The use of this website constitutes the user's acknowledgment of the following privacy policy.
This semi-automatically generated translation is provided for informational purposes. In the event of any doubtful or conflicting translations, the German privacy policy shall prevail.
Privacy Policy
Data protection is of high importance to us. The use of Comunio's websites and apps is generally possible without providing any personal data. However, if certain services on our websites and apps (such as our manager area) are used, the processing of personal data may be necessary. If the processing of personal data is necessary, and there is no legal basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Comunio GmbH. Through this privacy policy, our company informs about the type, scope, and purpose of the personal data we collect, use, and process. Additionally, individuals are informed about their rights through this privacy policy.
Comunio GmbH, as the data controller, has implemented numerous technical and organizational measures to ensure the most comprehensive protection of personal data processed through the website and apps. However, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed.
1. Definitions
The privacy policy of Comunio GmbH is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy aims to be easily readable and understandable for the public, as well as for our users and business partners. To ensure this, we would like to explain the terminology used in this privacy policy:
a) Personal Data
Personal data refers to all information that relates to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is considered to be one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the entity responsible for the processing.
c) Processing
Processing encompasses any operation or set of operations performed, with or without the aid of automated processes, concerning personal data. This includes the collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, alignment or combination, restriction, erasure, or destruction of personal data.
d) Restriction of Processing
Restriction of processing involves marking stored personal data with the aim of limiting their future processing.
e) Profiling
Profiling is any form of automated processing of personal data that involves using such data to assess specific personal aspects related to a natural person. This includes analyzing or predicting aspects concerning the individual's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in a way that the data can no longer be attributed to a specific data subject without additional information. This additional information must be kept separately and be subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
g) Controller or Data Controller
Controller or data controller refers to the natural or legal person, authority, agency, organization, or other body that, alone or jointly with others, determines the purposes and means of processing personal data. If the purposes and means of this processing are determined by Union law or the law of a Member State, the controller or specific criteria for their appointment may be provided for by Union law or the law of a Member State.
h) Processor
Processor is a natural or legal person, authority, agency, organization, or other body that processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, authority, agency, organization, or other body to whom personal data is disclosed, regardless of whether they are a third party or not. However, authorities that may receive personal data as part of a specific investigation under Union law or the law of Member States are not considered recipients.
j) Third Party
A third party is a natural or legal person, authority, organization, or entity other than the data subject, the controller, the processor, and individuals who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent is any voluntary, informed, and unambiguous expression of will by the data subject for a specific case. It is given in the form of a statement or another clear affirmative action, indicating that the data subject agrees to the processing of their personal data.
2. Name and Address of the Data Controller
The data controller, as defined by the General Data Protection Regulation and other applicable data protection laws in the European Union member states, is:
Comunio GmbH
Maria-Eich-Str. 113
82166 Gräfelfing
Germany
E-Mail: info@comunio.de
Website: www.comunio.info
3. Cookies
The websites of Comunio GmbH use cookies. Cookies are text files that are stored on a computer system through an internet browser.
Many websites and servers use cookies. Many cookies contain a unique identifier, known as a cookie ID. A cookie ID is a string of characters through which websites and servers can be associated with the specific internet browser in which the cookie was stored. This allows the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that may contain different cookies. A specific internet browser can be recognized and identified via the unique cookie ID.
The use of cookies enables us to provide visitors to our websites with more user-friendly services that would not be possible without setting cookies.
Cookies help optimize the information and offerings on our websites for the user. As mentioned earlier, cookies allow us to recognize the users of our websites. The purpose of this recognition is to make it easier for users to navigate our websites.
The data subject can prevent the setting of cookies by our websites at any time by adjusting the settings of the internet browser used and may thus permanently oppose the setting of cookies. Furthermore, already set cookies can be deleted at any time through an internet browser or other software programs. This is possible in all common browsers. If the data subject deactivates the setting of cookies in the used internet browser, not all functions of our websites may be fully usable.
4. Collection of General Data and Information
Our websites and apps automatically collect a series of general data and information with each page view by a data subject or an automated system. This general data and information are stored in the server's log files. The following information may be collected: (1) types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the subpages accessed by an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to prevent risks in the event of attacks on our information technology systems.
