to enable these to be paid for and provided or carried out.

The Data processed include general data, communication data, contractual data, payment data, and Data Subjects for the purposes of such processing include our actual customers, prospective customers and other business partners. Processing occurs for the purpose of the performance of a contract in relation to the operation of an online shop, billing, delivery and customer services. For this purpose we use session cookies in order to save the content of the basket and permanent cookies in order to save login status.

Processing occurs on the basis of point (b) (order completion) and point (c) (archival required by law) of Article 6(1) GDPR. Any information marked as mandatory as part of this process must be provided for the conclusion and performance of the contract. We only disclose Data to third parties in relation to shipping and payment or, where permitted or obliged to do so by law, to legal advisors and the authorities. Data are only processed in third countries if necessary for the performance of a contract (e.g. if requested by the customer in relation to shipping or payment).

Users can create a User account should they wish, which they can use in particular to view their orders. Users are informed of the mandatory information required when registering. User accounts are not public and cannot be indexed by search engines. Should a User wish to cancel his or her User account, his or her Data will be erased from the User account, unless the retention thereof is required under commercial or tax law according to point (c) of Article 6(1) GDPR. The information contained within the User account will be retained until it is closed, and thereafter archived if required by law. It is the responsibility of Users to back up their Data prior to termination of the contract in the event of cancellation.

We save the IP address and the time of the relevant operations carried out by Users during registration and whenever our online services are subsequently accessed or used. These Data are stored on the basis of our legitimate interests as well as Users’ interest in protection against misuse and other unauthorised usage. Such Data are not generally provided to third parties unless necessary for the enforcement of our claims or if required by law in accordance with point (c) of Article 6(1) GDPR.

Erasure occurs upon expiry of any statutory warranty or similar duties, and the requirement for data retention is reviewed every three years; if a statutory requirement of archival applies, erasure occurs upon the expiry thereof (end of the duty of retention under commercial law (6 years) and tax law (10 years)).

PERFORMANCE OF A CONTRACT

We process the Data of our contractual partners and prospective customers and other purchasers, customers, principals, clients or contractual partners (referred to collectively as “Contractual Partners”) in accordance with point (b) of Article 6(1) GDPR for the performance of a contract with them or to take steps prior to entering into a contract. The Data processed in this regard, along with the nature, extent and purpose of and the need for the processing thereof, are determined in accordance with the underlying contractual relationship.

The Data processed include the master data of our Contractual Partners (e.g., names and addresses), contact data (e.g. email addresses and telephone numbers) and contractual data (e.g., services received, contractual content, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).

We do not in principle process special categories of personal data unless this forms part of any processing that is commissioned or required under contract.

We process Data that are necessary for the establishment and performance of a contract and will inform Contractual Partners if such Data are required where this is not evident for them. Data will only be disclosed to external persons or undertakings if necessary in relation to a contract. When processing the Data provided to us in relation to an order we act in accordance with the instructions of the purchaser in addition to statutory requirements.

We may save the IP address and the time of the relevant operations carried out by Users whenever our online services are used. These Data are stored on the basis of our legitimate interests as well as Users’ interest in protection against misuse and other unauthorised usage. Such Data are not generally provided to third parties unless necessary for the enforcement of our claims in accordance with point (f) of Article 6(1) GDPR or if required by law in accordance with point (c) of Article 6(1) GDPR.

Data are erased if the Data are no longer required for the performance of a contract, in accordance with statutory duties of care or in order to handle any warranty or comparable duties, and the necessity of retaining Data is reviewed every three years; statutory retention requirements also apply.

EXTERNAL PAYMENT SERVICE PROVDIERS

We use external payment providers, through the platforms of which Users and ourselves may conclude payment transactions (e.g., along with a link to the relevant privacy policy, Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/en/footer/privacypolicy/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)

We use payment service providers in relation to the performance of contracts on the basis of point (b) of Article 6(1) GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with point (f) of Article 6(1) GDPR in order to offer Users effective and secure payment options.

Data processed by payment service providers include general data such as e.g. name and address, bank data such as e.g. account numbers or credit card numbers, passwords, TANs and check numbers as well as information relating to contracts, amounts and recipients. Such information is necessary in order to implement transactions. However, any Data entered will only be processed and stored by the payment service providers. This means that we do not receive any information relating to accounts or credit cards, but rather only information as to whether payment has been confirmed or declined. Under certain circumstances Data may be transmitted by payment service providers to credit agencies. Such transmission occurs for the purpose of checking identity and creditworthiness. For further information regarding this matter please refer to the general terms and conditions and privacy policies of the payment service providers.

