Information on data protection
With this data protection information, we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). Garden & House BidCo GmbH (hereinafter referred to as “we” or “us”) is responsible for data processing.
Content
I. General information
1. contact
2. legal basis
3. duration of storage
4. categories of recipients of the data
5. transfer of data to third countries
6. processing when exercising your rights
7. your rights
8. right to object
9. data protection officer
II. Data
processing on our website
1. processing of server log files
2. contact options and enquiries
a. Contact form
3. use of provided data for direct advertising
4. job application
5. cookies
6. consent management tool
7. website analysis and statistics
a. Google Analytics
b. Jetpack/WordPress.com Stats
8. tracking & retargeting
a. Google Ads
b. Facebook Pixel
c. Microsoft Advertising
9. third party services and content
III. Data processing on our social media pages
1. visiting a social media page
a. Facebook and Instagram page
b. LinkedIn company page
c. Twitter
d. Xing
e. YouTube
f. Pinterest
2. comments and direct messages
I. General information
1. Contact
If you have any questions or suggestions regarding
this information or if you wish to contact us in order to assert your rights,
please send your request to
Garden & House BidCo GmbH
Bahrenfelder Chaussee
49, House B
22761 Hamburg, Germany
Phone: +49 40 76122122
E-mail: info@ydeon.com
2. Legal bases
The term “personal data” under data protection law refers to all
information that relates to an identified or identifiable individual. We
process personal data in compliance with the relevant data protection regulations,
in particular the DSGVO and the BDSG. Data processing by us only takes place on
the basis of legal permission. We process personal data only with your consent
(Section 15 (3) TMG or Art. 6 (1) a DSGVO), for the performance of a contract
to which you are a party, or at your request for the performance of
pre-contractual measures (Art. 6 (1) b DSGVO), for the performance of a legal
obligation (Art. 6(1)(c) DSGVO) or where processing is necessary for the
purposes of protecting our legitimate interests or the legitimate interests of
a third party, except where such interests are overridden by your interests or
fundamental rights and freedoms which require the protection of personal data
(Art. 6(1)(f) DSGVO).
If you apply for a vacant position in our company, we will also process
your personal data for the purpose of deciding on the establishment of an
employment relationship (Section 26 (1) sentence 1 BDSG).
3. Duration of the storage
Unless otherwise stated in the following notes, we only store the data for
as long as is necessary to achieve the processing purpose or to fulfil our
contractual or legal obligations. Such statutory retention obligations may
arise in particular from commercial or tax law regulations.
From the end of the calendar year in which the data was collected, we will
retain such personal data contained in our accounting records for ten years and
retain personal data contained in commercial letters and contracts for six
years. In addition, we will retain data in connection with consents requiring
proof, as well as with complaints and claims for the duration of the statutory
limitation periods. We will delete data stored for advertising purposes if you
object to processing for this purpose.
4. Categories of recipients of the data
We use processors as part of the processing of your data. Processing operations carried out by
such processors include, for example, hosting, maintenance and support of IT
systems, customer and order management, order processing, accounting and
billing, marketing activities or file and data carrier destruction. A processor
is a natural or legal person, public authority, agency or other body that
processes personal data on behalf of the data controller. Processors do not use
the data for their own purposes, but carry out data processing exclusively for
the data controller and are contractually obliged to guarantee appropriate
technical and organisational measures for data protection. In addition, we may
transfer your personal data to bodies such as postal and delivery services, the
company’s bank, tax advisors/auditors or the tax authorities. Further
recipients may result from the following information.
5. Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries,
i.e. countries where the GDPR is not applicable law. Such a transfer takes
place in a permissible manner if the European Commission has determined that an
adequate level of data protection is required in such a third country. In the
absence of such an adequacy decision by the European Commission, a transfer of
personal data to a third country will only take place if appropriate safeguards
pursuant to Art. 46 GDPR are in place or if one of the conditions of Art. 49
GDPR is met.
Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of
personal data to processors in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087.
If you consent to the transfer of personal data to third countries, the transfer will take
place on the legal basis of Art. 49(1)(a) DSGVO.
