Data privacy policy

1. About us

Weissenborn A/S (customer, “we”, “us”, “our”) is responsible for the collection, processing and storage of your data. For more information about us, please visit https://weissenborn.dk/imprint/ any time.

The careful handling of your personal data is our highest priority. We process your personal data in compliance with applicable law including. the General Data Protection Regulation (GDPR) and the respective national provisions.

This Privacy Policy applies to all Websites of our company which are accessible under our domains (www.weissenborn.dk) as well as for our fan pages in the social networks Facebook, YouTube, VIMEO, Instagram and LinkedIn. If you switch to websites of other operators within the scope of our offer, their own privacy policies apply, for the content of which the respective operators of these websites are responsible.

This Privacy Policy provides an overview of the personal data processing practices of our group companies. You will find below an overview of all our services in the context of which we collect and process personal data.

If separate or additional conditions apply to individual services or we ask you for your consent, we will point this out to you separately before using the respective service (e.g. for newsletter subscription or purchase in our online shop).

We also maintain various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organizational measures to always protect your data.

2. Why we process your data

You can use our Website without disclosing your identity. If you would like to register for one of our personalised services, use our online shop, subscribe to our newsletter or contact us, we will ask you for your name and other personal information. It is your free decision whether you provide this (extended) data. Data that we absolutely need from you to provide our services are indicated as such.

Your personal data is collected and processed for the following purposes on the basis of the following legal bases:

  • Contract initiation pursuant to Art. 6 (1) lit. a) and b) GDPR
  • Contract execution in accordance with Art. 6 (1) lit. b) GDPR
  • Customer management in accordance with Art. 6 (1) 1 lit. b) and c), f) GDPR
  • communication and data exchange pursuant to Art. 6 (1) lit. a), b), c), f) GDPR
  • direct marketing and advertising pursuant to Art. 6 (1) lit. a), f) GDPR
  • Implementation of declarations of consent pursuant to Art. 6 (1) lit. a) GDPR
  • Ensuring the proper operation of a data processing system in accordance with Art. (1) lit. c) and f) GDPR
  • Applicant selection procedures within the framework of personnel and resource management on the basis of Art. 6 (1) lit. a), b) GDPR (in Germany in conjunction with § 26 BDSG)

3. Which data we collect and process from you

We collect different categories of personal data from you. Personal data is all information relating to an identified or identifiable natural person or as defined under applicable law an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data includes, for example, information such as your name, your address, your telephone number and your date of birth (if stated). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of individual websites of our offer or the number of users of a page – does not qualify as personal data. Data is collected directly and indirectly. In both cases, data will only be collected to the extent necessary; the data will only be processed for the purposes stated under point 2. It is your decision whether you want to transmit data to us that optimizes the use of our services for you, yet is not necessary. Corresponding data fields are indicated as ‚voluntary‘.

The personal data we collect directly from you include:

  • Your salutation, title and name, e.g. to personalize your user account
  • Mail address and, if applicable, a password chosen by you, e.g. for the purpose of newsletter subscription, the use of your customer account or to contact you via our contact form.
  • Candidate data submitted in connection with our online application procedure
  • Data that you voluntarily (actively and deliberately) transmit to us as part of the use of our services, plus further data that you choose to provide.

In addition, data about you is collected indirectly when using our services:

  • Technical connection data, e.g. the page called up on our Website, your IP address, shortened by the last three digits, date and time of the call, terminal device used
  • Data collected in the context of website tracking and newsletter tracking
  • Data that we receive from our service providers as part of order processing in our online shop, e.g. information on payment probabilities and payment disruptions or delivery notifications.

Minors:

Our Website is not intended for minors under the age of 16 and we do not knowingly collect personal data from minors.

If persons under the age of 16 transmit personal data to us, this is only permitted if the parent/guardian has consented or has consented to the consent of the minor. For this purpose, the contact data of the legal guardian must be communicated to us in accordance with Art. 8 (2) GDPR in order to convince us of the consent or the consent of the legal guardian. These data as well as the data of the minor will then be processed in accordance with this data protection declaration.

If we determine that a minor under the age of 16 has sent us personal data without the parental consent or consent of the minor, we will delete the data immediately.

4. Who has access to your data and
to whom we transmit your data

Access

Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who require use ore access to your personal data due to their tasks.

If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.

We also use service providers to provide services and process your data (including hosting, sending newsletters, delivering ordered goods, processing payments, sending letters or e-mails and maintaining and analysing databases, securing our web servers or for website tracking). Insofar service providers are commissioned, we indicate this in Section 7 and/or 8. The service providers are bound by contractual obligations to keep personal data confidential, to process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.

Data exchange within the group of companies

Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and serves only internal administrative purposes. By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR. For data transfers outside the EU/EEA, we obtain guarantees in accordance with Art. 44 et seq. GDPR to ensure an adequate level of data protection.

Transfer to third countries and legal basis

The servers of some of the service providers we use are located in the US and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data are processed in a country that does not have a recognised high level of data protection such as the European Union, we use contractual regulations or other recognised instruments to ensure that your personal data are adequately protected. We expressly point this out to you again within the scope of the individual services.

Insofar as personal data is transferred to third countries, this is done on the basis of the EU Model Clauses 2010 pursuant to Art. 46 (2) lit. c GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU) or your consent pursuant to Art. 49 (1) lit. a) GDPR.

Transmission to law enforcement and criminal investigation authorities

In exceptional cases we transmit personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws or international laws as they may apply.

5. Retention periods

We store personal data within the framework of legal regulations or your consent.

We use the following criteria to determine the applicable retention period:

We store the personal data until the purposes for which they were collected cease to apply (e.g. at the end of a contractual relationship or through the last activity, if no continuing obligation exists, or in the case of a revocation of your consent for the specific data processing).

Further data will only be stored if

  • legal storage obligations (e.g. according to AO (Abgabenordnung – German Fiscal Code) and HGB (Handelsgesetzbuch – German Commercial Code)) exist;
  • the data is still needed to assert and exercise legal claims or to defend against legal claims, e.g. due to technological and forensic requirements to defend against attacks on our web servers and their prosecution;
  • the deletion would be contrary to the legitimate interest of the data subjects;

or

  • another exception pursuant to Art. 17 (3) GDPR applies.

6. Your Rights

You have a number of legal rights to which we would like to draw your attention below. Of course, our data protection officer is also available to answer any questions you may have about your personal data that we have collected and processed using the contact details given below.

Subject Acces Request (SAR) and data transferability

You have the Right of Access to obtain records to your personal information by us (SAR)

If the data processing is based on your consent or according to Art. 6 (1) lit. b) GDPR on a contract, you may also request in accordance with Art. 20 (1) GDPR to receive the personal data stored about you in a structured, current and machine-readable format. At your request, we will also forward the data directly to the recipient of your choice.

