Privacy Terms

Privacy Terms

This privacy statement clarifies the type, extent and purpose of processing personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions, contents and externally hosted online presences like social media profiles (hereinafter collectively referred to as “online offer“). the terminology used like “processing“ or “person in charge“, we explicitly refer to the definitions given in article 4 of the General Data Protection Regulation (GDPR).

 

Person in Charge

Luiza Vohl


Accord Estates GmbH


Gormannstraße 21


10119 Berlin

Germany


info@accordestates.com


https://www.accordestates.com/de


Contact -  Data Protection Officer:


Jochen Nipp


jn@accordestates.com

 

Types of Data Processed

– inventory data (e.g. names, addresses).
– contact data (e.g. email addresses, telephone numbers).
– content data (e.g. text entries, pictures, videos).
– usage data (e.g. websites visited, interest in content, access time).
– meta-/communications data (e.g., device information, IP addresses).

 

Categories of Data Subjects

Visitors and users of the online offer (data subjects are hereinafter collectively referred to as “users“).

 

Purpose of Processing

– provision of the online offer, its functions and contents.
– answering contact inquiries and communication with users.
– security measures.
– online reach measurement/marketing.

 

Terminology Used

“Personal data“ concerns all information referring to an identified or identifiable natural person (hereinafter “person concerned“); a natural person is deemed identifiable if she can be identified directly or indirectly, especially by assignment to an identifier like name, identification number, location data, online identification data (e.g. cookies) or to one or several other particular characteristics forming the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

 

“Processing“ concerns every operation conducted with or without help of automated processes or any such operation sequence in connection with personal data. The term is far-reaching and practically includes any handling of personal data.

 

"Pseudonymization“ concerns the processing of personal data to the extent that any personal data can no longer be allocated to a specific person concerned without the involvement of additional information, as long as these additional information is kept separately and subject to technical and organizational measures which guarantee that that the personal data cannot be allocated to an identified or identifiable natural person.

 

"Profiling“ concerns any kind of automated processing of personal data with the purpose of evaluating certain personal aspects in relation to a natural person, especially to analyze and predict aspects regarding the performance, economic situation, health, personal preferences, interests, reliability, abode or change of location of this natural person.

 

“Person in charge“ refers to the natural or legal person, authority, institution or similar body solely or collectively deciding upon the purpose and means of processing personal data.

 

“Processor“ refers to the natural or legal person, authority, institution or similar body processing personal data on behalf of the person in charge.

 

Relevant Legal Foundation

We communicate the legal foundation of our data processing in accordance with article 13 GDPR. As long as the legal foundation is not mentioned in the privacy statement, the following shall apply: the legal foundation for obtaining the consents is Art. 6 Par. 1 lit. a and Art. 7 GDPR, the legal foundation for processing to fulfill our services and implement contractual measures as well as answering inquiries is Art. 6 Par. 1 lit. b GDPR, the legal foundation for processing to fulfill our legal obligations is Art. 6 Par. 1 lit. c GDPR, and the legal foundation for processing to safeguard our legitimate interests is Art. 6 Par. 1 lit. f GDPR. In case vital interests of the person concerned or any other natural person require the processing of personal data, Art. 6 Par.1 lit. d GDPR serves as legal foundation.

 

Security Measures

We take suitable technical and organizational measures in accordance with Art. 32 GDPR in consideration of the latest state of technology, the implementation costs and the type, extent, circumstances and purposes of processing as well as the different occurrence probabilities and seriousness of the risk for the rights and freedoms of natural persons to guarantee a level of protection adequate to the potential risk.

 

The measures particularly include the protection of confidentiality, integrity and availability of data by controlling the physical access as well as the respective data concerning access, entry, transfer, ensuring of availability and division. We furthermore set up procedures ensuring the exercise of rights by persons concerned, deletion of data and reaction to endangerment of data. We also consider the protection of personal data in the development and selection of hardware, software and procedures in accordance with the principles of data protection by means of technological design and privacy-friendly default settings (Art. 25 GDPR).

 

Cooperation with Processors and Third Parties

Provided we are revealing, transmitting or providing access to data in the course of processing towards other individuals or companies (processors or third parties), this solely happens on the basis of legal permission (e.g. when transmitting data to third parties, like payment service providers, is required for the fulfilment of contract in accordance with Art. 6 Par. 1 lit. b GDPR), you have given express consent, a legal obligation exists or on the basis of our legitimate interests (e.g. for the deployment of agents, webhosts, etc.).

