Privacy
1. data protection information
Compliance with data protection regulations is very important to CMC Consumer Medical Care GmbH (hereinafter “CMC”, “we” or “us”). We would therefore like to inform you below about the processing of your personal data, in particular about the purposes of the respective data processing as well as the processed data categories, subdivided according to individual services or forms of use and about the rights to which you are entitled. With regard to the related terminology, such as “personal data” or “processing”, we refer to the relevant definitions in Art. 4 of the General Data Protection Regulation (GDPR).
If you are a customer, supplier of or applicant to CMC, you can find information about the processing of your personal data here:
Customers can find the information here
Suppliers can find the information here
Applicants can find the information here
We ask you to regularly check the content of our privacy policy, as we will adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Status of the privacy policy: 06.07.2022
Responsible person and contact
Responsible:
CMC Consumer Medical Care GmbH
Eichendorffstrasse 12-14
89567 Sontheim/Brenz
Phone: +49-7325-9244-0
E-mail: [email protected]
Contact data Data protection:
PAUL HARTMANN AG
Data Protection Officer
Paul-Hartmann-Strasse 12
89522 Heidenheim
E-mail: [email protected]
Do you have general questions or comments about this privacy policy or specific questions about the processing of your data? We will be happy to answer them for you.
2. legal bases and purposes of data processing
In accordance with Artt. 13, 14 DS-GVO we inform you about the legal basis of our data processing. Unless the legal basis is explicitly stated in this or separate privacy statements, the following applies:
The legal bases for obtaining consent are Art. 6 para. 1 lit. a and Art. 7 DS-GVO as well as Art. 9 para. 2 lit. a and Art. 7 DS-GVO (e.g. registration on offered portals/creation of customer accounts, delivery of user-specific offers and information about our products and services, surveys on our websites, analysis of the use of our products, services and websites, personalization of offers on the Internet, by e-mail, fax and on other channels, advertising or market and opinion research), the legal basis for the processing for the fulfillment of our services and implementation of contractual measures as well as answering inquiries is Art. 6 para. 1 lit. b DS-GVO (e.g. registration on offered portals/creation of customer accounts, execution of contract and/or service, payment processing for purchases and other services, processing due to a complaint, communication in particular via telephone, e-mail, fax, live chat, video call, supply advice), the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c DS-GVO (e.g. compliance with legal retention periods) and the legal basis for processing to protect our legitimate interests mentioned below is Art. 6 para. 1 lit. f DS-GVO (e.g. analysis and clarification of misuse or attacks on the communication systems, legitimation and authentication; protection against or identification of possible fraudulent transactions, communication via telephone, e-mail, fax, live chat, video call and other channels; sending of samples, premiums, products and information, delivery of user-specific offers and information about our products and services, surveys on our websites, personalization of offers on the Internet, via e-mail, fax and other channels, determination of the effectiveness of our advertising). In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DS-GVO as the legal basis.
3. security measures
We meet in accordance with Artt. 24, 32 DS-GVO, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to personal data, as well as access to, input, disclosure, ensuring availability of and separation of personal data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of personal data and response to threats to personal data. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DS-GVO).
The security measures include, in particular, the encrypted transmission of data between your browser and our server. Third-party security measures include, in particular, IP masking (pseudonymization of your IP address).
4. joint responsibility, information acc. Art. 26 par. 2 GDPR”
Due to the close cooperation in some areas, we may also process your personal data jointly with another controller within the meaning of Art. 26 DS-GVO. The respective partners are determined by the individual cooperation with regard to the purposes outlined below. Information on how the partners process your personal data can be found in their respective privacy statements. To guarantee your rights in particular and taking into account the requirements of the GDPR, we have concluded an agreement on this in each individual case, which sets out rules on the processing of your personal data. Thus, as so-called joint controllers, we are jointly responsible for the processing of your personal data.
4.1. Purposes of data processing in the context of joint responsibility
Joint responsibility may exist in the context of the processing of your personal data, in particular for the following purposes:
- Integration of our services on third-party websites, e.g. integration of wizards, plug-ins or other technical means;
- Integration of third-party services on our websites, e.g. integration of wizards, plug-ins or other technical means;
- Conducting surveys, interviews and their analysis;
4.2. Categories of data processed in the context of shared responsibility
In particular, we process the following categories of personal data:
- Inventory data (e.g., first and last name);
- Contact details (e.g. telephone number, e-mail address);
- Content data (e.g. communication content);
- Metadata (e.g. IP address).
