Types of Processed Data:
- Master data (e.g. names, addresses).
- Contact data (e.g. e-mail, telephone numbers).
- Content data (e.g. text entries, photographs, videos).
- Contract data (e.g. contract subject matter, term, customer category).
- Payment data (e.g. bank account details, payment history).
- Utilization data (e.g. visited websites, interest in contents, access times).
- Metadata/communication data (e.g. device information, IP addresses).
- Optional Application data for the use of recruiting services (e.g. curriculum vitae, certificates, references).
Processing Special Categories of Data (Art. 9 Subsection 1 GDPR):
- No special categories of data are processed.
Categories of the Persons Affected by the Processing:
- Customers / interested parties / suppliers.
- Visitors and users of the online services.
In the following, we will also refer to the data subjects jointly as “Users”.
Purpose of the Processing:
- Provision of the online services, their contents and functions.
- Provision of contractual performance, service and customer maintenance.
- Answering of contact inquiries and communication with users.
- Marketing, advertising and market research.
- Security measures.
As of: Aug 7, 2023
1. Relevant Legal Foundations
3. Security Measures
- On the basis of Art. 32 GDPR, in consideration of the state-of-the-art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability of occurrence and the seriousness of the risk for the rights and freedoms of natural persons, we will arrange for appropriate technical and organizational measures, in order to guarantee a protection level, which is commensurate with the risk; these measures particularly include the assurance of confidentiality, integrity and availability of data by checking the physical access to the data, as well as the relevant access, the entry, disclosure, assurance of availability and their separation. Furthermore, we have set up procedures, which guarantee the exercising of rights by the data subjects, deletion of data and responding to endangering of the data. Furthermore, we already take the protection of personal data into consideration for the development/selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data-protection-friendly default settings (Art. 25 GDPR).
- When you enter your data on websites, place online orders or send e-mails over the Internet, you must always be prepared for unauthorized third parties to access your data. There is no complete protection against such access. However, we do our best to protect your data and to close security gaps as far as we can. An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.
- Zu den Sicherheitsmaßnahmen gehört insbesondere die verschlüsselte Übertragung von Daten zwischen Ihrem Browser und unserem Server.
4. How long do we store your data?
- We have compelling legitimate grounds for continuing data processing that override your interests, rights and freedoms (only applies if you object to data processing; if the objection is directed against direct marketing, we cannot provide legitimate grounds).
- The data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct advertising).
- We are required by law to retain your data (e.g. § 257 HGB, 147 AO).
In this case, we will delete your data as soon as the requirement(s) cease to apply.
4. Cooperation With Processors and Third Parties
- Insofar as we disclose data to other persons and companies within the scope of our processing (processors or third parties), send data to these or otherwise grant them access to data, this only occurs on the basis of legal permission (e.g. if sending of the data to third parties, such as payment service providers is required for contract fulfillment in accordance with Art. 6 Subsection 1 lit. b GDPR), if you have consented, a legal obligation prescribes this or on the basis of our legitimate interests (e.g. for the use of authorized representatives, web hosting services etc.).
- Insofar as we commission third parties with the processing of data on the basis of a so-called “Data Processing Agreement”, this occurs on the basis of Art. 28 GDPR.
5. Transmissions to Third Countries
Insofar as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or disclose it within the scope of using third-party services or if disclosure/transmission of data occurs to third parties, this only occurs, if it is required for fulfilling our (pre-)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process, or have the data processed, in a third country if the specific preconditions of Art. 44 et seqq. GDPR exist. I.e. the processing occurs, e.g. on the basis of specific guarantees, such as the observance of officially recognized specific contractual obligations (so-called “standard contractual clauses”) or accaptance of the transaction by the user in accordance with article 49 paragraph 1 sentence 1 lit. GDPR.
6. Rights of the Data Subjects
- You have the right to request a confirmation about whether relevant data are processed and to receive information about these data, as well as additional information and a copy of the data in accordance with Art. 15 GDPR.
- In accordance with Art. 16 GDPR, you have the right to request the completion of the data relating to you or correction of the inaccurate data relating to you.
