Data protection notices

1. Introduction

With the following information we would like to provide you, as the ‘data subject’, with an overview of the processing of your personal data by us and your rights under the data protection laws. Basically, it is possible to use our web pages without entering any personal data. However, if you wish to avail yourself of particular services provided by our company via our website, it could become necessary to process personal data. If the processing of personal data is necessary and if there is no legal basis for such processing, we will as a general rule obtain your consent.

Personal data, for example your name, address or e-mail address, are always processed in harmony with the General Data Protection Regulation (GDPR) and in harmony with the country-specific data protection provisions that apply to eurodata AG. By issuing these data protection notices, we would like to inform you about the scope and purpose of the personal data that we gather, use and process.

As the controller, we have implemented numerous technical and organisational measures in order to ensure the most complete protection possible of the personal data processed via this website. Having said that, Internet-based data transmissions can as a matter of basic principle have security gaps, so that absolute protection cannot be guaranteed. For this reason you are at liberty to send us personal data by other means, for example by telephone or post.

2. Controller

 

Controller within the meaning of the GDPR is:

eurodata SAS
Z.I. Carrefour de I’Europe BP 30180
Rue Victor Grignard
F-57603 Forbach Cedex
Phone: +33 387 852 534
Fax: +33 387 850 013
E-Mail: info@eurodata.fr
Managing Director:
Eric Zins
Joop Hoestra

3.  Data protection officer

 

You can contact the data protection officer as follows:

Robert BOUR, eurodata SAS, ZI Carrefour de l’Europe 57600 FORBACH

Téléphone : +33 3 87 85 25 34

E-mail : dpo@eurodata.fr

You can consult our data protection officer directly at any time if you have any questions or ideas about data protection.

4. Definitions

 

The data protection notices are based on the concepts used in the enactment of the General Data Protection Regulation (GDPR) by the European bodies that issue directives and regulations. Our data protection notices should be easy to read and easy to understand, both for the general public and for our customers and business partners. To ensure that, we would first like to explain the terms we use.

The terms we use in these data protection notices include the following:

  1. Personal data
    Personal data are all information which relates to an identified or identifiable natural person. A natural person is considered identifiable if he or she can be directly or indirectly identified, in particular by means of allocation to some means of identification such as a name, an identification number, location data, an on-line ID or one or more special features which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Data subject
    A data subject is any identified or identifiable natural person whose personal data are processed by the controller (our company).
  3. Processing
    Processing is any procedure carried out with or without the aid of automated methods or any such series of procedures in connection with personal data, such as gathering, recording, organisation, putting in order, storage, adaptation or alteration, readout, search, use, disclosure by transmission, dissemination or other form of provision, comparison or combination, restriction, deletion or destruction.
  4. Restriction of processing
    Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
  5. Profiling
    Profiling is any kind of automated processing of personal data which consists in using those personal data to assess certain personal aspects relating to a natural person, in particular to analyse or forecast aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person.
  6. Pseudonymisation
    Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be allocated to a specific data subject without adding further information, provided that that further information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not allocated to an identified or identifiable natural person.
  7. Processor
    Processor is any natural person or legal entity, authority, institution or other body which processes personal data on behalf of the controller.
  8. Recipient
    Recipient is any natural person or legal entity, authority, institution or other body to whom or which personal data are disclosed, regardless of whether that person, entity, authority, institution or body is a third party or not. However, authorities which may receive personal data in the context of a particular inquiry under EU law or the law of the Member States are not regarded as recipients.
  9. Third party
    A third party is any natural person or legal entity, authority, institution or other body who or which is not the data subject, the controller, the processor or the persons authorised to process the personal data under the direct responsibility of the controller or processor.
  10. Consent
    Consent is any informed statement of intent made voluntarily and unambiguously by the data subject for the particular case and in the form of a statement or other clear affirmative action by which the data subject indicates that he or she is in agreement with the processing of the personal data that relate to him or her.

5. Legal basis of processing

Art. 6 1. a) of the GDPR serves our company as a legal basis for processing in respect of which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is for example the case with processing which is necessary for the delivery of goods or the rendering of some other service or consideration, the processing is based on Art. 6 1. b) of the GDPR. The same applies to processing which is required for carrying out measures preceding the conclusion of a contract, for example in cases where enquiries are made about our products or services.