4.3. Contact information to exercise your rights
We have agreed on a case-by-case basis with our respective partner on how we will ensure your rights and have specified in more detail which obligations are incumbent on each partner to comply with the obligations of the GDPR. Particularly relevant is ensuring the exercise of your rights as a data subject as well as the fulfillment of the information obligations pursuant to Art. 13 and 14 DS-GVO towards you. We will be happy to answer general inquiries or comments using the contact information provided in number 1 of this privacy information. To exercise your rights, please use the contact form linked in number 14 of this privacy information.
Independently of the contact point set up with us, you can also assert your rights directly against the respective partner.
Note: Insofar as your personal data – beyond the joint responsibility – is processed by a partner, the separate exercise of rights against this partner is open to you.
5. cooperation with third parties and processors
If we disclose personal data to third parties and companies – including group companies – within the scope of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transfer of data to third parties, such as to payment service providers, is required for the performance of the contract pursuant to Art. 6 (1) lit. b DS-GVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Insofar as we commission so-called processors with the processing of personal data on the basis of a so-called “order processing agreement” and thereby secure for ourselves, among other things, the necessary influence or control powers with regard to the processing and use of the personal data, this is done on the basis of an agreement on order processing in accordance with Sec. Art. 28 DS-GVO.
6. transfers to third countries
If we process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing, or transferring personal data to third parties, this will only be done if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow personal data to be processed in a third country only if the special requirements of Art. 44 et seq. DS-GVO are met. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection that corresponds to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
7. additional information for website users
This information informs you about the nature, scope and purpose of the processing of personal data within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”). Supplementary information on this can be found in our customer data protection information.
7.1 Cookies, analysis, tracking, optimization
Supplementary information on the cookies we use can be found in our Cookie Policy. We provide information about technologies from us or from third parties that are used not only to provide a function within our online offering, but also exclusively or additionally to analyze user behavior, tracking, optimize our marketing activities, or for other purposes in this privacy policy and in our cookie policy.
7.2 Purposes of data processing
We process your personal data in particular for the following purposes:
Provision of the online offer, its content and functions; marketing, advertising, public relations and market research; security measures; tracking (e.g. interest/behavior-based profiling, use of cookies); remarketing; visit action evaluation, interest-based and behavior-based marketing, profiling (creation of user profiles); conversion measurement (measurement of the effectiveness of marketing measures); targeting (determination of target groups relevant for marketing purposes or other output of content); cross-device tracking (cross-device processing of user data for marketing purposes).
7.3 Data categories
In particular, we process the following categories of data:
Usage data (e.g. web pages visited, use of services, interest in content, access times); meta/communication data (e.g. device information, IP addresses, browser type); location data (data indicating the location of an end user’s terminal device).
7.4 Collection of access data and log files
We collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f DS-GVO data about each access to the server on which this service is located (so-called server log files). Access data includes the path of the website accessed, associated files, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider, as well as other browser header data. In particular, the processing of your IP address as a personal data is necessary for the communication between your browser and our server.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a period of 6 months and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident. As a matter of principle, this data will not be passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so in accordance with the German Data Protection Act. Art. 6 par. 1 lit. c GDPR.
7.5 Online presence in social media
We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing social networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply.
We process your personal data if you communicate this within the social networks and platforms, e.g. by writing posts on our online presences or sending us messages. Meta Platforms may also provide statistics and insights (e.g. total number of page views, “likes”, page activity, post interactions, video views, post reach, comments, shared content, replies, etc.) to help us gain insights into the types of actions you take on our online presences. This enables us, among other things, to better understand your interests and preferences and can, for example, increase the attractiveness of articles or our presentation of services or choose the right time for publication.
