Data Privacy and GDPR statement
Introduction
With the following Privacy Policy we wish to inform you about what types of your personal data (hereinafter also briefly referred to as “data”) we process for which purposes and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, as well as within external online presences such as our social media profiles (hereinafter collectively referred to as “online offering”).
The terms used are not gender-specific.
Status: March 23, 2020
Overview of Contents
• Introduction
• Data Controller
• Overview of Processing Activities
• Applicable Legal Bases
• Security Measures
• Transmission and Disclosure of Personal Data
• Data Processing in Third Countries
• Use of Cookies
• Fulfillment of Tasks under our Articles of Association or Rules of Procedure
• Blogs and Publication Media
• Contact
• Provision of the Online Offering and Web Hosting
• Newsletter and Mass Communication
• Presence on Social Networks
• Plugins and Embedded Functions and Content
• Planning, Organization, and Auxiliary Tools
• Deletion of Data
• Amendments and Updates to the Privacy Policy
• Rights of the Data Subjects
• Definitions of Terms
Data Controller
Zentrum Emanzipatorische Technikforschung e. V.
c/o Franziska Cooiman, Bartningallee 7, 10557 Berlin, Germany
Email Address: vorstand [AT] emancipatory.technology
Overview of Processing Activities
The following overview summarizes the types of data processed and the purposes of their processing, and it refers to the affected persons.
Types of Data Processed
• Record data (e.g., names, addresses).
• Content data (e.g., text entries, photographs, videos).
• Contact data (e.g., email addresses, telephone numbers).
• Meta-/communication data (e.g., device information, IP addresses).
• Usage data (e.g., visited websites, interest in content, access times).
• Contract data (e.g., subject matter of the contract, duration, customer category).
• Payment data (e.g., bank account details, invoices, payment history).
Categories of Affected Persons
• Business and contractual partners.
• Communication partners.
• Members.
• Users (e.g., website visitors, users of online services).
Purposes of the Processing
• Provision of our online offering and user-friendliness.
• Direct marketing (e.g., by email or postal mail).
• Feedback (e.g., collecting feedback via online form).
• Contact requests and communication.
• Remarketing.
• Tracking (e.g., interest-/behavior-related profiling, use of cookies).
• Contractual services and customer service.
• Administration and response to inquiries.
Applicable Legal Bases
In the following, we provide the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection provisions in your country of residence and/or our country of establishment may apply. Should, in individual cases, more specific legal bases be decisive, we will inform you of these in the Privacy Policy.
• Consent (Art. 6(1) sentence 1 lit. a GDPR) – The data subject has given their consent to the processing of personal data concerning them for one or several specific purposes.
• Contract performance and pre-contractual requests (Art. 6(1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request.
• Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National Data Protection Regulations in Germany: In addition to the data protection provisions of the GDPR, national data protection regulations in Germany apply. This includes in particular the Act on the Protection of Personal Data against Misuse in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions concerning the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, as well as for transmission and automated individual decision-making including profiling. Furthermore, it regulates data processing for the purposes of employment relationships (§ 26 BDSG), in particular with regard to the establishment, implementation, or termination of employment relationships as well as the consent of employees. In addition, state data protection laws of the individual federal states may apply.
Security Measures
In accordance with statutory requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing as well as the likelihood and extent of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection of personal data that is commensurate with the risk.
These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access concerning the data, its input, transmission, ensuring availability, and its separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and response to any endangerment of the data. Moreover, we take data protection into account already during the development and/or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default settings that are privacy-friendly.
SSL Encryption (https): To protect the data you transmit via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
Transmission and Disclosure of Personal Data
In the course of our processing of personal data, the data may be transmitted to other locations, companies, legally independent organizational units, or persons, or it may be disclosed to them. Recipients of these data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that are integrated into a website. In such cases, we comply with statutory requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data which serve to protect your data.
Data Transmission Within the Organization: We may transmit personal data to other departments within our organization or grant them access to this data. If this transmission is for administrative purposes, it is based on our legitimate business and economic interests or occurs if it is necessary for the fulfillment of our contractual obligations, or if the data subject has given consent or if a legal permission exists.
Data Processing in Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in the context of using third party services or the disclosure or transmission of data to other persons, locations, or companies, this is done only in accordance with statutory provisions.
