Data protection information

This data protection declaration explains the extent and purpose of the processing of personal data (hereinafter: "data") within our online offering and the websites, functions and content connected with it, as well as external online presences, e.g. our social media profiles (hereinafter collectively referred to as "online offering"). In respect of the terms used, such as "processing" or "controller", we refer to the definitions in Art. 4 GDPR.

Controller

TURF Handels GmbH
Am Hartboden 48
8101 Gratkorn
Austria
Tel: +43 3124 29064
Fax: +43 3124 29062
Email: office@turf.at
Web: www.turf.at

Types of processed data:

  • Personal data (e.g. names, addresses).
  • Contact data (e.g. email address, phone numbers).
  • Content data (e.g text input, photographs, videos).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Meta/communication data (e.g. device information, IP addresses).

Categories of data subjects

Visitors and users of the online offering (we hereinafter also refer to data subjects as "users").

Purpose of the processing

  • Provision of online offer, its functions and content.
  • Answering contact enquiries and communication with users.
  • Security measures.
  • Reach measurement/Marketing

Terms used

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data. The term is far-reaching and includes practically any use of data.

"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal basis

According to the provisions of Art. 13 GDPR, we inform you of the legal basis for our data processing. The following applies if the legal basis is not stated in the data protection declaration: The legal basis for collecting consent is Art. 6( 1) lit. a and Art. 7 GDPR, the legal basis for processing in order to fulfil our work and services and to realise contractual measures and to answer queries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfil our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard our justified interests is Art. 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person makes processing of personal data necessary, Art. 6 (1) 1 lit. d GDPR shall apply as the legal basis.

Safety measures

In accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

The measures include, in particular, securing confidentiality, integrity and availability of data through control of the physical access to the data, as well as the relevant access, input, forwarding, security the availability and its separation. Furthermore, we have established processes that guarantee the rights of the data subject, deletion of data and reaction to threats to the data. Further, we already take the protection of personal data into account in the development and selection of hardware, software and processes corresponding to the principle of data protection by structuring the technology and with default settings that are data protection friendly (Art. 25 GDPR).

Cooperation with contract processors and third parties

Insofar as we disclose data to other persons and companies (processors or third parties) within the framework of our processing, transmit it to them or otherwise grant them access to the data, this shall only be on the basis of a statutory permission (e.g. is transmission of the data to third parties, such as to service providers, is necessary for fulfilling the contract according to Art. 6 (1) lit. b GDPR), you have consented, a legal obligation requires this or based on our justified interests (e.g. when using representatives, web hosters, etc.). 

Insofar as we engage third parties to process data on the basis of a so-called "processing contract", this shall be based on Art. 28 GDPR.

Transmissions to third countries

Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EWR)) or this is done as part of the use of third-party services or disclosure or transmission of data to third parties, this shall take place only if this is for the fulfilment of our (pre)contractual duties, on the basis of your consent, on the basis of a legal obligation or based on our justified interests. Subject to statutory or contractual permissions, we process or get third parties to process data in a third country only in the case of the specific requirements according to Art. 44 et seq. GDPR. I.e. the processing is performed, for example, on the basis of specific guarantees, such as the officially recognised finding of a data protection level corresponding to that of the EU (e.g. for the USA the "Privacy Shield") or in compliance with officially recognised specific contractual obligations (known as "standard contractual clauses").

Rights of the data subjects

You have the right to demand confirmation as to whether relevant data is processed and to information about this data and to other information and to copies of the data corresponding to Art. 15 GDPR.

In accordance with Art. 16 GDPR you have the right to demand completion of the data relevant to you or to correct the incorrect data relevant to you.

You have the right according to Art. 17 GDPR to demand that relevant data be deleted immediately or, alternatively, according to Art. 18 GDPR to demand the restriction of the data processing.

You have the right to demand that the data relevant to you, which you have provided to us, be provided to you according to Art. 20 GDPR and to demand its transmission to other controllers. 

You also have the right according to Art. 77 GDPR to lodge a complaint with the respective regulatory authority.

Right of cancellation

You have the right to cancel consent granted according to Art. 7 (3) GDPR with effect for the future.

Right of refusal

At any time you can refuse the future processing of the data relevant to you according to Art. 21 GDPR. The refusal can be made, in particular, with regard to the processing for direct marketing purposes.

