Datenschutz
This privacy policy clarifies the nature, scope, and purpose of processing personal data (hereinafter referred to as "data") within our services and online offerings, which includes associated websites, functions, content, and external online presences, such as our social media profiles (collectively referred to as "online offerings"). Regarding the terminology used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Next Level Trading Patrick Nill
Johanesstrasse 24
71238 Kirchentellinsfurt
Email: patrick@tradethetraders.com
Controller: Patrick Nill
Types of Processed Data:
Categories of Affected Persons
Visitors and users of the online offering (Hereafter, we also refer to the affected persons collectively as "users").
Purpose of Processing
Used Terminologies
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"Processing" refers to any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and includes virtually any handling of data.
"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data are not attributed to an identified or identifiable natural person.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
The "controller" refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" refers to a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Relevant Legal Bases
In accordance with Article 13 GDPR, we inform you about the legal bases of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e., the EU and the EEA, if the legal basis is not mentioned in the privacy statement, the following applies:
Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
Measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as related access, input, sharing, availability, and its separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data endangerment. Additionally, we consider the protection of personal data in the development, or selection of hardware, software, and procedures, in accordance with the principle of privacy by design and by default settings.
Cooperation with Processors, Joint Controllers, and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers, or third parties), transmit data to them, or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g., if a transfer of data to third parties, such as payment service providers, is necessary for contract performance), users have consented, a legal obligation provides for it or based on our legitimate interests (e.g., when using agents, web hosts, etc.).
If we disclose, transmit, or otherwise grant access to data to other companies in our corporate group, this is done especially for administrative purposes as a legitimate interest and beyond that on a legal basis in compliance with legal requirements.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or this occurs in the context of the use of third-party services or disclosure, or transmission of data to other persons or companies, this is only done if it is to fulfill our (pre-)contractual obligations, based on your consent, a legal obligation, or our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the legal requirements. This means that processing is carried out, e.g., on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU or compliance with officially recognized specific contractual obligations.
Rights of the Data Subjects
You have the right to request confirmation as to whether data concerning you is being processed, and to access this data, as well as additional information and a copy of the data in accordance with legal requirements.
In accordance with legal requirements, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
In accordance with legal requirements, you have the right to demand that data concerning you be deleted immediately, or alternatively to demand a restriction of the processing of the data in accordance with legal provisions.
You have the right to receive the data concerning you, which you have provided to us, in accordance with the legal requirements, and to request their transmission to other controllers.
Furthermore, in accordance with legal provisions, you have the right to lodge a complaint with the competent supervisory authority.
Right to Withdrawal
You have the right to withdraw consents with effect for the future.
Right to Object
You may object to the future processing of data concerning you at any time in accordance with legal requirements. The objection can be made in particular against processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
"Cookies" are small files that are stored on users' computers. Various data can be stored within the cookies. A cookie primarily serves to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online offering. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offering and closes his browser. Such a cookie can store the contents of a shopping cart in an online store or a login status. "Permanent" or "persistent" cookies are those that remain stored even after the browser is closed. For example, the login status can be saved if the users visit them after several days. Similarly, such a cookie can store the interests of the users, which are used for reach measurement or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the controller who operates the online offering (otherwise, if they are only his cookies, they are referred to as "first-party cookies").
We may use temporary and permanent cookies and explain this in our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Excluding cookies can lead to functional restrictions of this online offering.
A general objection to the use of cookies used for online marketing purposes can be declared via a multitude of services, especially in the case of tracking, through the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser. Please note that if you do this, you may not be able to use the full functionality of this online offering.
Deletion of Data
The data we process will be deleted or its processing restricted in accordance with legal requirements. Unless explicitly stated within this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.
If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Changes and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes in the data processing we carry out make it necessary. We will inform you as soon as the changes require your participation (e.g., consent) or another individual notification.
Business-related Processing
Additionally, we process:
Order Processing in the Online Shop and Customer Account
We process our customers' data as part of the ordering processes in our online shop to enable them to select and order the chosen products and services, as well as their payment and delivery, or execution.
The data processed include inventory data, communication data, contract data, payment data, and the persons affected by the processing are our customers, prospects, and other business partners. The processing is carried out for the purpose of providing contract services in the operation of an online shop, billing, delivery, and customer services. Here, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
The processing is carried out to fulfill our services and carry out contractual measures (e.g., execution of order processes) and as far as it is legally required (e.g., legally required archiving of business transactions for commercial and tax purposes). The information marked as necessary is required for the establishment and fulfillment of the contract. We disclose the data to third parties only within the framework of delivery, payment, or pursuant to legal permissions and obligations, as well as if this is based on our legitimate interests, which we inform about within this privacy policy (e.g., to legal and tax advisors, financial institutions, freight companies, and authorities).