Unless there is express consent or a contractual or legal requirement for transmission, we process or have processed the data only in third countries that provide a recognized level of data protection – for example, where the US processors are certified under the “Privacy Shield” – or on the basis of special guarantees, such as contractual obligations via so-called standard contractual clauses of the EU Commission, the existence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Use of Cookies
Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit within an online offering. The stored information can include, for example, the language settings on a website, the login status, a shopping cart, or the point at which a video was watched. In addition to the term “cookies” we also include other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”).
The following cookie types and functions are distinguished:
• Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest once a user leaves an online offering and closes their browser.
• Permanent Cookies: Permanent cookies remain stored even after the browser is closed. This can, for example, store the login status or immediately display preferred content when the user visits a website again. Similarly, interests of users, which are used for reach measurement or marketing purposes, can be stored in such a cookie.
• First-Party Cookies: First-party cookies are set by us.
• Third-Party Cookies (also: Third-Party Provider Cookies): Third-party cookies are used mainly by advertisers (so-called third parties) to process user information.
• Necessary (also: essential or strictly necessary) Cookies: Cookies may be indispensable for operating a website (e.g., to save logins or other user inputs or for security reasons).
• Statistical, Marketing, and Personalization Cookies: In addition, cookies are in most cases also used for reach measurement and when a user’s interests or behavior (e.g., viewing of specific content, use of functions, etc.) on individual websites are stored in a user profile. Such profiles serve to display content to users that is presumed to correspond to their potential interests. This process is also referred to as “tracking,” that is, monitoring the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our Privacy Policy or in the context of obtaining consent.
Notes on Legal Bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g., in the efficient operation of our online offering and its improvement) or, if the use of cookies is essential for fulfilling our contractual obligations.
General notes on revocation and objection (Opt-Out): Depending on whether the processing is based on consent or legal permission, you have the possibility at any time to withdraw a consent that you have given or to object to the processing of your data using cookie technologies (collectively referred to as “opt-out”). You can initially object by means of your browser settings (for example, by deactivating cookies, which may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared through a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you may receive further information on how to object as part of the information on the service providers and cookies used.
Processing of Cookie Data on the Basis of Consent: Before we process or have processed data in the context of the use of cookies, we ask users for consent that can be withdrawn at any time. Before consent is given, only cookies that are necessary for the operation of our online offering may be used. Their deployment is based on our interest and the users’ interest in the expected functionality of our online offering.
With your consent, we use the open-source software Matomo for the analysis and statistical evaluation of website usage. For this purpose, cookies are used. The information obtained thereby about website usage is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data solely for evaluating the usage of the website. Data collected is not passed on to third parties.
The IP addresses are anonymized (IP masking), so that assignment to individual users is not possible.
Processing of the data is carried out on the basis of Art. 6(1) sentence 1 lit. a GDPR. We thereby pursue our legitimate interest in optimizing our website for our external presentation.
You can withdraw your consent at any time by deleting the cookies in your browser or by changing your data protection settings.
• Data types processed: Usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
• Affected persons: Users (e.g., website visitors, users of online services).
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Fulfillment of Tasks under our Articles of Association or Rules of Procedure
We process the data of our members, supporters, interested parties, business partners, or other persons (collectively “data subjects”) when we have a membership or other business relationship with them, when we perform our tasks, and when they are recipients of services and benefits. In other respects, we process the data of data subjects on the basis of our legitimate interests, e.g., when it concerns administrative tasks or public relations.
The data processed in this context – the type, scope, purpose, and necessity of its processing – is determined by the underlying membership or contractual relationship, from which any necessary data requirements also arise (we further point out the required data).
We delete data that is no longer necessary for the provision of our statutory and business purposes. This is determined in accordance with the respective tasks and contractual relationships. We retain the data for as long as they are necessary for the conduct of business as well as in view of any warranty or liability obligations based on our legitimate interest in regulating them. The necessity to retain the data is regularly reviewed; in all other respects the statutory retention periods apply.
• Data types processed: Record data (e.g., names, addresses), payment data (e.g., bank account details, invoices, payment history), contact data (e.g., email addresses, telephone numbers), contract data (e.g., subject matter of the contract, duration, customer category).
• Affected persons: Users (e.g., website visitors, users of online services), members, business and contractual partners.
• Purposes of the processing: Contractual services and customer service, contact requests and communication, administration and response to inquiries.
