Information on Data Protection
With this privacy notice, we inform you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The controller responsible for data processing is allbranded GmbH (hereinafter referred to as “we” or “us”).
I. General Information
1. Contact
If you have any questions or suggestions regarding this information, or if you wish to exercise your rights, please direct your request to:
allbranded GmbH
Stahltwiete 21a, 22761 Hamburg
Phone: +49 (0) 40 605 3373 54
Email: kundenservice@allbranded.de
2. Legal Basis
The term “personal data” under data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the applicable data protection regulations, in particular the GDPR and the BDSG. We only process personal data based on a legal permission. We process personal data only with your consent (Art. 6(1)(a) GDPR), for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR), for compliance with a legal obligation (Art. 6(1)(c) GDPR), or where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms requiring the protection of personal data override those interests (Art. 6(1)(f) GDPR).
3. Duration of Storage
Unless otherwise stated in the following notices, we store data only for as long as it is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such legal retention obligations may arise, in particular, from commercial or tax regulations. From the end of the calendar year in which the data was collected, we retain personal data contained in our accounting records for ten years and personal data found in business correspondence and contracts for six years. In addition, we retain data related to consents requiring documentation, as well as complaints and legal claims, for the duration of the applicable statutory limitation periods. We will delete data stored for advertising purposes if you object to its processing for that purpose.
4. Categories of Data Recipients
As part of processing your data, we engage processors. Processing activities carried out by such processors may include, for example, hosting, maintenance and support of IT systems, customer and order management, order fulfillment, accounting and billing, marketing measures, or the destruction of files and data carriers. A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but carry out data processing solely on the controller’s instructions and are contractually obligated to ensure appropriate technical and organizational measures for data protection. We may also transfer your personal data to entities such as postal and delivery services, banks, tax advisors/auditors, or tax authorities. Additional recipients may be identified in the following sections.
5. Data Transfer to Third Countries
Our data processing activities may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such a transfer is permitted if the European Commission has determined that the third country ensures an adequate level of data protection. If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if appropriate safeguards are provided pursuant to Art. 46 GDPR or if one of the exceptions under Art. 49 GDPR applies. Unless otherwise stated below, we use the EU Standard Contractual Clauses as appropriate safeguards for data transfers to third countries. You may request a copy of these EU Standard Contractual Clauses or inspect them. Please contact us at the address provided under “Contact.” If you have given your consent to the transfer of personal data to third countries, the transfer is based on the legal basis of Art. 49(1)(a) GDPR.
6. Processing in Connection with the Exercise of Your Rights under Art. 15 to 22 GDPR
If you exercise your rights under Articles 15 to 22 GDPR, we process the personal data you provide for the purpose of implementing those rights and to be able to demonstrate compliance. Data stored for the purpose of providing information and preparing the response will only be processed for this purpose and for data protection monitoring. Otherwise, processing will be restricted in accordance with Art. 18 GDPR. These processing activities are based on the legal basis of Art. 6(1)(c) GDPR in conjunction with Articles 15 to 22 GDPR and § 34(2) BDSG.
7. Your Rights
As a data subject, you have the right to assert your data subject rights with us. In particular, you have the following rights: Right of access under Art. 15 GDPR and § 34 BDSG: You have the right to request information about whether and to what extent we process your personal data. Right to rectification under Art. 16 GDPR: You have the right to request the correction of any inaccurate personal data. Right to erasure under Art. 17 GDPR and § 35 BDSG: You have the right to request the deletion of your personal data. Right to restriction of processing under Art. 18 GDPR: You may request that we restrict the processing of your personal data. Right to data portability under Art. 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit those data to another controller. Right to withdraw consent under Art. 7(3) GDPR: If you have given us consent to process your personal data, you may withdraw this consent at any time. The withdrawal does not affect the lawfulness of the processing carried out prior to the withdrawal. Right to lodge a complaint under Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority.
8. Right to Object
In accordance with Art. 21(1) GDPR, you have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. If we process your personal data for direct marketing purposes, you have the right to object to such processing at any time in accordance with Art. 21(2) and (3) GDPR.