6. Processing when exercising your rights
If you exercise your rights in accordance with Articles 15 to 22 of the GDPR, we will process
the personal data provided for the purpose of implementing these rights by us
and to be able to provide evidence of this. We will only process data stored
for the purpose of providing information and preparing it for this purpose and
for the purpose of data protection control and otherwise restrict processing in
accordance with Art. 18 DSGVO.
These processing operations are based on the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with. Articles 15 to 22 DSGVO and Section 34 (2) BDSG.
7. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- In accordance with Art.15 DSGVO and § 34 BDSG, you have the right to request information about whether and, if so, to what extent we are processing personal data
relating to you or not. - You have the right to demand that we correct your data in accordance with Art. 16 DSGVO.
- You have the right to demand that we delete your personal data in accordance with Art. 17 DSGVO and § 35 BDSG.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 DSGVO.
- You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
- If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 (3) DSGVO. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
- If you are of the opinion that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. Right of objection
In accordance with Article 21(1) of the GDPR, you have the right to object
to processing based on the legal basis of Article 6(1)(e) or (f) of the GDPR on
grounds relating to your particular situation. If we process personal data
about you for the purpose of direct marketing, you may object to this
processing pursuant to Article 21 (2) and (3) of the GDPR.
9. Data protection officer
You can reach our data protection officer at the following contact details:
E-mail: dsb@gartenhaus-gmbh.de
Herting Oberbeck Data Protection GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de
II. Data processing on our website
When you use the website, we collect information that you provide yourself. In addition, during
your visit to the website, we automatically collect certain information about
your use of the website. In data protection law, the IP address is also
generally considered to be a personal data. An IP address is assigned to every
device connected to the Internet by the Internet provider so that it can send
and receive data.
1. Processing of server log files
During the purely informative use of our website, general information that
your browser transmits to our server is initially stored automatically (i.e.
not via registration). This includes by default: browser type/version,
operating system used, page accessed, the previously visited page (referrer
URL), IP address, date and time of the server request and HTTP status code. The
processing is carried out to protect our legitimate interests and is based on
the legal basis of Art. 6 (1) f DSGVO. This processing serves the technical
administration and security of the website. The data is stored for fourteen
days with an access option and subsequently only stored as part of backups,
unless there is a justified suspicion of unlawful use on the basis of concrete
indications and further examination and processing of the information is
necessary for this reason. We are not able to identify you as a data subject on
the basis of the stored information. Articles 15 to 22 of the GDPR therefore do
not apply pursuant to Article 11 (2) of the GDPR unless you provide additional
information that enables you to be identified in order to exercise your rights
set out in these articles.
2. Contact options and enquiries
a. Contact form
Our website contains contact forms that you can use to send us messages. The transfer of
your data is encrypted (recognisable by the “https” in the address line
of the browser). All data fields marked as mandatory are required to process
your request. Failure to provide this information will result in us not being
able to process your request. The provision of further data is voluntary.
Alternatively, you can send us a message via the contact e-mail. We process the data for the
purpose of answering your enquiry. Insofar as your enquiry is directed towards
the conclusion or performance of a contract with us, Art. 6 para. 1 letter b
DSGVO is the legal basis for the data processing. Otherwise, we process the
data on the basis of our legitimate interest in contacting enquirers. The legal
basis for data processing is then Art. 6 para. 1 lit. f DSGVO.
We use a customer service platform of the provider Zendesk Inc. (1019 Market St San
Francisco, CA 94103, USA) to collect and organise emails and contact requests.
All incoming emails and enquiries are managed via this platform. For this
purpose, necessary data such as surname, first name, postal address, telephone
number and e-mail address are transmitted to Zendesk in order to be able to
answer your support ticket. You can find more information on data processing by
Zendesk in the Zendesk privacy policy at: https://www.zendesk.de/company/customers-partners/privacy-policy.
3. Use of data provided for direct marketing purposes
We reserve the right to store your first and last name, your postal address and – insofar as
we have received this additional information from you within the framework of
the contractual relationship – your title, academic degree, year of birth and
your profession, industry or business name in summarised lists and to use them
for our own advertising purposes, e.g. to send you interesting offers and
information about our products by letter post.