Comunio GmbH does not draw conclusions about the data subject when using this general data and information. Instead, this information is needed to (1) correctly deliver the content of our websites and apps, (2) optimize the content and advertising of our websites and apps, (3) ensure the permanent functionality of our information technology systems and the technology of our websites and apps, and (4) provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack.
The data from the server log files are stored separately from all personal data provided by a data subject.
5. Registration on our Websites and Apps
The data subject has the option to register on our websites and apps by providing personal data. The personal data transmitted to the data controller is determined by the respective input mask used for registration. The personal data entered by the data subject is collected and stored solely for internal use and for the data controller's own purposes. The data controller may instruct the transfer of this data to one or more processors who will also use the personal data solely for internal purposes attributable to the data controller.
Upon registration on our websites or apps, the Internet Service Provider's (ISP) assigned IP address of the data subject, along with the date and time of registration, is also stored. The storage of this data is done with the aim of preventing the misuse of our services and, if necessary, facilitating the investigation of committed crimes. Therefore, the storage of this data is necessary to secure the data controller. Generally, this data is not disclosed to third parties unless there is a legal obligation to do so or disclosure is necessary for criminal prosecution. The registration of the data subject, with the voluntary provision of personal data, serves to offer content or services to the data subject that, by nature, can only be offered to registered users. Registered individuals have the option to modify or completely delete the personal data provided during registration from our database at any time. Upon request, we provide any data subject with information about which personal data concerning them is stored. Furthermore, we correct or delete personal data at the request or notice of the data subject, as long as there are no legal storage obligations that contradict this. All employees of the data controller are available as contact persons for the data subject in this regard.
6. Orders in Our Shop
In our shop, orders can be placed as a guest without registration, or customers can choose to register. Registration has the advantage that the data subject can log in directly for future orders using their email address and password, without having to re-enter contact details.
The personal data of the data subject is entered into an input mask, transmitted to us, and stored when placing an order in our shop. To complete an order in our shop, the following data is required: first name, last name, email address, address, city, postal code, country, and phone number.
These data are collected (1) to identify the data subject as our customer, (2) to process, fulfill, and handle the order, (3) for correspondence with the data subject, (4) for invoicing, (5) to handle any liability claims and assert any claims against the data subject, (6) to ensure the technical administration of our website, and (7) to manage our customer data.
During the order process, the data subject's consent is obtained for the processing of this data. Data processing is carried out based on the order and/or registration of the data subject and is necessary for the proper processing of the order and the mutual fulfillment of obligations from the purchase contract under Art. 6 (1) (b) GDPR.
The personal data collected by us for the processing of the order is stored until the statutory retention period expires and is then deleted unless we are obliged to store it for a longer period based on tax and commercial law retention and documentation obligations (from the German Commercial Code, Criminal Code, or Fiscal Code) according to Article 6 (1) (c) GDPR, or the data subject has consented to a longer storage period according to Article 6 (1) (a) GDPR.
7. Subscription to Our Newsletter
On the websites and apps of Comunio GmbH, users are given the opportunity to subscribe to a newsletter. The personal data transmitted to the data controller when ordering the newsletter is determined by the input mask used for this purpose.
Our newsletter can generally only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject has registered for newsletter delivery. For legal reasons, a confirmation email is sent in the double opt-in procedure to the email address first entered by a data subject for newsletter delivery. This confirmation email serves to verify whether the owner of the email address, as the data subject, has authorized the receipt of the newsletter.
Upon newsletter registration, we also store the IP address assigned by the Internet service provider (ISP) to the data subject's computer system at the time of registration, as well as the date and time of registration. Collecting this data is necessary to trace potential misuse of a data subject's email address at a later date and serves the legal protection of the data controller.
The personal data collected during newsletter registration is used exclusively for sending our newsletter. Subscribers to the newsletter may also be informed by email if this is necessary for the operation of the newsletter service or a related registration, such as in the case of changes to the newsletter offering or changes to technical conditions. The data collected within the newsletter service is not passed on to third parties. Subscription to our newsletter can be cancelled by the data subject at any time. The consent to the storage of personal data that the data subject has given us for the purpose of newsletter delivery can be revoked at any time. Each newsletter contains a corresponding link for revoking consent. Furthermore, there is the option to unsubscribe from the newsletter at any time directly on the website of the data controller or to inform the data controller of this in another way.