Right to rectification, restriction and deletion

Furthermore, in accordance with Articles 16 to 18 GDPR, you can request us to correct, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason to restrict further data processing, or if data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to deletion may be restricted by legal retention periods.

Rights of objection

If our data processing is based exclusively on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, you may object to this processing pursuant to Art. 21 (1) GDPR. Then we will stop processing your data unless we can prove grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 (2) GDPR.

Right of revocation

If you have allowed us to process your personal data by giving your consent, you have a right of revocation with effect for the future pursuant to Art. 7 (3) GDPR.

Right of appeal to the Supervisory Authority

You are free to complain to a supervisory authority if you believe that our processing of your personal data violates the GDPR or other national and international data protection laws.

Contact information

To exercise your rights, you can send us an informal message to the following contact details. Please also address the revocation of your consent to the following contact details, indicating which declaration of consent you would like to revoke:

Controller DPO

Weissenborn A/S

Sadelmagervej 20

DK-7100 Vejle

 

Managing Directors:

Morten H. Christensen

Arne Karschunke

Phone: +45 75 72 77 00

E-mail: info[at]weissenborn[.]dk

 

it.sec GmbH

Einsteinstr. 55

89077 Ulm

Germany

 

Phone: +49 731 20 589-24

Fax: +49 731 20 589-29

E-mail: datenschutz@it-sec.de

7. Use of our Website – profiling, cookies and web tracking

Basic information on cookies and opt-out options

We use so-called cookies in some areas of our Website, e.g. to recognize the preferences of visitors and to be able to design the website accordingly. This facilitates navigation and a high degree of user-friendliness of a website. Cookies also help us to identify particularly popular areas of our Website. Cookies are small files that are stored on a visitor’s hard drive of the used device. They allow information to be stored for a certain period of time and to identify the visitor’s computer. For better user guidance and individual service presentation, we use permanent cookies.

We also use so-called session cookies, which are automatically deleted when you close your browser. You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. This is done to verify the authorization of actions and the authentication of the requesting user of our services. The legal basis is Art. 6 (1) lit. c) in conjunction with Article 32 and Article 6 (1) lit. f) GDPR. Our legitimate interest is to secure our web server, for example to defend ourselves against attacks, and to ensure the functionality of our services.

We only set non-technically necessary cookies after your express consent, which you can of course revoke at any time.

As part of our cookie information on our Website, you have agreed to the following statement in this regard:

This Website uses tracking cookies or tracking software to provide you with the full functionality of our Website and thus a better online experience. You can find more detailed information on the cookies and web tracking procedures used by us and the consents you have given us in our data protection declaration under

However, technically unnecessary cookies or our tracking software will not be activated until you have given us your consent. [Agreed]

If you exclude the use of cookies, you may not be able to use certain functions of our Website – including the possibility of cookie-based opt-out from tracking. Please allow the opt-out cookies of those services for which you wish to prevent tracking.

Please also note that deleting all cookies will also delete opt-out cookies. You may therefore have to reset them. Cookies are also browser-bound, i.e. they must be set separately for each browser you use on each device you use. You will find the necessary links in the description of the respective service below.

The following cookies are used by us – with your consent and without having set one or more opt-out cookies – for the described purposes:

Name of Cookie Purpose Storage duration Technically necessary Revocation of consent (if cookie is not technically necessary)
APISID, HSID, LOGIN_INFO, OTZ, SAPISID, SID, SSID, PREF, VISITOR_INFO1_LIVE, YSC, enabledapps.uploader, endscreen-metadata-editor-gh, CONSENT

These cookies are used by YouTube/

Google to collect usage information for embedded YouTube videos and Google Maps.

Varies, from 1 session up to 2 years no see below
borlabs-cookie Saves the settings of the visitors selected in the cookie box of Borlabs Cookie. 1 year yes

YouTube Video, embedded via iFrame in the extended privacy mode

We use YouTube, a service from Google, to show you video content. To protect your privacy, we have activated the extended privacy mode.

YouTube also uses cookies to collect information about visitors to their website. YouTube uses these, among other things, to collect video statistics, to prevent fraud and to improve user-friendliness. In the process, calling up a video usually also leads to a connection being established with the Google DoubleClick network. When you start the video, this could trigger further data processing operations, especially if you are already logged into YouTube. We have no influence on this.

By pressing the start button on the video, you consent to the transmission of data to Google LLC:

For more information about data protection at YouTube, see their privacy policy (http://www.youtube.com/t/privacy_at_youtube)

Recipient of the data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The legal basis for the transfer of the Data are the Model Clauses pursuant to Art. 46 para. 2 lit. c GDPR in conjunction with the decision of the EU Commission of 5 February 2010 (2010/87/EU). Additional measures to ensure a higher level of protection of personal data and effective legal protection for data subjects are currently in preparation.

Social Media Buttons

Our website uses social media buttons (Facebook, YouTube, Instagram, LinkedIn) to enable you to interact with third parties.

These social media buttons are not integrated as plugins via a so-called iFrame, but are provided as links. By clicking on the social media buttons you will be redirected to the page of the respective provider. The respective provider is then responsible for compliance with data protection regulations and for the correctness, topicality and completeness of the data processing information provided there in accordance with Art. 4 No. 17 GDPR.

DoubleClick by Google

Doubleclick by Google uses cookies to present you with ads that are relevant to you. In the process, a pseudonymous identification number is assigned to your browser in order to check which ads were displayed in your browser and which ads were called up. The cookies do not contain any personal information. The use of DoubleClick cookies only enables Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet. The information generated by the cookies is transmitted and stored by Google for analysis. A transfer of data by Google to third parties only takes place due to legal regulations or in the context of data processing. Google will not collate your data with other data collected by Google.

If you do not agree with this form of processing, you can prevent the storage of cookies by selecting the appropriate settings on your browser. In addition, you can prevent the collection of data generated by the cookies and related to your use of the websites to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available here <https://support.google.com/ads/answer/7395996?hl=de>. Alternatively, you can also deactivate the Doubleclick cookies on this page < http://www.google.com/ads/preferences/html/opt-out.html>.

Recipient of the data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The legal basis for the transfer of the Data are the Model Clauses pursuant to Art. 46 para. 2 lit. c GDPR in conjunction with the decision of the EU Commission of 5 February 2010 (2010/87/EU). Additional measures to ensure a higher level of protection of personal data and effective legal protection for data subjects are currently in preparation.

8. Supplementary notes and provisions on specific services

Newsletter

At your express request, we will send you our newsletter on the topics you have chosen as well as information about our company. Please note that delivery can only take place once you have expressly confirmed your subscription request again in the context of our double opt-in procedure.