Cookies and right of refusal for direct advertising

"Cookies" are small fines, which are saved on users' computers. Different information can be saved in the cookies. A cookie primarily serves to save information about a user (or about the device, on which the cookie is saved) during or also after their visit to an online offering. Temporary cookies, or “Session Cookies” or “Transient Cookies” are cookies that are deleted after a user leaves an online offering and closes their browser. The content of a shopping basket in an online shop or a login status, for example, can be saved in these cookies. Cookies are "permanent" or "persistent" if they also remain saved after the browser has been closed. For example, the login status can be saved if the user returns after several days. This type of cookie can also save the users' interests, which are used for reach measurement or marketing purposes. "Third-Party-Cookies" are cookies that are offered by providers other than the controller operating the online offering (if only the controller's cookies exist, these are called "First-Party Cookies").

We can use temporary and permanent cookies and explain this in our data protection declaration.

If the users do not want cookies to be saved on their computer, they are asked to disable the corresponding option in their browser's system settings. Saved cookies can be deleted in the browser's system settings. Excluding cookies can lead to function restrictions of this online offering.

A general refusal regarding the use of cookies employed for online marketing purposes can be declared for a large number of services, above all in the case of tracking, by the American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. In addition, the saving of cookies can be achieved by switching them off in the browser settings. Please note that if applicable not all functions of this online offering can be used.

Deleting data

The data processed by us is deleted or its processing restricted according to the provisions of Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, data saved by us is deleted as soon as it is no longer required for its purpose and the deletion is not prevented by statutory duties of retention. If the data is not deleted because it is needed for other and statutorily permitted purposes, its processing is restricted. I.e. the data is frozen and not processed for other purposes. This applies, for example, to data that has to be retained because of commercial code of tax law requirements.

According to statutory requirements in Germany, the retention period in particular is 10 years according to sections 147 (1) AO, 257 (1) Nos. 1 and 4, (4) 4 HGB (books, records, management reports, receipts, account books, documents relevant for taxation, etc.) and 6 according to s. 257 (1) Nos. 2 and 3, (4) HGB (commercial papers). 

According to statutory requirements in Austria, the retention period in particular is 7 years according to s. 132 (1) BAO (account documents, receipts/invoices, bank accounts, receipts, business papers, statements of income and expenditure, etc.), 22 years in conjunction with real estate and 10 years for documents connected with electronically provided services, telecommunication, radio and television services, which are provided to non-companies in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.

Transaction-related processing

Additionally, we process

  • Contract details (e.g. contractual object, term, customer category).
  • Payment data (e.g. bank details, payment history)

Of our customers, potential customers and business partners in order to provide contractual services, service and customer care, marketing, advertising and market research.

Order processing in the online shop and customer account

We process our customers’ data as part of the order process in our online shop in order to facilitate your selection and ordering of the selected products and services, as well as payment and delivery or execution.

The processed data includes stock data, communication data, contract data, payment data and the data subjects affected by the processing include our customers, potential customers and other business partners. The processing is performed in order to provide the contractual services as part of the operations of an online shop, billing, delivery and customer service. For this we use session cookies to save the contents of the shopping basket and permanent cookies for saving the login status.

The processing takes place on the basis of Art. 6 (1) lit. b (fulfilling orders) and c (statutorily required archiving) GDPR. The information marked here as required is necessary for establishing and fulfilling the contract. We disclose the data to third parties only within the framework of delivery, payment or as part of the statutory permissions and duties to legal advisors and authorities. The data is only processed in third countries if this is necessary for fulfilment of the contract (e.g. at the customer’s request upon delivery or payment).

As an option, users can create a user account where they can view, in particular, their orders. The users are advised of the mandatory information during registration. The user accounts are not public and cannot be indexed by search machines. If users have terminated their user account, their data in respect of the user account is deleted, unless retention is necessary on trade or tax legislation grounds in accordance with Art. 6 (1) lit. c GDPR. Information in the customer account is retained until it is deleted, with subsequent archiving if required by law. The users are responsible for backing up their data if terminating the user account before the end of the contract.