Payment transactions are subject to the terms and conditions of business and privacy policies of the relevant payment service providers, which are available for download on the relevant website or transaction applications. Please also refer to these for further information and in order to exercise any rights to revocation and access or other rights of Data Subjects.

ADMINISTRATION, FINANCIAL ACCOUNTING OFFICE ORGANISATION, MANAGEMENT OF CONTACT

We process Data in relation to our administrative tasks and for the purpose of organising our business, financial accounting and compliance with statutory duties, such as e.g. archival. When doing so we process the same Data that we process when providing our contractual service. The bases for such processing are point (c) of Article 6(1) GDPR and point (f) of Article 6(1) GDPR. The Data Subjects for such processing are actual customers, prospective customers, business partners and visitors to the website. The purpose of and our interest in processing Data consists in administration, financial accounting, office organisation and data archival, that is tasks necessary in order to maintain our business operations, to comply with our tasks and to provide our services. Data will be erased in relation to the performance of contracts and contractual communication having regard to the tasks specified for such processing activities.

When performing these tasks, we disclose or transmit Data to the tax authorities, advisors such as e.g. tax advisors or auditors as well as other fee levying bodies and payment service providers.

In addition, we store information concerning suppliers, event organisers and other business partners, e.g. for the purpose of subsequent contact, on the basis of our commercial interests. As a general rule, we store these Data, which are mostly commercial in nature, on an open-ended basis.

COMMERCIAL ANALYSES AND MARKET RESEARCH

In order to conduct our business profitably, to be able to recognise market trends and the wishes of Contractual Partners and Users, we analyse the Data available to us concerning business processes, contracts, enquiries, etc. In this regard we process general data, communication data, contractual data, payment data, data relating to usage and metadata on the basis of point (f) of Article 6(1) GDPR, and the Data Subjects include Contractual Partners, prospective customers, actual customers as well as visitors to and Users of our Online Presence.

The analyses are carried out for the purpose of commercial assessment, marketing and market research. When doing so we may examine the profiles of registered Users along with information, for instance concerning the services received. We require the analyses in order to enhance user friendliness, to optimise our Online Presence and to ensure value for money. The analyses are intended for us only and are not disclosed externally, with the exception of anonymous analyses incorporating composite figures.

If these analyses or profiles relate to specific persons, they will be erased or anonymised upon cancellation by the User, or otherwise two years after conclusion of the contract. In addition, general business analyses and general studies establishing tendencies are drawn up where possible anonymously.

REGISTRATION FUNCTION

Users can create a User account. Users are informed of the mandatory information required when registering, which are processed on the basis of point (b) of Article 6(1) GDPR for the purpose of creating the User account. The Data processed include in particular login information (name, password and an email address). The Data entered upon registration are used for the purpose of usage of a User account and the purpose thereof.

Users may be informed by email concerning any information that is relevant for their User accounts, such as e.g. technical changes. If a User closes his or her User account, the Data relating to the User account will be erased, unless a statutory retention requirement applies. It is the responsibility of Users to back up their Data prior to termination of the contract in the event of cancellation. We are entitled to erase irretrievably all Data of the User that is stored during the term of the contract.

We save the IP address and the time of the relevant operations carried out by Users when using our registration and login functions and when using the User account. These Data are stored on the basis of our legitimate interests as well as Users’ interest in protection against misuse and other unauthorised usage. Such Data are not generally provided to third parties unless necessary for the enforcement of our claims or if required by law in accordance with point (c) of Article 6(1) GDPR. IP addresses are anonymised or erased after at most 7 days.

COMMENTS AND CONTRIBUTIONS

If Users post comments or other contributions, their IP addresses may be saved for 7 days on the basis of our legitimate interests in accordance with point (f) of Article 6(1) GDPR. This is done in order to protect our own interests in the event that any person posts unlawful comments or contributions (insults, prohibited political propaganda, etc.). In such cases we may incur liability ourselves for the comment or contribution and are thus interested in knowing the identity of the author.