- On the basis of Art. 17 GDPR, you have the right to request that relevant data are deleted immediately, or alternatively, on the basis of Art. 18 GDPR, to request a restriction to the processing of the data. You can request data deletion by sending an email to firstname.lastname@example.org or by deleting your account in your profile settings under "Login and Security".
- You have the right to request the receipt of the data relating to you, which you provided to us on the basis of Art. 20 GDPR and request that it be sent to other responsible parties.
- Furthermore, in accordance with Art. 77 GDPR, you have the right to file a complaint with the responsible supervisory authority.
7. Cancellation Right
If you read in this privacy statement that we have legitimate interests for the processing of your data and therefore base this on Art. 6 (1) sentence 1 lit. f) GDPR, you have the right to object to this in accordance with Art. 21 GDPR. This also applies to profiling based on the aforementioned provision. The requirement is that you cite reasons for the objection that arise from your particular situation. A statement of reasons is not required if the objection is directed against the use of your data for direct marketing.
The consequence of the objection is that we may no longer process your data. This only does not apply if one of the following conditions exists:
- We can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms.
- The processing serves the assertion, exercise or defense of legal claims.
The exceptions do not apply if your objection is directed against direct marketing or profiling related to it.
8. Right to Object
You may object to the future processing of the data relating to you on the basis of Art. 21 GDPR at any time. The objection may specifically be made against processing for the purpose of direct marketing.
9. Cookies and the Right to Object to Direct Marketing
10. Deletion of Data
- According to legal provisions, the retention specifically occurs for 6 years in accordance with Section 257 Subsection 1 HGB [German Commercial Code] (trading books, annual financial statement, commercial letters, booking vouchers, etc.), as well as for 10 years in accordance with Section 147 Subsection 1 AO [German Fiscal Act] (accounts, records, management reports, booking vouchers, commercial and business letters, documentation relevant to taxation, etc.).
- We process master data (e.g. names and addresses, as well as contact details of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Subsection 1 lit. b. GDPR. The entries marked as being mandatory in online forms are required for the conclusion of the contract.
- The registration as a member requires the storage and processing of various biographical and personal data, e.g. first name, educational status, gender, main course of studies, industry interests, degree studies and higher education institution. Optionally, additional biographical data can be entered, which relate to e.g. the curriculum vitae, interests etc. Within the scope of the registration, the required mandatory details are notified to the users. In the future, this list may be extended with reference to the legal foundations referred to in Point 1. After registration, other users of PrepLounge may view their user profile with the details provided by you and interact with you. Furthermore, curriculum vitae and application data may be sent to PrepLounge GmbH. These may be made available to recruiting companies, only after the user’s consent has been obtained. Other users of PrepLounge cannot view this application data. If users have cancelled their user account, their data will be deleted in respect of the user account, unless their retention is necessary for commercial-law or tax-law reasons in accordance with Art. 6 Subsection 1 lit. c GDPR. In the case of a cancelation, the users are responsible for securing their data prior to the end of the contract. We are authorized to irretrievably delete all of the user’s data stored during the term of the contract.
- Within the scope of the registration and new logins, as well as the use of these online services, we store the IP address and the time of the respective user action. The storage occurs on the basis of our legitimate interests, as well as those of the users, in respect of protection from misuse and other unauthorized use. Disclosure of these data to third parties does not occur, as a general rule, except if it is required for pursuing our claims or if a legal obligation exists to do so in accordance with Art. 6 Subsection 1 lit. c GDPR.
- We process utilization data (e.g. the visited websites of our online services, interest in our products) and content data (e.g., entries in the contact form or user profile) for marketing purposes in a user profile, in order to e.g. display product information for the users, based on their services used so far.
- Deletion occurs after the expiration of statutory warranty and comparable duties, the necessity to retain the data is checked every three years; in the case of statutory archiving duties, the deletion occurs after their expiration (end of commercial-code (6 years) and tax-law (10 years) retention duty); details in the customer account remain until their deletion.