9. Data Protection Officer
You can contact our Data Protection Officer at the following contact details: Email: datenschutzbeauftragter@allbranded.de Herting Oberbeck Datenschutz GmbH Hallerstr. 76, 20146 Hamburg https://www.datenschutzkanzlei.de
II. Data Processing on Our Website
When using our website, we collect information that you actively provide. In addition, certain information about your use of the website is automatically collected during your visit. Under data protection law, the IP address is generally also considered personal data. An IP address is assigned to each device connected to the internet by the internet service provider, in order to allow it to send and receive data.
1. Processing of Server Log Files
When using our website purely for informational purposes (i.e. without registration), general information is automatically stored that your browser transmits to our server. This includes, by default browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request, HTTP status code. This processing is carried out to safeguard our legitimate interests and is based on the legal basis of Art. 6(1)(f) GDPR. It serves the technical administration and security of the website. The stored data is deleted after no more than 14 days, unless there are specific indications of unlawful use, in which case further review and processing of the data may be necessary. We are not able to identify you as a data subject based on the stored information. Therefore, Articles 15 to 22 GDPR do not apply pursuant to Art. 11(2) GDPR, unless you provide additional information that enables your identification in order to exercise your rights under these articles.
3. Consent Management Tool
The consent management tool “Usercentrics” by Usercentrics GmbH (Germany/EU) allows users of our website to give consent for certain data processing operations, to revoke consent already given, or to object to data processing. The consent management tool also helps us provide proof of your declarations. For this purpose, protocol data related to your declarations is processed. This processing is necessary to document the consent given. The legal basis is Art. 6(1)(c) GDPR in conjunction with Art. 7(1) GDPR. Further information can be found in the settings of the consent management tool.
4. Contact Options and Inquiries
a. Contact Form Our website includes a contact form through which you can send us messages. The transmission of your data is encrypted (recognizable by the "https" in your browser’s address bar). All fields marked as mandatory are required in order to process your request. Failure to provide this data means we cannot process your request. The provision of additional information is voluntary. Alternatively, you can send us a message via the contact email. We process the data for the purpose of responding to your inquiry. If your inquiry relates to the conclusion or execution of a contract with us, the legal basis for the data processing is Art. 6(1)(b) GDPR. Otherwise, we process the data based on our legitimate interest in communicating with inquiring individuals. In this case, the legal basis is Art. 6(1)(f) GDPR.
b. Reviews and Feedback
We participate in the Trustpilot review system, a service provided by Trustpilot A/S (Denmark/EU). Trustpilot offers our customers the opportunity to rate our services. If you have used our services as a customer, we may request your consent to send a review request. If you give your consent, you will receive a review request with a link to a review page. To ensure that you have indeed used our services, we provide Trustpilot with the necessary data (this includes your name, email address, and a reference number). This data is used solely to verify the authenticity and address of the user. Your data is only shared with your consent in accordance with Art. 6(1)(a) GDPR. To submit a review, you must create a customer account with Trustpilot. Trustpilot is responsible for the related data processing. In this case, the terms and privacy policy of Trustpilot apply: https://de.legal.trustpilot.com/end-user-privacy-terms Additionally, we may integrate the Trustpilot widget into our website to display our current review status. Although the content is displayed within our online offering, it is retrieved from Trustpilot's servers. This requires the transmission of your IP address. Trustpilot also processes your data under its own responsibility and receives information that you, as a user, have visited our website. This information may be stored in a cookie and used by Trustpilot to track which online offerings participating in the Trustpilot review system you have visited. These details can be stored in a user profile and used for advertising or market research purposes. More information can be found in Trustpilot’s privacy policy: https://de.legal.trustpilot.com/end-user-privacy-terms The setting of cookies and the processing of your data as part of the widget integration only occurs with your consent pursuant to Art. 6(1)(a) GDPR.