The personal data collected within the scope of the newsletter registration will be used exclusively for sending and personalising the newsletter (e.g. to address you by your name). You can revoke your consent to the storage of personal data that you have given us for sending the newsletter at any time with effect for the future. For the purpose of revoking your consent, each newsletter contains an appropriate link; alternatively, you are welcome to contact us directly so that we can implement your revocation. Details of the consent given to us were communicated to you in the Double-Opt-In-Mail.

Newsletter Usage Analysis

Our newsletter contains tracking pixels. A pixel-code is an invisible graphic in HTML e-mails with the purpose of enabling a log file recording and a recording of the links activated from the newsletter with subsequent analysis when the e-mail is opened. This enables us to evaluate the success of our newsletter campaigns by means of statistical evaluations and to optimise our newsletter in order to present you, for example, topics and offers that are better suited to your interests.

The personal data collected in this way will be processed by our service provider named below.

If you do not agree to this, you can cancel the newsletter at any time via this <LINK>.

Recipient of the Data: […]

The legal basis for the transfer of the Data are the Model Clauses pursuant to Art. 46 para. 2 lit. c GDPR in conjunction with the decision of the EU Commission of 5 February 2010 (2010/87/EU). Additional measures to ensure a higher level of protection of personal data and effective legal protection for data subjects are currently in preparation.

Contact form

Data that you transmit to us via our contact form will be processed for the purpose of communication and data exchange, i.e. to respond to your specific request. These data are stored as long as their processing is necessary for these purposes or until the expiry of any subsequent retention periods.

Online application process

We offer you the opportunity to apply to us online by e-mail. The transmission of the data entered by you as well as the file attachments sent along takes place via a transport-secured connection. Your electronic application data will be received by the relevant personnel department and only forwarded to the department responsible for the respective position or to the persons in charge of processing. All parties involved treat your application documents with the necessary care and with absolute confidentiality.

After completion of the applicant selection process, we will keep your application documents for 3 months and then delete or destroy any copies unless we have concluded an employment contract with you. Should we wish to include your application documents in our applicant pool, we will contact you. In the notification you can actively consent to the further storage of your documents. Your applicant account and the data stored in it remain stored regardless of an actual active application as long as you do not deactivate it, so that you have the possibility to apply for further positions with us.

Please note that applications that you send us by e-mail are not encrypted. We therefore recommend the use of encryption software.

Data processing for direct marketing purposes

Postal advertising

To the extent permitted by law, we may also use your name and the postal address known to us to send you advertising for our own offers. The legal basis is Art. 6 (1) lit. f) in conjunction with Recital 47 GDPR. Our legitimate interest is to promote sales or demand from our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the contact data mentioned above is sufficient. We will then delete your data from our mailing list. The data proving your objection will be kept for another 6 years in accordance with art. 17 (3) lit. e) GDPR. During this period, however, your personal data will be blocked for further processing.

Telephone advertising

To the extent permitted by law, we may also use your name, company affiliation and telephone number provided to inform business customers about our own offers, assuming your presumed interest. The legal basis is Art. 6 (1) lit. f) in conjunction with Recital 47 GDPR, § 7 (2) No. 2 UWG. Our legitimate interest is to promote sales or demand from our existing business customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the contact data mentioned above is sufficient. We will then delete your data from our mailing list. The data proving your objection will then be kept for another 6 years in accordance with Art. 17 (3) lit. e) GDPR. During this period, however, your personal data will be blocked for further processing.

9. Fanpages

Facebook

Social network:

facebook.com

We would like to point out that Facebook is just another of several options for contacting us or receiving information from us.

Controller with whom the fan page is jointly operated (‚platform operator‘):

Facebook Inc.

Menlo Park
CA 512374
USA

 

Controller for data processing of persons living within the European Union:

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

In an agreement pursuant to Art. 26 Para. 1 GDPR, the joint controllers have defined who fulfils which obligation under the GDPR

The agreement within the meaning of Article 26 Para. 1 GDPR can be found at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The platform operator makes the essential contents of this agreement available to the data subjects.

Contact details for data protection: The contact details for data protection can be taken from our privacy notice, the data protection officer of the platform operator can be contacted under the following web form: https://www.facebook.com/help/contact/540977946302970
Categories of data subjects:

Registered and unregistered visitors of our fan page in the social network

We point out to the data subjects that they use facebook and its functions on their own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, rating).

Categories of personal data:

 

Data that we process from registered visitors to our fan page:

User ID under which you registered, approved profile data (e.g. name, profession, addresses, contact data, if applicable also special categories of personal data such as religious affiliation, health data etc.), and other data which we may process. ), data that is created when sharing content, exchanging messages and communication, data that is required in the context of contract processing at the request of registered visitors; otherwise, we only process pseudonymous data such as statistics and insights into how our fan page, the posts, pages, videos and other content provided on it interacts (page activity, page views, „Like“ information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements.

The pseudonymised data cannot be combined by us with the corresponding attribution feature (e.g. name details). It is therefore not possible for us to identify individual visitors, who thus remain anonymous to us.

 

Data that we process from non-registered visitors to our fan page:

Pseudonymous data such as statistics and insights into how people interact with our fan page, the posts, pages, videos and other content provided on it (page activity, page views, „Like“ information, reach, general demographic, location and interest information on age, gender, country, city, town, language), evaluations of the success and background of our advertisements, other analyses and measurements.

The pseudonymised data cannot be combined by us with the corresponding attribution feature (e.g. name details). It is therefore not possible for us to identify individual visitors, who thus remain anonymous to us.

 

Data that the platform operator processes about registered and non-registered visitors to our fan page can be found on the following link::

https://www.facebook.com/privacy/explanation

The platform operator may use various analysis tools for evaluation.

We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. If tools of this kind are used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any other way. Also, the data obtained during the analysis is not made available to us. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor any other effective means of control.)

Origin of the data

 

We receive the data from the data subjects directly or from the platform operator.

The following link shows where the platform operator obtains the data of the data subjects: https://www.facebook.com/privacy/explanation

We have no influence or effective means of controlling whether the procurement of data by the platform operator is permissible.

Legal basis of the data processing

 

We process the data on the basis of the following legal bases:

Art. 6 para. 1 lit. a) GDPR: Consent of the data subjects

if applicable, Art. 6 para. 1 lit. b) GDPR: Performance of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject

Art. 6 para. 1 letter f) GDPR legitimate interest

Simplification of communication and data exchange by complementing existing communication channels such as the website, press releases, print products and events with the fan page

o Promotion of the sales of our products and services or the demand as well as the recruitment of new staff by transparent appearance and regular contributions to …

o Optimization of our fan page

We process special categories of personal data, if at all, only on the basis of the following legal principles:

Article 9 paragraph 2 letter a) GDPR: Consent of the data subject

Art. 9 para. 2 lit. e) GDPR: The data subject has manifestly made the personal data public

The legal bases on which the platform operator bases the data processing can be found in the following link: https://www.facebook.com/about/privacy/legal_bases

If the data subjects are tracked by collecting their data, whether by using cookies or comparable techniques or by storing the IP address, the platform operator will obtain the consent of the data subjects in advance.