12. Making Contact
- When making contact with us (via contact form, e-mail or telephone), the user’s details are processed to handle the contact request and for its processing in accordance with Art. 6 Subsection 1 lit. b) GDPR.
- The user’s details can be stored in our Customer Relationship Management System (“CRM System”) or comparable request organization.
- We delete the requests, if they are no longer required. We check the necessity every two years; we permanently store requests from customers, who have a customer account and refer to the details about the customer account with regard to deletion. In the case of statutory archiving duties, the deletion occurs after their expiration (end of commercial-law (6 years) and tax-law (10 years) retention duty).
13. Comments and Contributions
- If users leave comments or other contributions, their IP addresses are stored for 14 days on the basis of our legitimate interests within the meaning of Art. 6 Subsection 1 lit. f. GDPR.
- This occurs for our security, in the event that someone leaves unlawful content in comments and contributions (insults, banned political propaganda, etc.). In this case, we can be claimed upon ourselves for the comment or contribution and are therefore interested in the identity of the author.
- Publicly viewable contributions of this type (e.g. within our Consulting Q&As) also remain in place after the termination of a membership/deletion of the user account with PrepLounge. The authorship of such contributions is anonymized by us. Furthermore, we ensure that they no longer contain any personal data.
14. Collection of Access Data and Logfiles
- We collect data on the basis of our legitimate interests within the meaning of Art. 6 Subsection 1 lit. f. GDPR about any access to the server, on which this service is situated (so-called server logfiles). The access data include the name of the accessed website, file, date and time of the access, transferred data volume, message about successful retrieval, browser type and version, the User’s operating system, referrer URL (the previously visited website), IP address and the requesting Provider.
- Logfile information is stored for a maximum term of 14 days for security reasons (e.g. to clarify acts of misuse or fraud) and are deleted thereafter. Data, which needs to continue being retained for evidence purposes, are exempted from deletion until final clarification of the respective incident.
15. Online Presences in Social Media
- We maintain online presences within social networks and platforms, in order to communicate with the customers, interested parties and users, who are active there, and inform them about our services. For accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
16. Cookies & Reach Measurement
- Cookies are items of information, which are transferred from our webserver or third-party webservers to the users’ web browsers and are stored there for retrieval later on. Cookies may be small files or other types of stored information.
- We use “session cookies”, which are only filed for the duration of the actual visit to our online presence (e.g. to store your login status or the shopping basket configuration and therefore make the use of our online services possible at all). In a session cookie, a randomly generated unique identification number is filed, a so-called session ID. Furthermore, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted, if they are no longer required.
- If the users do not want cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional restrictions of these online services.
17. Google Tag Manager
We use the Google Tag Manager. The tool helps us to integrate tracking codes and conversion pixels into our website, manage them and display them. The Google Tag Manager itself does not create user profiles, does not place cookies on your device and does not analyze your behavior as a user. However, it records your IP address, anonymizes it and transmits it to Google servers in the USA.
The Tag Manager ensures that other services are only run if the conditions (tags) set in the Tag Manager are met for them. For example, we ensure that tools that require consent are only loaded after you have given your consent. The Tag Manager does not access the data processed by the tools.
The integration of the Google Tag Manager is technically necessary. This is our legitimate interest. If personal data processing could be assumed at all when using Google Tag Manager, this is based on Art. 6 para. 1 lit. f) GDPR.
The Tag Manager is a tag management system for the integration of tracking codes and conversion pixels of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
For more information about the privacy of Google Tag Manager, see: https://policies.google.com/privacy?hl=en&gl=en
- On what basis do we transfer your data to the USA? Google complies with the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance/)
18. Google Analytics
- Google will use this information on our behalf, to evaluate the use of our online services by the users, to produce reports concerning the activities within the online services and to produce additional services associated with the use of these online services and the Internet for us. Pseudonymous utilization profiles of the users can be created from the processed data.