 

Provided we are assigning third parties with processing of data on the basis of an “order processing contract“, this happens on the basis of Art. 28 GDPR.

 

Transfers to Third Countries

Provided we are processing data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA) or in case this happens within the utilization of third party services or by disclosure and transmission of data to third parties, this only occurs for the purpose of fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of legal obligation or on the basis of our legitimate interest.

 

Conditionally upon legal or contractual permissions, we process data or have data processed in a third country only in the presence of the particular preconditions given under Art. 44 ff. GDPR. This means the processing may occur on the basis of special guarantees, like the existence of an officially recognized data privacy standard similar to the GDPR (e.g. the “Privacy Shield“ for the US) or in compliance with particular, officially recognized contractual obligations ( so-called “standard contractual clauses“).

 

Legitimate Rights of the Persons Concerned

You have the right to obtain a confirmation whether or not respective data is processed and the right to obtain information about these data as well as the right to obtain a copy of these data in accordance with Art. 15 GDPR.

 

In accordance with Art. 16 GDPR, you have the right to request the completion and rectification of your incorrect personal data.

 

In accordance with Art. 17 GDPR, you have the right to have your personal data deleted immediately, or to demand a restricted processing of your data in accordance with Art. 18 GDPR.

 

In accordance with Art. 20 GDPR, you have the right to receive all personal data that you have provided and to request the transmission of the data to other persons in charge.

 

You also have the right to file a complaint before the responsible regulatory authority.

 

Right of Revocation

You have the right to revoke any consent in accordance with Art. 7 Par. 3 GDPR with effect for the future.

 

Right of Objection

You can object the future processing of your personal data in accordance with Art. 21 GDPR at any time. The objection may particularly occur against the processing for the purpose of direct marketing.

 

Cookies and Right of Objection for Direct Marketing

“Cookies“ are small files which are saved onto the users' computers. Numerous pieces of information can be saved within cookies. A cookie primarily serves to safe user information (e.g. the device the cookie is saved on) during or after the visit of an online offer. Temporary cookies, “session cookies“ or “transient cookies“ are cookies which are deleted immediately after the user leaves an online offer or closes his browser. Such cookies safe the content of your shopping cart in an online shop or your login status for example. “Permanent“ or “persistent“ cookies are cookies which remain saved even after closing your browser.

 

They serve to remember the login status for example, when users visit the website after several days again. Such cookies can also safe user interests useful for range measurements or marketing purposes. “Third-party cookies“ are cookies offered by providers not responsible for the online offer (cookies by the person in charge are referred to as “first-party cookies). We can deploy temporary and permanent cookies and hereby inform you with our privacy statement.

 

In case users do not want cookies to be saved on their computers, we kindly ask to deactivate the respective option in the system preferences of their browser. Cookies saved can be deleted in the browsers system preferences. Excluding cookies may lead to functional limitations of the online offer.

 

A general objection against the application of cookies used for online marketing purposes can be declared in a large number of services, especially regarding tracking, via the US-American website http://www.aboutads.info/choices/ or the European website http://www.youronlinechoices.com/. The storage of cookies can furthermore be achieved via deactivating the respective option in the system preferences of the browser. Please not that deactivating cookie storage may result in functional limitations of the online offer.

 

Deletion of Data

The data processed by us in accordance with Art. 17 and 18 GDPR are deleted or restricted in processing. As long as not explicitly stated within the frame of this privacy statement, the data stored by us is deleted when it is no longer necessary for its intended purpose and when no statutory storage obligations prevent it. Provided data is not deleted to their relevance for other and lawful purposes, their processing is limited. This means the data is locked and not processed for any other means. This particularly counts for data which has to be stored due to commerce and tax law reasons.

 

Following the legal specifications in Germany, storage takes place particularly for 10 years in accordance with §§ 147 Section 1 AO, 257 Section 1 No. 1 and 4, Section 4 German Commercial Code (books, records, status reports, vouchers, trading books, documents relevant for taxation, etc.). and 6 years in accordance with § 257 Section 1 No. 2 and 3, Section 4 German Commercial Code (commercial letters).