This processing serves our legitimate interest in carrying out direct advertising. The legal
basis for the processing of the data provided is Art. 6 para. 1 letter f DSGVO.You
can object to the storage and use of your data for these purposes at any time by
sending a message to the contact option described above.
4. Job application
You have the option of applying via our website in the Jobs section. For this purpose, we
collect personal data from you, including in particular your name, CV, letter
of application and other content provided by you. Your personal application
data will only be processed for purposes related to your interest in current or
future employment with us and the processing of your application. Your online
application will only be processed and noted by the relevant contacts at our
company. All employees entrusted with data processing are obliged to maintain
the confidentiality of your data. If we are unable to offer you employment, we
will retain the data you have submitted for up to six months after the end of
the application process for the purpose of answering questions relating to your
application and rejection. This does not apply if legal provisions prevent
deletion, if further storage is necessary for the purpose of providing evidence
or if you have expressly consented to longer storage.
The legal basis for the collection of data is Section 26 Paragraph 1 Sentence 1 BDSG. If we
store your applicant data for longer than six months and you have expressly
consented to this, we would like to point out that this consent can be freely
revoked at any time in accordance with Art. 7 para. 3 DSGVO. Such a revocation
does not affect the lawfulness of the processing that was carried out on the
basis of the consent until the revocation.
5. Cookies
We use cookies and similar technologies (“cookies”) on our website. Cookies are
small text files that are stored by your browser when you visit a website. This
identifies the browser used and can be recognised by web servers. You have full
control over the use of cookies through your browser. You can delete the
cookies in the security settings of your browser at any time. You can object to
the use of cookies in principle or for specific cases through your browser
settings. Further information on this is available from the Federal Office for
Information Security: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.
The use of cookies is partly technically necessary for the operation of our website and is
therefore permitted without the user’s consent. In addition, we may use cookies
to offer special functions and content as well as for analysis and marketing
purposes. These may also include cookies from third-party providers (so-called
third party cookies). We only use such technically unnecessary cookies with
your consent in accordance with Section 15 (3) TMG or Article 6 (1) a DSGVO.
Information on the purposes, providers, technologies used, data stored and the
storage period of individual cookies can be found in the <a
href=”/cookies”>settings</a> of our Consent Management Tool.
6.
Consent-Management-Tool
This website uses a consent management banner to control cookies. The consent banner enables
users of our website to give consent to certain data processing procedures or
to revoke a given consent. By confirming the “I accept” button or by
saving individual cookie settings, you consent to the use of the associated
cookies. The legal basis under data protection law is your consent within the
meaning of Art. 6 (1) a DSGVO.
In addition, the banner helps us to be able to provide evidence of the declaration of consent.
For this purpose, we process information about the declaration of consent and further
log data about this declaration. Cookies are also used to collect this data.
The processing of this data is necessary in order to be able to prove that consent has been
given. The legal basis results from our legal obligation to document your
consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).
7. Website analysis and statistics
a. Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Google
Ireland/EU) on our website.
Google Analytics is a web analytics service that allows us to collect and analyse data about the
behaviour of visitors to our website. Google Analytics uses cookies for this
purpose, which enable an analysis of the use of our website. This involves
processing personal data in the form of online identifiers (including cookie
identifiers), IP addresses, device identifiers and information about
interaction with our website.
Some of this data is information that is stored in the terminal device you are using. In
addition, further information is also stored on your end device via the cookies
used. Such storage of information by Google Analytics or access to information
already stored in your terminal device will only take place with your consent.
Google Ireland will process the data thus collected on our behalf in order to evaluate the use
of our website by the users, to compile reports on the activities within our
website and to provide us with further services connected with the use of our
website and the use of the Internet. In doing so, pseudonymous user profiles
can be created from the processed data.