- We use Google Analytics in order to display the advertisements placed by Google and its partners within marketing services only to those users, who also have shown an interest in our online services or show specific characteristics (e.g. interests in specific topics or products, which are determined on the basis of the visited websites), which we send to Google (so-called “Remarketing”, or “Google Analytics Audiences”). With the assistance of the Remarketing Audiences, we also intend to ensure that our advertisements match the potential interest of the users and are not annoying for them.
- We only use Google Analytics with activated IP anonymization. However, in the case of activation of IP anonymization on this website, your IP address will be previously abbreviated by Google within Member States of the European Union or in other Member States, which are parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and abbreviated there in exceptional cases.
- The IP address sent by the user’s browser within the context of Google Analytics will not be combined with other data of Google. The users can prevent the storage of the cookies with an appropriate setting in their browser software; furthermore, the users can prevent the recording of the data generated by the cookie and their use of the online services to Google, as well as the processing of these data by Google, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
- Additional information about use of data by Google, setting and objection options is available on the Google website: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses data when you use our partners' sites or apps”), https://policies.google.com/technologies/ads (“Use of data for marketing purposes”), https://adssettings.google.com/authenticated (“Managing information that Google uses for displaying advertising to you”).
- We use the provider YouTube, among others, for the integration of videos. YouTube is operated by YouTube, LLC with headquarters at 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube is represented by Google LLC. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- When you visit the website on which the YouTube plugin is embedded, a connection to the YouTube servers is established for the video display. This transmits to the YouTube server which of our Internet pages you have visited.
- YouTube is only loaded with your consent, i.e. no data about you as a user is transmitted to YouTube if you have not given your consent. Only with your consent, the videos can be played, and thereby also data is transmitted to the YouTube server, which of our Internet pages you have visited.
- If you are logged in to YouTube, YouTube assigns this information to your personal user account. When using the plugin, e.g. by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account as well as other user accounts of the company YouTube LLC and Google LLC. before using our website and deleting the corresponding cookies of the companies.
- We only use YouTube with your consent, which you can revoke at any time. The corresponding data processing is based on Art. 6 para. 1 lit. a) GDPR. The storage period is 6 months.
20. Facebook Share Button
- You have the option to share the content published on our website on Facebook. The websites at www.facebook.com and the services provided on these pages are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
- When you click on the Facebook button, a connection is established between your browser and the Facebook server, so that Facebook receives the information that you have visited our site with your IP address. We have no influence on the scope of the collection and further use of data collected by Facebook. According to our knowledge, Facebook receives the information that you have accessed the relevant part of our website. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will learn and store your IP address and possibly other identifiers.
- We use the corresponding button to enable you to share the content on Facebook. This is also our legitimate interest in processing the above data and thus based on Art. 6 (1) lit f) GDPR. You can prevent Facebook from processing the above information by not clicking on the button.
- It is not excluded that Facebook may also transfer your data to the parent company of Meta Platforms, Inc. based in the USA.
- You can find more information from the third-party provider on data protection on the following Facebook website: https://www.facebook.com/about/privacy
21. Google Re/Marketing Services
- On the basis of our legitimate interests (i.e. interest in the analysis, optimization and commercial operation of our online services within the meaning of Art. 6 Subsection 1 lit. f. GDPR), we use the Marketing and Remarketing Services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
- The Google Marketing Services allow us to display advertising for and on our website in a more targeted manner, in order to present users only with advertisements, which potentially match their interests. If advertisements are e.g. displayed for products, for which the user has shown an interest on other websites, this is referred to as “Remarketing”. For this purpose, when accessing our website and others, on which Google Marketing Services are active, a Google code is directly executed by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With the aid of these, an individual cookie is stored on the users’ device, i.e. a small file (comparable technologies may also be used, instead of cookies). The cookies may be set by various domains, among others, by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file, it is noted which websites the user visits, which contents he has shown an interest in and which offers he has clicked on, furthermore, technical information about the browser and operating system, linking websites, visit time and other details about the use of the online services. The IP address of the user is also recorded, whereby, within the scope of Google Analytics, we inform you that the IP is abbreviated within the Member States of the European Union or in other Member States, which are parties to the Agreement on the European Economic Area and are only transferred in full to a server of Google in the USA and abbreviated there in exceptional cases. The IP address is not combined with data of the user within other Google services. The information referred to above may also be linked by Google with such information from other sources. If the user subsequently visits other websites, customized advertisements, which match his interests, may be displayed to him.