 

Following the legal specifications in Austria, storage takes place particularly for 7 years in accordance with § 132 Section 1 Austrian Federal Tax Code (accounting records, receipts/invoices, accounts, vouchers, business papers, statement of revenue and expenditure, etc.), for 22 years in connection with properties and for 10 years regarding documents in connection with electronically supplied services, telecommunication services, broadcasting and television services provided to non-entrepreneurs within EU countries and for those making use of the mini one-stop shop (MOSS).

 

Processing for Business Purposes

We additionally process - contractual data (e.g. contractual object, duration, customer category) – payment data (e.g. bank details, payment history) of our clients, interested parties and business partners for the purpose of providing contractual services, services and customer care, marketing, advertisement and market research.

 

Estate Agent Services

We process data of our customers, clients and persons interested (uniformly referred to as “customers“) in accordance with Art. 6 Par. 1 lit. b. GDPR, in order to provide our contractual or pre-contractual services for them. The data processed on this occasion – the type, the extent, the purpose and the necessity of their processing is determined by the underlying contract at hand. Among the those generally are inventory data, master data of the customers (name, address, etc.), as well as their contact data (email address, telephone number, etc.), the contractual data (content of the order, fees, duration, information regarding the mediated companies/insurances/services) and payment details (commissions, payment history, etc.).

 

We can furthermore process information regarding the characteristics and circumstances of persons or their belongings if this is subject of our contract. This may include information regarding personal circumstances, mobile or immobile material assets. In the course of our assignment, it may also be necessary to process particular categories of data in accordance with Art. 9 Par. 1 GDPR, especially information regarding the health of a person. Where necessary, we request express consent by the customers in accordance with Art. 6 Par. 1 lit. a., Art. 7, Art. 9 Par. 2 lit. a. GDPR.

 

Provided necessary for the fulfilment of contract or legally required, we reveal or transmit customer data for the purpose of coverage inquiries, completion and development of contracts to providers of the services concerned/properties/insurers/reinsurers/estate agent pools, technical service providers, other service providers, like cooperating associations, as well as financial service providers, credit institutions and investment companies as well as social insurance agencies, tax authorities, tax consultants, legal advisers, auditors, insurance Ombudsmen and the Federal Financial Supervisory Authority (BaFin). We can furthermore assign subcontractors, e.g. sub-agents. We request express consent by customers in case such a revelation or transmission is necessary (as might be the case for particular categories of data in accordance with Art. 9 GDPR).

 

The deletion of data is carried out after the expiration of legal warranty obligations or similar, whereas storage necessity is reviewed every three years; otherwise the statutory storage obligations apply. Under German law in the insurance and financial sector, mandatory archiving particularly exists for consultant protocols (5 years), estate agent contract notes (7 years), brokerage agreements (5 years), relevant trading documents (generally 6 years) and fiscally relevant documents (10 years).

 

Contractual Services

We process the data of our contractual partners and interested parties as well as other customers, clients and contractual partners (uniformly referred to as “contractual partners“) in accordance with Art. 6 Par. 1 lit. b GDPR, to fulfil our contractual or pre-contractual services towards you. The personal data processed in the course, the type, extent, purpose and necessity of their processing are determined on the basis of the underlying contractual relationship.

 

Among the processed data are the master data of our contractual partners (e.g: names and addresses), contact data (e.g. email addresses and telephone numbers) as well as contractual data (e.g. services delivered, contractual content, contractual communication, names of contact persons) and payment details (e.g. bank accounts, payment history).Generally, we do not process any particular categories of personal data, except they are components of an assigned or contractual processing.

 

We process data necessary for the justification and fulfilment of our contractual services and always indicate the necessity of disclosure, as long as it is not evident for the contractual partner. Disclosure to external persons or companies solely takes place if it is necessary in the course of contracting. In processing the data given to us in the course of an order, we act according to the instructions of the customer and legal requirements.

 

In the course of using of our online offer, we can save the IP address and time of the respective user action. Storage happens in accordance with our legitimate interest as well as the users' interest for protection against misuse and other unauthorized utilization. Transferring data to third-parties does not happen generally, except necessary for the pursuance of our claims in accordance with Art. 6 Par.1 lit. f. GDPR or in case a legal obligation exists in accordance with Art. 6 Par. 1 lit. c GDPR.