The setting of cookies and the further processing of personal data described here takes place
with your consent. The legal basis for the data processing in connection with
the Google Analytics service is therefore Art. 6 para. 1 letter a DSGVO. You
can revoke this consent at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to
any country in which Google Ireland or Google’s Ireland sub-processors maintain
facilities. The legal basis for this transfer is the standard contractual
clauses for the transfer of personal data to processors in third countries
pursuant to Art. 46 para. 2 lit. c DSGVO.
We only use Google Analytics with IP anonymisation enabled. This means that the IP address
of the user is shortened by Google Ireland within member states of the European
Union or in other contracting states of the Agreement on the European Economic
Area. The IP address transmitted by the user’s browser is not merged with other
data.
We use the Google Analytics 4 variant, which allows us to track interaction
data from different devices and from different sessions This enables us to put
individual user actions in context and analyse long-term relationships.
User action data is stored for a period of 14 months and then automatically deleted. All other
event data is stored for 2 months and then automatically deleted. The deletion
of data whose storage period has expired takes place automatically once a
month.
We also use the Google Analytics advertising features (remarketing). This feature, in
conjunction with Google’s cross-device capabilities, allows us to better target
ads and present users with ads that are relevant to their interests.
Remarketing displays ads and products to users that have been identified as
being of interest on other websites in the Google network. The function allows
us to link advertising target groups created via Google Analytics Remarketing
with the cross-device functions of Google Ads. In this way, interest-based,
personalised advertising messages that have been adapted to a user depending on
previous usage and surfing behaviour on one end device (e.g. mobile phone) can
also be displayed on another end device of the user (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your
Google Account for this purpose. In this way, the same personalised advertising
messages can be served on each end device on which you log in with your Google
account. The aggregation of the collected data in your Google Account is based
solely on your consent, which you can give or revoke at Google. For these
linked services, data is then collected via Google Analytics for advertising
purposes. To support the remarketing function, Google Analytics collects users’
Google-authenticated IDs, which are temporarily linked to our Google Analytics
data. This is used to define and create target groups for cross-device ad
advertising.
You can also prevent the collection of information generated by the cookie by downloading
and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
You can permanently object to cross-device remarketing/targeting by
deactivating personalised advertising in your Google account; follow this link:
https://www.google.com/settings/ads/onweb/
For further information on the use of data for advertising purposes, please
refer to Google’s privacy policy at: www.google.com/policies/technologies/ads/
You can deactivate Google Analytics on our site by following this link: Opt Out Google Analytics
b. Hotjar
We use the Hotjar service of the provider Hotjar Ltd (Malta/EU) on our website.
Hotjar enables us to analyse movements on our website using so-called
“heat maps”. This allows us to see, for example, how far users scroll
and which buttons users click on and how often. Furthermore, with the help of
the tool it is also possible to obtain feedback directly from the users of the
website. In this way, we obtain valuable information to make our website even
faster and more customer-friendly.
Hotjar only allows us to track which buttons are clicked, mouse history, how
far scrolled, device screen size, device type and browser information. In
addition, we receive information about your geographical location (country) and
the preferred language for displaying our website. Areas of the websites where
personal data of you or third parties are displayed are automatically hidden by
Hotjar and are therefore not traceable by the tool at any time.
Hotjar uses cookies and other technologies to collect data about the behaviour
of our users and their devices, in particular the IP address of the device
(which is only collected and stored anonymously during your use of the
website), screen size, device type (unique device identifiers), information
about the browser used, location (country only), preferred language for
displaying our website.
The setting of cookies and the further processing of personal data described
here takes place with your consent. The legal basis for the data processing in
connection with the Hotjar service is therefore Art. 6 para. 1 letter a DSGVO.
You can revoke this consent at any time with effect for the future.
Further information about the Hotjar service and Hotjar’s data protection can
be found on Hotjar’s help
page.
c. Jetpack/WordPress.com-Stats
We use the Jetpack/ WordPress.com-Stats service on our website for the statistical
evaluation of visitor access to our website. Jetpack/WordPress.com-Stats is
operated by the provider Automattic Inc (USA), using the tracking technology of
the company Quantcast Inc (USA).