5. Newsletter
Our website offers the option to subscribe to our newsletter. After subscribing, we will regularly inform you about current news and offers. A valid email address is required to subscribe. To verify the email address, you will first receive a registration email that must be confirmed via a link (double opt-in). When you subscribe to the newsletter via our website, we process personal data such as your email address and name based on the consent you provide. The processing is based on the legal basis of Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect, for example by clicking the "unsubscribe" link in the newsletter or by contacting us through the above-mentioned channels. The legality of the data processing already carried out remains unaffected by the revocation. When subscribing, we also store the IP address as well as the date and time of registration. This processing is required to prove that consent was given. The legal basis for this is our legal obligation to document your consent (Art. 6(1)(c) in conjunction with Art. 7(1) GDPR).
a. Newsletter Analytics
We also analyze the reading behavior and open rates of our newsletter. For this purpose, pseudonymized usage data is collected and processed, which we do not link to your email address or IP address. The legal basis for analyzing our newsletter is Art. 6(1)(f) GDPR, and the processing serves our legitimate interest in optimizing our newsletter. You may object to this at any time by contacting one of the above-mentioned channels.
b. Service Provider
We use the service MailerLite by MailerLite Limited to manage subscribers and send the newsletter. Your email address is therefore transmitted to MailerLite by us. The processing is carried out on our behalf and is based on Art. 6(1)(f) GDPR, serving our legitimate interest in optimizing and efficiently sending our newsletter. If you do not want your data to be processed by MailerLite, you should not subscribe to the newsletter or unsubscribe from it.
6. Google Tag Manager
We use the Google Tag Manager provided by Google Ireland Limited (Ireland/EU). The Google Tag Manager allows us to manage website tags through an interface. The Google Tag Manager is a cookie-less domain that does not collect or store personal data. It only triggers other tags, which in turn may collect data, without accessing this data itself. If a deactivation is made on domain or cookie level, it remains effective for all tracking tags implemented via Google Tag Manager.
7. Google Marketing Services
We use Google Analytics from Google Ireland Limited (Ireland/EU) to design our website according to user needs and continuously optimize it. The service uses cookies to analyze your use of our website. Personal data such as online identifiers (including cookie IDs), IP addresses, device identifiers, and interaction information with our website are processed. Google processes this information on our behalf to evaluate usage of our online offer, compile reports on website activities, and provide further services related to website and internet use. User profiles can be created from the processed data, which we may link to data obtained through our contact form or shop (e.g., customer ID). We use Google Analytics with IP anonymization enabled, which means user IP addresses are shortened within the EU or EEA. We utilize both Universal Analytics and Google Analytics 4, enabling us to track interaction data across devices and sessions. This helps analyze user actions in context and understand long-term behavior. User activity data is stored for 14 months and then automatically deleted. Other event data is stored for 2 months. Deletion of expired data occurs once a month. We also use Google Ads Conversions from Google Ireland Limited (Ireland/EU) to display relevant ads in the Google ad network (e.g., in search results or on websites), improve campaign reporting, and avoid repetitive ad placements. Each Ads customer uses a unique conversion cookie, which means these cookies are not trackable across different Ads customer websites. A cookie ID logs which ads are shown in which browser to avoid repeated display of the same campaign. Cookie IDs also enable tracking of conversions, i.e., whether a user views an ad, visits the advertiser's website, and makes a purchase. Remarketing allows us to re-engage users who have interacted with our website by displaying ads to them when they visit a Google site or a site in the Google ad network. When you visit our website, Google runs code and (re)marketing tags are integrated into the site. These tags store a cookie on the user's device. Cookies may be set from domains like google.com, doubleclick.net, googlesyndication.com, or googleadservices.com. These cookies record visited websites, interests, and used offers. Technical details like browser and OS info, referrer websites, visit time, and usage patterns are also stored. All data is processed pseudonymously and does not personally identify users. Ads are shown to the cookie holder, not a specific person. Further information about these processing activities, technologies used, stored data, and retention periods can be found in our Consent Management Tool settings. Google Marketing Services are used only with your consent under Art. 6(1)(a) GDPR. Data transfers to Google Inc. in the USA cannot be ruled out. See the section "Data transfers to third countries" for details. More on Google's privacy policy: https://www.google.com/policies/privacy
8. Microsoft Advertising