We would like to point out that your personal data may also be processed by the respective operator outside the European Union or the European Economic Area (third country). This may result in risks for you, in particular it may be more difficult to enforce your rights. However, processing in a third country is always dependent on the existence of the special requirements of Art. 44 et seq. GDPR, which means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or in compliance with officially recognized contractual obligations (so-called “standard contractual clauses”).
If you click on the button of the respective operator, you will be redirected to our respective online presence in a separate browser window and can – provided you are logged into your user account – share or subscribe to our news, among other things. The button establishes a direct connection between your browser and the server of the respective operator. The respective operator thus receives the information that you have visited our website with your IP address. The respective operator may collect further personal data as soon as you use their services. In addition, it is then possible for the respective operator to assign your visit to our website – provided you are logged into your user account – to you and your user account.
In addition, your personal data may be further processed for the purposes of market research and advertising. This means that profiles can be created from your usage behavior and the preferences and interests derived from it. Such profiles can be used, for example, to place suitable advertisements within our online presence or on other online presences or websites based on the interests identified. Cookies are placed and stored on your end device, with the help of which personal data on usage behavior can be collected and bundled for further processing – to determine your interests. The collection and bundling of this personal data can – especially if you are logged into your user account – also be realized across several end devices used by you.
Your personal data is processed on the basis of our legitimate interests in the effective provision of information and presentation of services and direct communication with you in relation to our online offering in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 par. 1 lit. f GDPR.
If you wish to request information or exercise other rights to which you are entitled, please contact the respective operator directly first. The background to this is that in principle only the respective operators have access to your personal data and can provide you with the relevant information and, if necessary, take further measures. However, if you need help in exercising your rights, you can also contact us at any time.
A description of the data processing carried out by the respective operator as well as the requirements for the implementation of an objection (opt-out) can be found in the information provided by the respective operator:
Provider: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Page Insight data: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-out: https://www.facebook.com/settings?tab=ads
Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Provider: (Instagram) Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875
7.6 Links
We do not use any social plug-ins from social networks on our websites that collect personal data. We only use links on our websites to social networks. This prevents our users’ personal data from being passed on to social networks without their knowledge when they visit our websites. The links only establish a connection to our online presence of the respective social network on request – therefore only after the user has clicked on a link. After clicking on the link, the IP address and the general header information of the user’s browser are transmitted to the respective social network. The respective social network may collect further personal data as soon as you use its services. If you are logged into your respective account, Facebook can, for example, assign the visit to your account there. We would like to point out that we have no knowledge of the content of the personal data transmitted in the further course of the process or its use by the social networks.
The links described above are used for the following social networks:
Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875/
8. use of video conferencing tools
When you communicate with us via video conferencing, we and the provider of the respective video conferencing platform (hereinafter referred to as “platform(s)”) process your personal data. With the following specific privacy policy, we inform you about the processing of your personal data within the scope of use.
8.1. Purposes and legal bases
We use platforms, for example, to offer certain services (e.g., conducting webinars or training courses, etc.) or simply to enable communication (both internal and external). The use of the platforms and other related purposes is therefore necessary for the provision of our services and, in principle, for the provision of our products and services. necessary for the performance of contracts (cf. Art. 6 para. 1 lit. b DS-GVO, § 26 para. 1 BDSG).
In addition, the use of the platforms is regularly in our legitimate interest (cf. Art. 6 para. 1 lit. f DS-GVO), as it simplifies the implementation or provision of our services and accelerates communication (both internal and external) or even makes it possible in the first place, especially if face-to-face events should not be possible. In the context of the provision of use, it may also be in our legitimate interest to carry out troubleshooting and generate evaluations.
Furthermore, the platforms may also be used on the basis of consent (cf. Art. 6 para. 1 lit. a DS-GVO), in particular in connection with any recording within the scope of use. We will inform you of this separately in advance in each case, in particular with regard to the personal data processed in connection with the recording (e.g. recording of image and spoken contributions or transcription of these).
8.2. The processed (personal) data
When using the platforms, we process (personal) data. Which (personal) data is processed and to what extent depends in particular on the service offered, the platform used, the technical functions used and the information you provide before, during or after participating in a meeting, e.g. a webinar. During a meeting, content can therefore also be exchanged, uploaded or otherwise made available. Typically, we process the following (personal) data in particular:
Meeting participant details: In order to participate in a meeting or enter the meeting room, at least the first and last name must usually be entered (depending on the platform used). Under certain circumstances, it is also possible to enter only a pseudonym. In addition to first and last name, we process the e-mail address and the access password to the meeting, optionally the profile picture and the telephone number.