In addition, we reserve the right to process information relating to the User for the purpose of recognising spam on the basis of our legitimate interests in accordance with point (f) of Article 6(1) GDPR.

Acting on the same legal basis, in relation to surveys we reserve the right to store User’s IP addresses and to use cookies for the duration thereof in order to prevent multiple submissions.

The Data provided in relation to comments and contributions are stored by us on an open-ended basis unless and until the User objects.

AKISMET ANTI-SPAM SCAN

Our Online Presence uses the “Akismet” service offered by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This usage occurs on the basis of our legitimate interests in accordance with point (f) of Article 6(1) GDPR. This service can help to distinguish between comments left by genuine people and spam comments. For this purpose, all comments are sent to a server in the USA, where they are analysed and stored for comparison purposes for a period of four days. If a comment is classified as spam, the Data will be stored for a longer period. These Data include in the name entered, the email address, the IP address, the content of the comment, the referrer, information concerning the browser and operating system used as well as the time of the entry.

Further information concerning the collection and usage of Data by Akismet may be found in the Privacy Policy of Automattic: https://automattic.com/privacy/.

Users are welcome to use pseudonyms or to refrain from entering their name or email address. They may prevent the transmission of Data entirely by refraining from usage of the comment function. That would be a pity, although unfortunately we do not otherwise see any alternatives that would work as effectively.

 

RETRIEVAL OF PROFILE PICTURES FROM GRAVATAR

We use the Gravatar service of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA within our Online Presence, including in particular the blog.

Gravatar is a service through which Users can register and lodge profile pictures along with their email addresses. If Users leave contributions or comments using the relevant email addresses on other online presences (in particular in blogs), their profile pictures may thus be displayed alongside the contributions or comments. For this purpose, the email address provided by the User is transmitted to Gravatar in order to examine whether a profile has been saved with it. This is the only purpose for which the email address is transmitted and it is not used for any other purposes, and is erased thereafter.

Gravatar is used on the basis of our legitimate interests in accordance with point (f) of Article 6(1) GDPR as we offer the authors of comments and contributions the opportunity to personalise their contributions with a profile image with the assistance of Gravatar.

By showing the pictures Gravatar becomes aware of the User’s IP address, as this is necessary for communication between a browser and an online service. Further information concerning the collection and usage of Data by Gravatar may be found in the Privacy Policy of Automattic: https://automattic.com/privacy/.

If Users do not wish a user image associated with their email address by Gravatar to appear in the comments, they should not use the email address registered with Gravatar in order to comment. Please also note that it is also possible to post comment anonymously or without leaving any email address if the User does not wish his or her own email address to be sent to Gravatar. Users may prevent the transmission of Data entirely by refraining from usage of the comment function.

CONTACT

When contacting us (e.g. using the contact form, by email or telephone or via social media), the User’s information is processed in order to examine and resolve the enquiry in accordance with point (b) of Article 6(1) (in relation to the performance of a contract/steps taken prior to entering into a contract) or point (f) of Article 6(1) (other enquiries) GDPR. The User’s information may be saved in a customer relationship management system (“CRM system”) or comparable enquiry management systems.

We erase enquiries once they are no longer required. We examine whether it is necessary to do so every two years; in addition, statutory archival requirements also apply.

NEWSLETTER

We inform you below concerning the content of our newsletter and the process used for registration, dispatch and statistical assessment as well as your rights to object. By signing up for the newsletter, you consent to receiving it and to the process described.

Content of the newsletter: we only send newsletters, emails and other electronic messages containing marketing information (hereafter, the “Newsletter”) with the consent of the recipient or if permitted to do so by law. If the Newsletter content is specifically described when signing up, this description is sufficient for consent by the User. In addition, our Newsletters contain information concerning our services and about us.

Double opt-in and recording: our Newsletter may be signed up to according to a so-called double opt-in procedure. This means that, after signing up, you receive an email in which you are invited to confirm your registration. This confirmation is necessary in order to ensure that nobody can sign up with another person’s email address. Registrations for the Newsletter are recorded in order to be able to demonstrate that the registration process has been conducted in accordance with legal requirements. As part of this process, the time of registration and confirmation is saved along with the IP address. In addition, any changes to your Data saved are recorded by the service used to send the Newsletter.

Registration data: in order to sign up for the Data, it is sufficient if you provide us with your email address. We also ask for a name on an optional basis in order to be able to address the Newsletter personally.