 

In the course of using of our online offer, we can save the IP address and time of the respective user action. Storage happens in accordance with our legitimate interest as well as the users' interest for protection against misuse and other unauthorized utilization. Transferring data to third-parties does not happen generally, except necessary for the pursuance of our claims in accordance with Art. 6 Par.1 lit. f. GDPR or in case a legal obligation exists in accordance with Art. 6 Par. 1 lit. c GDPR.

 

The deletion of the data is carried out when it is no longer required for the fulfilment of contractual or legal obligations as well as the handling of possible warranty or other obligations. Storage necessity of personal data is reviewed every three years. Otherwise, the statutory preservation duties apply.

 

Administration, Accounting, Office Organization, Contact Management

We process personal data in the course of administrative tasks like organization of our company, accounting and fulfilment of legal obligations, e.g. filing. Here we process the exact same data which we process in the course of fulfilling our contractual services. The legal foundation for processing the data are Art. 6 Par. 1 lit. c. GDPR and Art. 6 Par. 1 lit. f. GDPR.

 

Processing affects customers, interested parties, business partners and website visitors. The purpose and interest of the data processing is in administration, accounting, office organization and filing of data, all of them tasks which serve the preservation of our business activities, carrying out our responsibilities and providing our services. Deleting data with regard to contractual services and contractual communication conforms to the activities mentioned under these processing operations.

 

We hereby disclose or transmit data to the financial management, consultants, e.g. tax consultants or auditors as well as other toll-gate systems and external payment service providers.

We furthermore store information on suppliers, operators and other business partners on the basis of our business interests, e.g. for the purpose of contact

 

Business Analysis and Market Research

In order to run our business economically and to recognize market trends as well as desires of contract partners and users, we analyze the personal data available to us with regard to business transactions, contracts, inquiries, etc. We hereby process inventory data, communication data, contract data, payment details, user data, metadata on the basis of Art. 6. Par. 1 lit. f. GDPR, whereas persons affected are contract partners, interested parties, customers, visitors and users of our online offer.

 

Analyses happen for the purpose of business assessment, marketing and market research. We can herby take profiles of registered users into account, including the information on services used for example. Analyses serve the increase of user-friendliness as well as optimizing our proposals and our business efficiency. These analyses are intended solely for ourselves and are not disclosed externally, as long as these are not anonymous analyses with summarized values.

 

Provided these analyses or profiles are personal, they are deleted with termination of the user or anonymized, two years after conclusion of contract the latest. Total business analyses and general tendency determinations are otherwise created anonymously as far as possible.

 

Contacting

During the initial contact with us (e.g. via contact form, email, telephone or via social media) personal data of the user is stored for processing the contact request in accordance with Art. 6 Par. 1 lit. b. GDPR. The user data can be stored in a customer-relationship-management system (CRM system) or in comparable request organization systems.

 

Inquiries are deleted as long as they are no longer required. The storage necessity is reviewed every two years. Legal archiving obligations furthermore apply.

 

Newsletter

The subsequent information is intended to inform you about the contents of our newsletter, the procedure of registration, dispatch and analysis as well as your rights of objection. By signing up for our newsletter, you automatically agree to the reception and the procedures described.

 

Content of the newsletter: we dispatch newsletters, emails and other electronic notifications with promotional information (hereinafter referred to as "newsletter“) only with consent of the recipient or on the basis of legal permission. Provided the contents of a newsletter are specifically outlined during the course of registration, they are relevant for the user's consent. Our newsletters furthermore contain information on our services and ourselves.

 

Double opt-in process and logging: the registration for our newsletter uses the so-called double opt-in process. This means you are receiving an email after your registration in which you are asked for the confirmation of your email address. This confirmation is necessary, to avoid registrations with foreign email addresses. Newsletter registrations are logged in order to prove the registration process in accordance with legal requirements. This requires the storage of the application date, application time as well as the IP address. Your changes are furthermore logged in the personal data stored by the mail-handling service provider.

 

Registration data: in order to register for the newsletter, it is sufficient to enter your email address. We optionally ask you to enter a name for the purpose of personal address in the newsletter.

Dispatching the newsletter and the related performance measurement happens on the basis of consent by the recipient in accordance with Art. 6 Par. 1 lit. a., Art. 7 GDPR in connection with § 7 Section 2 No. 3 AAUC or in case consent is not necessary, on the basis of our legitimate interest in direct marketing in accordance with Art.6 Par. 1 lit. f. GDPR in connection with §7 Section 3 AAUC.