Users can optionally create a user account, through which they can view their orders. During registration, the required mandatory information will be communicated to the users. User accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data regarding the user account will be deleted, subject to the necessity of retention for commercial or tax law reasons. Information in the customer account remains until its deletion with subsequent archiving in the case of a legal obligation or our legitimate interests (e.g., in case of legal disputes). It is up to the users to secure their data upon termination before the end of the contract.
During registration and re-registrations, as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of the user in protection from misuse and other unauthorized use. A transfer of these data to third parties generally does not take place unless it is necessary to pursue our claims as a legitimate interest or there is a statutory obligation to do so.
Deletion occurs after the expiry of statutory warranty and comparable obligations, whereby the necessity of keeping the data is reviewed every three years; in the case of statutory archiving obligations, deletion occurs after their expiry.
Agency Services
We process our clients' data as part of our contractual services which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.
We process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., email, telephone numbers), content data (e.g., text input, photographs, videos), contract data (e.g., subject matter of the contract, duration), payment data (e.g., banking details, payment history), usage and metadata (e.g., as part of the evaluation and success measurement of marketing measures). We do not generally process special categories of personal data unless they are components of a commissioned processing. The affected individuals include our clients, prospects, and their customers, users, website visitors, employees, and third parties. The purpose of the processing is to provide contractual services, billing, and our customer service. The legal bases of the processing arise from Article 6(1)(b) GDPR (contractual services), Article 6(1)(f) GDPR (analysis, statistics, optimization, security measures). We process data necessary for the establishment and fulfillment of the contractual services and point out the necessity of their disclosure. Disclosure to external parties only occurs if it is necessary within the framework of a contract. When processing data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements of a contract processing according to Article 28 GDPR and process the data for no other purposes than those agreed upon.
We delete the data after the expiration of legal warranty and comparable obligations. The necessity of retaining the data is reviewed every three years; in the case of legal archiving obligations, deletion occurs after their expiration (6 years, according to § 257(1) HGB, 10 years, according to § 147(1) AO). In the case of data disclosed to us by the client within the framework of an order, we delete the data according to the specifications of the order, generally after the end of the contract.
Therapeutic Services and Coaching
We process the data of our clients and prospects and other clients or contractual partners (collectively referred to as "clients") according to Article 6(1)(b) GDPR to provide them with our contractual or pre-contractual services. The data processed, the nature, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship. The processed data generally include the clients' inventory and master data (e.g., name, address, etc.), as well as contact data (e.g., email address, phone, etc.), contract data (e.g., services used, fees, names of contact persons, etc.) and payment data (e.g., banking details, payment history, etc.).
As part of our services, we may also process special categories of data according to Article 9(1) GDPR, particularly information about the health of the clients, possibly with reference to their sex life or sexual orientation, ethnic origin, or religious or philosophical beliefs. Where necessary, we obtain explicit consent from the clients according to Article 6(1)(a), Article 7, Article 9(2)(a) GDPR and otherwise process the special categories of data for purposes of health care on the basis of Article 9(2)(h) GDPR, § 22(1) No. 1 b. BDSG.
If necessary for the fulfillment of the contract or legally required, we disclose or transmit the clients' data in the context of communication with other professionals, necessarily involved third parties typical for the contract fulfillment, such as billing offices or comparable service providers, if this serves the provision of our services according to Article 6(1)(b) GDPR, is legally prescribed according to Article 6(1)(c) GDPR, serves our interests or those of the clients in efficient and cost-effective health care as a legitimate interest according to Article 6(1)(f) GDPR, or is necessary according to Article 6(1)(d) GDPR to protect vital interests of the clients or another natural person or within the framework of consent according to Article 6(1)(a), Article 7 GDPR.
Data deletion occurs when the data is no longer necessary for the fulfillment of contractual or legal caretaker obligations as well as dealing with any warranty and comparable obligations, where the necessity of retaining the data is reviewed every three years; otherwise, the legal archiving obligations apply.
Contractual Services
We process the data of our contract partners and prospects as well as other clients, customers, clients, or contract partners (collectively referred to as "contract partners") according to Article 6(1)(b) GDPR to provide them with our contractual or pre-contractual services. The data processed, the nature, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship.
The data processed include the master data of our contract partners (e.g., names and addresses), contact data (e.g., email addresses and phone numbers), contract data (e.g., services used, contract contents, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history).
We generally do not process special categories of personal data unless they are components of commissioned or contractual processing.
