Privacy Policy

How we handle your personal data is explained in this privacy policy. It is based on the General Data Protection Regulation (GDPR). Except the third party providers that we name in this document, we do not pass any data to third parties. If you have any questions, please contact us.

The German version of our Privacy Policy can be found here: https://advertention.com/datenschutz

Content

Controller

The controller for processing of data is

Andreas Ebert & Felix Mark GbR
Kantstr. 66a
10627 Berlin

General Information

Provision of data

As a rule, it is neither legally nor contractually required to provide personal data in order to use our website. Insofar as the provision of data is necessary for the conclusion of a contract or the user is obliged to provide personal data, we shall inform the user of this circumstance and the consequences of not providing the data in this privacy policy.

Data transfer to third countries

We may use service providers and third parties located in countries outside the European Union and the European Economic Area. The transfer of personal data to such third countries takes place on the basis of an adequacy decision by the European Commission (Art. 45 GDPR) or we have provided appropriate safeguards to ensure data protection (Art. 46 GDPR). Insofar as there is an adequacy decision by the European Commission for the transfer of data to a third country, we refer to this in this privacy policy. Furthermore, users can obtain a copy of the appropriate safeguards from us, insofar as these are not already contained in the privacy policies of the service providers or third-party providers.

Automated decision-making

In the event that we use automated decision-making, including profiling, this privacy policy will inform you of this fact, the logic involved and the scope and intended effects of such processing. Otherwise, there shall be no automated decision-making process.

Processing for other purposes

Data is generally only processed for the purposes for which it was collected. If, in exceptional cases, data is intended to be further processed for other purposes, we will inform you of these other purposes prior to such further processing and provide all other relevant information (Art. 13 (3) GDPR).

Website hosting

Every time our website is called up, the user’s browser transmits various data. For the duration of the visit on the website, the following data is processed and stored in log files even after the connection has ended:

  • Browser type and version used
  • Operating system
  • Pages and files accessed
  • Amount of data transmitted
  • Date and time of retrieval
  • User’s provider
  • IP address in anonymous form
  • Referrer URL

The processing of this data is necessary in order to deliver the website to the user and to optimise it for the user’s end device. Storage in log files serves to improve the security of our website (e.g. protection against DDOS attacks). IP addresses are not rendered anonymous before being stored in log files.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to provide the website and to improve website security. Log files are automatically deleted after 30 days.

Our website is designed and operated by the provider Aut O’Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.

Privacy Policy of WordPress.com

Cookies, pixel tags and mobile identifiers

On our website, we use technologies to recognise the used end device. These can be cookies, pixel tags and/or mobile identifiers.

The recognition of an end device can generally be used for different purposes. It may be necessary in order to provide functions of our website, for example to make a shopping cart available. In addition, these technologies can be used to track user behaviour on the site, for example for advertising purposes. We describe the technologies we use and the purpose of their use separately and in detail in this privacy policy.

For a better understanding, we will explain below how cookies, pixel tags and mobile identifiers work in general:

  • Cookies are small text files that contain certain information and are stored on the user’s end device. In most cases, the information consists of an identification number that is assigned to an end device (cookie ID).
  • A pixel tag is a transparent graphic file that is integrated into a page and enables a log file analysis.
  • A mobile identifier is a unique number (mobile ID) stored on a mobile device which can be read out by a website.

Cookies may be required for our website to function properly. The legal basis for the use of cookies of this nature is Art. 6 (1) f) GDPR. Our legitimate interest is to provide the functions of our website.

We use cookies that are not required for the operation of our website in order to make our offer more user-friendly or to be able to trace the use of our website. The legal basis here depends on whether user consent must be obtained or whether we can invoke a legitimate interest. The user can revoke given consent, among other things, by means of browser settings at any time.

The user can prevent and object to the processing of data by means of cookies by choosing suitable browser settings. An objection may lead to some functions on the website no longer being available. We will inform you separately about further possibilities for objecting to the processing of personal data by means of cookies in this privacy policy. Where necessary, we provide links which can be used to state an objection. These are labelled “opt-out”.

