Data Protection Information
This data protection information will inform you about the kind, extent, and purpose of data processing of personal data (hereinafter abbreviated as “data“) within our online offer and all websites, features, and contents as well as external online presences such as, for example, our social media profile (hereinafter summed up as “online offer“) connected to it. Regarding the terms in use, such as “personal data“ or their “processing“, we refer to the definitions given under Art. 4 of the General Data Protection Regulation (GDPR).
Name/Legal Name: United Games GmbH
Street No.: Mansfelder Straße 56
Zip code, town, country: 06108, Halle (Saale), Deutschland
Commercial Register/No.: HRB 23637 / AG Stendal
Managing director: Werner Vollert
E-mail address: [email protected]
Data Protection Officer:
Street No.: Mansfelder Str. 56
Zip code, town, country: 06108, Halle (Saale), Deutschland
E-mail address: [email protected]
Kinds of Data Processed:
We process data of the data categories inventory data (e.g. names, addresses), contact data (e.g. e-mail, phone numbers), content data obtained from communicating with users (e.g. text input, photographies), contract data (e.g. subject matters of the contract such as purchased products and/or services, contract terms), payment data (e.g. PayPal payment addresses, Amazon payment information etc., payment histories), usage data (e.g. accessing of our data and the times), as well as communication data (such as devices/client information, IP addresses).
Processing Special Categories of Data (Art. 9 para. 1 GDPR):
Generally no special categories of data are processed, unless these are brought into processing by the users, e.g. by filling in online forms.
Categories of Persons Affected by Processing:
Customers, interested persons, suppliers, and in general visitors and users of our online offer are affected persons.
Hereinafter we will summarizingly refer to affected persons also as “users“.
Purpose of Processing:
Providing the online offer, its contents and features, performing contractual services, service and customer care, answering contact requests and communicating with our users, marketing and advertising our products and services, as well as security measures.
1. Relevant Legal Bases
In accordance with Art. 13 GDPR, we notify you about the legal bases of our data processing. Should the legal basis not be stated in the data protection information, the following applies: Legal basis for obtaining consents is Art. 6 para. 1 lit. a and Art. 7 GDPR, legal basis for processing in order to perform our services and for performing contractual measures as well as for answering requests is Art. 6 para. 1 lit. b GDPR, legal basis for processing in order to meet our legal obligations is Art. 6 para. 1 lit. c GDPR, and legal basis for processing in order to uphold our justified interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the affected person or of another natural person call for personal data to be processed, Art. 6 para. 1 lit. d GDPR serves as legal basis.
2. Alterations and Updates to the Data Protection Information
We kindly ask you to inform yourself about the content of our data protection declaration on a regular basis. We will adjust the data protection information as soon as changes to the data processing performed by us makes it necessary. We will inform you as soon as a cooperation is required from your part (e.g. giving consent) or any other individual notification becomes necessary due to the changes.
3. Security Measures
3.1. In accordance with Art. 32 GDPR, bearing in mind the state of the art, implementation costs, and kind, scope, circumstances, and purposes of processing as well as the different probabilities of occurrence and severity of risk to the rights and freedoms of natural persons, we take apt technical and organizational measures to provide a level of security appropriate to the risk; Among these measures are in particular securing the confidentiality, integrity, and availability of data by monitoring the physical access to the data as well as their retrieval, input, transfer, security of accessibility and disconnection. Furthermore, we put procedures in place to secure the holding up of rights of affected persons, deletion of data, and reaction to hazard for the data. Additionally, we take the protection of personal data into account already during the development stage, resp. when choosing the hardware, software, and procedures, following the principle of data protection by technology engineering and by data protection friendly preadjustments (Art. 25 GDPR).
3.2. Most notable part of the security measures is the encrypted data transfer between your browser and our server.
4. Cooperation With External Processors and Third Parties
4.1. Insofar as in the course of processing we reveal data towards other persons and companies (external processors or third parties), transmit data to them, or grant them access in another way, this happens exclusively based on a legal permission (e.g. if transmitting data to third parties, such as payment service providers, pursuant to Art. 6 para. 1 lit. b GDPR is necessary to fulfill the contract), if you gave consent, a legal obligation demands it, or based on our justified interests (e.g. when using commissioners, hosting partners, e-mail sending partners, etc.).