 

Logging the registration procedure happens on the basis of our legitimate interest in accordance with Art. 6 Par. 1 lit. f. GDPR. Our interest is directed towards a user-friendly and secure newsletter system, which serves our business interests as well as the expectations of the users and which also allows proofs of consents.

 

Termination/revocation: you can always terminate the subscription to our newsletter, i.e. revoke your consent. A link to terminate your subscription of the newsletter can be found at the very end of every newsletter. We can store the signed-out email addresses for up to three years on the basis of our legitimate interests before deleting them in order to prove a previously given consent. Processing this data is limited to the purpose of a potential defense of claims. An individual request for deletion is possible at any time, as long as the existence of a previously given consent is confirmed.

 

Newsletter - Rapidmail

The dispatch of our newsletters is carried out with help of the mail-handling service provider rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany. The privacy terms of the mail-handling service provider can be examined under the following link: 

https://www.rapidmail.de/datenschutzbestimmungen.

 

The mail-handling service provider is applied on the basis of our legitimate interest in accordance with Art. 6 Par. 1 lit. f. GDPR and a job processing contract in accordance with Art. 28 Par. 3 p. 1 GDPR.

 

The mail-handling service provider can utilize the personal data of the recipients in pseudonymous form, i.e. without allocation to a user for the optimization or improvement of his services, e.g. for technical optimization of the dispatch and the representation of the newsletter or for statistical purposes.

 

The mail-handling service provider does not utilize the personal data of our newsletter recipients however, to directly contact them or to pass on their personal data to third parties.

 

Newsletter – Performance Measurement

The newsletters contain a so-called “web-beacon“, i.e. a file in the size of a pixel which can be retrieved by our server, or the server of our mail-handling service provider in case we are utilizing one, when opening the newsletter. In the course of the retrieval, technical information like information regarding your browser and operating system, as well as IP address and time of access are collected. This information is used for the technical improvement of the services by means of the technical data or the target groups and their reading behavior by means of their places of retrieval (determinable on the basis of their IP address) or the times of access.

 

The assessment whether the newsletter was opened, when it was opened and which links were clicked are also part of the statistical survey.  This information can be allocated to the individual newsletter recipients due to technical reasons. However, it is neither our aspiration, nor the one of the mail-handling service provider, to observe individual users. The evaluations rather help us to recognize the reading behavior of our users and to adjust our contents for them or to send different contents  according to their interests.

 

A separate revocation of the performance measurement is not possible unfortunately. In this case, the entire newsletter subscription needs to be cancelled.

 

Hosting and E-Mail Dispatch

The hosting services used by us serve the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services as well as technical maintenance services which we utilize for the purpose of operating this online offer.

 

We, or rather our hosting service provider thereby processes inventory data, contact data, content data, contract data, user data, meta and communication data of clients, interested parties and visitors of this online offer on the basis of our legitimate interest in an efficient and secure provision of this online offer in accordance with Art. 6 Par. 1 lit. f. GDPR in connection with Art. 28 GDPR (signing of an order data processing contract).

 

Collection of Access Data and Log Files

We, or rather our hosting service provider collects data about every access on the server on which the respective service is hosted on the basis of our legitimate interest in accordance with Art. 6 Par. 1 lit. f. GDPR (so-called server log files). Access data include e.g. name of the website retrieved, data file, date and time of access, data volume transferred, report on successful access, browser type and version, the operating system of the user, referrer URL (the previously visited website), IP address and the requesting provider.

 

Log file information is stored for security reasons (e.g. for solution and prevention of abuses or defraudation) for a maximal duration of 7 days and subsequently deleted. Data requiring ongoing storage for evidentiary purposes is excluded from erasure until the final clarification of the respective incident.

 

Google Analytics

We utilize Google Analytics, a web analysis service by Google LLC (“Google”) on the basis of our legitimate interest (i.e. interest in the analysis, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GDPR). Google uses cookies. The information created by the cookie about the use of the online offer by the user is generally transmitted to and stored at a Google server in the US.

 

Google is is certified under the Privacy Shield agreement and is thus guaranteeing to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf to analyze the use of our online offer by the user, to create reports about the activities within this online offer and to deliver us additional services in connection with the use of this online offer and the internet usage. Pseudonymous user profiles can thereby be created on the basis of the data processed.