- The users’ data are processed within the scope of the Google Marketing Services pseudonym. I.e. Google does not store and process e.g. the name of e-mail address of the user, but processes the relevant data on the basis of cookies within pseudonymous user profiles. I.e. from Google’s point of view, the advertisements are not managed and displayed for a concretely identified person, but for the cookie-holder, regardless of who this cookie-holder is. This does not apply, if a Google user has expressly allowed the data to be processed without this pseudonymization. The information collected by Google Marketing Services about the users are sent to Google and store on Google’s servers in the USA.
- The Google Marketing Services, which we use, include, inter alia, the “Google AdWords” online marketing program. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained using the cookie have the purpose of creating conversion statistics for AdWords customers, who have chosen conversion tracking. The AdWords customers find out the total number of users, who have clicked on their advertisement and have been forwarded to a website with a conversion tracking tag. However, they do not receive any information, with which users can be personally identified.
- We can also use the “Google Optimizer” service. Within the scope of so-called ”A/B Testing”, Google Optimizer allows us to trace what effect various changes to a website have (e.g. changes to the input fields, the design, etc.). For these test purposes, cookies are filed on the users’ devices. Only pseudonymized user data are processed for this.
- Furthermore, we can use the “Google Tag Manager” in order to integrate the Google Analysis and Marketing Services into our website and manage them.
- If you would like to object to interest-related advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated.
22. Facebook, Custom Audiences and Facebook Marketing Services
- Within our online services, on the basis of our legitimate interests in analysis, optimization and commercial operation of our online services and for these purposes, the so-called “Facebook Pixel” of the Facebook social network is used, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are domiciled in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
- Using the Facebook Pixel, it is possible for Facebook to determine the visitors to our online services as a target group for the display of advertisements (so-called “Facebook Ads”. Accordingly, we use the Facebook Pixel display Facebook Ads, which we have placed, only to those Facebook users, who also have shown an interest in our online services or show specific characteristics (e.g. interests in specific topics or products, which are determined on the basis of the visited websites), which we send to Facebook (so-called “Custom Audiences”). With the assistance of the Facebook Pixel, we also intend to ensure that our Facebook Ads match the potential interest of the users and are not annoying for them. With the assistance of the Facebook Pixel, we can also trace the effectiveness of the Facebook advertisements for statistical and marketing purposes, by seeing whether users are forwarded to our website after clicking on a Facebook advertisement (so-called “conversion”).
- Furthermore, for the use of the Facebook Pixel, we use the additional “extended comparison” function (data, such as telephone numbers, e-mail addresses or Facebook IDS of the users) are used to form target groups (“custom audiences” or “look-alike audiences”), which are sent to Facebook (encrypted)). Additional information about the “extended comparison”: https://www.facebook.com/business/help/611774685654668).
- We also use the “Custom Audiences from File” procedure of the social network Facebook, Inc. In this case, the e-mail addresses of the newsletter recipients are uploaded at Facebook. The upload procedure occurs in an encrypted form. The upload is exclusively for the purpose of determining recipients of our Facebook advertisements. With this, we intend to ensure that the advertisements are only displayed to users, who have an interest in our information and services.
- The processing of data by Facebook occurs within the scope of Facebook’s Data Utilization Policy. Accordingly, general information about the display of Facebook Ads, in the Data Utilization Policy of Facebook: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and its functionality are available in the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
- You can object to the recording by the Facebook Pixel and the use of your data for displaying Facebook Ads. In order to set which types of advertisements are displayed to you within Facebook, you can access the site set up by Facebook and follow the instructions there for use-based advertising: https://www.facebook.com/settings?tab=ads. The settings occur platform-independently, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
- To prevent tracking on our site through the Facebook Pixel please visit our Privacy Settings. Under the tab "Marketing" you can disable the tracking through the Facebook Pixel.
