Privacy Statement

Privacy Statement

We are very pleased about your interest in our company. Data privacy has particularly high importance for the Management Board of esc mediagroup GmbH. As a general rule, it is possible to use the esc mediagroup GmbH website without disclosing any personal data. If a data subject would like to use specific services of our company through our website, however, processing of personal data may become necessary. If the processing of personal data is necessary and if no legal foundation exists for such processing, we will generally obtain consent from the data subject.

The processing of personal data, for example, the name, address, e-mail address or telephone number of a data subject, always occurs in line with the General Data Protection Regulation and in accordance with the valid country-specific privacy policies for esc mediagroup GmbH. With this privacy policy, our company intends to inform the public about the nature, scope and purpose of the personal data, which are collected, used and processed by us. Furthermore, data subjects are informed about the rights to which they are entitled by means of this privacy policy.

esc mediagroup GmbH has implemented numerous technical and organisational measures for processing, in order to ensure the most gap-free protection possible for the personal data processed via this website. Nevertheless, in principle, Internet-based data transfers may have security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to also send personal data to us using alternative methods, such as by telephone.

  1. Definitions of terms

The privacy policy of esc mediagroup GmbH is based on the definitions which were used by the European issuer of directives and regulations when the General Data Protection Regulation (GDPR) was issued. Our privacy policy should be easily readable and understandable for the public, as well as for our customers and business partners. In order to guarantee this, we would first like to explain the definitions used.

Among others, we use the following definitions in this privacy policy:

  • a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • b) Data subject

A data subject is any identified or identifiable natural person, whose data are processed by the data controller.

  • c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

  • d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

  • e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

  • f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

  • g) Controller or data controller

Controller or data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  • h) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  • i) Recipient

Recipient is a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

  • j) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

  • k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  1. Name and address of the data controller

The controller, within the meaning of the General Data Protection Regulation, other valid data protection laws in the Member States of the European Union and other provisions with a data-protection-law character, is:

esc mediagroup GmbH

Josef-Felder-Straße 53 / 3.OG

81241 Munich

Germany

Website: www.escmediagroup.de/en/imprint/

  1. Contact details about the Data Protection Officer:

A data subject may contact our Data Protection Officer at any time with all questions and suggestions relating to data privacy

by e-mail to: datenschutz@escmediagroup.de

  1. Cookies

The esc mediagroup GmbH website uses cookies. Cookies are text files, which are filed and saved on a computer system via an Internet browser.

Many websites and servers use cookies. Many cookies contain a so-called Cookie ID. A Cookie ID is a unique identifier of the cookie. It is comprised of a string of characters that websites and servers associate with the browser on which the cookie is stored. This allows the visited websites and servers to distinguish the data subject’s individual browser from other Internet browsers that contain different cookies. A specific Internet browser can be recognised by its unique Cookie ID.

Cookies allow esc mediagroup GmbH to provide the user of this website with more user-friendly services, which would not be possible without setting cookies.

With a cookie, the information and offers on our website can be optimised in the interest of the user. As already mentioned, cookies allow us to recognise the users of our website. The purpose of this recognition is to simplify the use of our website for the users. For example, the users of a website, which uses cookies, does not need to enter his or her access data each time he or she visits the website, because this is taken from the website and the cookie filed on the user’s computer system. Another example is the cookie of a shopping basket in an online shop. The online shop remembers the item, which a customer has placed in the virtual shopping basket, through a cookie.

The data subject can prevent the setting of cookies by our website at any time using an appropriate setting of the Internet browser and thereby permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted using an Internet browser or other software programs. This is possible in all of the commonly-used Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, under certain circumstances, not all functions of our website will be fully usable.

  1. Collection of general data and information

Each time the website is accessed by a data subject or an automated system, the esc mediagroup GmbH website collects a series of general data and information. These general data and information are stored in the logfiles of the server. The (1) browser types and versions, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites, which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet Service Provider of the accessing system and (8) other similar data and information can be collected, which have the purpose of averting hazards in the case of attacks on our information technology systems.

When using these general data and information, esc mediagroup GmbH does not draw any conclusions about the data subject. In fact, this information is required in order to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the advertising for these, (3) guarantee the permanent functionality of our information technology systems and the technology of our website and (4) provide criminal prosecution authorities with necessary information in the event of a cyber-attack. These anonymously collected data and information are therefore evaluated by esc mediagroup GmbH for statistical purposes, on the one hand, and on the other hand, to increase data privacy and data security, in order to ultimately guarantee an optimum protection level for the personal data, which we process. The anonymous data of the server logfiles are stored separately from all of the personal data provided by a data subject.

  1. Registration on our website

The data subject has the opportunity to register on the data controller’s website by providing personal data. Which personal data are sent to the data controller for processing are shown in the respective input mask, which is used for the registration. The personal data entered by the data subject are exclusively collected and stored for internal use by the data controller and for its own purposes. The data controller can authorise disclosure to one or several processors, for example, a parcel service provider, who also uses the personal data exclusively for internal purposes, which are attributable to the data controller.

By registering on the data controller’s website, the IP address allocated by the Internet Service Provider (ISP) to the data subject, the data and time of the registration are also collected. The storage of these data occurs in light of the fact that the misuse of our services can only be prevented in this way, and these data enable committed crimes to be solved. In this respect, the storage of these data serves as security for the data controller. Disclosure of these data to third parties does not occur, as a general rule, unless a statutory duty exists for disclosure or the disclosure is required for criminal prosecution.