8. Newsletter Tracking
The newsletters of Comunio GmbH contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails that are sent in HTML format to enable log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Comunio GmbH can recognize whether and when an email from a data subject was opened.
We automatically interpret unsubscribing from receiving the newsletter as a revocation.
9. Contributions in Forums
We offer our users the opportunity to exchange information on various topics in forums located on our websites. A forum is a publicly accessible portal, usually on a website, where thoughts, opinions, and experiences are exchanged and archived. The contributions published in the forums can be commented on by other users of the forum.
If a data subject registers on one of our websites, they can actively participate in the forum on the respective page. When a data subject publishes a contribution in one of our forums, information about the time of publication and the username (pseudonym) chosen by the data subject is stored and published alongside the actual contribution. Furthermore, the IP address assigned by the Internet service provider (ISP) to the data subject is logged. This storage of the IP address is done for security reasons and in case the data subject violates the rights of third parties or posts illegal content in a contribution. The storage of this personal data is therefore in the legitimate interest of the data controller, so that the data controller could potentially exculpate themselves in the event of a legal violation. This collected personal data is not passed on to third parties unless such disclosure is legally required or serves the legal defense of the data controller.
10. Routinely Deletion and Blocking of Personal Data
We process and store personal data of a data subject only for the period necessary to achieve the purpose of storage or as required by the European legislator or other legislator in laws or regulations to which we are subject.
Once the purpose of storage is no longer applicable or a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with legal regulations.
11. Rights of the Data Subject
a) Right to Confirmation
Every data subject has the right granted by the European legislator to obtain confirmation from the data controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact an employee of the data controller at any time.
b) Right to Information
Every data subject affected by the processing of personal data has the right granted by the European legislator to obtain information free of charge from the data controller at any time about the personal data stored about them and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:
- The purposes of processing
- The categories of personal data processed
- The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular for recipients in third countries or international organizations
- If possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration
- The existence of the right to rectification or erasure of personal data concerning them or restriction of processing by the controller or a right to object to such processing
- The right to lodge a complaint with a supervisory authority
- If the personal data is not collected from the data subject: All available information about the origin of the data
- The existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate guarantees in connection with the transfer.
If a data subject wishes to exercise this right to information, they can contact an employee of the data controller at any time.
c) Right to Rectification
Every data subject affected by the processing of personal data has the right granted by the European legislator to demand the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of processing, to request the completion of incomplete personal data – including by means of a supplementary declaration.
If a data subject wishes to exercise this right of rectification, they can contact an employee of the data controller at any time.
d) Right to Erasure (Right to be Forgotten)
Every data subject affected by the processing of personal data has the right granted by the European legislator to demand that the personal data concerning them be deleted without delay if one of the following reasons applies and if processing is not necessary:
- The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
- The data subject revokes their consent on which the processing was based according to Art. 6 (1) letter a GDPR or Art. 9 (2) letter a GDPR, and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in accordance with Art. 21 (2) GDPR.
- The personal data has been processed unlawfully.
- Deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.
If one of the above reasons applies and a data subject wishes to initiate the deletion of personal data stored by Comunio GmbH, they can contact an employee of the data controller at any time. The employee of Comunio GmbH will arrange for the deletion request to be complied with immediately.
If the personal data of Comunio GmbH has been made public and our company, as the data controller, is obliged to delete the personal data in accordance with Art. 17 (1) GDPR, Comunio GmbH, taking into account the available technology and implementation costs, will take appropriate measures, including technical ones, to inform other data controllers processing the published personal data that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data, as far as processing is not necessary. The employee of Comunio GmbH will arrange what is necessary on a case-by-case basis.
e) Right to Restriction of Processing
Every data subject affected by the processing of personal data has the right granted by the European legislator to request the data controller to restrict processing if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject opposes the erasure of the personal data and requests instead the restriction of their use.
- The data controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defense of legal claims.
- The data subject has objected to processing pursuant to Art. 21 (1) GDPR, pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by Comunio GmbH, they can contact an employee of the data controller at any time. The employee of Comunio GmbH will initiate the restriction of processing.
f) Right to Data Portability
Every data subject affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning them, which was provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided, as long as the processing is based on the consent pursuant to Art. 6 (1) letter a GDPR or Art. 9 (2) letter a GDPR or on a contract pursuant to Art. 6 (1) letter b GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible, and as long as this does not adversely affect the rights and freedoms of others.