If our company is subject to a legal obligation which renders the processing of personal data necessary, for example the fulfilment of fiscal obligations, the processing is based on Art. 6 1. c) of the GDPR.

In rare cases it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would for example be the case if a visitor were to be injured on our company premises, following which his or her name, age and health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 1. d) of the GDPR.

Finally, processing could be based on Art. 6 1. f) of the GDPR. This is the legal basis for processing which is not covered by any of the above-mentioned legal bases, if the processing is necessary for safeguarding a legitimate interest of our company or a third party, provided that that interest is not outweighed by the interests and / or fundamental rights and freedoms of the data subject. We are in particular permitted to carry out processing of this kind because special mention of it has been made by the European legislators. They, for example, took the view that a legitimate interest could be presumed to exist if you were a customer of our company (Recital 47 Sentence 2 of the GDPR).

6 Technology

6.1 SSL / TLS encryption

This site makes use of SSL or TLS encryption to ensure security in data processing and to protect the transmission of confidential content such as orders, log-in data or contact enquiries that you send to us as the provider. You can recognise an encrypted connection by the fact that there is an “https://” instead of an “http://” in the address bar of the browser and a padlock symbol in your browser bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

6.2 Data gathered when you visit the website

When you use our website for information purposes only, i.e. if you do not register or send information to us in any other way, we only gather the data that your browser transmits to our server (in so-called ‘server logfiles’). Each time a page is accessed by you or by an automated system, our website gathers a set of general data and information. These general data and information are stored in the logfiles of the server and may include

  1. the browser types and versions used
  2. the operating system used by the accessing system
  3. the web page from which an accessing system is referred to our website (so-called referrer)
  4. the sub-sites targeted on our website by an accessing system
  5. the date and time of access to the website
  6. a truncated Internet Protocol address (anonymised IP address)
  7. the Internet service provider of the accessing system
  8. the quantity of data sent in bytes.

When utilising these general data and information we do not draw any conclusions as regards your person. On the contrary, the information is required for

  1. the correct delivery of the content of our website
  2. the optimisation of the content of our website and the advertising thereof
  3. ensuring the continuing functionality of our IT systems and the technology of our website and
  4. providing the authorities with the information they require for prosecution in the case of a cyber attack.

These data and information, having been gathered, are thus analysed by us, on the one hand statistically, and also with the aim of improving data protection and data security in our company, so that we can ultimately ensure an optimum level of protection for the personal data we process. The anonymous data from the server logfiles are stored separately from all the personal data made available by a data subject.

The legal basis for the data processing is Art. 6 1. f) of the GDPR. Our legitimate interest follows from the purposes of data gathering listed above.

7 Cookies

7.1 General information on cookies

We deploy cookies on our website. Cookies are small files which are generated by your browser automatically and stored in your IT system (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage on your device, and they do not contain any viruses, Trojans or other malware.

Information that arises in connection with the device specifically deployed is stored in the cookie. However, this does not mean that we directly gain knowledge of your identity as a result.

On the one hand, the deployment of cookies serves the purpose of making it more agreeable for you to use our amenities. For example, we deploy so-called session cookies which enable us to recognise that you have already visited individual pages on our website. These are deleted automatically when you leave the site.

We also deploy temporary cookies to optimise user-friendliness. These are saved on your device for a certain fixed period. If you revisit our site to take advantage of the services we offer, the cookie automatically recognises both the fact that you have been there before and the entries you made and the settings you had, so that you do not need to enter them again.

Furthermore, we deploy cookies so as to be able to record the use of our website statistically and analyse it for the purpose of optimising our amenities. These cookies enable us to recognise automatically that you have been there before when you revisit our site, and are deleted automatically after a defined period of time.

The data processed by the cookies are necessary for the above-mentioned purposes of safeguarding our legitimate interests and those of third parties in accordance with Art. 6 1. f) of the GDPR.

Most browsers accept cookies automatically. Having said that, you can configure your browser in such a way that no cookies are saved on your computer, or in such a way that a notice always appears before a new cookie is generated. Complete deactivation of cookies, however, can lead to a status in which you cannot take advantage of all the functions of our website.