4.2. If we commission third parties with processing data based on a so-called “order processing contract“, this happens on the basis of Art. 28 GDPR.
5. Transmissions to Third Countries
If we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or this happens in the course of using third party services or of disclosing or transmitting data to third parties, this only takes place insofar as it happens in order to fulfill our (pre)contractual obligations, is based on your consent, because of legal obligations, or based on our justified interests. Subject to legal or contractual permissions, we process data in third countries only if the special requirements of Art. 44 ff. GDPR are met. I.e. the processing takes place e.g. based on special assurances, such as the officially approved confirmation of a data protection level comparable to EU standards (e.g. in case of the USA the “Privacy Shield“) or compliance with officially approved contractual obligations (so-called “standard contractual clauses“).
6. Rights of Affected People
6.1. You hold the right to demand a confirmation on whether data regarding your person are being processed and to receive information about these data as well as further information and a copy of the data according to Art. 15 GDPR.
6.2. According to Art. 16 GDPR, you hold the right to demand completion of data regarding your person or correction of incorrect data regarding your person.
6.3. In accordance with Art. 17 GDPR, you hold the right to demand immediate deletion of data regarding your person, resp. to alternatively demand a limitation of processing of the data in accordance with Art. 18 GDPR.
6.4. In accordance with Art. 20 GDPR, you hold the right to demand receiving the data regarding your person you provided us with and to demand having them transmitted to other liable entities.
Furthermore, pursuant to Art. 77 GDPR, you hold the right to issue a complaint to the supervisory authority in charge. We are subject to the following supervisory authority:
Landesbeauftragter für den Datenschutz Sachsen-Anhalt
7. Right to Revocation
You hold the right to revoke consents given pursuant to Art. 7 para. 3 GDPR, taking effect for future actions.
8. Right to Objection
You may object to future processing of data regarding your person pursuant to Art. 21 GDPR at any time. In particular, this objection can be aimed against processing for purposes of direct advertising.
9. Cookies and Right to Objection Against Direct Advertising (e.g. Newsletters)
We place both temporary and permanent cookies, i.e. tiny files saved on the users’ devices (for an explanation of term and function, see last section of this data protection information). Partly, these cookies serve security purposes or are necessary to run our online offer (e.g. for displaying the website or login functions of the customer account), or to save the user choice when confirming the cookie banner. Besides, we or our technology partners place cookies for range measuring and marketing purposes, as is explained to the users in the course of this data protection information.
A general objection to the usage of cookies for purposes of online marketing can in case of many services, especially for tracking, be declared using the US-American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Apart from that, the saving of cookies can be prevented by turning them off in the settings of your browser. Please note that you might find yourself unable to use all the features of this online offer in that case.
10. Deletion of Data
10.1. The data processed by us are deleted or limited in their processing in accordance with Art. 17 and 18 GDPR. Insofar as not explicitly stated in the course of this data protection information, any data saved by us will be deleted as soon as they are no longer needed for their original purpose and no legal storage obligations prevent it. If data are not deleted because they are required for other and legally valid reasons, their processing gets limited. I.e. these data get blocked and will not be processed for any other purposes. That applies e.g. to data that have to be stored for reasons resulting from commercial or tax laws.
10.2. In accordance with legal provisions, storing more particularly takes place for 6 years pursuant to § 257 para. 1 HGB (Handelsgesetzbuch, Commercial Code) (account books, inventories, opening balances, annual accounts, commercial letters, booking documents, etc.) as well as for 10 years pursuant to § 147 para. 1 AO (Abgabenordnung, Tax Code) (books, documentations, management reports, booking documents, commercial and business letters, documents relevant for taxation, etc.).
11. Performing Contractual Services / Retrieval of Products / Customer Account
11.1. We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. products purchased, services used, names of contact persons, payment data) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b GDPR. Any input highlighted as mandatory in the online forms is required for the formation of a contract.
11.2. During the payment process, users are obliged to create a user account, resp. as a consequence of shopping via external market places (e.g. eBay), registering via external social login services (e.g. Facebook, Google Plus, Steam, Twitch, YouTube, Amazon) or payment providers (e.g. Amazon Pay, PayPal Express), a user account with contact data of the users will be created which they can use in particular to check their orders and which allows us to fulfill our contractual obligations regarding a secure digital product delivery. Over the course of registration, the mandatory inputs will be pointed out to the users. The user accounts are not public and cannot be indexed by search engines. Once users terminated their user accounts, all data regarding the user account will be deleted, subject to their saving being necessary for reasons resulting from commercial or tax law according to Art. 6 para. 1 lit. c GDPR. It behooves the users to save their data before the contract runs out after terminating it. We are entitled to delete all user data saved over the contract term irretrievably.