This processes personal data in the form of online identifiers (including
cookie identifiers), IP addresses, device identifiers and information about
interaction with our website. The IP address is anonymised immediately after
processing and before it is stored.
Some of this data is information stored in the terminal device you are using.
In addition, further information is also stored on your end device via the
cookies used. Such storage of information or access to information that is
already stored on your end device only takes place with your consent.
The setting of cookies and the further processing of personal data described
here takes place with your consent. The legal basis for data processing in
connection with the Google Analytics service is therefore Art. 6 (1) a DSGVO.
You can revoke this consent at any time with effect for the future.
8. Tracking & Retargeting
a. Google Ads
We use the online advertising programme Google Ads of Google Ireland Limited (Ireland/EU),
through which we place advertisements on the Google search engine.
When you access our website via a Google ad, Google sets a cookie on your end
device (“conversion cookie”). A different conversion cookie is
assigned to each Google Ads customer, so that the cookies are not tracked
across the websites of different Ads customers. The information collected with
the help of the cookie is used to create conversion statistics. This tells us
the total number of users who clicked on one of our Google ads. However, we do
not receive any information with which users can be personally identified.
Insofar as personal data is processed in this context, this is done with your
consent and is based on the legal basis of Art. 6 (1) a DSGVO.
b. Facebook Pixel
We use the Facebook Pixel, a Facebook business tool from Facebook Ireland Limited
(Ireland, EU), on our website. For information on Facebook Ireland’s contact
details and the contact details of Facebook Ireland’s data protection officer,
please refer to Facebook Ireland’s data policy at: https://www.facebook.com/about/privacy.
The Facebook pixel is a snippet of JavaScript code that allows us to track
visitors’ activity on our website. This tracking is called conversion tracking.
The Facebook pixel collects and processes the following information (so-called
event data) for this purpose:
- Information about actions
and activities of visitors to our website, such as searching for and
viewing a product or purchasing a product; - Specific pixel
information such as the pixel ID and the Facebook cookie; - Information about buttons
clicked by visitors to the website; - Information present in
the HTTP header such as IP addresses, web browser information, page
location and referrer; - Information about the
status of disabling/restricting ad tracking.
Some of this event data is information stored in the device you are using. In addition,
cookies are also used via the Facebook pixel, via which information is stored
on your end device used. Such storage of information by the Facebook pixel or
access to information already stored in your end device only takes place with
your consent. Tracked conversions appear in the dashboard of our Facebook Ads
Manager and Facebook Analytics. We may use the tracked conversions there to
measure the effectiveness of our ads, to set Custom Audiences for ad targeting,
for Dynamic Ads campaigns and to analyse the effectiveness of our website’s
conversion funnels. The features we use via the Facebook Pixel are described in
more detail below.
Processing of event data for advertising purposes Event data collected through the Facebook Pixel is used to target our ads and
improve ad delivery, personalise features and content, and improve and secure
Facebook products.
To do this, event data is collected on our website using the Facebook Pixel and
transmitted to Facebook Ireland. This only takes place if you have previously
given your consent to this. The legal basis for the collection and transmission
of personal data by us to Facebook Ireland is therefore Art. 6 (1) a DSGVO.
This collection and transmission of event data is carried out by us and
Facebook Ireland as joint controllers. We have entered into a joint controller
agreement with Facebook Ireland which sets out the allocation of data
protection obligations between us and Facebook Ireland. In this agreement, we
and Facebook Ireland have agreed, among other things,
- that we are responsible
for providing you with all information pursuant to Art. 13, 14 GDPR about
the joint processing of personal data; - that Facebook Ireland is
responsible for enabling data subjects’ rights under Articles 15 to 20 of
the GDPR in respect of personal data held by Facebook Ireland following
joint processing. - You can access the
agreement concluded between us and Facebook Ireland at
https://www.facebook.com/legal/controller_addendum.
Facebook Ireland is the sole controller of the subsequent processing of the transmitted event
data. For more information about how Facebook Ireland processes personal data,
including the legal basis on which Facebook Ireland relies and how you can
exercise your rights against Facebook Ireland, please see Facebook Ireland’s
Data Policy at https://www.facebook.com/about/privacy.