As part of the registration and subsequent logins, as well as when using our online services, we save the IP address and time of the respective user action. Storage takes place on the basis of our justified interests as well as those of the user to protect against misuse and other unauthorised use. This data is not generally forwarded to third parties unless this is necessary to prosecute our claims or if there is a statutory requirement according to Art. 6 (1) lit. c GDPR.

Deletion takes place after expiration of the statutory guarantee and comparable duties, the need to retain data is reviewed every three years; in the case of statutory archiving duties, deletion takes place after expiration of the retention period (duty of retention according to commercial code (6 years) and according to tax legislation (10 years)).

External payment service providers

We use external payment service providers, through whose platforms the users and we can make payments (e.g. each with a link to the data protection declaration, Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)

As part of the contract fulfilment, we use payment service providers on the basis of Art. 6 (1) lit. b. GDPR. Moreover, we use external payment service providers on the basis of our justified interests according to Art. 6 (1) b. GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers include basic data such as name and address, bank details, for example account numbers or credit card numbers, passwords, TANs and check sums, as well as contract, total and recipient-related details. The information is needed in order to implement the transactions. However, the input data is only processed by the payment services provider and saved by them. I.e. we do not receive account or credit card information, but rather only information with confirmation or negative information about the payment. Under some circumstances, the payment services providers transmit the data to credit agencies. This transmission is for checking identify and credit score. In this respect, we refer to the general terms and conditions and the data protection information of the payment service providers.

The general terms and conditions and the data protection information of the respective payment service providers apply to the payment transactions, which can be viewed on the respective websites or transaction applications. We also refer to these for further information and when asserting the data subjects’ rights of revocation, information and other rights.

Registration function

Users can create a user account. The users can see which information is mandatory during registration, and it is processed on the basis of Art. 6 (1) lit. b GDPR for the purposes of providing the user account. The processed data includes, in particular, login information (name, password and email address). The data input during registration is used for use of the user account and its purpose. 

The users can be informed by email of information that is relevant for their user account, e.g. technical changes. If users have closed their user account, their data in respect of the user account is deleted, subject to a statutory duty of retention. The users are responsible for backing up their data if terminating the user account before the end of the contract. We reserve the right to permanently delete all the user’s data saved during the contractual term.

As part of the use of our registration and logins functions, as well as when using the user account, we save the IP address and time of the respective user action. Storage takes place on the basis of our justified interests as well as those of the user to protect against misuse and other unauthorised use. This data is not generally forwarded to third parties unless this is necessary to prosecute our claims or if there is a statutory requirement according to Art. 6 (1) lit. c GDPR. The IP addresses are anonymised or deleted after 7 days at the latest.

Contact

When contacting us (e.g. by contact form, email, telephone or via social media), the user’s details are processed according to Art. 6 (1) lit. b) GDPR in order to process and handle the enquiry. The users’ details can be saved in a Customer Relationship Management System (“CRM System”) or comparable enquiry organisation.

We delete the enquiries provided they are no longer needed. We review the need every two years; furthermore the statutory archiving duties apply.

Newsletter

The following information describes the content of our newsletter and the registration, shipping and statistical evaluation procedures, as well as your rights of cancellation. By subscribing to our newsletter, you consent to the receipt and the described procedure.

Content of the newsletter: We send newsletters, emails and other electronic messages with advertising information (hereinafter: “newsletters”) only with the consent of the recipients or with statutory authorisation. Insofar as the contents of the newsletter are actually described within the framework of registering for it, they shall be relevant for the consent from the users. Moreover, our newsletters contain information about us and our services.

Double-Opt-In and logging: Registration for our newsletter uses a so-called Double-Opt-In process. I.e. you receive an email after registering, in which you are asked to confirm your registration. This confirmation is necessary so that nobody can register using someone else’s email address. Registrations to the newsletter are logged in order to be able to verify the registration process corresponding to the legal requirements. These include saving the time of registration and confirmation, as well as the IP address. The changes to your details saved with the email marketing provider are also logged.

Login details: In order to register for the newsletter, you just have to enter your email address. As an option, we ask for a name so we can address you personally in the newsletter.

The emailing of the newsletter and the performance measurement connected with it take place on the basis of consent from the recipients according to Art. 6 (1) lit. a, Art. 7 GDPR in conjunction with s. 7 (2) No. 3 UWG or, if consent is not required, on the basis of our justified interests in direct marketing according to Art. 6 (1) lit. f. GDPR in conjunction with s. 7 (3) UWG. 