11.3. In the course of the registration process and signing in again as well as when using our online service, we save the IP address and the times of the respective user action. The saving takes place based on the justified interest of ours as well as our users in protection against misuse and other unauthorized use. Generally no transmitting of these data to third parties takes place, unless called for to enforce our claims or by legal obligations pursuant to Art. 6 para. 1 lit. c GDPR.
11.4. We process usage data (e.g. visited websites within our online offer, interest in our products) and content data (e.g. input in contact forms, search bars, return forms, or user profile) in a user profile for advertising purposes in order to, for example, show the user product information based on the services used by them so far.
11.5. Deletion takes place after legal guarantee obligations and comparable obligations expired, the necessity of storing the data is checked for on a regular basis; In case of legal archiving obligations, deletion takes place after its expiration (end of storage obligations according to commercial law (6 years) and tax law (10 years)); Information in the customer account remains until its deletion.
11.6. Amazon is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
Data protection declaration for logging in with Amazon: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401
Data protection declaration for paying with Amazon Pay: https://pay.amazon.com/de/help/201751600
11.7. PayPal, PayPal (Europe) S.à r.l. et Cie, S.C.A., is a European external processor and located at 22-24 Boulevard Royal, L-2449 Luxembourg.
Data protection declaration for paying with PayPal and PayPal Express: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
11.8. Google (also operator of YouTube) is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Data protection declaration: https://policies.google.com/privacy
12. Making Contact and Return Requests
12.1. When contacting us (via contact form, return form, or e-mail), the user’s information are processed in order to handle the contact request and its settlement pursuant to Art. 6 para. 1 lit. b) GDPR.
12.2. The users’ information can be saved in our customer relationship management system (“CRM system“).
12.3. We deploy the CRM system “LiveAgent“ by the provider Quality Unit s.r.o., Vajnorská 100/A, 83104, Bratislava, Slovakia, on the basis of our justified interests (efficient and fast handling of user requests). During these procedures, LiveAgent processes your name, e-mail address, IP address, time, browser, cookies, and additional data provided by the user. LiveAgent normally gains no access to the contents transmitted in contact forms or return requests. This access is reserved to our employees.
12.4. We delete the requests once they are no longer needed. We check for that necessity on a regular basis; We save requests of customers who already have a customer account permanently and regarding their deletion refer to the information on customer accounts. In case of legal archiving obligations, deletion takes place after their expiration (end of storage obligations according to commercial law (6 years) and tax law (10 years)).
13. Comments and Posts
13.1. Whenever users leave comments, ratings, or other posts and inputs, their IP addresses will be saved on the basis of our justified interests in the sense of Art. 6 para. 1 lit. f. GDPR.
13.2. This happens for the sake of our security, in case somebody leaves unlawful content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be held responsible for the comment or post and thus have an interest in the author’s identity.
14. Retrieval of Profile Pictures on Gravatar
Within our online offer and in particular in the blog, we deploy the service Gravatar by Automattic Inc., 132 Hawthorne Street San Francisco, CA 94107, USA.
Gravatar is a service that allows users to register and save profile pictures and e-mail addresses there. When leaving posts or comments on other online presences (most notably blogs) using the respective e-mail address, the users’ profile pictures can be displayed next to their posts or comments. For this purpose, the e-mail address provided by the users will be sent in an encrypted form to Gravatar to check whether a corresponding profile exists there. This is the only purpose of transmitting the e-mail address and it will not be used for any other purposes, but deleted afterwards.
The usage of Gravatar takes place on the basis of our justified interests in the sense of Art. 6 para. 1 lit. f) GDPR since thanks to Gravatar we are able to provide authors of posts and comments the possibility of personalizing their posts with a profile picture.
Automattic is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
By displaying the pictures, Gravatar gets hold of the IP addresses of the users since this is necessary for any communication between a browser and an online service. Further information on the gathering and usage of data by Gravatar can be found in the data protection information of Automattic: https://automattic.com/privacy/.