Processing of Event Data for Analytics Purposes
We have also engaged Facebook Ireland to report on the impact of our
advertising campaigns and other online content based on the Event Data
collected through the Facebook Pixel (Campaign Reports) and to provide analysis
and insights about users and their use of our website, products and services
(Analytics). We transfer personal data contained in the Event Data to Facebook
Ireland for this purpose. The personal data submitted will be processed by
Facebook Ireland as our processor to provide us with the campaign reports and
analytics.
Personal data will only be processed to provide analytics and campaign reports
if you have given your prior consent to do so. The legal basis for this
processing of personal data is therefore Art. 6 (1) a DSGVO.
A transfer of data to Facebook Inc. in the USA cannot be ruled out. The legal
basis for this transfer is the standard contractual clauses for the transfer of
personal data to processors in third countries. Please note the information in
the section “Data transfer to third countries”.
c. Microsoft Advertising
We use the Microsoft Advertising service of the provider Microsoft Ireland Operations
Limited (Ireland/EU) (formerly Bing Ads) on our website. Microsoft Advertising
is an online marketing service that uses the Universal Event Tracking (UET)
tool to help us display targeted advertisements via the Microsoft Bing search
engines. Microsoft Advertising uses cookies for this purpose. This involves
processing personal data in the form of online identifiers (including cookie
identifiers), IP addresses, device identifiers and information about device and
browser settings.
Microsoft Advertising collects data via UET that allows us to track target
groups thanks to remarketing lists. For this purpose, a cookie is stored on the
end device used when visiting our website. Microsoft Advertising can thus
recognise that our website has been visited and play an advertisement when
Microsoft Bing or Yahoo is used at a later time.
The information is also used to create conversion statistics, i.e. to record
how many users have reached our website after clicking on an advertisement. This
tells us the total number of users who clicked on our ad and were redirected to
our website. However, we do not receive any information that personally
identifies users.
Microsoft Advertising is used for the purpose of optimising the placement of
advertisements. For more information on these processing activities, the
technologies used, data stored and the storage period, please refer to the
settings of our Consent Management Tool. Processing is only carried out with
your consent in accordance with Section 15 (3) TMG or Art. 6 (1) a DSGVO. You
can revoke your consent via our Consent Management Tool.
In the case of Microsoft services, the transmission of data to Microsoft Corp. in the USA
cannot be ruled out. Please note the information in the section “Data
transfer to third countries”. Further information on data protection at
Microsoft can be found in Microsoft’s data protection information at: https://privacy.microsoft.com/de-de/privacystatement.
III. Data processing on our social media pages
We are represented on several social media platforms with a company page. Through
this, we would like to offer further opportunities for information about our
company and for exchange. Our company has company pages on the following social
media platforms:
- YouTube
When you visit or interact with a profile on a social media platform,
personal data about you may be processed. Information associated with a social media profile in use
also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
1. Visit a social media page
a. Facebook- and Instagram-page
When you visit our Facebook or Instagram page, through which we present our company or
individual products from our range, certain information about you is processed.
The sole controller of this processing of personal data is Facebook Ireland Ltd
(Ireland/EU – “Facebook”). Further information about the processing
of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation.
Facebook offers the option to object to certain data processing; information
and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.
Facebook provides us with anonymised statistics and insights for our Facebook and
Instagram page, which help us gain knowledge about the types of actions people
take on our page (so-called “page insights”). These page insights are
created based on certain information about individuals who have visited our
page. This processing of personal data is carried out by Facebook and us as
joint controllers. The processing serves our legitimate interest to evaluate
the types of actions taken on our site and to improve our site based on these
insights. The legal basis for this processing is Art. 6 (1) (f) DSGVO. We
cannot attribute the information obtained via page insights to individual user
profiles interacting with our Facebook and Instagram page. We have entered into
a joint controller agreement with Facebook which sets out the allocation of
data protection obligations between us and Facebook. Details of the processing
of personal data to create Page Insights and the agreement entered into between
us and Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.