We use Microsoft Advertising from Microsoft Ireland Operations Limited (Ireland/EU). This online marketing service helps us target ads via Bing and Yahoo using the Universal Event Tracking (UET) tool. Microsoft Advertising uses cookies to process personal data such as online identifiers (including cookie IDs), IP addresses, device IDs, and browser/device configuration data. This information helps create conversion statistics that show how many users clicked an ad and visited our website. We learn the total number of users who clicked our ad and were redirected, but we do not receive personal identification data. Data stored or accessed on your device via Microsoft Advertising cookies occurs only with your consent. The legal basis is § 15(3) TMG or Art. 6(1)(a) GDPR. Further information on processing, technologies used, stored data, and retention periods is available in our Consent Management Tool. Microsoft’s privacy policy: https://privacy.microsoft.com/de-de/privacystatement
9. Facebook Pixel
We use the Facebook Pixel on our website, a Facebook Business Tool provided by Facebook Ireland Limited (Ireland, EU). Information on the contact details of Facebook Ireland and the contact details of Facebook Ireland’s Data Protection Officer can be found in the Facebook Ireland Data Policy at https://www.facebook.com/about/privacy. The Facebook Pixel is a piece of JavaScript code that allows us to track the activities of visitors on our website. This tracking is called Conversion Tracking. The Facebook Pixel collects and processes the following information (so-called Event Data): Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product; Specific pixel information such as the Pixel ID and the Facebook cookie; Information about buttons clicked by visitors to the website; Information contained in HTTP headers, such as IP addresses, browser information, page location, and referrer; Information on the status of ad tracking deactivation/restriction. Some of this Event Data includes information stored on your device. In addition, the Facebook Pixel uses cookies to store information on your device. Such storage of information by the Facebook Pixel or access to information already stored on your device only takes place with your consent. Tracked conversions appear in our Facebook Ads Manager dashboard and in Facebook Analytics. We can use the tracked conversions there to measure the effectiveness of our ads, to define Custom Audiences for ad targeting, for Dynamic Ads campaigns, and to analyze the effectiveness of our website’s conversion funnels. The functions we use via the Facebook Pixel are described in more detail below. Processing of Event Data for Advertising Purposes The Event Data collected via the Facebook Pixel is used for targeting our ads and improving ad delivery, for personalizing features and content, and for improving and securing Facebook products. For this purpose, Event Data is collected on our website via the Facebook Pixel and transmitted to Facebook Ireland. This only happens if you have previously given your consent. The legal basis for the collection and transmission of personal data by us to Facebook Ireland is therefore § 15 para. 3 TMG or Art. 6 para. 1 lit. a GDPR. This collection and transmission of Event Data is carried out by us and Facebook Ireland as joint controllers. We have concluded an agreement with Facebook Ireland on joint controllership, which sets out the allocation of data protection obligations between us and Facebook Ireland. In this agreement, we and Facebook Ireland have, among other things, agreed: that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR regarding the joint processing of personal data; that Facebook Ireland is responsible for enabling data subjects to exercise their rights under Art. 15 to 20 GDPR with regard to the personal data stored by Facebook Ireland following the joint processing. You can access the agreement between us and Facebook Ireland at https://www.facebook.com/legal/controller_addendum. For the processing of the transmitted Event Data following its transfer, Facebook Ireland is the sole controller. Further information on how Facebook Ireland processes personal data, including the legal basis relied upon by Facebook Ireland and the options for exercising your rights with Facebook Ireland, can be found in the Facebook Ireland Data Policy at https://www.facebook.com/about/privacy. Processing of Event Data for Analytics Purposes We have also instructed Facebook Ireland to prepare, based on the Event Data collected via the Facebook Pixel, reports on the impact of our advertising campaigns and other online content (campaign reports), as well as analyses and insights regarding users and their use of our website, products, and services (analytics). For this purpose, we transmit personal data contained in the Event Data to Facebook Ireland. The personal data transmitted is processed by Facebook Ireland as our processor in order to provide us with the campaign reports and analytics. Processing of personal data for the preparation of analytics and campaign reports only takes place if you have previously given your consent. The legal basis for this processing of personal data is therefore § 15 para. 3 TMG or Art. 6 para. 1 lit. a GDPR. A transfer of data to Facebook Inc. in the USA cannot be excluded. The legal basis for this transfer is the Standard Contractual Clauses for the transfer of personal data to processors in third countries. Please refer to the notes in the section “Data Transfer to Third Countries.”