To exercise the right to data portability, the data subject can contact an employee of Comunio GmbH at any time.
g) Right to Object
Every data subject affected by the processing of personal data has the right granted by the European legislator to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them which is based on Art. 6 (1) letters e or f GDPR. This also applies to profiling based on these provisions.
Comunio GmbH will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If Comunio GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Comunio GmbH processing for direct marketing purposes, Comunio GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to their particular situation, to object to processing of personal data concerning them by Comunio GmbH for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject can directly contact any employee of Comunio GmbH. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right to object by automated means using technical specifications.
h) Automated Decisions in Individual Cases, Including Profiling
Every data subject affected by the processing of personal data has the right granted by the European legislator not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, (2) is permitted by Union or Member State legislation to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is made with the data subject's explicit consent.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) it is made with the explicit consent of the data subject, Comunio GmbH will implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the controller, to express their point of view and contest the decision.
If the data subject wishes to assert rights relating to automated decisions, they can contact an employee of the data controller at any time.
i) Right to Withdraw Consent for Data Processing
Every data subject affected by the processing of personal data has the right granted by the European legislator to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise their right to withdraw consent, they can contact an employee of the data controller at any time.
12. Data Protection in Applications and Application Procedures
Comunio GmbH collects and processes the personal data of applicants for the purpose of handling the application process. The processing may also take place electronically, especially if an applicant submits corresponding application documents electronically, for example, via email. If the data controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship, in compliance with legal regulations. If Comunio GmbH does not conclude an employment contract with the applicant, the application documents will be deleted two months after the rejection decision is communicated, unless there are other legitimate interests of the data controller that oppose deletion. Another legitimate interest in this context is, for example, an obligation to provide evidence in a proceeding under the General Equal Treatment Act (AGG).
13. Data Protection Provisions for the Use of Online Advertising
The websites and apps of Comunio GmbH are financed, among other things, by revenue from advertising. We have entrusted SKALDEN MEDIA (Monja Skalden, Hofstückenstieg 1, 22145 Hamburg, ms@skalden-media.de) with the marketing of advertising space.
SKALDEN MEDIA uses the Google Ad Manager tool for advertising, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ad Manager transmits data to a server with every impression as well as with clicks or other activities. Each of these data transmissions triggers a cookie request to the browser of the data subject. If the browser accepts this request, the tool sets a cookie on the information technology system of the data subject. The purpose of the cookie is to optimize and display advertisements. The cookie is used, among other things, to display and show user-relevant advertising and to create or improve reports on advertising campaigns. Furthermore, the cookie is used to avoid multiple displays of the same advertisement.
Google Ad Manager uses a cookie ID that is necessary for the technical process. The cookie ID is required, for example, to display an advertisement in a browser. The tool can also use the cookie ID to determine which advertisements have already been displayed in a browser in order to avoid double displays. Furthermore, it is possible to record conversions through the cookie ID. Conversions are recorded, for example, when a user has previously been shown a Google Ad Manager advertisement and then makes a purchase on the advertiser's website with the same internet browser.
A Google Ad Manager cookie does not contain personal data. However, a cookie can contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which the user has already been in contact.
With each call to one of the individual pages of this website, operated by the data controller and on which a Google Ad Manager component has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google Ad Manager component to transmit data for the purpose of online advertising and commission settlement to Google. In the course of this technical process, Google becomes aware of data that Google also uses to create commission settlements. Among other things, Google can track that the data subject has clicked on certain links on our website.
The data subject can prevent the setting of cookies by our website, as described above, at any time by adjusting the settings of the internet browser used and thus permanently objecting to the setting of cookies. Such a setting of the internet browser would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Google can be deleted at any time via an internet browser or other software programs.
Further information on data protection and the use of cookies in Google Ad Manager can be found at https://policies.google.com/privacy?hl=en. The option to object (Opt-Out) to the processing of this data by Google Ad Manager can be found at https://adssettings.google.com/authenticated.
For advertising, SKALDEN MEDIA collaborates with YOC Mobile Advertising GmbH, Greifswalder Straße 212, 10405 Berlin (https://yoc.com/de/).