Dispatch of the Newsletter and the related assessment of its success occur on the basis of the recipient’s consent in accordance with point (a) of Article 6(1) and Article 7 GDPR in conjunction with § 7(2) no. 3 of the German Act against Unfair Competition [UWG] or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with point (f) of Article 6(1) GDPR in conjunction with § 7(3) UWG.

The registration process is recorded on the basis of our legitimate interests in accordance with point (f) of Article 6(1) GDPR. Our interest consists in the usage of a user-friendly and secure Newsletter system, which both serves our commercial interest and also meets with Users’ expectations, and which also ensures that we have proof of consent.

Cancellation/withdrawal of consent – you can cancel our Newsletter at any time, i.e. withdraw your consent. A link in order to cancel the Newsletter may be found at the end of each Newsletter. We may store cancelled email addresses for up to three years on the basis of our legitimate interests before erasing them in order to be able to document any consent previously provided. Processing of such Data is limited to the purpose of the defence of legal claims. An individual erasure request may be made at any time, provided that the former existence of consent is confirmed.

HOSTING AND EMAIL TRANSMISSION

The hosting service used by us is intended for the provision of the following services: infrastructure and platform services, computation capacity, storage space and database services, email transmission, backup services and technical maintenance services, which we use for the purpose of operating this Online Presence.

In this regard either we or our hosting provider process(es) general data, contact data, content data, contractual data, data relating to usage, metadata and communication data for actual customers, prospective customers and visitors to this Online Presence on the basis of our legitimate interests in the efficient and secure provision of this Online Presence in accordance with point (f) of Article 6(1) GDPR in conjunction with Article 28 GDPR (conclusion of a processing agreement).

COLLECTION OF ACCESS DATA AND LOG FILES

Either we or our hosting provider collect(s) Data concerning any access to the server on which this service is operated (so-called server log files) on the basis of our legitimate interests in accordance with point (f) of Article 6(1) GDPR. Access data include the name of the website accessed, the file, the date and time of access, the quantity of Data transferred, a report as to whether access was successful, the browser type and version, the User’s operating system, the referrer URL (the website previously visited), the IP address and the requesting provider.

Log file information is stored for a maximum period of 7 days for security reasons (e.g. in order to clarify misuse or fraud) and thereafter erased. Data that must be retained for a longer period as evidence are exempted from erasure until the relevant incident has been definitively clarified.

GOOGLE TAG MANAGER

Google Tag Manager is a solution that enables us to manage so-called website tags on a page (and thereby for instance incorporate Google Analytics and other Google marketing services into our Online Presence). Tag Manager (which implements the tags) does not itself process any personal data of Users. Please refer to the following information concerning Google services for information concerning the processing of Users’ personal data. Use Policy: https://www.google.co.uk/analytics/tag-manager/use-policy.html.

GOOGLE ANALYTICS

We use Google Analytics, a web analysis service of Google LLC (“Google”), on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and business operation of our Online Presence in accordance with point (f) of Article 6(1) GDPR). Google uses cookies. The information generated by the cookie concerning usage of the Online Presence by Users is as a rule transferred to a Google server in the USA and stored at that location.

Google is certified under the Privacy Shield Agreement and on this basis offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf in order to assess usage of our Online Presence by Users, in order to compile reports concerning activities within this Online Presence and in order to provide us with further services related to usage of this Online Presence and of the internet. As part of this process, pseudonymised usage profiles of Users may be generated from the Data processed.

We only use Google Analytics with IP anonymisation enabled. This means that User’s IP addresses are abbreviated by Google within a Member State of the European Union or in another contracting state to the Agreement on the European Economic Area. The IP address is only transmitted to the Google server in the USA and abbreviated at that location in exceptional cases.

The IP address transmitted by the User’s browser is not cross-referenced with other Data held by Google. Users may prevent cookies from being saved through the appropriate settings on their browser software; Users can also prevent the transmission to Google of the Data generated by the cookie in relation to their usage of the Online Presence along with the processing of such Data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find further information concerning the usage of Data by Google along with options relating to settings and the withdrawal of consent in the Google Privacy Policy (https://policies.google.com/technologies/ads) and in the settings for the presentation of embedded advertising by Google (https://adssettings.google.com/authenticated).