10. LinkedIn Marketing Solutions
We use services of LinkedIn Marketing Solutions provided by LinkedIn Ireland Unlimited Company (Ireland/EU). For this purpose, the LinkedIn Insight Tag is integrated into our website, which is triggered by LinkedIn when our website is accessed and stores a cookie on your device. This enables us to perform various functions, which we describe in detail below. Function: Conversion Tracking LinkedIn Conversion Tracking is an analytics feature supported by the LinkedIn Insight Tag. The LinkedIn Insight Tag enables the collection of data regarding visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent), and timestamp. IP addresses are truncated or, when used to reach members across devices, hashed. LinkedIn does not provide us with personal data but only offers reports (in which you are not identified) about the website audience and ad performance. In this way, we can measure the effectiveness of LinkedIn ads for statistical and market research purposes. Direct identifiers of members are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then deletes the remaining pseudonymized data within 180 days. This processing is carried out for the purpose of obtaining information about our website audience and a report on the effectiveness of LinkedIn campaigns. Function: Audience Targeting We also use the “Matched Audiences” service to target our advertising campaigns to specific audiences. Through LinkedIn Matched Audiences and related data integrations, we can target advertising to specific audiences based on data we provide to LinkedIn (e.g., company lists, hashed contact information, device identifiers, or event data such as websites visited). This processing is carried out for the purpose of marketing our offers through audience-specific ad delivery. Further information about the processing activities in connection with LinkedIn Marketing Solutions, the technologies used, stored data, and retention periods can be found in the settings of our Consent Management Tool. The use of LinkedIn Marketing Solutions takes place only with your consent pursuant to § 15 para. 3 TMG or Art. 6 para. 1 lit. a GDPR. With LinkedIn services, a transfer of data to the USA cannot be excluded. Please refer to the notes in the section “Data Transfer to Third Countries.” Details on how LinkedIn handles your data, as well as your rights and settings options to protect your personal data, can be found in LinkedIn’s privacy notices at https://www.linkedin.com/legal/cookie-policy.
11. Friendly Captcha
We use the tool Friendly Captcha on this website, which is provided by Friendly Captcha GmbH (Germany, EU). To protect the website from spam and abuse, this tool is used for all contact forms. For such integration, the processing of your IP address is technically necessary in order to establish a connection to the servers of Friendly Captcha and to send the content to your browser. Your IP address is therefore processed by Friendly Captcha on our behalf and replaced by a hash value immediately after collection. Further information on data protection at Friendly Captcha can be found in Friendly Captcha’s privacy notice: https://friendlycaptcha.com/privacy/ We use the service for security reasons to verify whether form entries are made by a natural person. This way, automated access attempts and attacks can be detected and prevented. We are legally obliged to take technically and economically reasonable measures to ensure the security of our website. The legal basis is Art. 6 para. 1 lit. c GDPR in conjunction with Art. 32 GDPR and § 13 para. 7 TMG. You can disable this data processing at any time through the settings of your browser or certain browser extensions. One such extension is the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.