In relation to these data processing operations, you have the possibility to
exercise your data subject rights (see “Your rights”) also against
Facebook. Further information on this can be found in Facebook’s privacy policy
at https://www.facebook.com/privacy/explanation.
Please note that according to the Facebook privacy policy, user data is also processed in the
USA or other third countries. Facebook only transfers user data to countries
for which an adequacy decision has been issued by the European Commission in
accordance with Article 45 of the GDPR or on the basis of appropriate
guarantees in accordance with Article 46 of the GDPR.
b. LinkedIn company page
LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is the sole responsible
party for the processing of personal data when you visit our LinkedIn page.
Further information about the processing of personal data by LinkedIn can be
found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal
data to provide us with anonymised statistics and insights. This provides us
with insights into the types of actions that people take on our page (so-called
page insights). For this purpose, LinkedIn processes in particular such data
that you have already provided to LinkedIn via the information in your profile,
such as data on function, country, industry, seniority, company size and
employment status. In addition, LinkedIn will process information about how you
interact with our LinkedIn company page, e.g. whether you are a follower of our
LinkedIn company page. With Page Insights, LinkedIn does not provide us with
any personal data about you. We only have access to the aggregated Page
Insights. It is also not possible for us to draw conclusions about individual
members using the information in the Page Insights. This processing of personal
data in the context of Page Insights is carried out by LinkedIn and us as joint
controllers. The processing serves our legitimate interest to evaluate the
types of actions taken on our LinkedIn company page and to improve our company
page based on these insights. The legal basis for this processing is Article
6(1)(f) DSGVO. We have entered into a joint controller agreement with LinkedIn
which sets out the allocation of data protection obligations between us and
LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.
Accordingly, the following applies:
- LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your
rights under the GDPR. You can contact LinkedIn online via the following
link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de)
or contact LinkedIn via the contact details in the Privacy Policy. You can
contact the Data Protection Officer at LinkedIn Ireland via the following
link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
You may also contact us at our contact details provided about exercising
your rights in relation to the processing of personal data in the context
of Page Insights. In such a case, we will forward your request to
LinkedIn. - LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory
authority overseeing processing for Page Insights. You always have the
right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any
other supervisory authority.
Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which the European Commission has issued an adequacy decision in accordance with Article 45 of the GDPR or on the basis of appropriate guarantees in accordance with Article 46 of the GDPR.
c. Twitter
Twitter Inc. (USA) is the sole responsible party for the processing of personal data when
visiting our Twitter profile. Further information about the processing of
personal data by Twitter Inc. can be found at https://twitter.com/de/privacy.
d. Xing
New Work SE (Germany/EU) is the sole responsible party for the processing of personal data
when you visit our Xing profile. Further information on the processing of
personal data by New Work SE can be found at https://privacy.xing.com/de/datenschutzerklaerung.
e. YouTube
Google Ireland Limited (Ireland/EU) is the sole responsible party for the
processing of personal data when visiting our YouTube channel. Further
information about the processing of personal data by YouTube and Google Ireland
Limited can be found at https://policies.google.com/privacy.
2. Comments and direct messages
We also process information that you have provided to us via our company page on the respective
social media platform. Such information may be the username used, contact
details or a message sent to us. These processing operations are carried out by
us as the sole data controller. We process this data on the basis of our
legitimate interest to get in contact with inquiring persons. The legal basis
for the data processing is Art. 6 para. 1 letter f DSGVO. Further data
processing may take place if you have consented (Art. 6 para. 1 letter a DSGVO)
or if this is necessary for the fulfilment of a legal obligation (Art. 6 para.
1 letter c DSGVO).
If you have provided us with the information because of participation in a competition, we
will only process it in order to be able to send you a prize, if applicable.
After delivery of the prize or if you have not won, we will delete the data.
The legal basis for the processing is Art. 6 para. 1 letter b DSGVO.
We use software to manage our company pages. If a user asks a question specified in more detail
in the software via the comment function on one of our company pages, the text
is displayed via the software together with the user’s username. This data is
also transmitted to the provider of the software. The transmitted text and the
user name are deleted as soon as the question has been answered.