If necessary, the information will be processed after the meeting for further purposes (e.g. issuance of participation confirmations). As a rule (depending on the platform and configuration used), the information is deleted 30 days after the end of the meeting. More information about the duration of personal data storage and deletion can be found below under No. 5.
Metadata: The following metadata may be generated as part of a meeting: Time and date of meeting, duration of meeting, interruptions of meeting, log-in and log-out time(s), measurement of behavior in the meeting, e.g. share of speech (optional), participant IP addresses, information on hardware and software used.
If necessary, metadata is used after the meeting for troubleshooting or evaluation, among other things. Metadata is usually deleted 30 days after the meeting ends (depending on the platform and configuration used). More information about the duration of personal data storage and deletion can be found below under No. 5.
Text, audio and video data: It is possible (if the function is enabled) to use the chat, question or poll function in a meeting. Text entries made are processed in order to display them in the meeting and log them if necessary. In addition, to enable the display of video and the playback of audio, (personal) data from the video camera and the microphone of the terminal device are processed during the duration of the meeting. The video camera and/or microphone can be switched off or muted by the user at any time.
Text, audio and video data will only be processed for specific purposes after the meeting (e.g. providing a link to view the webinar afterwards). After the purpose ceases to apply (e.g. expiry of the validity of the link), the data is deleted as a matter of principle, insofar as no further purpose justifies the processing. More information about the duration of personal data storage and deletion can be found below under No. 5.
Recording, storage: Optionally, video, audio and presentation recordings are made or, if necessary, a transcription of the spoken word. Recordings require that the camera and microphone are switched on, the screen is shared if necessary and the resulting functions are also used. If necessary, the transcription can also be used anonymously (depending on the platform and configuration used) by setting.
If the chat function is also used, the information you provide will be stored in the meeting chat text file. This also applies to sent files.
Recordings or other stored data are generally only processed after the meeting to the extent that this is necessary to achieve the purpose (e.g. subsequent provision of a link to view the webinar). If the purpose ceases to apply (e.g. expiry of the validity of the link), the records or other stored data are deleted as a matter of principle, insofar as no further purpose justifies the processing. More information about the duration of personal data storage and deletion can be found below under No. 5.
Dialing in with the telephone: As a rule, the phone number and country are processed, optionally location and connection data.
Where necessary, dial-in data is used after the meeting, e.g. for troubleshooting or evaluation. They are usually deleted 30 days after the end of the meeting (depending on the platform and configuration used). More information on the subject of the duration of storage of personal data and deletion can be found below under No. 5.
8.3. Platforms used, recipients of the (personal) data
To fulfill the aforementioned purposes, we currently use the following platforms in particular: Teams and Skype from Microsoft, GoToMeeting from LogMeIn, WebEx from Cisco and Zoom from Zoom Video Communications.
The data protection declarations of the platform providers (hereinafter “Providers”), with each of which we have concluded a commissioned processing agreement pursuant to Art. 28 DS-GVO, can be found here:
Teams and Skype from Microsoft:
https://docs.microsoft.com/de-de/microsoftteams/teams-privacy
GoToMeeting from LogMein:
LogMeIn (USA) Privacy Policy
WebEx from Cisco:
Cisco Online Privacy Statement – Cisco
Zoom from Zoom Video Communications:
Privacy | Zoom
Within our company, (only) those internal departments or employees receive personal data insofar as they need it to fulfill the aforementioned purposes in particular (enabling communication via a platform by creating a meeting). However, the data recipients are each required to use personal data only to the extent necessary.
If we transfer personal data to other (external) persons, companies or other third parties (e.g. downstream transfer of the recording of the meeting to participants) or grant them other access to personal data, this will only be done on the basis of legal permission or appropriate consent. If we commission third parties with the processing of personal data on the basis of a so-called “order processing agreement” and thereby secure the necessary powers of influence or control with regard to the processing and use of personal data, among other things, this is done on the basis of Art. 28 DS-GVO. However, we remain responsible to you for the lawfulness of the data processing. In this context, we also ensure that the providers maintain appropriate technical and organizational measures to protect personal data.