 

We only apply Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other signatories of the agreement on the European Economic Area (EEA). The complete IP address is only transmitted to and stored at a Google server in the US in exceptional cases.

 

The IP address transmitted by the users browser is not combined with any other data from Google. Users can prevent cookie storage by appropriately adjusting their browser software; users can furthermore prevent the collection of data created by the cookie referring to their use of the online offer and the processing of this data by Google through downloading and installing the browser plugin available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

 

Additional information on data usage by Google, configuration options and possibilities of appeal can be found in the privacy statement by Google (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertisings by Google (https://adssettings.google.com/authenticated). Personal data of users are deleted or anonymized after 14 months.

 

Google Universal Analytics

We apply Google Analytics in the form of “Universal-Analytics“. “Universal Analytics“ describes a procedure by Google Analytics in which user analysis happens on the basis of pseudonymous user IDs, and in which pseudonymous profiles of the users are created with information from the application of different devices (so-called cross-device tracking).

 

Reach Measurement with Matomo

In the course of the reach measurement by Matomo, the following data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GDPR): the type of browser you are using and the browser version, the operating system you are using, your country of origin, date and time of the server request, the number of visits, your length of stay on the website as well as the external links activated by yourself. The IP address of the user is anonymized before storage.

 

Matomo uses cookies which are saved on the users’ computers and which enable the analysis of the usage of our online offer by the user. Pseudonymous usage profiles of the users can thereby be created on the basis of the data processed. The cookies have a storage period of one week. The information created by the cookie on your use of this website is only stored on our server and not transmitted to third parties.

 

Users can always disagree with the anonymous data collection by the program Matomo with effect for the future by following the link below. In this case, a so-called opt-out cookie is stored in your browser resulting in Matomo not collecting session data anymore. If users delete their cookies, this also means that the opt-out cookie will be deleted and therefore requires reactivation by the users.

The logs containing user data are deleted after 6 months the latest.

[Please insert the IFRAME by Matomo with the opt-out cookie here (and activate IP anonymization in the settings)].

 

Online Presences in Social Media

We operate online presences within social networks and platforms to communicate with active customers, persons interested and users and to inform them about our services. Please note that user data may be processed outside of the European Union. This can result in risks for the users as the enforcement of user right might be complicated. With regard to all US service providers certified under the Privacy Shield, we point out that they are obliged to guarantee the same data protection level of the European Union.

 

As a rule, user data is also processed for market research and advertising purposes. User profiles can therefore be created on the basis of consumer behavior and their according user interests. These user profiles in turn can be used to generate advertisements within and outside of the platform, substantially reflecting the users’ interests. For these purposes, cookies are generally saved on the computers of the users, storing the consumer behaviors and interests of the users.

 

The user profiles may furthermore serve to save data independent from the device applied by the users (especially if the users are members of the respective platform and are logged in). Processing personal data of the users happens on the basis of our legitimate interests in effective information of the users and communication with the users in accordance with Art. 6 Par. 1 lit. f. GDPR. In case users are asked for the express consent for processing their data by the respective providers (i.e. expressing consent via activating a respective check box or via clicking a respective button),  the legal basis for processing the data is Art. 6 Par. 1 lit. a. and Art. 7 GDPR).

 

For a more detailed presentation of the respective processing and possibilities of objection (opt-out), we explicitly refer to the following linked information by the suppliers. Also regarding information inquiries and assertion of user rights, we point out that these can be most effectively enforced directly at the suppliers. Only the providers have the respective access to the user data and can take measures as well as provide information. In case you need help nonetheless, please feel free to address us directly.

 

- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) – privacy terms: https://www.facebook.com/about/privacy/, opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

- Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States) – privacy terms:  https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States) – privacy terms/ opt-out: http://instagram.com/about/legal/privacy/.

- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States) – privacy terms: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

 

Integration of Third Party Content and Services

We integrate content and service offers by third parties within our online offer on the basis of our legitimate interests (i.e. interest in the analyses, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GDPR) to integrate their contents and services, e.g. videos or fonts (hereinafter uniformly referred to as “contents“).

 

This always requires that the third-party providers of these contents recognize the IP address of the user, as their contents cannot be send to the user’s browser without the IP address. The IP address is therefore necessary for the display of these contents. We endeavor to only apply such contents whose respective providers solely use the IP address for delivering their contents. Third-party providers can furthermore use so-called pixel tags (invisible graphics, also referred to as “web beacons“) for statistical reasons or marketing purposes. Pixel tags may help to analyze information like visitor traffic on the pages of this website.