7.2 Consent to Borlabs cookie

Our website uses Borlabs cookie consent technology to obtain your consent to the storage of certain cookies in your browser, or to the deployment of certain technologies, and to document that consent in a way that conforms to data protection law. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).

When you access our website, a Borlabs cookie is saved in your browser. That cookie stores all and any declarations of consent and any revocation of consent that you make. These data are not forwarded to the provider of the Borlabs cookie.

The data thus collected are stored until you request us to erase them or delete the Borlabs cookie yourself, or until the purpose for which the data were saved ceases to apply. However, this does not affect the compulsory statutory retention periods for documents and records. For details of data processing by the Borlabs cookie go to https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

Borlabs cookie consent technology is deployed to obtain consent to the deployment of cookies, which is a legal requirement. The legal basis for this is Art. 6 1. (c) of the GDPR.

8 Content of our website

8.1 Contact / contact form

Personal data are gathered when you make contact with us (e.g. by contact form or e-mail). Which data are actually gathered when a contact form is used can be seen in the contact form itself. These data are stored and used exclusively for the purpose of replying to your enquiry and / or making contact and the technical administration associated with it. The legal basis for the processing of the data is our legitimate interest in replying to your enquiry in accordance with Art. 6 1. f) of the GDPR. If you make contact with us aiming to conclude a contract, a further legal basis for the processing is Art. 6 1. b) of the GDPR. Your data will be deleted when your enquiry has finally been dealt with. This is the case when the circumstances indicate that the matter concerned has been finally resolved and there are no statutory obligations to preserve business records such as would contradict the deletion.

9 Distribution of newsletter

9.1 Distribution of the newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers regarding goods and / or services similar to the ones you have already purchased from our product range by e-mail. For this, in accordance with Section 7 (3) of the German Unfair Competition Act (UWG), we are not under any obligation to obtain separate consent from you. To that extent, the data are processed solely on the basis of our legitimate interest in personalised direct advertising as in Art. 6 1. f) of the GDPR. If you objected to the use of your e-mail address for this purpose at the outset, no mails will be sent by us. You have the right to object to the use of your e-mail address for the above-mentioned advertising purposes at any time with future effect by notifying the controller named at the beginning. If you do so, you only incur transmission costs at the basic rates. When your objection has been received, the use of your e-mail address for advertising purposes will be discontinued immediately.

9.2 Promotional newsletter

On our website you have the option of subscribing to our company newsletter. The personal data that are transmitted to us when you order the newsletter can be seen in the template you use for that purpose.

We inform our customers and business partners at regular intervals via a newsletter about our product range. As a matter of basic principle, you can only receive the newsletter of our company if

  1. you have a valid e-mail address and
  2. you have registered for the newsletter.

For legal reasons, a confirmation mail in the double opt-in procedure will be sent to the e-mail address you entered when you first signed up for the newsletter. This confirmation mail serves the purpose of enabling us to verify that you, as the holder of the e-mail address, have actually authorised us to send you the newsletter.

When you register for the newsletter we also save the IP address of the IT system you were using at the time when you registered, allocated by your Internet service provider (ISP), and the date and time of registration. The gathering of these data is necessary in order to be able to trace the (possible) abuse of your e-mail address at a later point in time and thus serves to protect us from a legal point of view.

The personal data gathered in the context of registration for the newsletter are used exclusively for its distribution. Moreover, subscribers to the newsletter can be informed by e-mail if this is necessary to the running of the newsletter service or registration in respect of it, such as could be the case if changes were made to the newsletter service or modifications to the technical facilities. Personal data gathered in the context of the newsletter service will not be passed on or otherwise disclosed to third parties. You can give notice to terminate your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for distribution of the newsletter can be revoked at any time. For the purpose of revoking that consent, there is an appropriate link in each newsletter. Furthermore, you have the possibility to deregister from the newsletter at any time by sending an appropriate message to the controller referred to at the beginning.

The legal basis for data processing for the purpose of newsletter distribution is Art. 6 1. a) of the GDPR.