Establishing contact

In the event contact is established, we process the user’s details, date and time for the purpose of processing the enquiry, including any queries.

The legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest is to answer our user’s enquiries. Additional legal basis is provided by Art. 6(1) b) GDPR, if processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.

The data will be deleted as soon as the enquiry, including any queries, has been answered. We will check at regular intervals, but at least every two years, whether any data accumulated in connection with contacts must be deleted.

Job applications

When users apply for a job, we process personal data for the purpose of the application process. In addition to the data transmitted by the user, we also process other data that is collected during the application process (e.g. during a job interview). Should we include data in an applicant pool, this will only be done on the basis of the user’s prior consent. In this case, the data will be processed beyond the conclusion of the application procedure so that contact can be established in the event of suitable job offers.

Applicant data will be deleted three months after completion of the application procedure. In the event of inclusion in an applicant pool, the data will be retained for a maximum of two years, unless the consent given is revoked beforehand.

The legal basis for the processing is Art. 6 (1) b) GDPR. If consent is given for inclusion in an applicant pool, the processing is based on Art. 6 (1) a) GDPR. At the end of the application procedure, processing takes place on the basis of Art. 6 (1) f) GDPR. Our legitimate interest consists in the defence of possible claims under Allgemeines Gleichbehandlungsgesetz [German General Equal Treatment Act].

Hosting

We use A2 Hosting provider for our website. 

More detailed information:

A2 Hosting, Inc, PO Box 2998 Ann Arbor, MI 48106 USA (hereinafter referred to as A2 Hosting). For details, please refer to A2’s privacy policy: https://www.a2hosting.com/about/policies#Privacy-Policy.

As well as 

https://www.a2hosting.com/kb/does-a2-hosting-support/do-you-support-gdpr-compliance

We trust the reliability and IT as well as data security of this service provider, which is all certified under the US-EU Privacy Shield and thus committed to comply with EU data protection requirements. EU-US Privacy Shield, the provider is listed in the official list, furthermore there is a contract for commissioned data processing (DPA – Data Processing Agreement) and we only store and process your personal data on it.

Regarding A2 Hosting’s Privacy Shield, you can find more information here:

https://www.privacyshield.gov/participant?id=a2zt0000000TOSEAA4&contact=true

Other third-party services

Google Analytics

We use Google Analytics to analyse the use of our website. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

To be able to track user activities on the website, a cookie is placed on the end device. We use Google Analytics with the extension anonymize IP. The user’s IP address is automatically truncated before being transmitted to servers in the USA. Among other things, the approximate geographical location, end device, screen resolution, browser and visited pages including the length of stay are evaluated.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interests are optimising our website, improving our offers and online marketing.

The data collected by Google Analytics is automatically deleted after 14 months.

Opt-Out

Privacy Policy of Google Analytics

Facebook Pixel

We use Facebook pixels for online marketing purposes. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland.

The Facebook pixel allows us to display interest-based advertising based on the use of our website via Facebook. For this purpose, a cookie is set on the user’s end device, which can be used to assign an identification number to the user. In addition, further advertising-relevant data of the user such as browser information, device information, the pages visited, the time of the visit and referring URLs are processed. We only receive summary results from Facebook, which enable us to track how successful our advertising measures are. We use Facebook pixels without advanced matching.

Users can opt-out of Facebook’s collection and use of information for interest-based advertising on the following pages: http://www.aboutads.info/choices and http://www.youronlinechoices.eu

Insofar as we obtain the user’s consent, the processing of data is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, it is based on Art. 6 (1) f) GDPR. Our legitimate interest is to be able to display advertising relevant to users.

In the use of Facebook pixels, we and Meta are jointly responsible in the sense of Art. 26 GDPR. We have therefore entered into an agreement with Meta in which it is specified who fulfils which obligations under the GDPR. According to this agreement, we are responsible for providing information for the joint processing of personal data in accordance with Art. 13 and 14 GDPR. It has been agreed between us and Meta that Meta is responsible for enabling the rights under articles 15 to 20 GDPR with regard to the personal data stored by Meta after joint processing.