In addition, providers may also process personal data for their own purposes. Please note that in this case, the providers themselves are responsible and must fulfill the obligations arising from the GDPR (e.g. obligation to inform, obligation to delete after the purpose has been achieved, etc.). You can find more information in the privacy statements of the providers (see above).
8.4. Processing of personal data in a third country
As far as possible, we will carry out the processing of personal data on the territory of the Federal Republic of Germany, in another member state of the European Union or in another state party to the Agreement on the European Economic Area (e.g., we will store (have stored) the data generated in the course of use in an “EU cluster”).
However, if processing of personal data in third countries (e.g. USA) is necessary, in particular in connection with the commissioning of providers, we will ensure that the specific legal requirements for such processing operations are met and thus that an adequate level of data protection prevails in the respective third country. This includes, in particular, checking whether the European Commission has decided that an adequate level of protection exists in a third country (cf. Art. 45 GDPR) or whether suitable or adequate safeguards (e.g. standard contractual clauses) are in place and the enforcement of your rights is guaranteed, as well as whether sufficient technical and organizational measures are in place to protect the personal data.
For information on the appropriate or adequate safeguards and how and where to obtain a copy of them, please contact [email protected].
8.5. Duration of storage of personal data, deletion
In principle, we process or store personal data for the duration of a meeting or webinar and any subsequent services/processes (e.g. issuing certificates of attendance, providing the link to a webinar or transcription, etc.). In addition, we may also process or store personal data for other purposes, such as troubleshooting and evaluation purposes.
If the processing or storage is no longer necessary, we delete the personal data. This does not apply if, among other things, legally prescribed retention periods prevent deletion (cf. Art. 17 (3) DS-GVO) and/or another case of Art. 17 (3) DS-GVO applies. 3 GDPR exists and/or a new purpose justifies further processing.
Incorrect and/or incomplete data will be deleted according to. Art. 5 par. 1 lit. d) DS-GVO deleted or – as far as possible – corrected without delay.
8.6. Technical and organizational measures
To ensure that personal data is protected, the following technical and organizational measures are taken in particular:
- User authentication;
- Possibility for two-factor authentication (e.g. with Zoom and MS Teams);
- Transport / end-to-end encryption;
- Possibility to pixelate backgrounds after activating camera;
- Possibility participation with video/sound by default;
- Participation without creating account (guest account);
- Participation without installing application (web client);
- Recording and storage turned off by default, only after consent recording is started.
8.7. Further data protection information
Further information on the processing of your personal data, in particular on your rights, can be found in the privacy policy applicable to you as a customer, supplier, etc. (cf. privacy policies available above) or in this privacy policy.
9. contact
When contacting us (via contact form, telephone, fax, mail or e-mail), your personal data will be used to process your request and handle it in accordance with the German Data Protection Act. Art. 6 par. 1 lit. b and lit. f GDPR is processed. The information marked as mandatory in the contact form is required for the processing of your request.
As a rule, we delete requests 3 months after their receipt, at the latest, however, if they have been answered. In the case of legal storage obligations that must be observed, the deletion takes place after their expiration.
10. newsletter
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of a newsletter: We send e-mails and other (electronic) notifications with advertising information (hereinafter “newsletter”) only with your consent or on the basis of legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for consent. Our newsletters also contain information about our products, offers, promotions and our company.
The newsletter is sent by us or, if applicable, by a service provider commissioned by us.
Logging double opt-in and changes: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can log in with other people’s e-mail addresses. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your (personal) data stored with the shipping service provider are also logged.
According to its own information, the mailing service provider may use your (personal) data in pseudonymous form, i.e. without assignment to a user, to optimize and improve its own services, e.g. for the technical optimization of the mailing and presentation of the newsletter or for statistical purposes in order to determine from which countries the recipients come. However, the shipping service provider does not use your (personal) data to write to you itself or to pass on your (personal) data to third parties.
Registration data: To subscribe to the newsletter, simply enter your e-mail address. Optionally, we ask you to enter your first and last name so that we can address you personally.