YOC uses cookies for the delivery of personalized advertising. These cookies can be deactivated by clicking on the following link: https://t.visx.net/opt-out.
More information on YOC's data protection can be found at https://yoc.com/de/datenschutz/.
14. Privacy Policy on the Use and Application of Google PPID
In connection with our ad server, Google Ad Manager, we use the Google PPID (Publisher Provided Identifiers) feature. This involves a pseudonymized user identifier assigned by us as the website operator. The PPID allows us to transmit a user ID to Google, which is used to limit the number of ad impressions (frequency capping), serve target group-specific advertisements, and manage ad rotation across all devices of the respective user. No information is stored in a cookie, and the identifier is hashed or encrypted, rendering it unusable for Google. The PPIDs are converted into partitioned user identifiers per website operator before being passed on, which means that PPIDs used by us are only associated with our website. As a result, users cannot be recognized across different websites and apps through the PPID.
15. Privacy Policy on the Use and Application of AdDefend
Comunio GmbH uses AdDefend (a service provided by AdDefend GmbH, Borselstrasse 3, 22765 Hamburg) to display advertisements. AdDefend uses cookies with a randomly generated ID to determine whether the affected person has previously visited our website. For this purpose, AdDefend creates a pseudonymous usage profile under this ID.
The affected person can object to the use of these cookies by AdDefend at any time by utilizing the opt-out option available at the following link: https://www.addefend.com/de/opt-out/. If the affected person deletes cookies in their browser, it will be necessary to repeat the opt-out process via the link mentioned above.
16. Privacy Policy on the Use and Application of tisoomi Services
To display advertisements, we collaborate with tisoomi services (a service provided by tisoomi GmbH, Gänsemarkt 31, 20354 Hamburg). tisoomi uses "cookies" that are stored on the affected person's computer, enabling interest-based advertisement displays. The information generated by the cookie regarding the use of this website (including your IP address) is transmitted to a tisoomi server in Germany and stored there in a pseudonymized form. tisoomi uses this information to optimize the content of advertising materials and, if necessary, to compile reports for website operators.
The affected person can prevent the installation of cookies by adjusting their internet browser settings accordingly. By using this website, the affected person consents to the processing of the collected data by tisoomi in the manner described above and for the stated purpose. The affected person can object to the interest-based advertisement display by tisoomi at any time by utilizing the "opt-out" option on the following page: https://www.tisoomi-services.com/datasecurity
17. Privacy Policy on the Use and Application of AddApptr
In our apps, advertisements are displayed from various ad networks, which are selected and provided through the service provider AddApptr (AddApptr GmbH, Alsterufer 4, 20345 Hamburg, support@addapptr.com). For this purpose, the following categories of data are collected and processed by AddApptr: mobile identifiers such as the ID for Advertising for iOS (IDFA), Google Advertising ID, or similar; IP address; and geolocation.
The listed data is generally stored indefinitely, subject to deletion requests. The data is pseudonymized and forwarded to one or more operators of ad networks to display the most relevant advertising on the respective end devices. The data is typically processed exclusively within the European Union. If systems are used that store and process tracked data outside the EU, such systems comply with the requirements of the EU-US Privacy Shield agreement or contracts (e.g., EU Standard Contractual Clauses) have been concluded with the ad network operators to ensure a level of data protection in line with the GDPR.
The legal basis for the use and application of AddApptr is derived from Article 6 (1) (f) GDPR. If an affected person does not wish for the above-mentioned data categories to be tracked, they must refrain from using our apps.
18. Privacy Policy for the Use of OpenX
We use OpenX, a service for integrating advertisements, on our websites. OpenX utilizes cookies, which are text files stored on the user's computer, allowing an analysis of the website's usage. OpenX also employs web beacons to collect and analyze information about visitor traffic.
The data generated by cookies and web beacons regarding the use of this website and the delivery of advertising formats are transmitted to an OpenX server and stored there. While this information may be shared with contractual partners, it is not merged with the user's IP address.
OpenX is operated by OpenX Technologies, Inc., 888 East Walnut Street, 2nd Floor, Pasadena, CA 91101, USA.
The applicable privacy policies of OpenX can be accessed at https://www.openx.com/legal/privacy-policy/.