Should users not want a user picture connected to their e-mail address on Gravatar to be displayed in the comment section, they should use an e-mail address not provided to Gravatar for commenting. We would also like to point out that using an anonymous e-mail address or none at all is possible as well, should users not want having their own e-mail address transmitted to Gravatar. Users may prevent the transmission of any data by not using our commenting system.
15. Gathering of Access Data and Log Files
15.1. On the basis of our justified interests in the sense of Art. 6 para. 1 lit. f GDPR, we gather data upon every access to the server this service is hosted on (so-called server log files). Among the access data are name of the accessed website, file, date and time of access, volume of data transmitted, notification on success of access, browser type along with version, the operating system of the user, referrer URL (the previously visited website), IP address, and the provider issuing the request.
15.2. For security reasons (e.g. for clarifying cases of misuse or fraud), log file information is stored for a duration of 30 days at maximum before being deleted. Data required to be stored for evidence purposes are excluded from deletion until the respective incident is resolved conclusively.
16. Online Presences on Social Media and Rating Platforms
16.2. Insofar as not stated differently within our data protection information, we process data of users if they communicate with us within the social networks and platforms, e.g. by writing posts resp. ratings and comments on our online presences or sending us messages.
17. Cookies & Range Measurement
17.1. Cookies are information transferred from our web server or web servers of third parties to users’ web browsers and saved there for a later retrieval. Cookies can be tiny files or other means of information storage.
17.3. In the course of this data protection information, the users are informed on the usage of cookies in the course of pseudonymous range measurement.
17.4. Should users not want cookies to be saved on their computer, we kindly ask them to deactivate the respective option in the settings of their browser. Saved cookies can be deleted in the settings of the browser. Turning off cookies may result in a limitation of features of this online offer.
17.5. You may object to the usage of cookies serving range measurement and advertising purposes via the deactivation site of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US-American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
18. Google Analytics
18.2. Google is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
18.3. Google will use this information on our behalf to assess the usage of our online offer by the users, to file reports on the activities within this online offer, and to provide us with further services connected to this online offer and the usage of the internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
18.4. We deploy Google Analytics in order to display advertisements placed by advertisement services of Google and its partners only to such users who actually showed an interest in our online offer or who show certain characteristics (e.g. interest in certain topics or products determined by websites visited previously) we transmit to Google (so-called “remarketing audiences“ resp. “Google Analytics audiences“). We use remarketing audiences also in an attempt to make sure our advertisements match with the potential interests of the users rather than annoy them.
18.5. We deploy Google Analytics only with an activated IP anonymization. That means that the IP address of users will be shortened within member states of the European Union or other contractual states of the European Economic Area. Only in exceptional cases will the IP address be transmitted to a Google server in the USA and shortened there.
18.6. The IP address transmitted by the user’s browser will not be merged with other data from Google. Users may prevent the saving of cookies by configuring their browser software accordingly; Additionally, users may prevent the gathering of data generated by the cookie and regarding the usage of the online offer by Google as well as the processing of these data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
18.7. Further information on the data usage by Google, possible configurations and objections can be learned on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Google’s Data Usage When You Use Websites or Apps of Our Partners“), https://policies.google.com/technologies/ads (“Data Usage for Advertising Purposes“), https://adssettings.google.com/authenticated (“Administer the Information Google Uses to Show You Advertisements“).
18.8. Besides, personal data will get anonymized or deleted after 14 months passed.
19. Google Re/Marketing Services
19.1. On the basis of our justified interests (i.e. an interest in analyzing, optimizing, and running our online offer economically in the sense of Art. 6 para. 1 lit. f. GDPR), we deploy the marketing and remarketing services (in short “Google marketing services“) by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google“).