We process data necessary for the establishment and fulfillment of the contractual services and point out the necessity of their disclosure, if not evident to the contract partners. Disclosure to external persons or companies only occurs if it is required within the framework of a contract. When processing data provided to us as part of an order, we act according to the instructions of the clients and the legal requirements.
As part of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of the users in protection from misuse and other unauthorized use. A transfer of these data to third parties does not generally take place unless it is necessary to pursue our claims according to Article 6(1)(f) GDPR or there is a legal obligation according to Article 6(1)(c) GDPR.
Data deletion occurs when the data is no longer necessary for the fulfillment of contractual or legal caretaker obligations as well as for dealing with any warranty and comparable obligations, where the necessity of retaining the data is reviewed every three years; otherwise, the legal archiving obligations apply.
External Payment Service Providers
We use external payment service providers through whose platforms users and we can carry out payment transactions (e.g., Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html))
In the context of fulfilling contracts, we use payment service providers based on Art. 6(1)(b) GDPR. Additionally, we use external payment service providers based on our legitimate interests according to Art. 6(1)(f) GDPR to offer our users effective and secure payment options.
The data processed by the payment service providers include inventory data, such as names and addresses, banking data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract-related, sum, and recipient-related information. These details are necessary to carry out the transactions. However, the data entered are only processed and stored by the payment service providers. That is, we do not receive any account or credit card related information, only information with confirmation or negative payment status. The data may be transmitted by the payment service providers to credit agencies. This transmission is intended for identity and creditworthiness checks. For this, we refer to the terms and conditions and data protection notices of the payment service providers.
For payment transactions, the terms and conditions and the data protection notices of the respective payment service providers apply, which are available within the respective websites or transaction applications. We also refer to these for further information and to assert revocation, information, and other data subject rights.
Administration, Financial Accounting, Office Organization, Contact Management
We process data in the context of administrative tasks as well as organization of our operations, financial accounting, and compliance with legal obligations, such as archiving. In this process, we handle the same data that we process in the course of providing our contractual services. The bases for processing are Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR. The data processing affects customers, prospects, business partners, and website visitors. The purpose and our interest in processing lie in administration, financial accounting, office organization, data archiving, i.e., tasks that serve to maintain our business activities, perform our tasks, and provide our services. The deletion of data related to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
We disclose or transmit data to the financial administration, consultants, such as tax accountants or auditors, and other fee offices and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, event organizers, and other business partners, e.g., for later contact. These primarily company-related data are generally stored permanently.
Business Analysis and Market Research
To operate our business economically, recognize market trends, wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6(1)(f) GDPR, with the persons affected by processing being contractual partners, interested parties, customers, visitors, and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing, and market research. We may consider the profiles of registered users with information, e.g., regarding the services they have used. The analyses help us increase user-friendliness, optimize our offerings, and business efficiency. The analyses are solely for our use and are not disclosed externally, unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal, they are deleted or anonymized upon the user's cancellation, otherwise after two years from the conclusion of the contract. Otherwise, the overall business analyses and general trend determinations are compiled anonymously wherever possible.
Participation in Affiliate Partner Programs
Within our online offer, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer) according to Art. 6(1)(f) GDPR, we use industry-standard tracking measures to the extent necessary for the operation of the affiliate system. Below, we inform users about the technical background.
The services offered by our contract partners can also be advertised and linked on other websites (so-called affiliate links or after-buy systems, if, for example, links or third-party services are offered after a contract conclusion). The operators of the respective websites receive a commission if users follow the affiliate links and then take advantage of the offers.
In summary, it is necessary for our online offer that we can track whether users who are interested in affiliate links and/or the offers available from us, then take advantage of the offers at the instigation of the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented by certain values that can be part of the link or otherwise, e.g., set in a cookie. The values include in particular the source website (referrer), time, an online identifier of the website operator where the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising medium ID, partner ID, and categorizations.
The online identifiers of the users we use are pseudonymous values. That is, the online identifiers themselves do not contain personal data such as names or email addresses. They only help us determine whether the same user who clicked on an affiliate link or was interested in an offer via our online offer, then took advantage of the offer, i.e., for example, concluded a contract with the provider. However, the online identifier is personal insofar as the partner company and also us, the online identifier together with other user data is available. Only in this way can the partner company inform us whether the respective user has taken advantage of the offer and we can, for example, pay out the bonus.
Amazon Affiliate Program
We participate in the Amazon EU partner program on the basis of our legitimate interests (i.e., interest in the economic operation of our online offer within the meaning of Art. 6(1)(f) GDPR). This program is designed to provide a medium for websites by means of which the placement of advertisements and links to Amazon.de can earn advertising cost reimbursement (so-called affiliate system). That is, as an Amazon partner, we earn on qualified purchases.