The registration of the data subjects, with the voluntary submission of personal data serves the purpose of allowing the data controller to offer the data subject contents or services, which can only be offered to registered users, due to the nature of the items. Registered persons have the opportunity to modify the personal data provided during registration at any time or have it completely deleted from the data controller’s database.

The data controller shall grant every data subject information upon request at any time about which personal data are stored regarding the data subject. Furthermore, the data controller shall correct or delete personal data upon request or notification by the data subject, unless it is contrary to any statutory retention duties. All of the data controller’s employees are available to the data subject as a contact in this regard.

  1. Subscription to our newsletter

On the esc mediagroup GmbH website, the users are given the opportunity to subscribe to our company newsletter. Which personal data are sent to the data controller during the course of ordering the newsletter are shown in the input mask used for this purpose.

In the newsletter, esc mediagroup GmbH informs its customers and business partners at regular intervals about offers, news and company information.
As a general rule, our company’s newsletter can only be received by the data subject, if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation e-mail is sent to the e-mail address entered by the data subject for the first time for dispatch of the newsletter, using the double-opt-in procedure. This confirmation e-mail has the purpose of checking whether the owner of the e-mail address has authorised the receipt of the newsletter, as the data subject.

When subscribing to the newsletter, we also store the IP address allocated by the Internet Service Provider (ISP) of the data subject whose computer system was used at the time of the subscription, as well as the date and time of the subscription. The collection of these data is required, in order to trace the (possible) misuse of a data subject’s e-mail address at a later time and is therefore for the data controller’s legal security.

Personal data, which are collected within the context of registering for the newsletter, are exclusively used for sending our newsletter. Furthermore, subscribers to the newsletter can be informed by e-mail, if this is necessary for operating the newsletter service or a relevant registration, which may be the case in the event of changes to the newsletter service or a change to the technical circumstances. No disclosure takes place of personal data to third parties, which are collected within the context of the newsletter service. The subscription to our newsletter may be cancelled by the data subject at any time. The consent to the storage of personal data, which the data subject has granted to us for sending the newsletter, may be revoked at any time. A corresponding link is available in each newsletter for the purpose of revoking the consent. Furthermore, the opportunity is also available to cancel the dispatch of the newsletter at any time directly on the data controller’s website or to notify the data controller in another manner.

  1. Newsletter tracking

The esc mediagroup GmbH newsletters contain so-called tracking pixels. A counting pixel is a miniature graphic that is embedded in e-mails, which are sent in HTML format, in order to enable a logfile record and a logfile analysis. As a result of this, a statistical evaluation of the success or failure of online marketing campaigns can be performed. On the basis of the embedded counting pixel, esc mediagroup GmbH can identify whether and when an e-mail has been opened by a data subject and which links contained in the e-mail were accessed by the data subject.

Such personal data, which are collected through the counting pixels contained in the newsletters, are stored and evaluated by the data controller on the basis of legitimate interests, in order to optimise the newsletter dispatch and adapt the content of future newsletters even better to the interests of the data subject. These personal data are not disclosed to third parties. Data subjects are entitled to revoke the declaration of consent, which has been submitted in this respect, using the double-opt-in procedure at any time. After a revocation, these personal data are deleted by the data controller. esc mediagroup GmbH automatically interprets a cancellation from receiving the newsletter as a revocation.

  1. Contact opportunity via the website

On the basis of statutory provisions, the esc mediagroup GmbH website contains details, which allow contact to be made with our company quickly electronically, as well as direct communication with us, which also includes the general address of the so-called electronic mail (e-mail address). If a data subject establishes contact with the data controller by e-mail or via a contact form, the personal data sent by the data subject will automatically be stored. Such personal data, which are provided on a voluntary basis by the data subject to the data controller, will be stored for the purpose of processing or establishing contact with the data subject. These personal data are not disclosed to third parties.

  1. Comment function in the blog on the website

On a blog, which is on the data controller’s website, esc mediagroup GmbH offers the users the opportunity to leave individual comments about individual blog articles. A blog is a portal that can usually be viewed publicly on a website, in which one or more people, who are called bloggers or web bloggers, post articles or write down thoughts in so-called blog posts. As a rule, the blog posts can be commented on by third parties.

If a data subject leaves a comment in the blog published on this website, in addition to the comments left by the data subject, details are also stored and published about the time of entering the comment and the user name (pseudonym) chosen by the data subject. Furthermore, the IP address allocated by the Internet Service Provider (ISP) of the data subject will also be logged. This storage of the IP address takes place for security reasons and in the event that the data subject violates the rights of third parties with a posted comment or posts unlawful contents. The storage of these personal data therefore occurs in the data controller’s own interest, so that it can exonerate itself in the case of a potential legal infringement. No disclosure of this collected personal data takes place to third parties, if such a disclosure is not legally prescribed or required for the legal defence of the data controller.

  1. Subscription to comments in the blog in the website

The comments posted in the esc mediagroup GmbH blog may generally be subscribed to by third parties. The opportunity is specifically available for a commentator to subscribe to comments subsequent to his or her comment about a specific blog article.