In particular, the platform operator is obliged to inform the data subjects for which purposes and on which legal basis the first call of a fan page generates entries in the so-called Local Storage, even in the case of non-registered visitors, and whether personal data of non-registered visitors (e.g. IP address or other data that condense into personal data) are also used to create profiles.

We have no influence or effective means of controlling whether data processing is permitted by the platform operator.

Purposes of data processing

 

The data are processed for the following purposes:

– external presentation and advertising

– Communication and data exchange

– Event Management

– if necessary, contract initiation and processing

Information on the purposes for which the platform operator processes the data can be found in the following link: https://www.facebook.com/privacy/explanation

We have no influence on the purposes for which the platform operator actually uses the data. We also have no effective means of control in this respect.

Retention

The storage and deletion of the data is the duty of the platform operator in accordance with the agreement in the sense of Art. 26 para. 1 GDPR. The information on this can be obtained from the following link:

https://www.facebook.com/privacy/explanation

We have no influence on how the platform operator determines the regular retention periods and how the data is deleted. We also have no effective control possibilities in this respect..

Categories of recipients Only our employees and service providers who maintain our fan page and need the data for the above-mentioned purposes have access to the data processed by us. If the data subjects post their data publicly on our fan page, these data can be accessed by other registered and possibly also non-registered visitors.

The recipient categories to which the platform operator discloses the data or allows registered visitors to disclose their data, as well as information on intra-group data exchange, can be found in the following link:

https://www.facebook.com/privacy/explanation

We have no influence on the disclosure of data to individual recipients (categories) by the platform operator. We also have no effective means of control in this respect..

Data transfers to third countries

If the data subjects post their data publicly on our fan page, they can be accessed by other registered and possibly also unregistered visitors worldwide.

 

In the context of the operation of our fan page, the data is also processed by Facebook Inc. The associated data transfer to the USA as a third country is currently taking place due to technical necessity of the data partially accessed in the USA without an adequate level of data protection. Please note that due to the decision of the European Court of Justice on the invalidity of the privacy shield, the data transfer to the USA may possibly be carried out without an adequate level of data protection and we are therefore currently working on a solution. If you nevertheless call up our fan page, we would like to point out explicitly that your basic rights under Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union (CFR) are not adequately taken into account in the USA.

The platform operator will transfer the data to the United States, Ireland and any other country in which the platform operator does business, regardless of the residence of the data subjects, and will store and otherwise process the data there.

Related data transfers to third countries are secured by an adequacy decision of the EU Commission in accordance with Art. 45 GDPR or by suitable guarantees in accordance with Art. 46 GDPR: https://www.facebook.com/privacy/explanation

We have no influence on the data transfers to third countries carried out by the platform operator. We also have no effective means of control in this respect..

Logic involved and scope of a profiling or an automated individual decision based on the collected data

If the data subjects are tracked by the collection of their data, whether by using cookies or comparable techniques or by storing the IP address, the platform operator is obliged under the terms of the agreement within the meaning of Art. 26 Para. 1 GDPR to provide information about this. In particular, the platform operator is obliged to inform the data subjects of the purposes and legal basis if, after calling up a subpage within our fan page, one session cookie and three cookies with lifetimes between four months and two years are stored.

The information on this can be taken from the following link:

https://www.facebook.com/privacy/explanation

https://www.facebook.com/policies/cookies/

The platform operator may use various analysis tools for evaluation.

We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. If tools of this kind are used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any other way. Also, the data obtained during the analysis is not made available to us. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page and no other effective means of control..

Rights of data subjects

The joint controllers must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator on the basis of the agreement within the meaning of Article 26 (1) GDPR:

https://www.facebook.com/privacy/explanation

If certain conditions are met, data subjects have the right of access, correction or deletion of personal data concerning them or the right to limit the processing of data by the data controller, in accordance with Art. 15 to Art. 18 GDPR. Data subjects also have the right to withdraw their consent to the processing of their personal data at any time with effect for the future (Art. 7 para. 3 GDPR). They may also object to the further processing of their data, which is based solely on the legitimate interest of the controller pursuant to Art. 6 para. 1 lit. f) GDPR (Art. 21 para. 1 GDPR), if interests worthy of protection in excluding data processing arise from their particular personal situation and there are no longer compelling reasons for the controller to continue processing the data. If personal data are processed for the purpose of direct marketing, data subjects have the right to object to such processing at any time with effect for the future (Art. 21 para. 2 GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) (a), Art. 9 (1) (a) GDPR or pursuant to Art. 6 (1) (b) GDPR on a contract with the data subject and is carried out with the aid of automated procedures, the data subjects may, pursuant to Art. 20 (1) DGVO, request to receive the personal data stored about them in a structured, common and machine-readable format or to have it transmitted to a third party designated by the data subject.

In principle, data subjects have the right not to be subjected to any automated individual decision pursuant to Art. 22 para. 1 GDPR. Insofar as such an automated individual decision is permissible pursuant to Art. 22 Paragraph 2 Letters a) to c) GDPR, data subjects are granted the following rights pursuant to Art. 22 Paragraph 3 GDPR: the right to present one’s own point of view, the right to object to the intervention of a person on the part of the Controller, the right to challenge the automated individual decision (right of appeal).

Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/.

 

Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data violates the basic data protection regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is:

Data Protection Commission

21 Fitzwilliam Square, Dublin 2
D02 RD28, Ireland

Website: https://www.dataprotection.ie/docs/Contact-us/b/11.htm

Website: http://gdprandyou.ie/contact-us/

Instagram

Social network:

Instagram.com

Please note that Instagram is just one more of several options for contacting us or receiving information from us.

Controller with whom the fan page is jointly operated (‚platform operator‘):

Facebook Inc.

Menlo Park
CA 512374
USA

 

Controller for the processing of data of persons living within the European Union:

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

In an agreement pursuant to Art. 26 Para. 1 GDPR, the joint controllers have defined who fulfils which obligation under the GDPR

 

The agreement within the meaning of Article 26 Para. 1 GDPR can be found at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The platform operator makes the essential contents of this agreement available to the data subjects.