9.3 Newsletter tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic which is embedded in e-mails sent in HTML format so as to enable logfile recording and logfile analysis. This makes it possible to carry out a statistical analysis of the success or failure of on-line marketing campaigns. With the aid of the embedded tracking pixel, the company can recognise whether an e-mail has been opened by you, if so when, and which of the links in the e-mail you accessed.

Personal data gathered via the tracking pixels contained in the newsletters are stored and analysed by us in order to optimise distribution of the newsletter and adapt the content of future newsletters to suit your interests even better. These personal data are not passed on to third parties. Data subjects have the right to revoke the separate declaration of consent made via the double opt-in procedure at any time. After revocation these personal data will be deleted by us. We interpret deregistration from receipt of the newsletter automatically as revocation.

In particular, an analysis of this kind is carried out in accordance with Art. 6 1. f) of the GDPR on the basis of our legitimate interests in personalised advertising, market research and / or the design of our website as required.

10 Plugins and other services

Among the features integrated in our website are tools provided by enterprises which have their registered office in the USA. When these tools are active, your personal data may be forwarded to the servers of those companies in the USA. We hereby point out that the USA is not a third country with an adequate level of protection as defined by EU data protection law. US enterprises are under obligation to hand over personal data to security authorities, and if they do so you will not have any possibility to take judicial action against them. It is therefore not possible to preclude the processing, evaluation and long-term storage of your data on US servers by US authorities (e.g. secret services) for monitoring purposes. We do not have any influence on these processing activities.

10.1 Google Tag Manager

We deploy the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool with the aid of which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles or store cookies, and it does not carry out any analyses of its own. It only serves to administer and activate the tools whose deployment it makes possible. Having said that, the Google Tag Manager does record your IP address, which may then also be forwarded to the Google parent company in the United States.

The Google Tag Manager is deployed pursuant to Art. 6 1. (f) of the GDPR. The website operator has a legitimate interest in the rapid and uncomplicated integration and administration of the various tools on his website. If consent to the Google Tag Manager has been requested, it will be processed exclusively pursuant to Art. 6 1. (a) of the GDPR and Section 25 (1) of the German Telecommunication and Telemedia Data Protection Act (TTDSG) if it includes the storage of cookies or access to information on the device of the user (e.g. device fingerprinting) as defined in the TTDSG. Consent may be revoked at any time.

This service is used on the basis of your consent pursuant to Art. 6 1. (a) of the GDPR and Section 25 (1) of the TTDSG. That consent too may be revoked at any time.

10.2 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (‘Google’). Google Analytics employs so-called ‘cookies’, text files that are saved on your computer and enable an analysis to be made of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a server of Google in the USA and stored there. On activation of the IP anonymisation facility on this website, however, your IP address will, within the member states of the European Union or other states which are party to the Agreement on the European Economic Area, first be truncated. Only in exceptional cases will the whole IP address be transmitted to a server of Google in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on site activity for the operator and provide the operator with other services relating to website activity and Internet usage. The IP address that your browser conveys within the scope of Google Analytics will not be combined with any other data stored by Google. You may refuse to allow the saving of cookies by selecting the appropriate setting on your browser, but we would like to point out that if you do so you may not be able to exploit the full functionality of this website.

You can, moreover, prevent the data that are generated by the cookie and relate to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available at (https://tools.google.com/dlpage/gaoptout?hl=en). You can prevent data from being gathered by Google Analytics by clicking on the following link: deactivate Google Analytics.

That will save an opt-out cookie which will prevent your data from being gathered when you visit this website in the future.

For more detailed information on this, go to https://tools.google.com/dlpage/gaoptout?hl=en or https://support.google.com/analytics/answer/6004245?hl=en (general information on Google Analytics and data protection). We would like to draw your attention to the fact that on this website Google Analytics has been extended to include the code “gat._anonymizeIp();” to ensure that IP addresses can only be recorded in anonymised form (so-called IP masking). Source: www.datenschutzbeauftragter-info.de

10.3 Google Maps

On our website we use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for the depiction of interactive maps with the purpose of providing a visual display of geographical information. Via the use of this service, for example, the location of our premises can be displayed to you, which will make it easier for you to find your way here if you wish to.