12. Tradedoubler
We have integrated the affiliate service of the provider Tradedoubler on our website to manage our referral programs. This internet-based sales method allows us to display advertisements on other websites and thereby acquire customers. Cookies and similar technologies are used for this purpose, and the cookie ID, IP address, and order number are processed on behalf of Tradedoubler. The cookies are set only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. Further information on data processing by Tradedoubler can be found here: http://www.tradedoubler.com/de/privacy-policy/
13. Smartlook
To analyze visits to our website, we use Smartlook, a service provided by Smartlook.com, s.r.o. (Czech Republic). By means of a script embedded by Smartlook, we can analyze your activities and behavior and track your movements using so-called "heatmaps." Personal data is processed in this context. This includes in particular your IP address, date and time of your visit, mouse movements and clicks, technical information such as screen resolution, operating system, browser type, and device type, as well as geolocation data (country and city). Furthermore, additional personal data may be collected that you enter into input fields during your visit to our website. Smartlook will use this information on our behalf to evaluate the use of our online offering by users and to compile reports on activities within our website. Areas of the website where payment data is displayed are automatically hidden from Smartlook and are therefore not traceable by the tool at any time. Further information about this processing activity, the technologies used, stored data, and retention periods can be found in the settings of our Consent Management Tool and at https://help.smartlook.com/docs/privacy-policy. The setting of cookies and the further processing of personal data described here only take place with your consent. The legal basis for the data processing related to the Smartlook service is therefore Art. 6 para. 1 lit. a GDPR.
14. Notifadz
To optimize our marketing activities, we use the tool Notifadz by Adrenalead SAS (https://adrenalead.com). With the help of cookies, Notifadz enables the transmission of web push notifications based on your usage behavior. A non-nominative profiling is performed, without processing personal data such as name or email address. The usage is based on your consent (Art. 6 para. 1 lit. a GDPR), which is obtained via our cookie banner. The processing takes place within the EU. You can revoke your consent at any time by disabling push notifications in your browser or by using an ad blocker. Further information can be found in the privacy policy of Adrenalead.
III. Data Processing on Our Social Media Pages
We maintain company pages on several social media platforms. Through this, we aim to offer additional opportunities to inform about our company and to facilitate communication. Our company has pages on the following social media platforms:
Facebook
Instagram
Twitter
LinkedIn
Xing
YouTube
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with the social media profile used also regularly constitutes personal data. This includes messages and statements made using the profile. Moreover, certain information is often automatically collected during your visit to a social media profile, which may also constitute personal data.
1. Visiting a Social Media Page
a. Facebook and Instagram Page
When visiting our Facebook or Instagram page, where we present our company or individual products from our offer, certain information about you is processed. The sole controller for this processing of personal data is Facebook Ireland Ltd (Ireland/EU – "Facebook"). Further information about Facebook’s data processing can be found at https://www.facebook.com/privacy/explanation. Facebook provides options to object to certain data processing; relevant information and opt-out possibilities can be found at https://www.facebook.com/settings?tab=ads. Facebook provides us with anonymized statistics and insights for our Facebook and Instagram pages, which help us understand the types of actions people take on our page (so-called “Page Insights”). These Page Insights are created based on certain information about individuals who have visited our page. This processing of personal data is conducted by Facebook and us as joint controllers. The processing serves our legitimate interest in analyzing the types of actions taken on our page and improving our page based on these insights. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. We cannot assign the information obtained from Page Insights to individual Facebook profiles that interact with our Facebook page. We have concluded an agreement with Facebook on joint controllership, which regulates the allocation of data protection obligations between us and Facebook. Details on the processing of personal data for Page Insights and the agreement with Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. Regarding these data processing activities, you have the right to exercise your data subject rights (see "Your Rights") also vis-à-vis Facebook. Further information can be found in Facebook’s privacy policy at https://www.facebook.com/privacy/explanation. Please note that, according to Facebook’s privacy policies, user data may also be processed in the USA or other third countries. Facebook transfers user data only to countries for which an adequacy decision by the European Commission according to Art. 45 GDPR exists or based on suitable safeguards under Art. 46 GDPR.