Contact information on data protection:

The contact data for data protection can be taken from our privacy notice on our website or the data protection officer of the platform operator can be contacted under the following web form:

https://www.facebook.com/help/contact/540977946302970

Categories of data subjects:

Registered and unregistered visitors of our fan page in the social network

We would like to point out to the data subjects that they use Instagram and its functions on their own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, rating).

Categories of personal data:

Data that we process from registered visitors to our fan page:

User ID under which you registered, approved profile data (e.g. name, profession, addresses, contact data, if applicable also special categories of personal data such as religious affiliation, health data, etc.)), data that is created when sharing content, exchanging messages and communication, data that is required in the context of contract processing at the request of registered visitors; otherwise we only process pseudonymised data such as statistics and insights into how our fan page, the contributions, pages, videos and other content is interacted with (page activities, page views, „Like“ information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements.

The pseudonymised data cannot be combined by us with the corresponding allocation feature (e.g. name details). It is therefore not possible for us to identify individual visitors, who thus remain anonymous to us.

Data that we process from non-registered visitors to our fan page:

Pseudonymized data such as statistics and insights into how our fan page, the contributions, pages, videos and other content is interacted with (page activities, page views, „Like“ information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements.

The pseudonymised data cannot be combined by us with the corresponding allocation feature (e.g. name details). It is therefore not possible for us to identify individual visitors, who thus remain anonymous to us.

Data, which the platform operator processes about the registered and non-registered visitors of our fan page, can be taken from the following link:

https://www.facebook.com/privacy/explanation

https://help.instagram.com/519522125107875

The platform operator may use various analysis tools for evaluation.

We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. If tools of this kind are used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any other way. Also, the data obtained during the analysis is not made available to us. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor any other effective means of control.

Origin of the data We receive the data from the data subjects directly or from the platform operator.

The following link shows where the platform operator obtains the data of the data subject:

https://www.facebook.com/privacy/explanation

https://help.instagram.com/519522125107875

We have no influence or effective means of controlling whether the procurement of data by the platform operator is permissible.

Legal basis of the data processing

We process the data on the basis of the following legal bases:

–        Art. 6 para. 1 lit. a) GDPR: Consent of the data subjects

–        if applicable, Art. 6 para. 1 lit. b) GDPR: Performance of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject

–        Art. 6 para. 1 letter f) GDPR legitimate interest

o    Simplification of communication and data exchange by complementing existing communication channels such as the website, press releases, print products and events with the fan page

o    Promotion of the sales of our products and services or of the demand as well as the recruitment of young talents through transparent appearance and regular contributions to …

o    Optimization of our Fanpage

We process special categories of personal data, if at all, only on the basis of the following legal principles:

–        Art. 9 para. 2 lit. a) GDPR: Consent of the data subject

–        Art. 9 para. 2 lit. e) GDPR: The data subject has manifestly made the personal data public

The legal bases on which the platform operator bases the data processing can be found in the following link:

https://www.facebook.com/about/privacy/legal_bases

https://help.instagram.com/519522125107875

If the data subjects are tracked by collecting their data, whether by using cookies or comparable techniques or by storing the IP address, the platform operator will obtain the consent of the data subjects in advance.

In particular, the platform operator is obliged to inform the data subjects for which purposes and on which legal basis the first call of a fan page generates entries in the so-called Local Storage, even in the case of non-registered visitors, and whether personal data of non-registered visitors (e.g. IP address or other data that condense into personal data) are also used to create profiles.

We have no influence or effective means of controlling whether the data processing is permitted by the platform operator.

Purposes of data processing

The data are processed for the following purposes:

–        Public image and advertising

–        Communication and data exchange

–        Event Management

–        if necessary, contract initiation and processing

Information on the purposes for which the platform operator processes the data can be found in the following link:

https://www.facebook.com/privacy/explanation

https://help.instagram.com/519522125107875

We have no influence on the purposes for which the platform operator actually uses the data. We also have no effective means of control in this respect.

Retention

The storage and deletion of the data is the duty of the platform operator in accordance with the agreement in the sense of Art. 26 para. 1 GDPR. The information on this can be found in the following link:

https://www.facebook.com/privacy/explanation

https://help.instagram.com/519522125107875

We have no influence on how the platform operator determines the regular retention periods and how the data is deleted. We also have no effective means of control in this respect.

Categories of recipients Only our employees and service providers who maintain our fan page and need the data for the above-mentioned purposes have access to the data processed by us. If the data subjects post their data publicly on our fan page, these data can be accessed by other registered and possibly also non-registered visitors.

The recipient categories to which the platform operator discloses the data or allows registered visitors to disclose their data, as well as information on the intra-group data exchange, can be found at the following link: https://www.facebook.com/privacy/explanation

https://help.instagram.com/519522125107875

We have no influence on the disclosure of data to individual recipients (categories) by the platform operator. We also have no effective means of control in this respect.

Data transfers to third countries

 

If the data subjects post their data publicly on our fan page, they can be accessed by other registered and possibly also unregistered visitors worldwide.

 

In the context of the operation of our fan page, the data is also processed by Facebook Inc. The associated data transfer to the USA as a third country is currently taking place due to technical necessity of the data partially accessed in the USA without an adequate level of data protection. Please note that due to the decision of the European Court of Justice on the invalidity of the privacy shield, the data transfer to the USA may possibly be carried out without an adequate level of data protection and we are therefore currently working on a solution. If you nevertheless call up our fan page, we would like to point out explicitly that your basic rights under Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union (CFR) are not adequately taken into account in the USA.

The platform operator will transfer the data to the United States, Ireland and any other country in which Facebook does business, regardless of the residence of the data subjects, and will store and otherwise process the data there.

Related data transfers to third countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR:

https://www.facebook.com/privacy/explanation

https://help.instagram.com/519522125107875

We have no influence on the data transfers to third countries carried out by the platform operator. We also have no effective means of control in this respect.

Logic involved and scope of a profiling or automated individual decision based on the collected data

If the data subjects are tracked by the collection of their data, whether by using cookies or comparable techniques or by storing the IP address, the platform operator is obliged under the terms of the agreement within the meaning of Art. 26 Para. 1 GDPR to provide information about this. In particular, the platform operator is obliged to inform the data subjects of the purposes and legal basis if, after calling up a subpage within our fan page, one session cookie and three cookies with lifetimes between four months and two years are stored.

The information on this can be obtained from the following link:

https://www.facebook.com/privacy/explanation

https://www.facebook.com/policies/cookies/

https://help.instagram.com/519522125107875

The platform operator may use various analysis tools for evaluation.

We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. If tools of this kind are used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any other way. Also, the data obtained during the analysis is not made available to us. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor any other effective means of control.