As soon as you access the sub-pages in which the map from Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This happens regardless of whether Google provides a user account to which you have logged in or not. If you are logged in to Google, your data are allocated to your account directly. If you do not wish the data to be allocated to your profile at Google, you have to log out of your Google user account. Google stores your data (even for users who have not logged in) as a usage profile, and analyses them. In particular, this analysis is carried out in accordance with Art. 6 1. f) of the GDPR on the basis of the legitimate interests of Google in personalised advertising, market research and / or the design of its website as required. You have the right to object to the creation of these usage profiles, but you have to apply to Google itself in order to exercise that right.

If you are not in agreement with the future transmission of your data to Google in the context of using Google Maps, you also have the possibility of disabling the web service of Google Maps completely by deactivating the JavaScript application in your browser. If you do that, however, it will not be possible to use Google Maps or the map display on this website.

We use Google Maps in the interests of making an appealing display of our on-line amenities and making it easy for you to find the locations we refer to on the website. This constitutes a legitimate interest within the meaning of Art. 6 1. f) of the GDPR.

You can view Google’s terms of use at
https://www.google.de/intl/de/policies/terms/regional.html

For the additional terms of use applying to Google Maps go to
https://www.google.com/intl/de_US/help/terms_maps.html

For comprehensive information on data protection in connection with the use of Google Maps go to the Google website (‘Google Privacy Policy’):
https://www.google.de/intl/de/policies/privacy/

10.4 YouTube (Videos)

This website uses the YouTube embedding function for the depiction and playback of videos by the provider ‘YouTube’, which is part of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).

The extended data protection mode is used here. According to information from the provider, user information does not begin to be saved until the video(s) is / are replayed. When the replay of embedded YouTube videos begins, the provider ‘YouTube’ deploys cookies in order to gather information about the behaviour of the user. According to information furnished by ‘YouTube’, the purposes this serves include the compilation of video statistics, the improvement of user-friendliness and the prevention of abuse. If you are logged in to Google, your data are allocated directly to your account when you click on a video. If you do not wish the data to be allocated to your profile at YouTube, you need to log out prior to activating the button. Google stores your data (even for users who have not logged in) as usage profiles and analyses them. Analysis of this kind is carried out in particular in accordance with Art. 6 1. f) of the GDPR on the basis of the legitimate interests of Google in personalised advertising, market research and / or the design of its website as required. You have the right to object to the creation of these user profiles, but you have to apply to YouTube itself in order to exercise that right.

Regardless of any replay of embedded videos, each access of this website causes a connection to be made to the Google network ‘DoubleClick’ , and this in turn may trigger off further data processing sequences which are beyond our influence.

You can obtain more information on data protection at ‘YouTube’ in the provider’s data protection notices at: https://www.google.de/intl/de/policies/privacy


10.5. Audio and video conferences

Data processing

For communication with our customers we also deploy on-line conference tools. The individual tools used by us are listed below. When you communicate with us via a video or audio conference on the Internet, your personal data are gathered and processed by us and by the provider of the conference tool that is used.

 

The conference tools gather all the data which you provide when you register to use the tools (your e-mail address and/or telephone number). They also process the duration of the conference, the times at which your participation in the conference begins and ends, the number of participants and other ‘context information’ associated with the communication procedure (metadata).

 

The provider of the tool also processes all the technical data required for the administration of the on-line communication. These include in particular IP addresses, MAC addresses, equipment IDs, device type, type and version of operating system, client version, camera type, microphone or loudspeaker, and type of connection.

 

If any content is exchanged within the tool, uploaded or made available in any other way, it too will be stored on the servers of the tool provider. Such content includes in particular cloud recordings, chat / instant messages, voice mails, uploaded photos and videos, files, whiteboards and other information shared during use of the service.

 

Please note that we do not have a full range of influence on the data processing sequences of the tools used. The possibilities we do have are determined by the corporate policy of the respective provider. For more information on data processing via the conference tools, see the privacy policies relating to the respective tools deployed, which we have listed below this text.

Purpose and legal basis

The conference tools are used for communication with prospective or existing contractual partners or to offer our customers certain services (Art. 6 1. 1 [b] of the GDPR). The tools are also deployed for the general simplification and expedition of communication with ourselves and our enterprise (legitimate interest as defined in Art. 6 1. 1 [f] of the GDPR). If consent has been requested, the tools concerned are deployed on the basis of that consent; the consent can be withdrawn at any time with future effect.