Performance measurement: The newsletters contain a so-called “web-beacon”. This is a pixel-sized file that is retrieved from the mailing service provider’s server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used in particular for the technical improvement of the services and to determine your reading habits. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. This information can be assigned to you for technical reasons.
The newsletter is sent and its success is measured on the basis of your consent in accordance with. Art. 6 par. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG. The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 par. 1 lit. f GDPR and serves as proof of consent to receive the newsletter.
Revocation: You can revoke the receipt of our newsletter at any time. You will find a link to unsubscribe from the newsletter at the end of each newsletter. Your (personal) data will be deleted in the event of a revocation.
11. integration of third-party services and content Reiter
We use content or service offerings from third-party providers within our online offering. This is done on the basis of our legitimate interests (interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR) or on the basis of your consent in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 par. 1 lit. a GDPR. This means that we integrate content and services from third-party providers, such as videos or fonts (hereinafter uniformly referred to as “content”). The prerequisite for this is that the third-party providers are aware of your IP address, as they would not be able to send the content to your browser without the IP address. The IP address is therefore required for the display of content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the website. The pseudonymous information may also be stored in cookies on your device and contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.
In the following presentation, we have compiled an overview of third-party providers together with the content they offer and the links to their data protection declarations, which may contain further information on the processing of data and information on how to object. Please note that we have listed other third-party providers and further information on the third-party providers mentioned here in our cookie policy.
– Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacypolicy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
We use the “LinkedIn Insight Tag” conversion tool within our online offering. This tool creates a cookie in your web browser, which enables the collection of data. Based on the data collected, LinkedIn creates anonymized reports about the website target group and makes them available to us. LinkedIn also shows us the display performance. LinkedIn also offers the option of retargeting via the Insight Tag. We can use this data to display targeted advertising outside our online offering without identifying you.
– Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy: https://www.xing.com/app/share?op=data_protection
– Provider: (Instagram) Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875
– Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/about/privacy/
With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called “Audience Network”). https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion measurement”).
Provider: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection provisions: https://policies.google.com/privacy?hl=de
Terms and conditions: https://marketingplatform.google.com/about/analytics/terms/us/
Opt-out: http://tools.google.com/dlpage/gaoptout?hl=de
Further information about Google Analytics: If you have given your consent, our website (we) may use Google Analytics 4, a web analytics service. For users in the EU/EEA and Switzerland, the executing party is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Scope of processing: Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
We can use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data), and ads can be delivered to these users in cross-device remarketing campaigns.
Please note the following with regard to the Google functions mentioned above: IP address anonymization is activated by default in Google Analytics 4. IP anonymization means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
When you visit your website, your user behavior is recorded in the form of “events”. Events can be:
– Page views
– First visit to the website
– Start of the session
– Your “click path”, the interaction with the website
– Scrolls (when a user scrolls to the bottom of the page (90%))
– Clicks on external links
– internal search queries
– Interaction with videos
– File downloads
– Viewed/clicked ads
– Language settings
Also included:
– Your approximate location (region)
– Your IP address (in abbreviated form)
– technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
– Your Internet service provider
– the referrer URL (via which website/advertising media you came to this website)
Purposes of processing: Google will use this information on our behalf to evaluate your pseudonymous use of our website and to compile reports on website activity. The reports generated by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Recipients of the data are/may be in particular
– Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
– Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
– Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities will access the data stored by Google.
Transfer to third countries: If data is processed outside the EU/EEA and there is no adequate level of data protection there that corresponds to the European standard under the GDPR, we have concluded EU standard contractual clauses in order to establish an adequate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of personal data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against (in particular unlawful) access by authorities.
Duration of storage: The data sent by us and linked to cookies is automatically deleted after 2 or 14 months. Data whose retention period has expired is automatically deleted once a month.
Legal basis: The legal basis for this data processing is your consent in accordance with Art. 6 (1) a) GDPR.
Revocation: You can revoke your consent at any time with effect for the future by calling up the cookie settings/administration and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected by this.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functions on our and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the (further) processing of this data by Google by clicking
a. do not give your consent to the setting of the cookie or
b. Download and install the browser add-on to deactivate Google Analytics here.