19. Privacy Policy for the Use of Google Analytics (with anonymization function)
Our websites and apps integrate the Google Analytics component (with anonymization function). Google Analytics is a web analytics service that collects, analyzes, and evaluates data on the behavior of visitors to websites and apps. It captures data on, among other things, the referrer (the website from which a visitor comes), the subpages accessed on the website or app, and the frequency and duration of subpage views. Web analytics is primarily used to optimize a website or app and to analyze the cost-effectiveness of online advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For web analytics via Google Analytics, the data controller uses the extension "_gat._anonymizeIp". With this extension, the IP address of the user is shortened and anonymized by Google when access to our websites or apps occurs from a member state of the European Union or another contracting state of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor traffic on our websites and apps. Google uses the data to evaluate the use of our websites and apps, to compile online reports showing activities on our websites and apps, and to provide other services related to the use of our websites and apps.
Google Analytics sets a cookie on the user's information technology system. Cookies and their use have been explained above. The cookie enables Google to analyze the use of our websites and apps. With each visit to one of the individual pages of this website or app operated by the data controller and on which a Google Analytics component has been integrated, the internet browser is automatically prompted by the respective Google Analytics component to transmit data to Google for online analysis. In the course of this technical process, Google gains knowledge of personal data, such as the IP address of the user, which helps Google trace the origin of visitors and clicks and subsequently enable commission settlements.
The cookie stores personal information, such as the access time, the location from which access originated, and the frequency of visits to our websites or apps by the user. During each visit to our websites or apps, this personal data, including the IP address of the user's internet connection, is transmitted to Google in the United States. Google stores this personal data in the United States. Google may disclose this personal data collected through the technical process to third parties.
The user can prevent the setting of cookies by our websites, as described above, at any time by adjusting the settings of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser would also prevent Google from setting a cookie on the user's information technology system. Additionally, cookies already set by Google Analytics can be deleted at any time through the internet browser or other software programs.
Furthermore, the user has the option to object to the collection of data generated by Google Analytics that is related to the use of this website and the processing of this data by Google. To do so, the user must download and install a browser add-on via the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics through JavaScript that no data and information about visits to websites should be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the user's information technology system is deleted, formatted, or reinstalled at a later date, the user must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the user or another person within their control, there is the option to reinstall or reactivate the browser add-on.
Additional information and Google's applicable privacy policies can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. More detailed information about Google Analytics is available at https://www.google.com/intl/de_de/analytics/.
20. Privacy Policy on the Use and Application of Taboola
On our websites, we use the content discovery platform Taboola (Taboola, Inc., 16 Madison Square West, 7th Floor, New York, New York 10010, USA). Taboola's service enables user-specific recommendations for content and advertisements based on browsing behavior and user interests, helping to improve the user experience of our offerings. Usage profiles are created using pseudonyms, and they are not merged with data about the holder of the pseudonym, ensuring no conclusions about personal data can be drawn.
Further information about Taboola, as well as the option to object to the processing of data by Taboola, can be found at: https://www.taboola.com/de/policies/datenschutzerklaerung.
21. Privacy Policy on the Use and Application of WelectPublish
Our pages include plugins from the service provider "Welect."These plugins are offered by Welect GmbH, Platz der Ideen 1, 40467 Düsseldorf (hereinafter referred to as "Welect" ). We initially use the WelectPublish service to detect whether an AdBlocker is in use and to display the AdBlock-Wall. In this context, Welect operates as our data processor (data processing on behalf). The legal basis for data processing is Article 6 (1) sentence 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in ensuring the financing of our web offering through advertisements.
If you use an AdBlocker, you can still access the desired article without disabling the AdBlocker by choosing to watch an advertisement. If you decide to do so, Welect Publish is deployed to allow you to view an advertisement of your choice. For the processing of personal data associated with displaying the advertisement, Welect is the data controller. The legal basis for disclosing your IP address and the accessed website to Welect in this case is Article 6 (1) lit. a GDPR (consent). After viewing the advertisement, you are redirected to the article, which you can then access.
With WelectPublish, we can analyze whether you use the Welect service and which advertising content is shown to you. This information is stored in a cookie on your computer and evaluated upon repeated use of WelectPublish to avoid displaying advertisements you have already seen. Welect also uses your IP address (on a state/city/postal code level) to show you offers from sponsors in your region.