b. LinkedIn Company Page
For the processing of personal data when visiting our LinkedIn page, LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is generally the sole controller. Further information about the processing of personal data by LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy. When you visit our LinkedIn company page, follow this page, or engage with it, LinkedIn processes personal data in order to provide us with anonymized statistics and insights. These provide us with information about the types of actions people take on our page (so-called Page Insights). For this purpose, LinkedIn in particular processes data that you have already provided to LinkedIn through your profile information, such as data on function, country, industry, seniority, company size, and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g., whether you are a follower of our LinkedIn company page. Through Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to aggregated Page Insights. Nor is it possible for us to draw conclusions about individual members based on the Page Insights information. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these insights. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. We have concluded an agreement with LinkedIn regarding processing as joint controllers, which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. According to this agreement, the following applies: LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online using the following link: https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de or via the contact details in the privacy policy. You can contact the Data Protection Officer at LinkedIn Ireland using the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at the contact details we have provided regarding the exercise of your rights in relation to the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn. LinkedIn and we have agreed that the Irish Data Protection Commission will be the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority. Please note that according to the LinkedIn Privacy Policy, personal data may also be processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which there is an adequacy decision by the European Commission pursuant to Art. 45 GDPR or based on appropriate safeguards pursuant to Art. 46 GDPR.
c. Twitter
For the processing of personal data when visiting our Twitter profile, Twitter Inc. (USA) is generally the sole controller. Further information about Twitter Inc.’s data processing can be found at https://twitter.com/de/privacy.
d. Xing
For the processing of personal data when visiting our Xing profile, New Work SE (Germany/EU) is generally the sole controller. Further information about New Work SE’s data processing can be found at https://privacy.xing.com/de/datenschutzerklaerung.
e. YouTube
For the processing of personal data when visiting our YouTube channel, Google Ireland Limited (Ireland/EU) is generally the sole controller. Further information about data processing by YouTube or Google Ireland Limited can be found at https://policies.google.com/privacy.
2. Comments and Direct Messages
We also process information that you provide to us via our company pages on the respective social media platform. Such information may include the username used, contact data, or a message to us. We process this data as sole controller based on our legitimate interest in communicating with requesting persons. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR. Further data processing may take place if you have given consent (Art. 6 para. 1 lit. a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR).
IV. Further Data Processing
1. Contact via Email
If you send us a message via the specified contact email, we will process the data transmitted in order to answer your inquiry. We process this data based on our legitimate interest in contacting requesting persons. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR.
2. Customer and Prospect Data
If you contact our company as a customer or prospect, we process your data to establish or carry out the contractual relationship to the extent necessary. This regularly includes processing the personal master, contract, and payment data provided to us, as well as contact and communication data of our contacts at commercial customers and business partners. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR if you act as a direct contractual partner. If you contact us as a commercial customer on behalf of a company, we process your data under Art. 6 para. 1 lit. f GDPR based on our legitimate interest. We also process customer and prospect data for evaluation and marketing purposes. This processing is based on Art. 6 para. 1 lit. f GDPR and serves our interest in further developing our offer and informing you about our products in a targeted manner. Further processing may occur if you have consented (Art. 6 para. 1 lit. a GDPR) or if necessary to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR).
3. Use of Email Address for Marketing Purposes
We may use the email address you provided during registration or ordering to inform you about similar products and services offered by us. The legal basis is Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG (German Act Against Unfair Competition). You can object at any time without incurring costs other than transmission costs according to the basic tariffs. You can unsubscribe by clicking the unsubscribe link contained in every mailing.
4. Applications
If you apply to our company, we process your application data solely for purposes related to your interest in a current or future employment with us and the processing of your application. Your application will only be processed and reviewed by the relevant contacts within our company. All employees involved in the data processing are obligated to maintain the confidentiality of your data. If we are unable to offer you employment, we will store the data you submitted for up to six months after a possible rejection to respond to any questions related to your application and rejection. This does not apply if statutory provisions prevent deletion, further storage is necessary for evidence purposes, or you have explicitly consented to longer storage. The legal basis for this data processing is § 26 para. 1 sentence 1 of the German Federal Data Protection Act (BDSG). Should we store your applicant data beyond six months and you have explicitly consented to this, we point out that this consent can be revoked at any time under Art. 7 para. 3 GDPR without affecting the lawfulness of the processing carried out prior to the revocation.