If a data subject chooses the option of subscribing to comments, the data controller will send an automatic confirmation e-mail, in order to check whether the owner of the provided e-mail address has actually chosen this option, using the double-opt-in procedure. The option to subscribe to comments can be terminated at any time.

  1. Routine deletion and blocking of personal data

The data controller only processes and stores the data subject’s data for as long as it is necessary for achieving the storage purpose, or if this has been prescribed in the laws or regulations imposed on the data controller by the European issuer of directives and regulations or another legislator in laws or regulations.

If the storage purpose ceases to apply or if a storage period prescribed by the European issuer of directives and regulations or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

  1. Rights of the data subject
  • a) Right to confirmation

Every data subject has the right granted by the European issuer of directives and regulations, to request a confirmation from the data controller regarding whether his or her personal data are processed. If a data subject intends to exercise this confirmation right, he or she may contact an employee of the data controller at any time for this purpose.

  • b) Right to information

Any data subject affected by the processing of personal data has the right granted by the European issuer of directives and regulations, to obtain a free-of-charge information at any time from the data controller regarding his or her personal stored data and obtain a copy of this information. Furthermore, the European issuer of directives and regulations has conceded disclosure of the following information to the data subject:

    • the processing purposes
    • the categories of personal data, which are processed
    • the recipient or categories of recipients, to whom the personal data have been disclosed or are yet to be disclosed, particularly for recipients in third countries or with international organisations
    • if possible, the planned duration for which the personal data will be stored, or if this is not possible, the criteria for specifying this duration
    • the existence of a right to correction or deletion of your personal data, a right to restriction of processing by the controller or right to object to this processing
    • the existence of a right to object with a supervisory authority
    • if the personal data are not collected from the data subject: All available information about the origin of the data
    • the existence of automated decision-making, including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases – significant information about the logic involved, as well as the scope and intended implications of such processing for the data subject

Furthermore, the data subject is entitled to a right to information about whether personal data have been sent to a third country or an international organisation. If this is the case, the data subject, ceteris paribus, has the right to obtain information about the appropriate guarantees in relation to the sending.

If a data subject intends to exercise this right to information, he or she may contact an employee of the data controller at any time for this purpose.

  • c) Right to correction

Each person affected by the processing of personal data has the right granted by the European issuer of directives and regulations to request immediate correction of inaccurate personal data relating to him or her. Furthermore, the data subject is entitled to the right to demand the completion of incomplete personal data, in consideration of the purposes of processing, also by means of a supplementary declaration.

If a data subject intends to exercise this correction right, he or she may contact an employee of the data controller at any time for this purpose.

  • d) Right to deletion (right to be forgotten)

Any person affected by the processing of personal data has the right granted by the European issuer of directives and regulations to demand that the controller immediately deletes his or her personal data, provided that one of the following reasons applies and processing is not necessary:

    • The personal data have been collected for such a purpose or processed in another manner, for which they are no longer necessary.
    • The data subject revokes his or her consent to the processing in accordance with Art. 6 Para. 1 Letter a GDPR or Art. 9 Para. 2 Letter a GDPR and another legal basis is lacking for the processing.
    • In accordance with Art. 21 Para. 1 GDPR, the data subject files an objection to the processing and no overriding legitimate reasons exist for the processing, or the data subject files an objection against the processing in accordance with Art. 21 Para. 2 GDPR.
    • The personal data have been processed unlawfully.
    • The deletion of personal data is required to fulfil a legal obligation under Union law or the law of the Member States, by which the controller is governed.
    • The personal data have been collected in relation to offered services of the information society, in accordance with Art. 8 Para. 1 GDPR.

If one of the aforementioned reasons applies and a data subject would like to arrange for the deletion of personal data, which are stored with esc mediagroup GmbH, he or she can contact one of the data controller’s employees at any time for this purpose. The employee of esc mediagroup GmbH will arrange for the request for deletion to be fulfilled at once.

If the personal data have been disclosed by esc mediagroup GmbH and our company is obligated to delete the personal data, as the controller in accordance with Art. 17 Para. 1 GDPR, in consideration of the available technology and the implementation costs, esc mediagroup GmbH shall take appropriate measures, also of a technical nature, in order to notify other data controllers, which process the disclosed personal data, that the data subject has been asked these other data controllers to delete all of the links to these personal data or copies or replications of these personal data, if the processing is not necessary. The employee of esc mediagroup GmbH will make the necessary arrangements on a case-by-case basis.

  • e) Right to restriction of processing

Every person affected by the processing of personal data has the right granted by the European issuer of directives and regulations, to demand the restriction of processing from the controller, if one of the following preconditions exists:

    • The accuracy of the personal data is disputed by the data subject, for a duration, which enables the controller to check the accuracy of the personal data.
    • The processing is unlawful, and the data subject rejects the deletion of the personal data and instead, requests the restriction of use of the personal data.
    • The controller no longer requires the personal data for the processing purposes, however, the data subject requires them to assert, exercise or defend legal claims.
    • The data subject has filed an objection to processing in accordance with Art. 21 Para. 1 GDPR and it is not yet determined whether the legitimate reasons of the controller outweigh those of the data subject.

If one of the aforementioned preconditions applies and a data subject would like to request the deletion of personal data, which are stored with esc mediagroup GmbH, he or she can contact one of the data controller’s employees at any time for this purpose. The employee of esc mediagroup GmbH will arrange for the restriction of processing on a case-by-case basis.