23. Amazon Partner Program
- With the following details, we are informing you about the contents of our newsletter, as well as the registration, delivery and statistical evaluation procedure and your objection rights. By subscribing to our newsletter, you are declaring your consent to the receipt and the described procedures.
- Content of the newsletter: We only send newsletters, e-mails and additional electronic messages with marketing information (hereinafter referred to as “newsletter”) with the consent of the recipient or legal permission. Our newsletters contain for example information about new cases, exciting jobs, relevant events and selected employers. Insofar as its contents are concretely described within the scope of registration, they are decisive for the consent of the users. Furthermore, our newsletters contain information about our products, offers, campaigns and our company.
- Verification and logging: Successful registration for our newsletter only takes place if the e-mail address of the recipient has been verified beforehand. I.e. after the registration, you receive an e-mail, in which you are requested to confirm your registration. This confirmation is necessary, so that no one can login with third-party e-mail addresses. The registrations for the newsletter are logged, in order to verify the registration process in accordance with the legal requirements. This includes storing the time of registration and the time of confirmation, as well as the abbreviated IP address. The changes to your data stored with the E-mail Service Provider are also logged.
- Furthermore, according to its own information, the E-mail Service Provider may use these data in a pseudonymized form, i.e. without allocation to a user, for optimization or improvement of its own services, e.g. for technical optimization of the delivery and the display of the newsletter or for statistical purposes, in order to determine which countries the recipients come from. However, the E-mail Service Provider does not use the data of our newsletter recipients, in order to write to them itself or disclose the data to third parties.
- Success measurement – the newsletters contain a so-called “web beacon”, i.e. a pixel-sized file, which is retrieved by the E-mail Service Provider’s server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval, is collected. This information is used for the technical improvement of the service on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined using the IP address) or the access times. For the statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be allocated to the individual newsletter recipients. However, it is neither our aim or that of the E-mail Service Provider, to monitor individual users. In fact, the purpose of the evaluations is for us to identify the reading habits of our users and to adapt our contents to them or send different contents in accordance with the interests of our users.
- The delivery of the newsletter and the success measurement occur on the basis of a consent from the recipient in accordance with Art. 6 Subsection 1 lit. a, Art. 7 GDPR in conjunction with Section 7 Subsection 2 No. 3 UWG [German Fair Trade Practices Act] or on the basis of legal permission in accordance with Section 7 Subsection 3 UWG.
- The logging of the registration procedure occurs on the basis of our legitimate interests in accordance with Art. 6 Subsection 1 lit. f GDPR and serves to verify the consent in the receipt of the newsletter.
- Cancellation/revocation – You may cancel the receipt of our newsletter at any time, i.e. revoke your consents. You can find a link to cancel the newsletter at the end of every newsletter.
25. Integration of Services and Third-Party Contents
- Within our online services, on the basis of our legitimate interests (i.e. interest in the analysis, optimization and commercial operation of our online services within the meaning of Art. 6 Subsection 1 lit. f. GDPR), we use content or services of third-party providers, in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as “contents”). This always presupposes that the third-party providers of these contents perceive the IP address of the users, as they could not send the contents to their browser without the IP address. Therefore, the IP address is required for the presentation of these contents. We endeavor to only use such contents, whose respective providers only use the IP address for delivering the contents. Furthermore, third-party providers can also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. With the “pixel tags”, information can be evaluated, such as the visitor traffic on the pages of these websites. The pseudonymized information can furthermore be stored in cookies on the device of the user and, among other things, contain technical information about websites linking to the browser and operating system, visit time and other details about the use of our online services, as well as being associated with such information from other sources.
- The following description provides an overview of third-party providers and their contents, in addition to links to their data protection policies, which contain additional information about processing data and, partly objection opportunities already referred to here (so-called opt-out):
- If our customers use the payment services of third parties (e.g. PayPal or Sofort), the terms and conditions and data protection policies of the respective third-party providers apply, which are retrievable within the respective websites or transaction applications.