The registration process is logged on the basis of our justified interests according to Art. 6 (1) lit. f GDPR. Our interest is based on the use of a user-friendly and secure newsletter system, which both serves our commercial interests and meets the users’ expectations and which allows us to verify the consents.

Termination/revocation - You can cancel receipt of our newsletter at any time, i.e. you can revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. We can save the input email addresses for up to three years on the basis of our justified interests before we delete them, in order to be able to verify a previously granted consent. The processing of this data is restricted to the possible defence of claims. An individual deletion request is possible at any time, provided the previous existence of consent is confirmed when submitting it.

Newsletter - Clever Reach

The newsletter is sent through the email marketing provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. You can view the data protection conditions of the email marketing provider here: https://www.cleverreach.com/de/datenschutz/. The email marketing provider is used on the basis of our justified interests according to Art. 6 (1) lit. f GDPR and a contract processing agreement according to Art. 28 (3) sent. 1 GDPR.

The email marketing provider can use the recipients’ data in a pseudonymised form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the email marketing and representation of the newsletter or for statistical purposes. However, the email marketing provider does not use the data of our newsletter recipients to personally write them or to forward the data to third parties.

Newsletter - performance measurement

The newsletters contain a so-called “web-beacon”, a pixel-sized file that is called from our serve when the newsletter is opened or, if we use an email marketing provider, from its server. As part of the call up, technical information, such as information about the browser and your system, as well as your IP address and the time of call up, is collected. 

This information is used for the technical improvement of the services using the technical details for the audience and its reading behaviour according to their call up locations (which can be determined from the IP address) of the access times. The statistics collected also include determining whether the newsletters are even opened, when they are opened and which links are clicked. For technical reasons, this information can be allocated to the individual newsletter recipients. However, it is neither our aim nor that of the email marketing provider, if used, to observe individual users. Instead, the evaluations allow us to identify the reading habits of our users and to adjust our contents to them or to send different contents corresponding to the interests of our users.

A separate cancellation of the performance measurement is not possible, unfortunately, and in this case the entire newsletter subscription has to be cancelled.

Hosting and emailing

The hosting services used by us provide the following services: Infrastructure and platform services, computer capacity, storage space and database services, emailing, security services and technical maintenance services, which we use to operate this online offer. 

For this we or our hosting provider process basic data, contact data, content data, contract data, usage data, meta and communication data from customers, potential customers and visitors to this online offer on the basis of or justified interests in an efficient and secure provision of this online offer according to Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (concluding contract processing agreement).

Collecting access data and logfiles

We or our hosting provider collect data on the basis of our justified interests as defined in Art. 6 (1) lit. f. GDPR about every access to the server where this service is located (so-called server logfiles). The access data includes the name of the called website, file, date and time of call up, data volume transferred, notification of successful call up, browser type and version, the user’s operating system, referrer URL (the previously visited site), IP address and requesting provider.

For security reasons (e.g. to investigate misuse or fraud), logfile information is stored for a maximum of 7 days and then deleted. Data that has to be stored for verification purposes is excluded from the deletion until the conclusive clarification of the respective incident.

Google Tag Manager

Google Tag Manager is a solution, with which we can manage so-called website tags via an interface (and thus embed Google Analytics, for example, and other Google marketing services in our online offer). The Tag Manager itself (which implements the tags) does not process the users’ personal data. With regard to the processing of the users’ personal data, please refer to the following information about Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

On the basis of our justified interests (i.e. interest in analysing, optimising and economically operating our online offer as defined in Art. 6 (1) lit. f. GDPR), we use Google Analytics, a web analysis service from Google LLC (“Google”). Google uses cookies. The information about the use of the online offer by the users, which is generated by the cookie, is typically transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy-Shield agreement and as a result guarantees to comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf in order to evaluate the use of our online offer, to collate reports about the activity within our online offer and to provide us with additional services connected with the use of this online offer and the internet use. Pseudonymised user profiles of the users can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means the IP address of the user is shortened first within the member states of the European Union or in other signatory countries to the Treaty on the European Economic Area. The full IP address is only sent to one of Google's servers in the USA and then shortened in exceptional cases.