Rights of data subjects

The joint controllers must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator on the basis of the agreement within the meaning of Article 26 (1) GDPR:

https://www.facebook.com/help/contact/540977946302970

If certain conditions are met, data subjects have the right of access, correction or deletion of personal data concerning them or the right to limit the processing of data by the controller, in accordance with Art. 15 to Art. 18 FADP. Data subjects also have the right to withdraw their consent to the processing of their personal data at any time with effect for the future (Art. 7 para. 3 FADP). They may also object to the further processing of their data, which is based solely on the legitimate interest of the controller pursuant to Art. 6 para. 1 lit. f) DPA (Art. 21 para. 1 DPA), if interests worthy of protection in excluding data processing arise from their particular personal situation and there are no longer compelling reasons for the controller to continue processing the data. If personal data are processed for the purpose of direct marketing, data subjects have the right to object to this processing at any time with effect for the future (Art. 21 para. 2 FADP). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) (a), Art. 9 (1) (a) GDPR or pursuant to Art. 6 (1) (b) GDPR on a contract with the data subject and is carried out with the aid of automated procedures, the data subjects may, pursuant to Art. 20 (1) DGVO, request to receive the personal data stored about them in a structured, common and machine-readable format or to have it transmitted to a third party designated by the data subject.

In principle, data subjects have the right not to be subject to an automated individual decision pursuant to Art. 22 para. 1 GDPR. Insofar as such an automated individual decision is permissible under Art. 22 para. 2 letters a) to c) GDPR, data subjects are granted the following rights under Art. 22 para. 3 GDPR: the right to present their own point of view, the right to object to the intervention of a person on the part of the Controller, the right to challenge the automated individual decision (right of appeal).

è  Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/.

Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data violates the basic data protection regulation, Art. 77 DPA. The supervisory authority responsible for the platform operator is

Data Protection Commission

21 Fitzwilliam Square, Dublin
2D02 RD28, Ireland

Web address: https://www.dataprotection.ie/docs/Contact-us/b/11.htm

Web address: http://gdprandyou.ie/contact-us/

Youtube

Social network:

youtube.com

We would like to point out that YouTube is just another of several options for contacting us or receiving information from us.

Controller with whom the fan page is jointly operated (‚platform operator‘):

Google LLC
1600 Amphitheatre PkwyMountain ViewCA, 94043 USA

Controller for data processing of persons living within the European Union and Switzerland:

Google Ireland Ltd.

Gordon House, Barrow Street, Dublin 4
Irland

Contact details for data protection: The contact details for data protection can be taken from our privacy notice, the data protection officer of the platform operator can be contacted under the following web form: https://support.google.com/policies/troubleshooter/7575787?hl=de
Categories of data subjects:

Registered and unregistered visitors of our fan page in the social network

We point out to the data subjects that they use YouTube and its functions on their own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, rating).

Categories of personal data:

 

Data that we process from registered visitors to our fan page:

User ID under which you registered, approved profile data (e.g. name, profession, addresses, contact data, if applicable also special categories of personal data such as religious affiliation, health data etc.), and other data which we may process. ), data that is created when sharing content, exchanging messages and communication, data that is required in the context of contract processing at the request of registered visitors; otherwise, we only process pseudonymous data such as statistics and insights into how our fan page, the posts, pages, videos and other content provided on it interacts (page activity, page views, „Like“ information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements.

The pseudonymised data cannot be combined by us with the corresponding attribution feature (e.g. name details). It is therefore not possible for us to identify individual visitors, who thus remain anonymous to us.

 

Data that we process from non-registered visitors to our fan page:

Pseudonymous data such as statistics and insights into how people interact with our fan page, the posts, pages, videos and other content provided on it (page activity, page views, „Like“ information, reach, general demographic, location and interest information on age, gender, country, city, town, language), evaluations of the success and background of our advertisements, other analyses and measurements.

The pseudonymised data cannot be combined by us with the corresponding attribution feature (e.g. name details). It is therefore not possible for us to identify individual visitors, who thus remain anonymous to us.

 

Data that the platform operator processes about registered and non-registered visitors to our fan page can be found on the following link: https://policies.google.com/privacy/update?hl=de&gl=de

The platform operator may use various analysis tools for evaluation.

We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. If tools of this kind are used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any other way. Also, the data obtained during the analysis is not made available to us. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor any other effective means of control.)

Origin of the data

 

We receive the data from the data subjects directly or from the platform operator.

The following link shows where the platform operator obtains the data of the data subjects: https://policies.google.com/privacy/update?hl=de&gl=de

We have no influence or effective means of controlling whether the procurement of data by the platform operator is permissible.

Legal basis of the data processing

 

We process the data on the basis of the following legal bases:

·       Art. 6 para. 1 lit. a) GDPR: Consent of the data subjects

·       if applicable, Art. 6 para. 1 lit. b) GDPR: Performance of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject

·       Art. 6 para. 1 letter f) GDPR legitimate interest

o    Simplification of communication and data exchange by complementing existing communication channels such as the website, press releases, print products and events with the fan page

o Promotion of the sales of our products and services or the demand as well as the recruitment of new staff by transparent appearance and regular contributions to …

o Optimization of our fan page

We process special categories of personal data, if at all, only on the basis of the following legal principles:

·       Article 9 paragraph 2 letter a) GDPR: Consent of the data subject

·       Art. 9 para. 2 lit. e) GDPR: The data subject has manifestly made the personal data public

The legal bases on which the platform operator bases the data processing can be found in the following link: https://policies.google.com/privacy/update?hl=de&gl=de

If the data subjects are tracked by collecting their data, whether by using cookies or comparable techniques or by storing the IP address, the platform operator will obtain the consent of the data subjects in advance.

In particular, the platform operator is obliged to inform the data subjects for which purposes and on which legal basis the first call of a fan page generates entries in the so-called Local Storage, even in the case of non-registered visitors, and whether personal data of non-registered visitors (e.g. IP address or other data that condense into personal data) are also used to create profiles.

We have no influence or effective means of controlling whether data processing is permitted by the platform operator.

Purposes of data processing

 

The data are processed for the following purposes:

– external presentation and advertising

– Communication and data exchange

– Event Management

–        – if necessary, contract initiation and processing

Information on the purposes for which the platform operator processes the data can be found in the following link: https://policies.google.com/privacy/update?hl=de&gl=de

We have no influence on the purposes for which the platform operator actually uses the data. We also have no effective means of control in this respect.

Retention

The storage and deletion of the data is the duty of the platform operator in accordance with the agreement in the sense of Art. 26 para. 1 GDPR. The information on this can be obtained from the following link:

https://policies.google.com/privacy/update?hl=de&gl=de

We have no influence on how the platform operator determines the regular retention periods and how the data is deleted. We also have no effective control possibilities in this respect..