• Legal bases: Contract performance and pre-contractual requests (Art. 6(1) sentence 1 lit. b GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Blogs and Publication Media
We use blogs or comparable means of online communication and publication (hereinafter “publication media”). The data of the readers are processed for the purposes of the publication media only to the extent that it is necessary for its presentation and communication between authors and readers or for security reasons. In other respects, please refer to the information on the processing of the visitors of our publication media as provided in these privacy notices.
• Data types processed: Record data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of the processing: Contractual services and customer service, feedback (e.g., collecting feedback via online form).
• Legal bases: Contract performance and pre-contractual requests (Art. 6(1) sentence 1 lit. b GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Contact
When you contact us (e.g., via contact form, email, telephone, or social media), the information provided by the inquiring persons is processed to the extent necessary for answering the contact inquiries and any requested measures.
The response to the contact inquiries within the framework of contractual or pre-contractual relationships occurs in order to fulfill our contractual obligations or to answer (pre-)contractual inquiries and in all other respects on the basis of our legitimate interests in responding to the inquiries.
• Data types processed: Record data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos).
• Affected persons: Communication partners.
• Purposes of the processing: Contact requests and communication.
• Legal bases: Contract performance and pre-contractual requests (Art. 6(1) sentence 1 lit. b GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Provision of the Online Offering and Web Hosting
In order to provide our online offering securely and efficiently, we make use of the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offering can be accessed. To these ends, we may utilize infrastructure and platform services, computing capacity, storage space, and database services as well as security services and technical maintenance services.
The data processed as part of the provision of the hosting offering may include all information concerning the users of our online offering that arises in the context of usage and communication. This regularly includes the IP address, which is necessary in order to deliver the content of online offerings to browsers, as well as all inputs made within our online offering or on websites.
Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders as well as further information concerning email transmission (e.g., the providers involved) and the content of the respective emails are processed. The aforementioned data may furthermore be processed for the purpose of detecting SPAM. Please note that emails are generally not sent in encrypted form on the Internet. In most cases, emails are encrypted during transmission, but (unless an end-to-end encryption procedure is used) not on the servers from which they are sent and received. We therefore cannot assume any responsibility for the transmission path of emails between the sender and the reception on our server.
Collection of Access Data and Logfiles: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server logfiles). The server logfiles may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, message of successful access, browser type including version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server logfiles may be used, on the one hand, for security purposes, e.g., to prevent overload of the servers (in particular in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the load and stability of the servers.
• Data types processed: Content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
• Affected persons: Users (e.g., website visitors, users of online services).
• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Newsletter and Mass Communication
We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or a legal permission. If, as part of a newsletter registration, the content of the newsletter is specifically described, it is decisive for the users’ consent. In other respects, our newsletters contain information on our services and about us.
To register for our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name, for the purpose of addressing you personally in the newsletter, or further details if they are necessary for the purposes of the newsletter.
Double-Opt-In Procedure: Registration for our newsletter generally takes place using a so-called double-opt-in procedure. That is, after registering you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that nobody can register using someone else’s email address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to the data stored with the email distribution service provider are logged.
Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, so that a previously given consent can be proven. The processing of this data is limited for the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the previous existence of consent is simultaneously confirmed. In the event of obligations to permanently observe objections, we reserve the right to retain the email address solely for this purpose in a block list (so-called “blacklist”).
The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving that it was conducted in accordance with the law. If we commission a service provider with the sending of emails, this is done on the basis of our legitimate interest in an efficient and secure mail delivery system.
Notes on Legal Bases: The sending of newsletters is based on the consent of the recipients or, if consent is not required, on our legitimate interests in direct marketing, insofar as this is legally permitted, e.g., in the case of customer retention advertising. If we commission a service provider with the sending of emails, this is done on the basis of our legitimate interests. The registration procedure is logged on the basis of our legitimate interests to prove that it was conducted in accordance with the law.
Content: News about persons, campaigns, departments, publications, etc. of the ZET.
Prerequisite for the Use of Free Services: Consent to receive mailings may be made a prerequisite for using free services (e.g., access to certain content or participation in certain actions). If users wish to utilize the free service without registering for the newsletter, please contact us.
• Data types processed: Record data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), meta-/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times).
• Affected persons: Communication partners, users (e.g., website visitors, users of online services).
• Purposes of the processing: Direct marketing (e.g., by email or postal mail), contractual services and customer service.
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
• Right to Object (Opt-Out): You may cancel the receipt of our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to cancel the newsletter can be found either at the end of each newsletter or you can use one of the contact options provided above, preferably via email.