The agreement on joint responsibility can be found here: https://www.facebook.com/legal/controller_addendum

Information on how Meta processes personal data, the information pursuant to Art. 13 GDPR including the legal basis on which Meta bases this, as well as the possibilities for the user to exercise his or her rights against Meta, can be found in Meta’s privacy policy.

Privacy Policy of Facebook Pixel ohne Abgleich

New Relic

We use New Relic to analyze technical errors on our website, measure the page speed and monitor the performance of our server. Provider: New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA.

Program errors are recorded by New Relic and reported to us. In this context, user data is also processed if it is related to a program error. In addition, data on the loading speed of the page is processed, but this does not allow any conclusions to be drawn about the content displayed. Data on the end device used, the software installed on it and the settings is also processed. In addition, browser type and operating system used, data on the network used, the URL of the page on which an error occurred, the URL of the previously visited page and the IP address are also processed.

The legal basis for the use of New Relic is Art. 6 (1) f) GDPR. Our legitimate interest is secure and error-free website operation.

Personal data will be deleted after 24 months at the latest.

Privacy Policy of New Relic

Google Marketing Platform

We use the Google Marketing Platform for the statistical analysis of marketing measures, the collection of data relevant to advertising and the creation of advertising target groups. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

With the Google Marketing Platform we can identify the target groups relevant to us. For this purpose a cookie is set on the user’s end device. Among other things, the approximate geographical location, terminal device, screen resolution, browser and visited pages including the length of stay are evaluated.

Insofar as we obtain the user’s consent, the processing of data is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise it is based on Art. 6 (1) f) GDPR. Our legitimate interest lies in statistical analysis, improvement of our website and online marketing.

The data collected by the Google Marketing Platform is deleted after 12 months.

Amazon CloudFront

We utilise the content delivery network (CDN) Amazon CloudFront. Provider: Amazon Web Services Inc., P.O. Box 81226, Seattle, WA 98108-1226, USA.

Content is loaded from CDN servers. In order to establish a connection, it is technically necessary to transmit the user’s IP address.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to improve the speed and availability of our website.

Privacy Policy of Amazon CloudFront

Facebook Social Plugins

We integrate contents and buttons of the social network Facebook on our website via a plugin. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland.

To load content from Facebook, it is necessary to transfer the user’s IP address to the company in terms of technology. If the user is logged in to Facebook, the visit of a page can be attached to the account.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest for the integration of Facebook content and buttons is making our website user-friendly.

Privacy Policy of Facebook Social Plugins

LinkedIn

We integrate contents and buttons of the social network LinkedIn on our website via a plugin. Provider: LinkedIn Corp., 1000 W. Maude Ave., Sunnyvale, California 94085, USA.

To load content from LinkedIn, it is necessary to transfer the user’s IP address to the company in terms of technology. If the user is logged in to LinkedIn, the visit of a page can be attached to the account.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest for the integration of LinkedIn content and buttons is making our website user-friendly.

Privacy Policy of LinkedIn

Instagram

We integrate contents and buttons of the social network Instagram on our website via a plugin. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

To load content from Instagram, it is necessary to transfer the user’s IP address to the company in terms of technology. If the user is logged in to Instagram, the visit of a page can be attached to the account.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest for the integration of Instagram content and buttons is making our website user-friendly.

Privacy Policy of Instagram

Vimeo

We embed videos from Vimeo. Provider: Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. To be able to provide videos, it is necessary for reasons of technology to transmit the user’s IP address to Vimeo. In addition, Vimeo processes technical information about the end device used, the website visited, search queries or activities of the user. Vimeo uses this information to display personalized advertising.

The legal basis for using Vimeo is Art. 6 (1) f) GDPR. Our legitimate interest is to improve the user experience on our website and to display content that is of interest to our users.

You can object to personalised advertising by Vimeo at any time by exercising the following opt-out.

Opt-Out

Privacy Policy of Vimeo

Google Tag Manager

We use the Google Tag Manager to manage our website tags. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

The Tag Manager is a cookie-less domain that triggers tags from various providers, which in turn collect data. The Google Tag Manager does not access this data. In order to trigger tags, it is technically necessary to transmit the user’s IP address to Google.