Period of storage

The data gathered by us directly via the video and conference tools are deleted by our systems as soon as you request us to effect such deletion or withdraw your consent to their storage, or as soon as the purpose for which the data were stored ceases to apply. Stored cookies will remain on your device until you erase them. This does not have any effect on binding statutory retention periods for documentation.

 

We do not have any influence on the period for which the operators of the conference tools store your data for their own ends. For detailed information on that, please apply directly to the operators of the conference tools.

Conference tools deployed

We deploy the following conference tools.

 

GoToMeeting

We use GoToMeeting. The provider is LogMeIn, Inc., 320 Summer Street, Boston, MA 02210, USA.

For details of data processing, see the privacy policy of GoToMeeting:

https://www.logmeininc.com/de/legal/privacy.

 

Data transmission to the USA is based on the standard contractual clauses of the EU Commission.

For details go to:

https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf.

 

Conclusion of an order processing contract

We have concluded a contract with the provider of GoToMeeting for order processing and duly meet the stringent requirements of the German data protection authorities in their entirety in the use of GoToMeeting.

10.6 TeamViewer

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstrasse 30, 73037 Göppingen. For details of data processing, see the privacy policy of TeamViewer:

https://www.teamviewer.com/de/datenschutzerklaerung/.

Conclusion of an order processing contract

We have concluded a contract with the provider of TeamViewer for order processing and duly meet the stringent requirements of the German data protection authorities in their entirety in the use of TeamViewer.

10.7 Facebook Pixel

For conversion tracking, this website uses the Facebook visitor action pixel. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data gathered are also transmitted to the USA and other third countries.

It is thus possible to trace the behaviour of visitors to the site once they have moved on by clicking on a Facebook advertisement on the website of the provider. This enables the efficacy of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising activities to be optimised.

For us as the operator of this website, the data gathered are anonymous. We cannot draw any conclusions as to the identity of the users. However, the data are stored and processed by Facebook, so that it is possible to make a connection between them and the respective user profile, and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. That enables Facebook to place advertisements both on Facebook pages and outside Facebook. As the operator of the site, we do not have any influence on this use of the data.

The Facebook pixel is used based on Art. 6 1. f) of the GDPR. The website operator has a legitimate interest in effective advertising activities, also pursued on the social media. If appropriate consent has been requested, (e.g. consent to the storage of cookies), the data are processed exclusively on the basis of Art. 6 1. a) of the GDPR; said consent can be withdrawn at any time.

The transmission of data to the USA is based on the standard contractual clauses of the EU Commission.

For details, go to:

https://www.facebook.com/legal/EU_data_transfer_addendum and

https://de-de.facebook.com/help/566994660333381.

If personal data are gathered on our website with the aid of the tool described here and passed on to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for their processing (Art. 26 of the GDPR).

Having said that, this joint responsibility is limited exclusively to gathering the data and passing them on to Facebook. Processing done by Facebook after that is not part of this joint responsibility. The obligations jointly incumbent upon us have been set down in an agreement on joint processing. For the exact wording of that agreement, go to:

https://www.facebook.com/legal/controller_addendum. According to the agreement, we are responsible for issuing data protection information if we deploy the Facebook tool, and also for the secure implementation of the tool on our website in terms of data protection law. Facebook is responsible for the data security of Facebook products. As the data subject, you can assert the rights you have relating to data processed by Facebook (e.g. request for information) directly with Facebook. If you assert these rights with us, we are under obligation to pass them on to Facebook.

You can find more information about the protection of your privacy in the Facebook privacy policy:

https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function ‘Custom Audiences’ in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do that, you need to be registered with Facebook.

If you do not have a Facebook account, you can deactivate use-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance:

http://www.youronlinechoices.com/de/praferenzmanagement/.

Additional opt-out amenities such as are offered to cover the following respective zones are:

a) Europe: https://www.youronlinechoices.eu.
b) Canada: https://www.youradchoices.ca/choices.
c) USA: https://www.aboutads.info/choices.
d) Transzonal: https://optout.aboutads.info.

11 Your rights as the data subject

11.1 Right to confirmation

You have the right to request confirmation from us as to whether or not personal data that relate to you are being processed.