  • f) Right to data transferability

Each person affected by the processing of personal data has the right, granted by the European issuer of directives and regulations, to receive the personal data related to him or her, which are provided by the data subject to a controller, in a structured, commonly-used and machine-readable format. He or she also has the right to send these data to another controller, without any impediment by the controller, to whom the personal data were provided, as long as the processing is based on the consent in accordance with Art. 6 Para. 1 Letter a GDPR or Art. 9 Para. 2 Letter a GDPR or on a contract in accordance with Art. 6 Para. 1 Letter b GDPR and the processing occurs using automated procedures, if the processing is not required for exercising a duty, is in the public interest or occurs by way of exercising public authority, which was assigned to the controller.

Furthermore, in exercising his or her right to data transferability in accordance with Art. 20 Para. 1 GDPR, the data subject has the right to arrange that the personal data are sent directly from one controller to another controller, insofar as this is technically feasible and if the rights and freedoms of other persons are not impaired by this.

To assert the right to data transferability, the data subject can contact an employee of esc mediagroup GmbH at any time.

  • g) Right to objection

Any person affected by the processing of personal data has the right, granted by the European issuer of directives and regulations, which arises from his or her specific situation, to file an objection to the processing of his or her personal data, which occurs on the basis of Art. 6 Para. 1 Letters e or f GDPR, at any time. This also applies to profiling based on these provisions.

esc mediagroup GmbH will no longer process the personal data, in the case of an objection, unless we can provide evidence of mandatory protectable reasons for the processing, which outweigh data subject’s interests, rights and freedoms, or are for the purpose of processing the assertion, exercising or defence of legal claims.

If esc mediagroup GmbH processes personal data in order to perform direct marketing, the data subject has the right to file an objection to the processing of the personal data for the purpose of such marketing at any time. This also applies to profiling, if it is related to such direct marketing. If the data subject objects to esc mediagroup GmbH about the processing for the purpose of direct marketing, esc mediagroup GmbH will no longer use the personal data for these purposes.

Furthermore, the data subject has the right to file an objection to the relevant processing of personal data, which arise from the specific situation, which takes place for scientific or historical purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, unless such processing is necessary for the fulfilment of a duty in the public interest.

To exercise the right to objection, the data subject may contact any employee of esc mediagroup GmbH or another employee at any time. The data subject is also entitled to exercise the right to object using an automated procedure, for which technical specifications are used, in relation to the use of information society services – without prejudice to Regulation 2002/58/EC.

  • h) Automated decisions on a case-by-case basis, including profiling

Every person affected by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, if the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is explicitly authorised by the data subject, esc mediagroup GmbH shall take the appropriate measures, in order to preserve the rights and freedoms, as well as the legitimate interests of the data subject, which includes the right to attain the intervention of a person by the controller, to prevent the own point of view and to challenge the decision.

If the data subject intends to exercise rights with respect to automated decisions, he or she may contact an employee of the data controller at any time for this purpose.

  • i) Right to revocation of the data protection law declaration of consent

Each person affected by the processing of personal data has the right granted by the European issuer of directives and regulations to revoke consent for the processing of personal data at any time.

If the data subject intends to exercise rights with respect to revoking a consent, he or she may contact an employee of the data controller at any time for this purpose.

  1. Data protection for applications and in the application procedure

The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also occur electronically. This is particularly the case, if an applicant sends corresponding application documents electronically, e.g. by e-mail using a web form available on the website, to the data controller. If the data controller concludes an employment contract with the applicant, the sent data are stored for the purpose of processing the employment relationship in accordance with the statutory provisions. If no employment contract is concluded by the data controller with the applicant, the application documents are automatically deleted two months after notifying the rejection decision, provided that other legitimate interests of the data controller do not oppose deletion. Other legitimate interest in this sense is e.g. a burden of proof in proceedings under the General Equal Treatment Act (AGG).

  1. Privacy policy for the implementation and use of AddThis

The data controller has integrated components of the AddThis company into this website. AddThis is a so-called bookmarking provider. The service allows simplified bookmarking of websites using buttons. By moving over the AddThis components with the mouse or by clicking, a list is displayed with bookmarking and sharing services. AddThis is in used on more than 15 million websites, and the buttons are displayed more than 20 billion times per year, according to the operating company.

The operating company of AddThis is AddThis, Inc. 1595 Spring Hill Road, Suite 300, Vienna, VA 22182, USA.

Each time one of the individual pages of this website is accessed, which are operated by the data controller and on which an AddThis component has been integrated, the Internet browser on the data subject’s information technology system is automatically instigated by the respective AddThis component to download data from the www.addthis.com website. Within the context of this technical procedure, AddThis receives information about the visit and which concrete individual pages of this website are used by the information technology system, which is used by the data subject. Furthermore, AddThis receives information about the IP address allocated by the Internet Service Provider (ISP) of the computer system used by the data subject, the browser type, the browser language, the website accessed prior to our website, the date and the time of visiting our website. AddThis uses these data, in order to create anonymised user profiles. The data and information transferred to AddThis in this way, allow the AddThis company itself, as well as the companies affiliated with AddThis or its partner companies to address the visitors to the website in a targeted manner with personalised and interest-related advertising.