19.2. Google is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
19.3. Google marketing services allow us to show advertisements for and on our website in a more targeted manner to present users only advertisements that might actually meet their interests. If a user e.g. is shown advertisements for products he showed an interest for on other websites, that is called “remarketing“. For this purposes, when accessing our website or others on which Google marketing services are activated, a code is run directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons“) are implemented into the website. By their means, an individual cookie, i.e. a tiny file, is saved on the user’s device (instead of cookies, comparable technologies can also be used). The cookies can be placed by various domains, among them google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file will be logged which websites the user visited, which contents they showed interest in, and which offer they clicked on, along with technical information regarding browser and operating system, referring websites, times of visits, as well as further information on the usage of the online offer. Besides, the IP address of the user will be gathered, while for what Google Analytics is concerned it has to be noted that the IP addresses get shortened within member states of the European Union or other contractual members of the European Economic Area agreement and will only in exceptional cases be transmitted to a Google server in the USA as a whole to be shortened there. The IP address will not be merged with other data of the user from other services by Google. The previously listed information can also be merged by Google with information from other sources. When visiting other websites afterwards, advertisements tailored to them according to their interests can be shown to the user.
19.4. The users’ data are processed pseudonymously in the course of the Google marketing system. I.e. Google saves and processes e.g. not the name or e-mail address of the user but processes the relevant data within pseudonymous user profiles and based on cookies. I.e. from Google’s point of view, advertisements are not administrated and shown to concretely identified persons but to cookie holders, independent of who that cookie holder might be. This does not apply if the user explicitly allowed Google to process the data without this anonymization. The information gathered on the users by Google marketing services are transmitted to Google and saved on Google servers in the USA.
19.5. Among the Google marketing services deployed by us is, along with others, the online advertisements program “Google AdWords“. In case of Google AdWords, every AdWords customer receives an individual “conversion cookie“. Thus, cookies cannot be tracked via the websites of AdWords customers. The information gathered by means of this cookie serves the purposes of creating conversion statistics for AdWords customers who opted for conversion tracking. The AdWords customers learn the total number of users who clicked on their advertisements and were directed to a site tagged with a conversion tracking tag. They do, however, not receive any information suitable for personally identifying users.
19.6. We deploy the “Google Tag Manager“ in order to implement Google’s analytic and marketing services into our website and administer these and other external services.
19.7. Further information on the data usage for marketing purposes by Google can be found on the overview site: https://policies.google.com/technologies/ads, Google’s data protection declaration is accessible under https://policies.google.com/privacy.
19.8. If you wish to object to the advertising based on interests using Google marketing services, you are free to use the possibilities of configuring and opting-out provided by Google: https://adssettings.google.com/authenticated.
20. Facebook Audiences, Custom Audiences, and Facebook Marketing Services
20.1. Within our online offer, on the basis of our justified interests in analyzing, optimizing, and economically running our online offer, the so-called “Facebook Pixel“ by the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, resp. if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“), is used for these purposes.
20.2. Facebook is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
20.3. By means of the Facebook Pixel, firstly it is possible to determine the visitors of our online offer as a target audience for showing advertisements (so-called “Facebook Ads“). Accordingly, we use the Facebook Pixel to show our Facebook Ads only to those Facebook users who showed an interest in our online offer or show certain characteristics (e.g. interest in certain topics or products determined by the websites visited) we transmit to Facebook (so-called “custom audiences“). By means of the Facebook Pixel, we also want to ensure our Facebook advertisements actually meet the potential interests of the users rather than annoy them. What is more, the Facebook Pixel allows us to understand the effectiveness of Facebook advertisements for statistical and marketing purposes by seeing whether users were directed to our website after clicking on a Facebook advertisement (so-called “conversion“).
20.4. The processing of data by Facebook happens within Facebook’s data usage guideline. Accordingly, general information on showing Facebook Ads can be found in the data usage guideline of Facebook: https://www.facebook.com/policy.php. Specific information and details on the Facebook Pixel and the way it works, you can find in Facebook’s Help section: https://www.facebook.com/business/help/651294705016616.
20.5. You may object to the gathering of data by means of the Facebook Pixel and their usage for showing Facebook Ads. To configure what kind of advertisements are shown to you within Facebook, you may access this site set up by Facebook and follow the instructions regarding configuring user based advertisements: https://www.facebook.com/settings?tab=ads. The configurations take effect independent from platforms, i.e. they apply to all devices such as desktop computers or mobile devices.