Categories of recipients Only our employees and service providers who maintain our fan page and need the data for the above-mentioned purposes have access to the data processed by us. If the data subjects post their data publicly on our fan page, these data can be accessed by other registered and possibly also non-registered visitors.

The recipient categories to which the platform operator discloses the data or allows registered visitors to disclose their data, as well as information on intra-group data exchange, can be found in the following link:

https://policies.google.com/privacy/update?hl=de&gl=de We have no influence on the disclosure of data to individual recipients (categories) by the platform operator. We also have no effective means of control in this respect..

Data transfers to third countries

If the data subjects post their data publicly on our fan page, they can be accessed by other registered and possibly also unregistered visitors worldwide.

 

The legal basis for the transmission is the use of model clauses according to Art. 46 para. 2 lit. c DSGVO in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU). Additional measures to ensure higher protection of personal data and effective legal protection for data subjects are currently being prepared

The platform operator will transfer the data to the United States, Ireland and any other country in which the platform operator does business, regardless of the residence of the data subjects, and will store and otherwise process the data there.

Related data transfers to third countries are secured by an adequacy decision of the EU Commission in accordance with Art. 45 GDPR or by suitable guarantees in accordance with Art. 46 GDPR: https://policies.google.com/privacy/update?hl=de&gl=de We have no influence on the data transfers to third countries carried out by the platform operator. We also have no effective means of control in this respect..

Logic involved and scope of a profiling or an automated individual decision based on the collected data

If the data subjects are tracked by the collection of their data, whether by using cookies or comparable techniques or by storing the IP address, the platform operator is obliged under the terms of the agreement within the meaning of Art. 26 Para. 1 GDPR to provide information about this. In particular, the platform operator is obliged to inform the data subjects of the purposes and legal basis if, after calling up a subpage within our fan page, one session cookie and three cookies with lifetimes between four months and two years are stored.

The information on this can be taken from the following link:https://policies.google.com/privacy/update?hl=de&gl=de

The platform operator may use various analysis tools for evaluation.

We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. If tools of this kind are used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any other way. Also, the data obtained during the analysis is not made available to us. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page and no other effective means of control..

Rights of data subjects

The joint controllers must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator on the basis of the agreement within the meaning of Article 26 (1) GDPR:

https://support.google.com/policies/troubleshooter/7575787?visit_id=636832497483186206-2169122297&hl=de&rd=2

If certain conditions are met, data subjects have the right of access, correction or deletion of personal data concerning them or the right to limit the processing of data by the data controller, in accordance with Art. 15 to Art. 18 GDPR. Data subjects also have the right to withdraw their consent to the processing of their personal data at any time with effect for the future (Art. 7 para. 3 GDPR). They may also object to the further processing of their data, which is based solely on the legitimate interest of the controller pursuant to Art. 6 para. 1 lit. f) GDPR (Art. 21 para. 1 GDPR), if interests worthy of protection in excluding data processing arise from their particular personal situation and there are no longer compelling reasons for the controller to continue processing the data. If personal data are processed for the purpose of direct marketing, data subjects have the right to object to such processing at any time with effect for the future (Art. 21 para. 2 GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) (a), Art. 9 (1) (a) GDPR or pursuant to Art. 6 (1) (b) GDPR on a contract with the data subject and is carried out with the aid of automated procedures, the data subjects may, pursuant to Art. 20 (1) DGVO, request to receive the personal data stored about them in a structured, common and machine-readable format or to have it transmitted to a third party designated by the data subject.

In principle, data subjects have the right not to be subjected to any automated individual decision pursuant to Art. 22 para. 1 GDPR. Insofar as such an automated individual decision is permissible pursuant to Art. 22 Paragraph 2 Letters a) to c) GDPR, data subjects are granted the following rights pursuant to Art. 22 Paragraph 3 GDPR: the right to present one’s own point of view, the right to object to the intervention of a person on the part of the Controller, the right to challenge the automated individual decision (right of appeal).

è  Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/.

 

Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data violates the basic data protection regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is:

Data Protection Commission

21 Fitzwilliam Square, Dublin 2
D02 RD28, Ireland

Website: https://www.dataprotection.ie/docs/Contact-us/b/11.htm

Website: http://gdprandyou.ie/contact-us/

LinkedIn

Social network:

LinkedIn: https://de.linkedin.com/

Please note that LinkedIn is just another of several options for contacting us or receiving information from us.

Controller with whom our LinkedIn account (‚fan page‘)is jointly operated (‚platform operator‘):

LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085 USA

 

Contoller for data processing of persons living in the European Union (EU) and the European Economic Area (EEA) and in Switzerland:

LinkedIn Ireland Unlimited Company

Wilton Place

Dublin 2

Ireland

In an agreement pursuant to Art. 26 Para. 1 GDPR, the joint controllers have defined who fulfils which obligation under the GDPR The platform operator makes the essential contents of this agreement available to the data subjects: https://legal.linkedin.com/pages-joint-controller-addendum
Contact information on data protection: The contact details for data protection can be found in our data protection declaration linked here.

The data protection officer of the platform operator can be contacted under the following web form https://www.linkedin.com/help/linkedin/ask/TSO-DPO or at the following address:

Jonathan Adams
Senior Privacy Counsel

LinkedIn Corporation

Legal Department – Privacy

1000 W. Maude Ave.
Sunnyvale, California 94085

Categories of data subjects:

Registered and unregistered visitors of our fan page in the social network

We point out to the data subjects that they use LinkedIn and its functions on their own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, rating).

Categories of personal data:

Data that we process from registered visitors to our fan page:

User ID or user name under which the data subjects have registered, released profile data (name, e-mail address, telephone number), ProFinder profile data, education, professional experience, salary expectations, photo, location data, knowledge and confirmation of knowledge, professional achievements (e.g. patent grant, professional recognition, projects), if applicable also special categories of personal data such as religious affiliation, health data, etc, Data that is generated when sharing content, exchanging messages and communication, data that is required in the context of contract preparation and processing at the request of registered visitors, other data and content that is published, provided, distributed, posted or uploaded freely by the data subjects at LinkedIn or via their LinkedIn account.

Otherwise, we only process pseudonymised data such as statistics and insights into how our fan page, the contributions, pages, videos and other content provided on it interacts (page activities, page views, „Like“ information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements of ….

The pseudonymised data cannot be combined by us with the corresponding allocation feature (e.g. name details). It is therefore not possible for us to identify individual visitors, who thus remain anonymous to us.

Data that we process from non-registered visitors to our fan page:

Pseudonymized data such as statistics and insights into how our fan page, the contributions, pages, videos and other content is interacted with (page activities, page views, „Like“ information, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements of ….

The pseudonymised data cannot be combined by us with the corresponding allocation feature (e.g. name details). It is therefore not possible for us to identify individual visitors, who thus remain anonymous to us.