AddThis displays personalised and interest-related advertising on the basis of a cookie set by the company. This cookie analyses the individual surfing behaviour of the computer system used by the data subject. The cookie stores the visits to websites, which originate from the computer system.

As already described above, the data subject can prevent the setting of cookies by our website at any time using an appropriate setting of the Internet browser and thereby permanently object to the setting of cookies. Such a setting of the web browser used would also prevent the AddThis from setting a cookie on the data subject’s information technology system. Furthermore, cookies that have already been set by AddThis can be deleted using an Internet browser or other software programs.

The data subject also has the opportunity to object permanently to the processing of personal data by AddThis. For this, the data subject must press the opt-out button at the link http://www.addthis.com/privacy/opt-out, which sets an opt-out cookie. The opt-out cookie, which is set with the objection, is filed on the information technology system used by the data subject. If the cookies are deleted on the data subject’s system after an objection, the data subject must open the link again and set a new opt-out cookie.

However, if the opt-out cookie is set, it is possible that the website will no longer being fully usable by the data subject.

The valid privacy policy of AddThis can be accessed at http://www.addthis.com/privacy/privacy-policy.

  1. Privacy policy for the implementation and use of Facebook

The data controller has integrated components of the Facebook company into this website. Facebook is a social network.

A social network is a social meeting place that is operated on the Internet, which generally enables the users to communicate with one another and interact in a virtual space. A social network can be used as a platform for exchanging opinions and experiences or allows the Internet community to provide personal or company-related information. Facebook enables the users of the social network, inter alia, to prepare private profiles, to upload photographs and to network via friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside of the USA or Canada, the data controller for personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website is accessed, which are operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the data subject’s information technology system is automatically instigated by the respective Facebook component to download the appropriate Facebook component from Facebook. A full overview of all Facebook plug-ins can be accessed at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this technical procedure, Facebook receives information about which concrete sub-site of our website is visited by the data subject.

If the data subject is logged into Facebook at the same time, Facebook will recognise which concrete sub-site of our website the data subject visits, each time our website is accessed by the data subject and during the entire presence on our website. This information is collected by the Facebook component and allocated by Facebook to the data subject’s respective Facebook account. If the data subject clicks on one of the Facebook buttons integrated into our website, for example, the “Like” button, or if the data subject makes a comment, Facebook allocates this information to the data subject’s personal Facebook user account and stores this personal data.

Facebook always receives information that the data subject visits our website via the Facebook component, if the data subject is logged into Facebook at the time of accessing our website; this occurs, irrespective of whether the data subject clicks on the Facebook components or not. If such sending of this information to Facebook is not wanted by the data subject, he or she can prevent the sending by logging out of his or her Facebook account prior to accessing our website.

The privacy policy published by Facebook, which is accessible at https://de-de.facebook.com/about/privacy/, gives information about the collection, processing and use of personal data by Facebook. Furthermore, it is explained which setting options Facebook options for protecting the privacy of the data subject. Furthermore, various applications are available, which allow the suppression of data transfer to Facebook. Such applications can be used by the data subject, in order to suppress data transfer to Facebook.

  1. LINKEDIN

The accessing of LinkedIn, LinkedIn, 2029 Stierlin Court, Mountain View, CA 94043 USA, can be identified by the “in” symbol on a blue background. If you activate our “in” button within the scope of the 2-click solution, a connection will be established with the LinkedIn server and the LinkedIn plugin is reloaded onto the respective website. The content of the “in” button is sent by LinkedIn directly to your browser, which integrates it into the website. The opportunity is available for your IP address to be sent to LinkedIn in the USA in this way. The purpose and scope of data collection and the further processing and use of the data by the LinkedIn, as well as your relevant rights and setting options for the protection of your privacy, please refer to the privacy policy of LinkedIn (http://www.linkedin.com/legal/privacy-policy) with the “in” button. If you are a LinkedIn member and do not want LinkedIn to collect data about you through our website with an activated “in” button and link it with your membership data stored with LinkedIn, you must log out of LinkedIn prior to visiting our website.

  1. XING

Accessing XING, XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be recognised by the “x” or “xing” symbol on a green background. If you activate our “XING” button within the context of the 2-click solution, a connection is established with the XING server and the XING Share Button functions (particularly the calculation/display of the counter value) is reloaded on the respective website, XING does not store any of your personal data about accessing this website. XING specifically does not store any IP addresses. No evaluation takes place of your user behaviour through the use of cookies in relation to the “XING Share Button”. The respective current data privacy information regarding the “XING Share Button” and supplementary information can be accessed on this website: https://www.xing.com/app/share?op=data_protection.

  1. Privacy policy on the implementation and use of Google Analytics (with anonymisation function)

The data controller has integrated components of Google Analytics (with anonymisation function) into this website. Google Analytics is a web analysis service. Web analysis is the collection, gathering an evaluation of data about the behaviour of website visitors. A web analysis service records data, inter alia, regarding from which website a data subject has come to a website (so-called referrer), which sub-sites of the website are accessed or how often and for which dwell time a sub-site was viewed. A web analysis is mainly used for the optimisation of a website and for a cost-benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

The data controller uses the “gat.anonymizeIp” add-on for the web analysis via Google Analytics. With this add-on, the IP address of the data subject’s network connection is abbreviated by Google and anonymised, if the access to our website occurs from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is the analysis of the visitor traffic on our website. Google uses the acquired data and information, inter alia, for evaluating the use of our website, in order to compile reports for us, which show the activities on our website, and in order to provide additional services related to the use of our website.