20.6. Moreover, you may object to the usage of cookies serving range measurement and advertising purposes via the deactivation site of the Network Advertising Initiative (http://optout.networkadvertising.org/) and also the US-American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
21. Facebook Social Plugins
21.1. On the basis of our justified interests (i.e. an interest in analyzing, optimizing, and economically running our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we use social plugins (“plugins“) by the social network facebook.com, run by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“). These plugins are able to show interactive elements or contents (e.g. videos, graphics, or text posts) and can be recognized by one of Facebook’s logos (white “f“ on a blue tile, the term “Like“, or a “thumbs up“ sign) or are marked with the addition “Facebook Social Plugin“. The list and look of Facebook social plugins can be seen here: https://developers.facebook.com/docs/plugins/.
21.2. Facebook is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
21.3. Whenever a user accesses a feature of this online offer containing such a plugin, their device will automatically establish a direct connection with Facebook’s servers. The plugin’s content is transmitted directly from Facebook to the user’s device and implemented into the online offer there. In the process, usage profiles of the users can be created from the processed data. Thus, we do not have any influence on the extent of Facebook’s data gathering by means of this plugin and inform the users according to our knowledge.
21.4. By implementing the plugins, Facebook receives information that a user accessed the respective site of the online offer. If the user is logged into Facebook, Facebook is able to assign the visit to their Facebook account. Whenever users interact with the plugins, for example by hitting the Like button or posting a comment, the respective information is sent from their device directly to Facebook and saved there. If a user is not a member of Facebook, the possibility of Facebook finding out their IP address and saving it exists nonetheless. According to Facebook, in Germany only an anonymized IP address is saved.
21.5. Purpose and extent of the data gathering and the further processing and usage of the data by Facebook as well as the rights regarding this and possible configurations to protect the users’ privacy, can be learned from the data protection information of Facebook: https://www.facebook.com/about/privacy/.
21.6. If a user is a member of Facebook and does not want Facebook to gather data on them via this online offer and merge them with their user data saved on Facebook, they have to log out of Facebook before using our online offer and delete their cookies. Additional configurations and objections to the usage of data for advertising purposes can be made within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or via the US-American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The configurations take effect independent of platforms, i.e. they apply to all devices such as desktop computers or mobile devices.
22. Jetpack (WordPress Stats)
22.1. On the basis of our justified interests (i.e. an interest in analyzing, optimizing, and economically running our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we use the plugin Jetpack (specifically the subfunction “Wordpress Stats“), implementing a tool to statistically assess visitor accesses and run by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses so-called “cookies“, text files that are saved on your computer and allow for analyzing your usage of the website.
22.2. Automattic is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
22.3. The information on your usage of this online offer generated by the cookie gets saved on a server in the USA. In the process, usage profiles of the users can be generated from the processed data, these profiles are only used for analyzing and not advertising purposes. You can find further information in the data protection declaration of Automattic: https://automattic.com/privacy/ and information on Jetpack cookies: https://jetpack.com/support/cookies/.
23.1. The now following information will inform you about the contents of our newsletter as well as the registration process, distribution process, and the statistical evaluation process as well as your rights of objection. By subscribing to our newsletter, you agree to receiving it and to the processes described.
23.2. Content of the newsletter: We send out newsletters, e-mails with advertising contents (hereinafter “newsletter“) only with consent of the receiver or another legal permission. Insofar as its contents are described concretely in the process of subscribing to the newsletter, they are definitive for the users’ consent. In addition, our newsletters contain information on our products, services, offers, special offers, discounts, and our company.
23.3. Double opt-in and logging: Subscribing to our newsletter happens using the so-called double opt-in method. I.e. after you subscribed, you receive an e-mail asking you to confirm your registration. This confirmation is necessary in order to ensure nobody can subscribe with other people’s e-mail addresses. The registrations for our newsletter are logged in order to be able to proof the registration process in accordance with the legal obligations. Part of this is saving the times of registration and confirmation, the communication data, as well as the IP address. Any changes to your data saved at the sending provider will also be logged.
23.4. Sending provider: Sending the newsletters takes place using „MailChimp“, a newsletter sending platform by the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the sending provider can be seen here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
23.5. Furthermore, the sending provider, according to their own information, may use these data pseudonymizedly, i.e. without attributing it to a user, in order to optimize or improve their own services, e.g. for technical optimizations of the sending and displaying of the newsletters or for statistical purposes in order to determine which countries the receivers are from. The sending provider does, however, not use the data of our newsletter receivers to write to them itself nor to pass them on to third parties.
23.6. Registration data for the newsletter are gathered and processed during the registration process of the customer account, they consist of e-mail address, form of address if provided, and surname and forename.