11.2 Right of access as in Art. 15 of the GDPR

You have the right to receive free information at any time from us about the personal data stored relating to your person, and a copy of those data.

11.3 Right to rectification as in Art. 16 of the GDPR

You have the right to request the rectification of incorrect personal data that relate to you. Furthermore, the data subject has the right to request that incomplete personal data be completed, taking into account the purposes of the processing.

11.4 Erasure as in Art. 17 of the GDPR

You have the right to request us to delete personal data that relate to you without delay if any of the reasons provided for by law apply and the processing is not necessary.

11.5 Restriction of processing as in Art. 18 of the GDPR

You have the right to request us to restrict processing if any of the statutory prerequisites exist.

11.6 Data portability as in Art. 20 of the GDPR

You have the right to receive the personal data which relate to you and which you made available to us in a structured, commonly used, machine-readable format. Without any hindrance on our part, you also have the right to transmit those data to another controller to whom the personal data have been provided, if the processing is done on the basis of consent as in Art. 6 1. a) of the GDPR or Art. 9 2. a) of the GDPR or a contract as in Art. 6 1. b) of the GDPR and carried out by automated means, provided that the processing is not necessary for the performance of a task or duty which is in the public interest or in the exercising of official authority which has been vested in us.

Apart from that, when exercising your right to data portability in accordance with Art. 20 1. of the GDPR, you have the right to have the personal data transferred directly from one controller to another if this is technically feasible and does not impair the rights and freedoms of others.

11.7 Objection as in Art. 21 of the GDPR

You have the right to lodge an objection to the processing of personal data that relate to you at any time for reasons arising from your particular situation, if said processing is done on the basis of Art. 6 1. e) (data processing in the public interest) or f) (data processing on the basis of a balancing of interests) of the GDPR.

This also applies to profiling based on these provisions as in Art. 4 4. of the GDPR.

If you do lodge an objection, we will not process your personal data any more unless we can produce evidence of compelling legitimate reasons for doing so such as outweigh your interests, rights and freedoms, or unless the processing serves the purpose of asserting, exercising or defending legal claims.

In individual cases we process personal data in order to carry out direct advertising. You can object at any time to the processing of personal data for the purpose of such advertising. The same applies to profiling if it is done in connection with such direct advertising. If you lodge an objection with us to processing for the purposes of direct advertising, we will no longer process personal data for those purposes.

You also have the right, for reasons arising from your particular situation, to lodge an objection to the processing of personal data that relate to you, if such processing is done for scientific or historical research purposes or statistical purposes as in Art. 89 1. of the GDPR, unless such processing is necessary to the performance of a task in the public interest.

In connection with the use of services of the information society, notwithstanding Directive 2002/58/EC, you are free to exercise your right to object by means of automated procedures in which technical specifications are applied.

11.8 Revocation of consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time with future effect.

11.9 Complaining to a supervisory authority

You have the right to complain to a supervisory authority which is competent for data protection about our processing of personal data.

12 Routine storage, deletion and disabling of personal data

We only process and store your personal data for the period which is necessary to the achievement of the purpose of that storage, or if such processing and storage have been provided for in the legal provisions to which our company is subject.

If the purpose of storage ceases to apply or if a prescribed storage deadline expires, the personal data will be disabled or deleted as a matter of routine and in accordance with the statutory regulations.

13 Duration of the storage of personal data

The criterion for the duration of the storage of personal data is the respective statutory retention period for documents and records. After expiry of that period the data concerned will be deleted as a matter of routine provided that they are no longer required for the performance or negotiation of a contract.

14 Current applicability and amendment of the data protection notices

This data protection notices are currently applicable and was issued in May 2018.

It may become necessary to modify these data protection notices on account of the further development of our web pages and amenities or because of altered statutory requirements or specifications from the authorities. You can retrieve and print out the currently applicable data protection notices at any time on the website under www.eurodata.de/datenschutz

please note – only available in german:
Auftragsverarbeitung bei vom Kunden beauftragten Leistungen (Stand: 01/2022)
Technische und organisatorische Massnahmen (TOM – Stand: 04/2023)

Untervertragsverhältnisse