Google Analytics sets a cookie on the data subject’s information technology system. It has already been explained above, what cookies are. By setting cookies, Google is able to perform an analysis of the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the data subject’s information technology system is automatically instigated by the respective Google Analytics component, to send data to Google for the purpose of online analysis. Within the scope of the technical procedure, Google receives information about personal data, such as the IP address of the data subject, which Google can use to trace the origin of the visitors and clicks and subsequently enable commission settlements.

Using the cookies, personal information, such as the access time, the location, from which access originated and the frequency of the visits to our website by the data subject are stored. During every visit to our website, these personal data, including the IP of the data subject’s Internet connection, is sent to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may possibly pass on these personal data, which are collected using the technical procedure, to third parties.

As already described above, the data subject can prevent the setting of cookies by our website at any time using an appropriate setting of the Internet browser and thereby permanently object to the setting of cookies. Such a setting of the web browser used would also prevent the Google from setting a cookie on the data subject’s information technology system. Furthermore, a cookie that has already been set by Google Analytics can be deleted using an Internet browser or other software programs.

Furthermore, the data subject has the opportunity to object to and prevent the collection of the data generated by Google Analytics, relating to the use of this website, as well as the processing of these data, by Google. For this, the data subject must download and install a browser add-on at the link https://tools.google.com/dlpage/gaoptout. This browser add-on notifies Google Analytics via JavaScript that no data and information can be sent to Google Analytics regarding the visiting of websites. The installation of the browser add-on is regarded by Google as an objection. If the data subject’s information technology system is deleted, formatted or reinstalled later on, the data subject must install the browser add-on again, in order to deactivate Google Analytics. If the browser add-on is deinstalled or deactivated by the data subject or another person, within the data subject’s sphere of influence, the possibility exists for a reinstallation or reactivation of the browser add-on.

Additional information and the valid privacy policy of Google can be accessed at https://www.google.de/intl/de/policies/privacy/ and at https://www.google.com/analytics/terms/de.html. Google Analytics is explained in further detail at this link https://www.google.com/intl/de_de/analytics/.

  1. Privacy policy for the implementation and use of Google Remarketing

The data controller has integrated components of Google Remarketing services into this website. Google Remarketing is a function of Google Ads, which allows a company to display advertising to such Internet users, which have previously spent time on the company’s website. The integration of Google Remarketing therefore allows a company to create user-based advertising and consequently display interest-relevant advertisements to the Internet user.

The operating company of the Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

The purpose of Google Remarketing is the displaying of interest-relevant advertising. Google Remarketing allows us to display advertisements via the Google advertising network or have them displayed on other websites, which are coordinated with individual requirements and interests of Internet users.

Google Remarketing sets a cookie on the data subject’s information technology system. It has already been explained above, what cookies are. By setting the cookie, Google is able to recognise a visitor to our website, if he or she subsequently accesses websites that are also members of the Google network. Each time a website is accessed, on which the Google Remarketing service was integrated, the data subject’s Internet browser automatically identifies itself to Google. Within the scope of this technical procedure, Google receives information about personal data, which Google uses, inter alia, for displaying interest-relevant advertising.

Using the cookie, personal information is stored, for example, the websites visited by the data subject. During every visit to our website, these personal data, including the IP of the data subject’s Internet connection, is therefore transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may possibly pass on these personal data, which are collected using the technical procedure, to third parties.

As already described above, the data subject can prevent the setting of cookies by our website at any time using an appropriate setting of the Internet browser and thereby permanently object to the setting of cookies. Such a setting of the web browser used would also prevent the Google from setting a cookie on the data subject’s information technology system. Furthermore, a cookie that has already been set by Google Analytics can be deleted using an Internet browser or other software programs.

Furthermore, the data subject has the opportunity to object to interest-related advertising by Google. For this, the data subject must access the link https://www.google.de/settings/ads from each of the Internet browsers, which he or she uses and make the required settings.

Additional information and the valid privacy policy of Google can be accessed at https://www.google.de/intl/de/policies/privacy/.

  1. Privacy policy for the implementation and use of Google+

The data controller has integrated the Google+ button into this website as a component. Google+ is a so-called social network. A social network is a social meeting place that is operated on the Internet, which generally enables the users to communicate with one another and interact in a virtual space. A social network can be used as a platform for exchanging opinions and experiences or allows the Internet community to provide personal or company-related information. Google+ allows the users of the social network, inter alia, to prepare private profiles, to upload photographs and to network via friend requests.

The operating company of Google+ is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

Each time one of the individual pages of this website is accessed, which are operated by the data controller and on which a Google+ button has been integrated, the Internet browser on the data subject’s information technology system is automatically instigated by the respective Google+ button to download the appropriate Google+ button from Google. Within the scope of this technical procedure, Google receives information about which concrete sub-site of our website is visited by the data subject. More detailed information about Google+ is accessible at https://developers.google.com/+/.

If the data subject is logged into Google+ at the same time, Google will recognise which concrete sub-site of our website the data subject visits, each time our website is accessed by the data subject and during the entire presence on our website. This information is collected by the Google+ button and allocated by Google to the data subject’s respective Google+ account.