Amazon uses cookies to be able to trace the origin of the orders. Among other things, Amazon can recognize that you clicked the partner link on this website and subsequently purchased a product from Amazon.
Further information on the use of data by Amazon and objection options can be found in the company's privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.
Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.
Digistore24 Affiliate Program
We participate in the Digistore24 GmbH affiliate program, St.-Godehard-Straße 32, 31139 Hildesheim, Germany, on the basis of our legitimate interests (i.e., interest in the economic operation of our online offer within the meaning of Art. 6(1)(f) GDPR). This program is designed to provide a medium for websites through which the placement of advertisements and links to Digistore24 can earn advertising cost reimbursement (so-called affiliate system). Digistore24 uses cookies to be able to trace the origin of the contract conclusion. Among other things, Digistore24 can recognize that you clicked the partner link on this website and subsequently made a contract conclusion at or via Digistore24.
Further information on the use of data by Digistore24 and objection options can be found in the company's privacy policy: https://www.digistore24.com/page/privacy.
Privacy Notice in the Application Process
We process applicant data only for the purpose and within the framework of the application process in accordance with the legal requirements. The processing of applicant data is carried out to fulfill our (pre-)contractual obligations within the application process within the meaning of Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR if the data processing becomes necessary for us, for example, in the context of legal proceedings (in Germany, § 26 BDSG also applies).
The application process requires that applicants provide us with the applicant data. The necessary applicant data are, if we offer an online form, marked as such, otherwise arise from the job descriptions and generally include personal information, postal and contact addresses, and the documents belonging to the application, such as a cover letter, resume, and certificates. In addition, applicants may voluntarily provide us with additional information.
By submitting the application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the nature and scope set out in this privacy policy.
To the extent that special categories of personal data within the meaning of Art. 9(1) GDPR are voluntarily communicated within the framework of the application process, their processing is additionally carried out in accordance with Art. 9(2)(b) GDPR (e.g., health data, such as severe disability status or ethnic origin). To the extent that special categories of personal data within the meaning of Art. 9(1) GDPR are requested from applicants during the application process, their processing is additionally carried out in accordance with Art. 9(2)(a) GDPR (e.g., health data, if necessary for the exercise of the profession).
If provided, applicants can submit their applications to us via an online form on our website. The data will be transmitted to us encrypted according to the state of the art. Furthermore, applicants can send us their applications via email. However, please note that emails are generally not sent encrypted and the applicants must ensure encryption themselves. Therefore, we cannot take any responsibility for the transmission path of the application between the sender and the reception on our server and therefore recommend using an online form or postal dispatch instead. Because in addition to the application via the online form and email, applicants still have the option to send us the application by postal mail.
The data provided by the applicants may be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. The data of the applicants will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.
The deletion is carried out, subject to a legitimate revocation of the applicants, after the expiration of a period of six months so that we can answer any follow-up questions to the application and meet our proof obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived according to tax law requirements.
Registration Function
Users can create a user account. As part of the registration, the required mandatory information is communicated to the users and processed on the basis of Art. 6(1)(b) GDPR for the purposes of providing the user account. The processed data particularly include the login information (name, password, and an email address). The data entered during registration are used for the purposes of using the user account and its purpose.
Users may be informed by email about information relevant to their user account, such as technical changes. If users have terminated their user account, their data regarding the user account will be deleted, subject to a legal retention obligation. It is the users' responsibility to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all data stored during the contract period of the user.
In the context of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of the users in protection from misuse and other unauthorized use. A transfer of these data to third parties generally does not take place unless it is necessary to pursue our claims according to Art. 6(1)(f) GDPR or there is a legal obligation according to Art. 6(1)(c) GDPR. IP addresses are anonymized or deleted after 7 days at the latest.
Contacting Us
When contacting us (e.g., via contact form, email, telephone, or through social media), the user's details are processed for handling the contact request and its settlement according to Art. 6(1)(b) GDPR (within the framework of contractual/pre-contractual relationships), Art. 6(1)(f) GDPR (other requests). The user information can be stored in a Customer-Relationship-Management System ("CRM System") or comparable request organization.
We delete the requests if they are no longer required. We review the necessity every two years; furthermore, the legal archiving obligations apply.
Newsletter
With the following information, we inform you about the contents of our newsletter as well as the registration, shipping, and the statistical evaluation processes as well as your rights of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.
Content of the newsletter: We send newsletters, emails, and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described, they are decisive for the users' consent. Otherwise, our newsletters contain information about our services and us.
Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. I.e., you will receive an email after registration in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with foreign email addresses. The registrations for the newsletter are logged to be able to prove the registration process according to the legal requirements. This includes storing the login and the confirmation time, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.
Registration data: To register for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to give a name for personal address in the newsletter.
The dispatch of the newsletter and the associated performance measurement are based on the recipients' consent according to Art. 6(1)(a), Art. 7 GDPR in conjunction with § 7(2) No. 3 UWG or if consent is not required, based on our legitimate interests in direct marketing according to Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.
The logging of the registration process is carried out on the basis of our legitimate interests according to Art. 6(1)(f) GDPR. Our interest is in the use of a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users and also allows us to provide proof of consents.
Cancellation/Revocation - You can cancel the receipt of our newsletter at any time, i.e., revoke your consents. A link to cancel the newsletter can be found at the end of each newsletter. We can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
Newsletter - Shipping Service Provider
The newsletter is sent via [NAME, ADDRESS, COUNTRY], a shipping service provider whose privacy policy can be viewed here: [LINK TO PRIVACY POLICY]. The shipping service provider is used based on our legitimate interests according to Art. 6(1)(f) GDPR and a data processing agreement according to Art. 28(3) sentence 1 GDPR.
The shipping service provider can use the data of the recipients in pseudonymous form, i.e., without assignment to a user, to optimize or improve their own services, e.g., for technical optimization of the shipping and the presentation of the newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
Newsletter - Success Measurement
The newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is retrieved from our server, or if we use a shipping service provider, from their server when the newsletter is opened. In the course of this retrieval, initially technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are collected.
This information is used to technically improve the services based on the technical data or the target audiences and their reading habits based on their retrieval locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavor nor, if used, that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
A separate revocation of the performance measurement is unfortunately not possible, in this case, the whole newsletter subscription must be cancelled.
Hosting and Email Shipping
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space, and database services, email shipping, security services, and technical maintenance services that we use for the purpose of operating this online offer.
Here, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, prospects, and visitors of this online offer based on our legitimate interests in an efficient and secure provision of this online offer according to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing agreement).
Collection of Access Data and Log Files
We, or our hosting provider, collect data on each access to the server where this service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6(1)(f) GDPR. Access data includes the name of the retrieved website, file, date and time of retrieval, transmitted data volume, report of successful retrieval, browser type plus version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Logfile information is stored for security reasons (e.g., to investigate abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidence purposes are excluded from deletion until the final clarification of the respective incident.
Google Analytics
We use Google Analytics, a web analysis service of Google LLC ("Google"), on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6(1)(f) GDPR). Google uses cookies. The information generated by the cookie about users' use of the online offer is usually sent to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer, and to provide us with other services related to the use of this online offer and the internet. Pseudonymous user profiles can be created from the processed data.
We use Google Analytics only with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Further information on the use of data by Google, settings, and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
The personal data of users is deleted or anonymized after 14 months.
Google Adsense with Personalized Ads
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"), on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the AdSense service, which allows ads to be displayed on our website and we receive compensation for their display or other use. For these purposes, usage data, such as the click on an ad and the IP address of the users are processed, whereby the IP address is shortened by the last two digits. Therefore, the processing of the users' data is pseudonymized.
We use Adsense with personalized ads. Google draws conclusions about their interests based on the websites visited by users or the apps used and the user profiles created in this way. Advertisers use this information to align their campaigns with these interests, which is beneficial for users and advertisers alike. For Google, ads are personalized when recorded or known data determines or influences the ad selection. This includes, among other things, previous search queries, activities, visits to websites, use of apps, demographic and location information. This specifically includes demographic targeting, targeting based on interest categories, remarketing, as well as targeting based on customer matching lists and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.
Further information on the use of data by Google, settings, and objection options, can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Facebook Pixel, Custom Audiences, and Facebook Conversion
Within our online offer, due to our legitimate interests in analysis, optimization, and economic operation of our online offer and for these purposes, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used.
Facebook is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we post only to those Facebook users who have shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined by the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The processing of data by Facebook is carried out within the framework of Facebook's Data Use Policy. Accordingly, general hints on the display of Facebook Ads, in the data use policy of Facebook: https://www.facebook.com/policy. Specific information and details about the Facebook Pixel and how it works can be found in the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
You can object to the collection by the Facebook Pixel and use of your data to display Facebook Ads. To set what types of ads are shown to you within Facebook you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e., they are adopted for all devices, such as desktop computers or mobile devices.
You can also object to the use of cookies that serve the purpose of range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke
© 2022 - Impressum | Datenschutz