As part of the advertising display you selected, technology providers commissioned by advertisers and/or their agencies collect information related to the ad display (e.g., delivery frequency, visibility measurement, clicks on the advertisement). Further details on tracking and opt-out options can be found in Welect's privacy policy: https://www.welect.de/datenschutz.
The cookie remains stored until you delete it from your browser, but no longer than two weeks after your last use of the service. According to Welect, your IP address is not stored after the aforementioned processing. It is only temporarily logged in server log files. The legal basis for data processing is Article 6 (1) sentence 1 lit. f GDPR (legitimate interest). Welect's legitimate interest lies in ensuring accurate billing for advertisers.
22. Privacy Policy on the Use and Application by LiveRamp
When you enter your email address on our website or app (for example, to register, subscribe to a newsletter, or similar), we may share personally identifiable or other information we collect from you, such as your email address (in hashed, pseudonymized form), your IP address, your mobile advertising identifier, or information about your browser or operating system, with our partner LiveRamp.
LiveRamp uses this information to create an online identification code, which allows you to be recognized on the devices you use. The code does not contain personally identifiable information and is not used by LiveRamp to directly re-identify you. To achieve this, we place the code in our first-party cookie or in our app device library/SDK/app and use it for online and cross-platform advertising. The information may be shared with our advertising partners and other third parties worldwide to enable interest-based content or targeted advertising for your online experience (e.g., web, email, connected devices, apps, etc.). These third parties may, in turn, use the code to link demographic or interest-related information that you have provided during interactions with them.
You have the right to decide whether we share this information with LiveRamp for the purposes described above. The privacy policy of LiveRamp and instructions on how to opt-out can be found here: https://liveramp.de/privacy/datenschutzerklarung-fur-die-liveramp-dienste/.
23. Privacy Policy for the Use of Matomo (formerly PIWIK)
We use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users on our websites. The software sets a cookie on the user's computer (for information about cookies, see above). When individual pages of our website are accessed, the following data is stored: (1) two bytes of the IP address of the user's accessing system, (2) the accessed website, (3) the website from which the user accessed the accessed website (referrer), (4) the subpages accessed from the accessed website, (5) the length of time spent on the website, (6) the frequency of website access.
The software runs exclusively on the servers of our website. Storage of personal data of the user only takes place there. The data is not passed on to third parties.
The software is set up so that IP addresses are not stored in full but are masked with 2 bytes of the IP address (e.g., 192.168.xxx.xxx). This way, assignment of the truncated IP address to the accessing computer is no longer possible.
The data is deleted as soon as it is no longer needed for our recording purposes.
The processing of the users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of individual components of our website. This helps us to continuously improve our website and its user-friendliness. The anonymization of the IP address takes into account the users' interest in the protection of their personal data.
24. Privacy Policy for the Use of Facebook
We have integrated components of the company Facebook on our websites. Facebook is a social network.
A social network is an internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in the virtual space. A social network can serve as a platform for the exchange of opinions and experiences or allow the internet community to provide personal or company-related information. Facebook allows users of the social network, among other things, to create private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The data controller responsible for processing personal data is, if a data subject lives outside the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time one of the individual pages of this website, which is operated by the data controller and on which a Facebook component (Facebook plugin) has been integrated, is called up, the internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook gains knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged into Facebook when accessing our websites, Facebook recognizes, with each visit to our websites by the data subject and throughout the duration of the respective stay on our websites, which specific subpage of our websites the data subject visits. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the integrated Facebook buttons, for example, the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook receives information via the Facebook component that the data subject has visited our website whenever the data subject is logged into Facebook at the same time as accessing our website; this occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of this information to Facebook is not desirable for the data subject, it can prevent the transmission by logging out of their Facebook account before accessing our website.
The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains what settings Facebook offers to protect the privacy of the data subject. Various applications are also available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
25. Privacy Policy on the Use and Application of X (formerly Twitter)
We have integrated components of X on our websites. X is a multilingual, publicly accessible microblogging service where users can post and share messages limited to 240 characters. These short messages are accessible to everyone, including individuals who are not registered with X. The posts are also displayed to the so-called followers of the respective user. Followers are other X users who follow a user's posts. Additionally, X allows addressing a broad audience through hashtags, links, or reposts.