If the data subject clicks on one of the Google+ buttons integrated into our website and thereby gives a Google+1 recommendation, Google allocates this information to the personal Google+ user account of the data subject and stores this personal data. Google stores the Google+ recommendation of the data subject and makes this publicly accessible in accordance with the terms and conditions accepted by the data subject in this respect. A Google+1 recommendation made by the data subject on this website is subsequently stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photograph stored in this in other Google Services, for example, the search engine results of the Google search engine, the data subject’s Google account or at other points, such as on websites or in relation to advertisements. Furthermore, Google is able to link the visit to this website with other personal data stored with Google. Google also records this personal information with the purpose of improving or optimising various Google services.

With the Google+ button, Google receives information that the data subject visits our website, if the data subject is logged into Google+ at the time of accessing our website; this occurs, irrespective of whether the data subject clicks on the Google+ button or not.

If sending of personal information to Google is not wanted by the data subject, he or she can prevent the sending by logging out of his or her Google+ account prior to accessing our website.

Additional information and the valid privacy policy of Google can be accessed at https://www.google.de/intl/de/policies/privacy/. Additional information from Google about the Google+1 button can be accessed at https://developers.google.com/+/web/buttons-policy.

  1. Privacy policy for the implementation and use of Google Ads

The data controller has integrated Google Ads into this website. Google Ads is a service for Internet advertising, which allows the advertiser to place advertisements in the search engine results of Google, as well as in the Google advertising network. Google Ads allows an advertiser to previously define key words, with which an advertisement is exclusively displayed in the Google search engine results, if the user accesses a key-word-relevant search result with the search engine. In the Google advertising network, the advertisements are distributed to the subject-relevant websites using an automated algorithm and in accordance with the previously defined key words.

The operating company of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

The purpose of Google Ads is the advertising of our website by displaying interest-relevant advertising on third-party websites and in the search engine results of the Google search engine and displaying of third-party advertising on our website.

If a data subject reaches our website via a Google advertisement, a so-called conversion cookie is filed on the data subject’s information technology system by Google. It has already been explained above, what cookies are. After thirty days, a conversion cookie loses its validity and is not for the identification of the data subject. If it has not expired, the conversion cookie is used to trace whether specific sub-sites, such as the shopping basket of an online shop system, is accessed on our website. With the conversion cookie, we and Google can trace whether a data subject, who has reached our website via a Google Ads advertisement, generated sales, i.e. completed or cancelled a purchase of goods.

The data and information collected from the use of the conversion cookie, are used by Google, in order to create visit statistics for our website. In turn, we use these visit statistics in order to determine the total number of users, who have been referred to us via Google Ads advertisements, i.e. in order to determine the success or failure of the respective Google Ads advertisement and in order to optimise our Google Ads advertisements for the future. Neither our company nor other advertising customers of Google Ads receive information from Google, through which the data subject can be identified.

Using the conversion cookie, personal information is stored, for example, the websites visited by the data subject. During every visit to our website, these personal data, including the IP of the data subject’s Internet connection, are therefore transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may possibly pass on these personal data, which are collected using the technical procedure, to third parties.

As already described above, the data subject can prevent the setting of cookies by our website at any time using an appropriate setting of the Internet browser and thereby permanently object to the setting of cookies. Such a setting in the web browser used would also prevent Google from setting a conversion cookie on the data subject’s information technology system. Furthermore, a cookie that has already been set by Google Ads can be deleted using an Internet browser or other software programs.

Furthermore, the data subject has the opportunity to object to interest-related advertising by Google. For this, the data subject must access the link https://www.google.de/settings/ads from each of the Internet browsers, which he or she uses and make the required settings.

Additional information and the valid privacy policy of Google can be accessed at https://www.google.de/intl/de/policies/privacy/.

  1. Privacy policy for the implementation and use of Shariff

The data controller has integrated the Shariff component into this website. The Shariff component provides social media buttons, which conform to data privacy. Shariff was developed for the German c’t computer magazine and is published through GitHub, Inc.

The developer of the component is GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA.

The button solutions provided by the social networks usually already transfer personal data to the respective social network, if a user visits a website, in which a social media button has been integrated. Through the use of the Shariff component, personal data are only sent to social networks, if the visitor actively clicks on one of the social media buttons for a website. Additional information about the Shariff component is made available by the c’t computer magazine at https://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html. The use of the Shariff component has the purpose of protecting the personal data of visitors to our website and simultaneously enabling us to integrate a button solution for social networks into this website.

Additional information and the valid privacy policy of GitHub can be accessed at https://help.github.com/articles/github-privacy-policy/.

  1. Privacy policy for the implementation and use of Twitter

The data controller has integrated Twitter components into this website. Twitter is a multilingual, publicly accessible microblogging service, on which the user can publish and disseminate so-called tweets, i.e. short messages, which are limited to 280 characters. These short messages are accessible to everyone, i.e. also to people who are not logged into Twitter. However, the Tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users, who follow a user’s tweets. Furthermore, with hashtags, links or retweets, Twitter allows a broad public to be addressed.