The IP address transmitted by the user’s browser within the framework of Google Analytics is not collated with other data from Google. The users can prevent cookies being saved through corresponding settings in their browser software; the users can also prevent the collecting of the data generated by the cookie about their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

More information about the use of data by Google, options for settings and refusal, is contained in the Google data protection declaration (https://policies.google.com/technologies/ads) as well as in the settings for advertisements by Google (https://adssettings.google.com/authenticated).

The users’ personal data is deleted or anonymised after 14 months.

Google Universal Analytics

We use Google Analytics in the design as “Universal-Analytics”. “Universal Analytics” describes a process by Google Analytics, in which the user analysis is performed on the basis of a pseudonymised user ID, and a pseudonymised profile of the user with information from the use of various devices (co-called “Cross-Device Tracking”) is made with this.

Audience formation with Google Analytics

We use Google Analytics in order to display adverts activated by advertising services of Google and its partners only to those users, who have shown an interest in our online offer or who have specific features (e.g. interests in certain topics or products that are identified from the websites visited), which we transmit to Google (so-called “Remarketing” or “Google-Analytics-Audiences”). By using Remarketing Audiences, we would like to ensure that our adverts correspond to the potential interests of the users.

Google Adwords and conversion measurement

On the basis of our justified interests (i.e. interest in analysing, optimising and economically operating our online offer as defined in Art. 6 (1) lit. f. GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy-Shield agreement and as a result guarantees to comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the Google “AdWords” online marketing process to place adverts in the Google advertising network (e.g. in search results, in videos, on websites, etc.), so that they can be shown to users who have indicated an assumed interest in the adverts. This allows us to display adverts for and within our online offer, to present users only with adverts that potentially correspond to their interests. If a user, for example, is shown adverts for products, for which they have shown an interest in other online offers, this is called “Remarketing”. To this end, when accessing our and other websites, on which the Google advertising network is active, a code from Google is immediately executed by Google and so-called (Re)marketing Tags (invisible graphics or code, also called “Web Beacons”) are embedded in the website. Using these, an individual cookie, i.e. a small file, is saved on the user’s device (equivalent technologies may also be used instead of cookies). This file records which websites the suers has visited, what content they were interested in, and which offers the user clicked, also technical information about the browser and operating system, referring websites, visit time and other details about the use of the online offer.

We also receive an individual “conversion cookie”. Google uses the information collected by means of the cookies to create conversion statistics for us. However, we only learn the anonymous total number of users who have clicked on our advert and have been forwarded to a page with a conversion tracking tag. However, we do not receive any information that allows users to be personally identified.

The users’ data is processed pseudonymously within the framework of the Google advertisement network. I.e. Google does not save and process the names or email addresses of the users, but instead processes the relevant data depending on the cookie within the pseudonymised user profiles. I.e. from Google’s perspective, the adverts are not managed and displayed for a tangibly identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This is not the case if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected about the users is transmitted to Google and saved on Google’s servers in the USA.

More information about the use of data by Google, options for settings and refusal, is contained in the Google data protection declaration (https://policies.google.com/technologies/ads) as well as in the settings for advertisements by Google (https://adssettings.google.com/authenticated).

Facebook-Pixel, Custom Audiences and Facebook-Conversion

Within our online offer, and based on our justified interests in analysis, optimisation and economic operation of our online offer and to these ends, the so-called “Facebook-Pixel” from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used.

Facebook is certified under the Privacy-Shield agreement and as a result guarantees to comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Using the Facebook-Pixel, it is possible for Facebook on one hand to determine the visitors to our online offer as an audience for displaying adverts (so-called "Facebook-Ads"). Accordingly, we use Facebook-Pixel in order to display Facebook-Ads activated by us only to those Facebook users, who have shown an interest in our online offer or who have specific features (e.g. interests in certain topics or products that are identified from the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). By using the Facebook-Pixel, we would like to ensure that our Facebook-Ads correspond to the potential interests of the users and do not become intrusive. Using the Facebook-Pixel, we are also able to examine the effectiveness of the Facebook adverts for statistical and market research purposes, by seeing whether users were forwarded to our website after clicking on a Facebook advertisement (so-called “Conversion”).