23.7. Performance measurement – The newsletters contain a so-called “web beacon“, i.e. a pixel sized file that gets opened when the newsletter is accessed from the server of the sending provider. In the course of this accessing, first of all technical information, such as information on your browser and system as well as your IP address and time of access, is gathered. This information is used for technical improvements of the services based on the technical data or on the target audience and their reading behavior based on their places of retrieval (that can be determined by means of the IP address) or times of access. Part of the statistical gathering, among other things, is also checking whether the newsletter are opened, when they are opened, and which links are clicked. While this information for technical reasons can be assigned to individual receivers of newsletters, neither we nor our sending provider have any aspiration to observe individual users. The cumulated assessments much rather serve the purpose of realizing the reading habits of our users and tailoring our contents to suit them or sending out different contents depending on our users’ interests.
23.8. Sending the newsletter and measuring the performance happen on the basis of consent of the receivers pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 section 2 No. 3 UWG (Gesetz gegen den unlauteren Wettbewerb, law against unfair competition) resp. on the basis of legal permission pursuant to § 7 section 3 UWG.
23.9. The logging of the registration process takes place on the basis of our justified interests pursuant to Art. 6 para. 1 lit. f GDPR and serves the purpose of proving the consent to receiving the newsletter.
23.10. Cancellation/revocation – Receivers of the newsletter may cancel the reception of our newsletter at any moment, i.e. they may revoke their consent. A link to cancelling the newsletter can be found at the end of every newsletter. Your consent to the performance measurement gets terminated at the same time. A separate revocation of the performance measurement, unfortunately, is not possible, in this case the entire newsletter subscription must be canceled. Upon unsubscribing from the newsletter, all personal data gets deleted, unless their storage is called for or justified by law, while their processing in this case will be limited to these exceptional cases. Most notably, we may store unsubscribed e-mail addresses for a duration of up to three years based on our justified interests before deleting them for purposes of sending the newsletters in order to be able to proof a formerly existing consent. Processing these data gets limited to the purpose of a potential defense against legal claims. An individual request for deletion is possible at any time if at the same time the former existence of a consent gets confirmed.
24. Implementation of Third Party Services and Contents
24.1. On the basis of our justified interests (i.e. an interest in analyzing, optimizing, and economically running our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we deploy content offers and service offers of third party providers within our online offer in order to implement their contents and services such as videos or fonts (hereinafter consistently referred to as “contents“). This always necessitates the third party providers of these contents to take note of the IP address of the users, since without the IP address they would be unable to send the contents to their browsers. Thus the IP address is necessary for delivering these contents. We try our best to use only contents of providers who use the IP address only to deliver their contents. Third party providers may also use so-called pixel tags (invisible graphics also referred to as “web beacons“) for statistical or marketing purposes. By means of pixel tags, information such as visitor traffic on this website’s pages can be evaluated. Besides, the pseudonymous information can be saved in form of cookies on the users’ device and, among other things, receive technical information regarding the browser and operating system, referring websites, visiting time, as well as further information on the usage of our online offer, and may also be merged with information from other sources.
24.2. The following description offers an overview of third party providers as well as their contents along with links to their data protection declarations, containing further information on data processing and, partly already mentioned here, possibilities of objection (so-called opt-out):
- External fonts by Google, LLC., https://www.google.com/fonts (“Google Fonts“). The implementation of Google Fonts takes place by accessing a Google server (usually located in the USA). Data protection declaration: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
- Videos from the platform “YouTube“ of the third party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
Features of the service Google+ are implemented into our online offer. These features are provided by the third party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When logged into your Google+ account, you may link the contents of our sites to your Google+ profile by clicking the Google+ button. That allows Google to assign visits of our sites to your user account. We would like to point out that we as the operator of the sites receive no information on the content of the data transmitted nor their usage by Google+. Data protection regulation: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
- Features of the service resp. the platform Twitter (hereinafter referred to as “Twitter“) can be implemented into our online offer. Twitter is a service by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The features include displaying our posts within Twitter within our online offer, a linking to our profile on Twitter, as well as the possibility to interact with posts and features on Twitter, and measuring whether users reach our online offer via the advertisements placed on Twitter by us (so-called conversion measuring). Twitter is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Data protection declaration: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.