The operating company of Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time one of the individual pages of this website is accessed, which are operated by the data controller and into which a Twitter component (Twitter button) has been integrated, the Internet browser on the data subject’s information technology system is automatically instigated by the respective Twitter component to download the appropriate Twitter component from Twitter. Additional information about the Twitter buttons is accessible at https://about.twitter.com/de/resources/buttons. Within the scope of this technical procedure, Twitter receives information about which concrete sub-site of our website is visited by the data subject. The purpose of the integration of the Twitter components is to allow our users to further disseminate the contents of this website, make this website known in the digital world and increase our visitor numbers.

If the data subject is logged into Twitter at the same time, Twitter will recognise which concrete sub-site of our website the data subject visits, each time our website is accessed by the data subject and during the entire presence on our website. This information is collected by the Twitter component and allocated by Twitter to the data subject’s respective Twitter account. If the data subject clicks on one of the Twitter buttons integrated into our website, the data and information transferred this way is allocated to the data subject’s personal Twitter user account and is stored and processed by Twitter.

Twitter always receives information that the data subject visits our website via the Twitter component, if the data subject is logged into Twitter at the time of accessing our website; this occurs, irrespective of whether the data subject clicks on the Twitter components or not. If such sending of this information to Twitter is not wanted by the data subject, he or she can prevent the sending by logging out of his or her Twitter account prior to accessing our website.

The valid privacy policy of Twitter is accessible at https://twitter.com/privacy?lang=de.

  1. Privacy policy for the implementation and use of YouTube

The data controller has integrated YouTube components into this website. YouTube is an Internet video portal that allows video publishers to upload video clips free of charge and allow other users to view, rate and comment on these free of charge. YouTube allows the publication of all types of videos, which is why complete films and television shows, as well as music videos, trailers or videos created by users themselves are accessible via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

Each time one of the individual pages of this website is accessed, which are operated by the data controller and into which a YouTube component (YouTube button) has been integrated, the Internet browser on the data subject’s information technology system is automatically instigated by the respective YouTube component to download the appropriate YouTube component from YouTube. Additional information about YouTube can be accessed at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive information about which concrete sub-site of our website is visited by the data subject.

If the data subject is logged into YouTube at the same time, when a sub-site is accessed, which contains a YouTube video, YouTube recognises, which concrete sub-site of our website the data subject is visiting. This information is collected by the YouTube and Google component and allocated to the data subject’s respective YouTube account.

YouTube and Google always receive information that the data subject visits our website via the YouTube component, if the data subject is logged into YouTube at the time of accessing our website; this occurs, irrespective of whether the data subject clicks on a YouTube video or not. If such sending of this information to YouTube and Google is not wanted by the data subject, he or she can prevent the sending by logging out of his or her YouTube account prior to accessing our website.

The privacy policy published by YouTube, which is accessible at https://www.google.de/intl/de/policies/privacy/, gives information about the collection, processing and use of personal data by YouTube and Google.

  1. Legal basis for processing

Art. 6 Letter a GDPR serves as a legal basis for our company for processing activities, in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract, whose contracting party is the data subject, as is the case, for example, with processing activities, which are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I Letter b GDPR. The same applies to such processing activities, which are necessary for the implementation of pre-contractual measures, such as in the cases of inquiries about our products or services. If our company is subject to a legal obligation, due to which processing of personal data becomes necessary, for example, for the fulfilment of tax obligations, the processing is based on Art. 6 I Letter c GDPR. In rare cases, the processing of personal data may be necessary, in order to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor was injured in our premises and his or her name, age, health insurance fund details or other vital information need to be disclosed to a doctor, a hospital or other third parties. Then, the processing would be based on Art. 6 I Letter d GDPR.
Finally, processing activities may be based on Art. 6 I Letter f GDPR. Processing activities are based on this legal foundation, which are not covered by any of the aforementioned legal bases, if the processing is required to preserve our company’s legitimate interest or that of a third party, provided that the interests, constitutional rights and basic freedoms of the data subject do not outweigh this. We are specifically permitted to perform such processing activities, because they have been specifically mentioned by the European legislator. In this respect, it held the opinion that a legitimate interest could be assumed, if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

  1. Legitimate interests in processing, which are pursued by the controller or a third party

If the processing of personal data is based on Article 6 I Letter f GDPR, our legitimate interest is the implementation of our business activity in favour of the well-being of all of our employees and customers.

  1. Duration for which the personal data can be stored

The criterion for the duration of storage of personal data is the respective statutory retention period. After the period has elapsed, the corresponding data are routinely deleted, provided that they are no longer required for contract fulfilment or contract procurement.

  1. Legal or contractual regulations on the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of non-provision

We inform you that the provision of personal data is partly prescribed by law (e.g. tax regulations) or may arise from contractual regulations (e.g. details about the contracting party).
Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data, which must be subsequently processed by us. The data subject is, for example, obligated to provide us with personal data, if our company concludes a contract with it. Non-provision of personal data would have the consequence that the contract could not be concluded with the data subject.
Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis about whether the provision of the personal data is legally or contractually prescribed or necessary for conclusion of the contract, whether an obligation exists to provide the personal data and which consequences the non-provision of the personal data has.

  1. Existence of automated decision-making

As a company that is aware of its responsibility, we waive automated decision-making or profiling.

This privacy policy has been created using the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as an external Data Protection Representative Munich, in cooperation with the lawyer for data protection law, Christian Solmecke.