Services and Service Providers Used:
• Mailchimp: Email marketing platform; Service provider: “Mailchimp” – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Website: https://mailchimp.com; Privacy Policy: https://mailchimp.com/legal/privacy/; Privacy Shield (ensuring a level of data protection for data processing in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.
Presence on Social Networks
We maintain online presences on social networks and, in this context, process data of users to communicate with the active users there or to provide information about us. We would like to point out that user data may be processed outside the European Union. This may pose risks for users because, for example, the enforcement of users’ rights could be more difficult. With regards to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we point out that they commit themselves to comply with the data protection standards of the EU.
Furthermore, in social networks the data of users is generally processed for market research and advertising purposes. For example, based on usage behavior and the interests derived therefrom, user profiles may be created. These profiles can in turn be used, for example, to place advertisements within and outside the networks that are presumed to correspond to the users’ interests. For these purposes, cookies are usually stored on the users’ computers in which the usage behavior and interests of the users are recorded. In addition, data may be stored in the usage profiles independent of the devices used by the users (in particular if the users are members of the respective platforms and are logged in there).
For a detailed description of the respective forms of processing and the options to object (opt-out), please refer to the privacy policies and information provided by the operators of the respective networks.
Also, in the case of information requests and the assertion of data subject rights, please note that these can most effectively be exercised with the providers. Only the providers have access to the users’ data and can directly take corresponding measures and provide information. Should you still require assistance, you may contact us.
• Data types processed: Record data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of the processing: Contact requests and communication, tracking (e.g., interest-/behavior-related profiling, use of cookies), remarketing.
• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Services and Service Providers Used:
• Twitter: Social network; Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/de/privacy, (settings: https://twitter.com/personalization); Privacy Shield (ensuring a level of data protection for processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
Plugins and Embedded Functions as well as Content
We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third parties”). This may include, for example, graphics, videos, or social media buttons as well as posts (hereinafter uniformly referred to as “content”).
The integration always presupposes that the third parties processing these contents also process the users’ IP address, as they could not send the contents to the respective browser without the IP address. The IP address is therefore necessary for the display of these contents or functions. We strive to use only those contents whose respective providers use the IP address solely for delivering the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through these “pixel tags” information such as the visitor traffic on the pages of this website can be evaluated. The pseudonymous information may additionally be stored in cookies on the users’ device and, among other things, contain technical information about the browser and operating system, referring websites, time of visit as well as further details of the usage of our online offering and may be linked with such information from other sources.
Notes on Legal Bases: If we ask users for their consent for the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, the users’ data is processed on the basis of our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context we would also like to refer you to the information on the use of cookies in this Privacy Policy.
• Data types processed: Usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of the processing: Provision of our online offering and user-friendliness, contractual services and customer service.
• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Services and Service Providers Used:
• Google Fonts: We integrate the fonts (“Google Fonts”) of the provider Google, whereby the users’ data is used solely for the purpose of displaying the fonts in the users’ browser. The integration is carried out on the basis of our legitimate interests in a technically secure, maintenance-free, and efficient use of fonts, their uniform display, and taking into account possible licensing restrictions for their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring a level of data protection for processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Planning, Organization, and Auxiliary Tools
We utilize services, platforms, and software of other providers (hereinafter referred to as “third parties”) for the purposes of organization, administration, planning, and the provision of our services. In the selection of the third parties and their services, we comply with statutory requirements.
In this context, personal data may be processed and stored on the servers of third parties. This may affect various data which we process in accordance with this Privacy Policy. Such data may in particular include master data and contact data of users, data on transactions, contracts, and other processes and their content.
If users are referred to the third parties or their software or platforms in the context of communication, business, or other relationships with us, the third parties may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask you to pay attention to the privacy notices of the respective third parties.
Notes on Legal Bases: If we request users’ consent for the use of third-party providers, the legal basis for the processing of data is consent. Furthermore, their use may be part of our (pre-)contractual services, provided that the use of the third parties has been agreed upon in this context. Otherwise, the users’ data is processed on the basis of our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this Privacy Policy.
• Data types processed: Record data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
• Affected persons: Communication partners, users (e.g., website visitors, users of online services).
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a GDPR), Contract performance and pre-contractual requests (Art. 6(1) sentence 1 lit. b GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).