The User’s personal data will be erased or anonymised after 14 months.

Please click on this link in order to prevent Google Analytics from collecting any Data relating to you on this website in future. In order for this to be effective, an opt-out cookie will be stored on your end device. If you erase your cookies, you will have to click on this link again.

GOOGLE UNIVERSAL ANALYTICS

We use Google Analytics in the “Universal Analytics” configuration.  “Universal Analytics” means a Google Analytics process under which usage is analysed on the basis of a pseudonymised user ID, thereby generating a pseudonymised User profile with information obtained from the usage of various devices (so-called “cross device tracking“).

TARGET GROUP FORMATION WITH GOOGLE ANALYTICS

We use Google Analytics in order to display the adverts placed by us within the advertising service of Google and its partners to Users who have also expressed an interest in our Online Presence or who have particular characteristics (e.g. interests in particular issues or products established on the basis of the websites visited), which we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). We can also use remarketing audiences in order to ensure that our adverts are consistent with the potential interests of Users.

FACEBOOK PIXEL, CUSTOM AUDIENCES AND FACEBOOK CONVERSION

As part of our Online Presence, “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used on the basis of our legitimate interests in the analysis, optimisation and business operation of our Online Presence and for these purposes.

Facebook is certified under the Privacy Shield Agreement and on this basis offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

By using Facebook Pixel, Facebook is able first to identify visitors to our Online Presence as a target group for the display of adverts (so-called “Facebook ads”). We accordingly use Facebook Pixel in order to display the Facebook ads placed by us to Facebook users who have also expressed an interest in our Online Presence or who have particular characteristics (e.g. interests in particular issues or products established on the basis of the websites visited), which we transmit to Facebook (so-called “customer audiences”). We can also use Facebook Pixel in order to ensure that our Facebook ads are consistent with the potential interests of Users and do not have the effect of annoying them. We can also use Facebook Pixel in order to establish the efficacy of Facebook ads for statistical and market research purposes by ascertaining whether Users are directed to our website after clicking on a Facebook ad (so-called “conversion“).

Data are processed by Facebook in accordance with Facebook’s Data Policy. Accordingly, general information concerning the display of Facebook ads may be found in the Facebook Data Policy: https://www.facebook.com/policy. Special information and details concerning Facebook Pixel and the way in which it functions may be found in the “help” section of Facebook: https://www.facebook.com/business/help/651294705016616.

You can object to the collection and usage of your Data by Facebook Pixel in order to display Facebook ads. In order to determine which type of adverts are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions provided there to adjust the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are applicable at platform level, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You can also object to the usage of cookies used to measure reach or for advertising purposes through the opt out page of the network advertising initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website  (http://www.youronlinechoices.com/uk/your-ad-choices/).

ONLINE PRSENCES ON SOCIAL MEDIA

We operate online presences on social networks and platforms in order to communicate with actual customers, prospective customers and Users who are active on these and to be able to inform them on those networks and platforms about our services.

Please note that the Data of Users may be processed outside the European Union on such occasions. This may result in a risk for Users as it may for instance make it more difficult for Users to exercise their rights. Please note in relation to US providers that are certified under the Privacy Shield that they thereby undertake to comply with EU data protection standards.

In addition, the Data of Users are as a rule processed for market research and advertising purposes. This means that for instance usage profiles may be created on the basis of Users’ usage patterns and the resulting interests. Usage profiles may in turn be used in order e.g. to display adverts both inside and outside the platform that are presumed to reflect Users’ interests. For these purposes cookies are as a rule saved on Users’ computers, which store the usage patterns and interests of Users. In addition, Data may be stored in usage profiles irrespective of the devices used by Users (in particular if the User has joined the relevant platforms and is logged in to them).

The personal data of Users are processed on the basis of our legitimate interests in providing effective information to Users and communicating with Users in accordance with point (f) of Article 6(1) GDPR. If the Users are asked by the relevant providers to consent to data processing (i.e. to state their acceptance e.g. by flagging a check box or clicking on a button) the basis for processing is point (a) of Article 6(1) and Article 7 GDPR.

Please refer to the information linked below from the providers for detailed information concerning their respective processing and the possibility of opting out.

Please note that access requests may be most effectively made and User rights may be most effectively exercised directly with the providers. Only the providers have access to the Users’ Data and are able to take the appropriate action and provide information. You can naturally contact us should you nonetheless require assistance.

– Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Data Policy: https://www.facebook.com/about/privacy/, Opt Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

– Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy Policy:  https://policies.google.com/privacy, Opt Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

– Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy / Opt Out: http://instagram.com/about/legal/privacy/.

– Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/privacy, Opt Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

– Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy / Opt Out: https://about.pinterest.com/de/privacy-policy.

– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy https://www.linkedin.com/legal/privacy-policy , Opt Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

– Xing (XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany) – Privacy Policy / Opt Out: https://privacy.xing.com/en/privacy-policy.

INCORPORATION OF THIRD PARTY SERVICS AND CONTENT

We use content or services offered by third parties within our Online Presence on the basis of our legitimate interests (i.e. interests in the analysis, optimisation and business operation of our Online Presence in accordance with point (f) of Article 6(1) GDPR) in order to incorporate their content and services, such as e.g. videos or fonts (hereafter referred to collectively as “Content”).

This requires under all circumstances that the third party provider of this Content is aware of the User’s IP address, as it is unable to send Content to their browsers without the IP address. The IP address is therefore essential in order for this Content to be displayed. We endeavour to use exclusively Content the providers of which only use IP addresses for the purpose of sending the Content. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” enable information such as visitor traffic to the pages of this website to be assessed. The pseudonymised information may also be stored in cookies on the User’s device and may contain inter alia other technical information concerning the browser and the operating system, referrer websites, the time of the visit and other information relating to the usage of our Online Presence, and may also be cross-referenced with similar information from other sources.

GOOGLE FONTS

We incorporate fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt Out: https://adssettings.google.com/authenticated.

GOOGLE MAPS

We incorporate maps from the service “Google Maps” from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The Data processed may include in particular the User’s IP address and location data, which are however not collected without his or her consent (provided as a rule through the mobile device settings). Such Data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt Out: https://adssettings.google.com/authenticated.

USAGE OF FACEBOOK SOCIAL PLUGINS

We use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) on the basis of our legitimate interests (i.e. interests in the analysis, optimisation and business operation of our Online Presence in accordance with point (f) of Article 6(1) GDPR).
This may include e.g. Content such as images, videos or text and buttons by which the User can share Content on this Online Presence within Facebook. The list and appearance of Facebook social plugins may be consulted here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement and on this basis offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

If a User accesses a function of this Online Presence that includes a social plugin, his or her device will establish a direct link with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the User’s device and incorporated by that device into the Online Presence. As part of this process, usage profiles of Users may be generated from the Data processed. We therefore do not have any influence over the extent of the Data that Facebook collects with the assistance of this plugin and thus provide information to the User in line with the information available to us.

By incorporating the plugin Facebook receives the information that a User has accessed the corresponding page of the Online Presence. If the User is logged in to Facebook, Facebook may allocate the visit to his or her Facebook account. If Users interact with plugins, for example by clicking on the Like button or leaving a comment, the corresponding information will be transmitted by their device directly to Facebook and saved by Facebook. If a User is not a member of Facebook, it is nonetheless possible that Facebook may identify and store his or her IP address. According to Facebook, IP addresses are only stored in anonymised form in Germany.

The purpose and extent of Data collection and the further processing and usage of Data by Facebook along with the respective rights and settings options in order to protect User privacy may be obtained from the Facebook Data Policy: https://www.facebook.com/about/privacy/.

If a User is a member of Facebook and does not wish Facebook to collect information concerning him or her through this Online Presence and to associate such Data with his or her member Data stored with Facebook, he or she must log out of Facebook and erase cookies before using our Online Presence. Further settings including the option to opt out from the usage of Data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads  or through the US page http://www.aboutads.info/choices/  or the EU page http://www.youronlinechoices.com/. The settings are applicable at platform level, i.e. they are applied to all devices, such as desktop computers or mobile devices.

SHARIFF SHARING FUNCTIONS

We use privacy-secure “Shariff” buttons. “Shariff” was developed in order to enable greater online privacy and to replace the usual “share” buttons of social networks. In this case it is not the User’s browser but rather the server on which this online service is operated that connects to the server of the relevant social media platform and enquiries concerning e.g. the number of Likes, etc. The User remains anonymous as part of this process. Further information concerning the Shariff Project may be found from the developers of the magazine c’t: www.ct.de.