Facebook processes the data within the framework of the Facebook data use policy. Accordingly, general information about the display of Facebook-Ads, in the data use policy from Facebook: https://www.facebook.com/policies. You can find specific information and details about the Facebook-Pixel and how it works in the Facebook help area: https://www.facebook.com/business/help/651294705016616.

You can reject the recording of your data by the Facebook-Pixel and use of your data for presenting Facebook-Ads. In order to set which types of adverts are displayed to you within Facebook, you can call up the page set up by Facebook and follow the instructions there for setting use-based adverts: https://www.facebook.com/settings?tab=ads. The settings are applied irrespective of the platform, i.e. they are applied for all devices such as desktop computer or mobile end device.

You can also reject the use of cookies, which serve the range measurement and advertising purposes, via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Integration of third-party services and content

Within our online offer, and on the basis of our justified interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined in Art. 6 (1) lit. f. GDPR) we use content and service offers from third-party providers in order to embed their content and services such as videos or fonts (hereinafter referred to together as “content”). 

This always requires the third parties to know the IP address of the user, as without the IP address the content cannot be sent to their browser. The IP address is therefore necessary for this content to be displayed. We only try to use this content if the respective providers only use the IP address to deliver the content. Third-party providers can also use so-called Pixel-Tags (invisible graphics also called “Web Beacons”) for statistical or marketing purposes. Through the "Pixel-Tags", information such as visitor traffic on the pages of this website can be evaluated. The pseudonymised information can also be saved in cookies on the user’s device and, among other things, can include technical information about the browser and operating system, referring websites, visit time and other details about the use of our online offer, and be connected to information from other sources.

Youtube

We embed videos from the platform “YouTube” from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Fonts

We embed fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Maps

We embed maps from the “Google Maps” service from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data can include, in particular, IP addresses and location data of the users, but cannot be collected without their consent (typically provided within the framework of the settings on their mobile device). The data may be processed in the USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Shariff sharing functions

We use the data protection-secure “Shariff” buttons. “Shariff” has been developed to facilitate more privacy on the web and to replace the usual “Share” buttons from social networks. Here, it is the server, on which this online offer is located, rather than the user’s browser, which creates a connection to the servers of the respective social media platforms and queries, for example, the number of likes, etc. The user here remains anonymous. More information about the Shariff project can be found from the developers of the magazine c't: www.ct.de.

Online presence on social media

We maintain online presences in social networks and platforms in order to communicate actively with the customers, potential customers and users who are active there, and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of the respective operators apply. 

Unless stated otherwise in our data protection declaration, we process users’ data if they communicate with us within the social networks and platforms, e.g. write contributions to our online presences or send us messages.

Please note that users’ data may be processed outside the European Union. As a result, there may be risks for the users because, for example, the assertion of users’ rights could be made more difficult. With regard to American providers certified under Privacy-Shield, please note that they are therefore required to comply with the EU data protection standard.

Furthermore, the users’ data is typically processed for market research and advertising purposes. For example, user profiles can be created from the use behaviour and identified interests of the users. The user profiles in turn can be used, for example, to activate adverts inside and outside the platforms, which presumably correspond to the interests of the users. To these ends, cookies are typically stored on the user’s computer, in which the use behaviour and interests of the user are saved. Further, data can be stored in the user profiles independently of the device used by the user (in particular if the user is a member of the respective platforms and is logged in to them).

The user’s personal data is processed on the basis of our justified interests in effective information for the user and communication with the user pursuant to Art. 6 (1) lit. f. GDPR. If the user is asked by the respective provider to consent to data processing (i.e. their agreement by ticking a box, for example, of confirmation by clicking a button), the less basis of the processing is Art. 6 (1) lit. a., Art. 7 GDPR.

For a detailed explanation of the respective processing and refusal possibilities (Opt-Out), please refer to the following linked information from the providers.

In the case of information requests and the assertion of user rights, we also refer to the fact that these can be most effectively asserted against the providers. Only the providers have the respective access to the user’s data and can directly take corresponding action and provide information. However, if you still need help, please get in touch.

- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Data protection declaration: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

- Google / YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Data protection declaration:  https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Data protection declaration/ Opt-Out: http://instagram.com/about/legal/privacy/.

Created with Datenschutz-Generator.de from attorney Dr. Thomas Schwenke