 

This pseudonymous information can also be stored in cookies on the device of the user and can contain technical information regarding the browser and operating system, linking websites, time of access as well as additional information regarding the use of our online offer and can also be linked to such information from different sources.

 

Vimeo

We can integrate videos of the platform “Vimeo“ by the service provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, United States. Privacy terms: https://vimeo.com/privacy. We point out that Vimeo might apply Google Analytics and hereby refer to the privacy terms (https://www.google.com/policies/privacy) as well as the opt-out possibilities for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or the settings by Google for the use of data for marketing purposes (https://adssettings.google.com/.).

 

YouTube

We integrate videos of the platform “YouTube“ by the service provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Privacy terms: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

 

Google Maps

We integrate maps of the service “Google Maps“ by the service provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Among the personal data processed are particularly the IP addresses and user location data, which are not collected without consent however (normally in the course of the mobile device settings). The data may be processed in the United States. Privacy terms: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

 

Typekit – Fonts by Adobe

On the basis of our legitimate interests (i.e. interests in the analysis, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GPDR), we integrate external “Typekit“ fonts by the service provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield agreement and is thus guaranteeing to comply with the European level of data protection

(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

 

Utilization of Facebook Social Plugins

On the basis of our legitimate interests (i.e. interests in the analysis, optimization and economic operation of our online offer in accordance with Art. 6 Par. 1 lit. f. GPDR), we are using social plugins (“plugins“) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“). The plugins can display interaction elements or contents (e.g. videos, graphics or texts) and are recognizable via one of the Facebook logos (white “f“ on blue tile, the terms “Like“, “Gefällt mir“ or a “thumb up“-sign) or are marked with the amendment “Facebook Social Plugin“. The list and layout of the Facebook Social Plugins can be reviewed under the following link: https://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield agreement and is thus guaranteeing to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

 

When a user accesses a function of this online offer which contains such a plugin, his device will automatically establish a direct connection to the servers of Facebook. The content of the plugin is directly transmitted to the device of the user by Facebook and integrated into the online offer through the device. Thereby, usage profiles of the users can be created from the personal data processed. We therefore have no influence on the extent of data Facebook is collecting with the help of this plugin and want to inform the users accordingly.

 

By implementing plugins, Facebook receives the information that a user has visited the respective website of the online offer. If the user is logged in to Facebook, Facebook can allocate the visit to a Facebook account. When users interact with the plugins, for example pressing the like button or writing a comment, the respective information is directly transmitted from their device to Facebook and stored. Even if a user is not a member of Facebook, there is still the possibility that Facebook might find out and store his IP address. Following official statements of Facebook, only anonymized IP addresses are stored in Germany.

 

The purpose and extent of the collected data, the processing and application of this data through Facebook, as well as the referring rights and configuration options for protecting the user privacy can be reviewed in the privacy terms of Facebook: https://www.facebook.com/about/privacy/.

If a user is Facebook-member but does not want Facebook to collect data via this online offer about him and to allocate this data with his membership details from Facebook, he needs to logout from Facebook prior using our online offer and delete his cookies. Additional settings and objections to the application of personal data for advertising purposes are possible within the Facebook profile settings:

https://www.facebook.com/settings?tab=ads  or via the US American website http://www.aboutads.info/choices/  or the European website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are saved and adopted for every device, e.g. desktop computer or mobile devices.

 

Twitter

Within our online offer, functions and contents of the service Twitter can be integrated, provided by the Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. This content may include pictures, videos, texts and buttons with which users can share contents of this online offer within Twitter. As long as users are members of the Twitter platform, Twitter can allocate the access to the abovementioned contents and functions to the respective user profiles. Twitter is certified under the Privacy Shield agreement and is thus guaranteeing to comply with the European level of data protection

(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Privacy terms: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.

 

Instagram

Within our online offer, functions and contents of the service Instagram can be integrated, provided by the Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States. This content may include pictures, videos, texts and buttons with which users can share contents of this online offer within Instagram. As long as users are members of the Instagram platform, Instagram can allocate the access to the abovementioned contents and functions to the respective user profiles. Privacy terms of Instagram: http://instagram.com/about/legal/privacy/.