Deletion of Data
The data we process is deleted in accordance with legal requirements as soon as the consents permitting processing are revoked or other permissions expire (e.g., when the purpose for processing this data has ceased to exist or it is no longer necessary for the purpose).
If the data is not deleted because it is necessary for other legally permissible purposes, its processing will be restricted to those purposes. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax purposes or whose storage is necessary for asserting, exercising or defending legal claims or for protecting the rights of another natural or legal person.
Further information on the deletion of personal data may also be provided in the individual privacy notices in this Privacy Policy.
Amendments and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our Privacy Policy. We will adjust the Privacy Policy as soon as changes in the data processing practices we conduct make it necessary. We will inform you as soon as, due to any changes, an action on your part (e.g., consent) or any other individual notification becomes necessary.
If we provide addresses and contact information for companies and organizations in this Privacy Policy, please note that addresses may change over time and we ask you to check the information before making contact.
Rights of the Data Subjects
As a data subject, you are entitled to various rights under the GDPR, particularly arising from Articles 15 to 18 and 21 of the GDPR:
• Right to Object: You have the right to object at any time, for reasons arising from your individual situation, to the processing of your personal data processed on the basis of Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right at any time to object to the processing of your personal data for such advertising purposes; this also applies to profiling to the extent that it is related to such direct advertising.
• Right to Withdraw Consent: You have the right to withdraw consents at any time.
• Right of Access: You have the right to obtain confirmation as to whether data concerning you is being processed and to receive information and a copy of the data in accordance with legal requirements.
• Right to Rectification: In accordance with legal requirements, you have the right to demand the completion of data concerning you or the rectification of data concerning you which is incorrect.
• Right to Erasure and Restriction of Processing: You have the right to demand that data concerning you be deleted immediately or alternatively, in accordance with legal requirements, to request the restriction of its processing.
• Right to Data Portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller.
• Right to Complain to a Supervisory Authority: Furthermore, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, your workplace, or the location of the alleged infringement, if you consider that the processing of your personal data violates the GDPR.
Definitions of Terms
In this section you will find an overview of the terms used in this Privacy Policy. Many of the terms are taken from the law and are defined, in particular, in Art. 4 GDPR. The legal definitions are binding. The following explanations are intended primarily for ease of understanding. The terms are arranged alphabetically.
• Personal Data: “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Remarketing: “Remarketing” or “retargeting” refers to, for example, when it is recorded for advertising purposes which products a user has shown interest in on a website, in order to remind the user of these products on other websites, for example through advertising.
• Tracking: “Tracking” refers to the ability to trace a user’s behavior across multiple online offerings. In general, with regard to the online offerings used, behavioral and interest information is stored in cookies or on the servers of the providers of the tracking technologies (so-called profiling). This information can then, for example, be used to display advertisements to the users, which are likely to correspond to their interests.
• Data Controller: The “Data Controller” is the natural or legal person, authority, institution, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, evaluation, storage, transmission, or deletion.
Ambiguous Phrases, Edge Cases, and Alternative Interpretations:
1. “Datenschutzerklärung” – Translated as “Privacy Policy.” In some contexts it could be “Data Protection Declaration,” but “Privacy Policy” is more common.
2. “Onlineangebot” – Translated here as “online offering.” Alternative: “online service” or “online platform,” depending on context.
3. “Bestandsdaten” – Translated as “record data.” Some may also use “registry data” or “master data.”
4. “Inhaltsdaten” – Translated as “content data.” It could also be rendered “data content,” but “content data” is more natural.
5. “Meta-/Kommunikationsdaten” – Translated as “meta-/communication data.” There is slight ambiguity; “metadata and communication data” is a viable alternative.
6. “Cookies” – The term is common and unambiguous in context.
7. “Double-Opt-In-Verfahren” – Translated as “double-opt-in procedure.” Alternatively, it could be “double opt-in process.”
8. “Betroffene” – Translated as “data subjects” or “affected persons.” Here “data subjects” is used when the context is legal/regulatory; “affected persons” is an acceptable synonym.
9. “Plugins und eingebettete Funktionen sowie Inhalte” – Translated as “plugins and embedded functions as well as content.” Depending on context, “embedded features and content” might be another option.
10. “Pixel-Tags” – Translated as “pixel tags” with the note that these are also known as “web beacons.”
11. “Verantwortlicher” – Rendered as “data controller.” Alternative translations might include “responsible party,” but “data controller” is standard in GDPR context.