Google Tag Manager is used on the legal basis of Art. 6 (1) f) GDPR. Our legitimate interest lies in the simplified administration of third-party services used by us.

Privacy Policy of Google Tag Manager

Google Docs

We use Google Docs to publish documents and forms. Provider: Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In order to provide the functions, it is technically necessary to transmit the user’s IP address to Google. Information that you provide in a form will be processed by us.

The legal basis for the processing is Art. 6 (1) f) GDPR. A justified interest on our part is the improvement of the user experience of our website.

Privacy Policy of Google Docs

Calendly

We use Calendly for planning appointments. Provider: Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA.

The user can make an online booking through Calendly by entering personal data (e.g. name, email address, phone number) and selecting an available appointment. It is also possible to specify a request. After a successful booking the User will receive a confirmation and, if applicable, a reminder of an upcoming appointment by email to the address provided.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest lies in the user-friendly design of our website.

Privacy Policy of Calendly

FontAwesome

On our website we use icons from Font Awesome. Provider: Fonticons Inc., Corporation Trust Center 1209 Orange St., Wilmington, New Castle, DE 19801, USA.

In terms of technology, the icons are provided via the content delivery network StackPath. Provider: StackPath LLC, 2021 McKinney Ave. Suite 1100, Dallas, TX 75201, USA. Content is loaded from CDN servers. In order to establish a connection, it is technically necessary to transmit the user’s IP address. Fonticons processes data on the use of the CDN, but only stores it in an identifiable form for a few weeks.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to make our website user-friendly and to improve its speed and availability.

We have concluded a privacy agreement with Fonticons. By means of standard contractual clauses approved by the EU Commission, we have provided the company with suitable guarantees for the protection of personal data (Art. 28 GDPR).

Privacy policy of Fonticons

Privacy policy of StackPath

Google Sign-In

For registration and login on our website, we offer the user the option of using an existing Google account. We use Google Sign-In for this purpose. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

When choosing Google Sign-In, the user allows us to access the information required for registration and login from a Google account. For this purpose, the user is redirected to the Google page to log in and to grant permission. The data we can access is shown to the user prior to granting permission. The user can revoke permission through the Google account.

To load the corresponding button from Google, it is necessary to transfer the user’s IP address to the company in terms of technology. If the user is logged in to Google, the visit of a page can be attached to the account.

Any processing of data from the user’s Google account is based on the consent granted in accordance with Art. 6 (1) a) GDPR. Otherwise, the processing of personal data is based on on Art. 6 (1) f) GDPR. Our legitimate interest in the integration of the Google button is making our website user-friendly.

Privacy Policy of Google Sign-In

Google reCAPTCHA

To strengthen the security and availability of our website we use the service reCAPTCHA. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

We use queries to ensure that actions on our site are not triggered by bots. This necessitates transmitting the user’s IP address to Google for reasons of technology.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to ensure website security and to protect against spam and misuse.

Privacy Policy of reCAPTCHA

Google Maps

To be able to display geographical maps, we use Google Maps. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This necessitates transmitting the user’s IP address to Google for reasons of technology. In addition, the company places various cookies to identify the user and to display personalised advertising.

Insofar as we obtain user consent, data processing is carried out on the legal basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate interest is to make our website user-friendly.

We have concluded an agreement on shared responsibility with Google.

Opt-Out

Privacy Policy of Google Maps

Google Fonts

On our website we use fonts from Google Fonts. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Fonts are loaded from the Google server. In order to establish a connection, it is technically necessary to transmit the user’s IP address.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate interest is to make our website user-friendly and to improve its speed and availability.

Privacy Policy of Google Fonts

Google Calendar

We use Google Calendar, a service of Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. In order to provide the Google Calendar, it is technically necessary to transmit the user’s IP address to Google.

Rebrandly is used on the legal basis of Art. 6(1) f) GDPR. Our legitimate interest is to improve the user experience on our website and our content.

Privacy Policy of Google Kalender

Slack

For communication with our customers we use the communication service Slack (Company: Slack Technologies Limited, Headquarters: One Park Place, Upper Hatch Street, Dublin 2, Ireland). Data processing by Slack also takes place in the USA, among other places. Note: according to the European Court of Justice, there is currently no suitable level of protection for data processing to the USA.