Data that we process from our website visitors:

By integrating the LinkedIn button (pure link) on our website, no IP addresses of our website visitors are transferred to the platform operator.

Data, which the platform operator processes about the registered and non-registered visitors of our fan page, can be taken from the following link:

https://www.linkedin.com/legal/privacy-policy

The platform operator may use various analysis tools for evaluation.

We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. If tools of this kind are used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any other way. Also, the data obtained during the analysis is not made available to us. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor any other effective means of control.

Origin of the data We receive the data from the data subjects directly or from the platform operator.

Where the platform operator obtains the data of the data subjects can be found at the following link: https://www.linkedin.com/legal/privacy-policy

We have no influence or effective means of controlling whether the procurement of data by the platform operator is permissible.

Legal basis of the data processing

We process the data on the basis of the following legal bases:

–        Art. 6 para. 1 lit. a) GDPR: Consent of the data subjects

–        if applicable, Art. 6 para. 1 lit. b) GDPR: Performance of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject

–        Art. 6 para. 1 letter f) GDPR legitimate interest

o    Simplification of communication and data exchange by complementing existing communication channels such as the website, press releases, print products and events with the fan page

o    Promotion of the sales of our products and services or the demand as well as the recruitment of new staff by transparent appearance and regular contributions to …

o    Optimization of our Fanpage

We process special categories of personal data, if at all, only on the basis of the following legal bases:

–        Art. 9 para. 2 lit. a) GDPR: Consent of the data subject

–        Art. 9 para. 2 lit. e) GDPR: The data subject has manifestly made the personal data public

The legal bases on which the platform operator bases the data processing can be found in the following link:

https://www.linkedin.com/legal/privacy-policy

We have no influence or effective means of controlling whether the data processing is permitted by the platform operator.

Purposes of data processing

We process the data for the following purposes:

–        Public image and advertising

–        Communication and data exchange

–        Event Management

–        if necessary, contract initiation and processing

Information on the purposes for which the platform operator processes the data can be found at the following link: https://www.linkedin.com/legal/privacy-policy

We have no influence on the purposes for which the platform operator actually uses the data. We also have no effective means of control in this respect.

Retention

The storage and deletion of data is the duty of the platform operator. The information on this can be found at the following link: https://www.linkedin.com/legal/privacy-policy

We have no influence on how the platform operator determines the retention periods and how the data is deleted. We also have no effective means of control in this respect.

Categories of recipients Only our employees and service providers who maintain our fan page and need the data for the above-mentioned purposes have access to the data processed by us. If the data subjects post their data publicly on our fan page, these data can be accessed by other registered and possibly also non-registered visitors.

The recipient categories to which the platform operator discloses the data or allows registered visitors to disclose their data, as well as information on the intra-group data exchange, can be found at the following link: https://www.linkedin.com/legal/privacy-policy

We have no influence on the disclosure of data to individual recipients (categories) by the platform operator. We also have no effective means of control in this respect.

Data transfers to third countries

 

If the data subjects post their data publicly on our fan page, they can be accessed by other registered and possibly also unregistered visitors worldwide.

 

The legal basis for the transmission is the use of model clauses according to Art. 46 para. 2 lit. c DSGVO in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU). Additional measures to ensure higher protection of personal data and effective legal protection for data subjects are currently being prepared

The platform operator will transfer the data to the United States, Ireland and any other country in which the platform operator does business, regardless of the residence of the data subjects, and will store and otherwise process the data there.

Related data transfers to third countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR:

https://www.linkedin.com/legal/privacy-policy

https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de

https://privacy.linkedin.com/de-de/GDPR

We have no influence on the data transfers to third countries carried out by the platform operator. We also have no effective means of control in this respect.

Logic involved and scope of a profiling or automated individual decision based on the collected data

If the data subjects are tracked by collecting their data, whether by using cookies or comparable techniques or by storing the IP address, the platform operator is obliged to inform about this. The information on this can be taken from the following links:

https://www.linkedin.com/legal/privacy-policy

https://www.linkedin.com/legal/cookie-policy

https://www.linkedin.com/help/linkedin/answer/3566?trk=microsites-frontend_legal_privacy-policy&lang=de

https://www.linkedin.com/help/linkedin/answer/68763?trk=microsites-frontend_legal_privacy-policy&lang=de

The platform operator may use various analysis tools for evaluation.

We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. If tools of this kind are used by the platform operator for our fan page, we have neither commissioned nor approved nor supported this in any other way. Also, the data obtained during the analysis is not made available to us. Furthermore, we have no way of preventing or stopping the use of such tools on our fan page, nor any other effective means of control.

Rights of data subjects

The joint controllers must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator:

If certain conditions are met, data subjects have the right of access, correction or deletion of personal data concerning them or the right to limit the processing of data by the controller, in accordance with Art. 15 to Art. 18 FADP. Data subjects also have the right to withdraw their consent to the processing of their personal data at any time with effect for the future (Art. 7 para. 3 FADP). They may also object to the further processing of their data, which is based solely on the legitimate interest of the controller pursuant to Art. 6 para. 1 lit. f) DPA (Art. 21 para. 1 DPA), if interests worthy of protection in excluding data processing arise from their particular personal situation and there are no longer compelling reasons for the controller to continue processing the data. If personal data are processed for the purpose of direct marketing, data subjects have the right to object to this processing at any time with effect for the future (Art. 21 para. 2 FADP). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) (a), Art. 9 (1) (a) GDPR or pursuant to Art. 6 (1) (b) GDPR on a contract with the data subject and is carried out with the aid of automated procedures, the data subjects may, pursuant to Art. 20 (1) DGVO, request to receive the personal data stored about them in a structured, common and machine-readable format or to have it transmitted to a third party designated by the data subject.

In principle, data subjects have the right not to be subject to an automated individual decision pursuant to Art. 22 para. 1 GDPR. Insofar as such an automated individual decision is permissible under Art. 22 para. 2 letters a) to c) GDPR, data subjects are granted the following rights under Art. 22 para. 3 GDPR: the right to present their own point of view, the right to object to the intervention of a person on the part of the Controller, the right to challenge the automated individual decision (right of appeal).

è  Data subjects can find information on the available personalisation and data protection options here (with further references):

https://privacy.linkedin.com/de-de/faq

https://privacy.linkedin.com/de-de/einstellungen

è  Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/.

Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data violates the basic data protection regulation, Art. 77 DPA. The supervisory authority responsible for the platform operator is

 

Data Protection Commission

21 Fitzwilliam Square, Dublin
2D02 RD28, Ireland

Web address: https://www.dataprotection.ie/docs/Contact-us/b/11.htm

Web address: http://gdprandyou.ie/contact-us/