The operating company of X is X Corp., 865 FM 1209, Building 2 Bastrop, TX 78602, USA.
Whenever one of the individual pages of this website, operated by the data controller, containing an X component (X button) is accessed, the user's browser is automatically prompted by the respective X component to download a representation of the X component. As part of this technical process, X learns which specific page of our website is being visited by the user. The purpose of integrating the X component is to allow our users to share the content of our website, increase the visibility of our site in the digital world, and boost our visitor numbers.
If the user is simultaneously logged into X, X will recognize with each visit to our website, and during the entire duration of the user's stay, which specific page of our website the user visits. This information is collected by the X component and attributed to the user's X account. If the user clicks on any of the integrated X buttons on our website, the transmitted data and information will be attributed to their personal X account and stored and processed by X.
X will always receive information that the user has visited our website when the user is logged into X at the time of accessing our website, regardless of whether the user clicks the X component or not. If the user does not want this information to be transmitted to X, they can prevent this by logging out of their X account before visiting our website.
The applicable privacy policy of X can be accessed at https://x.com/de/privacy.
26. Privacy Policy regarding the use and integration of YouTube
We have integrated components of YouTube on our websites. YouTube is an Internet video portal that allows video publishers to upload video clips for free and enables other users to view, rate, and comment on them for free as well. YouTube allows the publication of all types of videos, which is why complete movies and television shows, as well as music videos, trailers, or user-generated videos, are accessible via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time one of the individual pages of this website, operated by the data controller and containing a YouTube component (YouTube video), is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google are informed about which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged into YouTube, YouTube recognizes with the visit to a subpage containing a YouTube video which specific subpage of our website the data subject is visiting. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google always receive information via the YouTube component when the data subject visits our website if the data subject is logged into YouTube at the time of accessing our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want such information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before accessing our website.
The privacy policy published by YouTube, which can be accessed at https://www.google.com/intl/en/policies/privacy/ provides information about the collection, processing, and use of personal data by YouTube and Google.
27. Privacy Policy regarding the use of PayPal as a payment method
We have integrated components of PayPal on our websites. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which represent virtual private or business accounts. Additionally, PayPal offers the option to process virtual payments via credit cards for users who do not maintain a PayPal account. A PayPal account is managed through an email address, hence there is no traditional account number. PayPal allows for initiating online payments to third parties or receiving payments as well. Furthermore, PayPal acts as a trustee and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects "Paypal" as the payment option, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data necessary for payment processing.
The personal data usually transmitted to PayPal are first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. Personal data required for processing the purchase contract also include those data related to the respective purchase.
28. Linking and Content on Servers of Cooperation and Advertising Partners
Our websites and apps contain links to external websites operated by third parties over which we have no control. The respective operator is responsible for the content of these websites. Therefore, we distance ourselves from the content on third-party websites.
We also point out that upon becoming aware of any infringements of the law or content that we deem unacceptable, we will promptly remove such links. However, continuous monitoring of third-party content is not feasible.
Furthermore, we do not assume liability for content hosted on servers of our cooperation and advertising partners. Our privacy policies do not apply to them as they have their own policies. We ask every user to review these policies upon leaving our websites.
29. Legal Basis for Processing
Art. 6 I lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, for processing operations required for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, such as in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our premises and his name, age, health insurance data, or other vital information would need to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Finally, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the aforementioned legal bases, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).
30. Legitimate interests pursued by the controller or a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and shareholders.
31. Duration for which the personal data will be stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of the period, the corresponding data will be routinely deleted, unless they are no longer necessary for the fulfillment of a contract or for the initiation of a contract.
32. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information about the contractual partner). In some cases, it may be necessary to conclude a contract that the data subject provides us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data when our company enters into a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will individually clarify to the data subject whether the provision of the personal data is required by law or contract, whether there is an obligation to provide the personal data, and what consequences the non-provision of the personal data would have.
33. Existence of automated decision-making
We do not engage in automated decision-making or profiling.
- This privacy policy was partially created using the privacy policy generator provided by DGD (Deutsche Gesellschaft für Datenschutz GmbH) in cooperation with IT and data protection lawyer Christian Solmecke.