Slack uses standard contractual clauses accepted by the EU Commission (see Art. 46. para. 2 and 3 DSGVO) for the legal basis of data transfer to recipients located in third countries (not in the European Union, Norway, Liechtenstein, Iceland thus mainly in the USA). According to these clauses, Slack thereby agrees to comply with the EU level of data protection when transferring relevant data even far away from the EU zone. The basis for this is also an implementing decision (see https://germany.representation.ec.europa.eu/index_de) of the EU Commission.

Further information on how Slack processes data can be found here https://slack.com/intl/de-at/legal.

Furthermore, in accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a contract processing agreement (CPA) with Slack. This means: Slack processes personal data on our behalf. Data that Slack receives from us may therefore be processed by the company exclusively according to our specifications and in compliance with the GDPR. The order processing agreement (AVV) can be viewed here: https://slack.com/intl/de-de/terms-of-service/data-processing

Zoom

We would like to inform you below about the processing of personal data in connection with the use of “Zoom”.

Purpose of processing

We use the “Zoom” tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc. which is based in the USA.

Responsibilities

The responsible party for data processing directly related to the performance of “Online Meetings” is Andreas Ebert & Felix Mark GbR.

Note: Insofar as you call up the website of “Zoom”, the provider of “Zoom” is responsible for data processing. However, calling up the Internet site is only necessary to use “Zoom” in order to download the software for using “Zoom”.You can also use “Zoom” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “Zoom” app. If you do not want to or cannot use the “Zoom” app, then the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.

What data is processed?

Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.

The following personal data are subject to processing:

User details: first name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional),

Department (optional)

Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information.

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Zoom” applications.

To participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.

Scope of processing

We use “Zoom” to conduct “online meetings.” If we want to record “online meetings”, we will transparently communicate this to you in advance and – if necessary – ask for consent. The fact of the recording will also be displayed to you in the “Zoom” app. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will generally not be the case. In the case of webinars, we may also process questions asked by webinar participants for purposes of recording and following up on webinars. If you are registered as a user with “Zoom”, then reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by “Zoom” for up to 12 months.Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Legal basis for data processing

Insofar as personal data is processed by employees of Andreas Ebert & Felix Mark GbR, § 26 BDSG is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Zoom”, Article 6 (1) f) DSGVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of “online meetings”.

For the rest, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

Should no contractual relationship exist, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective implementation of “online meetings”.

Recipients / passing on of data

Personal data processed in connection with participation in “online meetings” is generally not passed on to third parties unless it is specifically intended to be passed on. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: the provider of “Zoom” necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with “Zoom”.

Data processing outside the European Union

“Zoom” is a service provided by a provider from the USA. A processing of personal data thus also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom” that complies with the requirements of Art. 28 DSGVO.

An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As a supplementary protective measure, we have also configured our Zoom so that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.

 

Profiles in social networks

We are present in one or more social networks. In detail, these are: Instagram, Facebook or LinkedIn. When contacting us, we process personal data as described above under “Establishing contact”.

Social network providers process data according to their data protection regulations, which can be accessed here:

If a user is logged in with an account, the activities on our profile in the respective social network may be attached to said user. This can take place across devices and without login as the case may be, for example when using cookies or mobile identifiers. Social network providers use the data collected to create pseudonymised user profiles, which they can use in particular to display personalised advertising.

Rights of the data subject

Where personal data relating to a user is being processed, the user has the following rights:

Right of access: The user has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and a copy of the personal data undergoing processing.

Right to rectification: The user has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Right to erasure: The user has the right in accordance with the law to obtain from the controller the erasure of personal data concerning him or her without undue delay.

Right to restriction of processing: The user has the right in accordance with the law to obtain from the controller restriction of processing.

Right to data portability: The user has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right in accordance with the law to transmit those data to another controller.

Right to object: The user has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the user has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdrawal: The user has the right to withdraw his or her consent at any time.

Right to lodge a complaint: The user has the right to lodge a complaint with a supervisory authority.

Last Updated: 30/03/2022