Data protection

introduction

With the following data protection declaration, we would like to clarify which types of your personal data (hereinafter also briefly referred to as "data") we process for what purposes and to what extent. The data protection declaration applies to all the processing of personal data carried out by us, both in the context of the provision of our services as well as in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter summarizing as "online offer" ).

The terms used are not gender -specific.

Stand: 13. September 2021

Responsible

Gregor Hartmann
brandmailsolutions.com

E-mail Address: [email protected].

Overview of the processing

The following overview summarizes the types of the processed data and the purposes of their processing and refers to the persons concerned.

Types of processed data

  • Inventory data (e.g. names, addresses).
  • Content data (e.g. input in online form).
  • Contact details (e.g. email, telephone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Contract data (e.g. contractual object, duration, customer category).

Categories of people affected

  • Communication partner.
  • Users (e.g. website visitors, users of online services).

Purpose of processing

  • Affiliate tracking.
  • Provision of our online offer and user friendliness.
  • Content Delivery Network (CDN).
  • Direct marketing (e.g. by email or postal).
  • Feedback (e.g. collecting feedback via online form).
  • Marketing.
  • Contact inquiries and communication.
  • Profiles with user -related information (creating user profiles).
  • Safety measures.
  • Provision of contractual services and customer service.
  • Administration and answering inquiries.

Relevant legal bases

In the following you will receive an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection requirements in your or our residential or seating country can apply. If, in individual cases, more specific legal bases are also decisive, we will inform you of them in the data protection declaration.

  • Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) - The data subject has given their consent to the processing of the personal data relating to them for a specific purpose or several specific purposes.
  • Contract fulfillment and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) - The processing is necessary for the fulfillment of a contract whose contracting party is the data subject, or for the implementation of pre -contractual measures that are carried out at the request of the person concerned.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) - The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and fundamental freedoms of the data subject, who require the protection of personal data.

Safety measures

In accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probability of occurrence and the extent of the threats of the rights and freedoms of natural persons suitable technical and organizational measures to ensure a level of protection that is appropriate to the risk.

The measures include in particular the securing of confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, entering, passing on, securing availability and separation. We have also set up procedures that ensure a perception of affected rights, deleting data and reactions to the risk of data. We also take into account the protection of personal data in the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection -friendly default settings.

Reduction of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a full IP address is not necessary, the IP address is shortened (also referred to as "IP masking"). The last two digits or the last part of the IP address are removed after one point or replaced by placeholder. With the reduction of the IP address, the identification of a person is to be prevented or significantly more difficult based on their IP address.

SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections to the prefix https: // in the address line of your browser.

Transmission of personal data

As part of our processing of personal data, the data occurs that the data is sent to other positions, companies, legally independent organizational units or people or that they are disclosed to them. The recipients of this data can include, for example, service providers or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and in particular conclude corresponding contracts or agreements that serve to protect your data with the receivers of your data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of using third parties or the disclosure or transmission of data to other persons, positions or companies takes place, this is only done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transmission, we only have the data processed in third countries with a recognized data protection level, contractual obligation through so-called standard protection clauses of the EU Commission, if the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of data

The data we process will be deleted in accordance with the legal requirements as soon as the consent permitted for processing or other permits are canceled (e.g. if the purpose of processing this data is omitted or it is not necessary for the purpose).

If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons or whose storage is required to assert, exercise or defend legal claims or to protect the rights of a different natural or legal person.

Our data protection information can also include further information on the storage and deletion of data that apply primarily for the respective processing.

Use of s

Cookies are text files that contain data from visited websites or domains and are saved by a browser on the user's computer. A primarily serves to save the information about a user during or after visiting an online offer. The stored information can include, for example, the language settings on a website, login status, a shopping cart or the place where a video was watched. The concept of s also includes other technologies that fulfill the same functions as s (e.g. if the user information is stored using pseudonym online drawings, also referred to as "user IDs")

The following types and functions are differentiated:

  • Temporary s (also: session or session s): Temporary s are deleted at the latest after a user has left an online offer and closed his browser.
  • Permanente Cookies: Permanent s remain saved even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly if the user visits a website again. Likewise, the interests of users who are used for range measurement or marketing purposes can be stored in such a .
  • First-Party-Cookies: First party s are set by ourselves.
  • Third party s (also: third-party s): Third-party s are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or absolutely necessary) s: On the one hand, s may be absolutely necessary for the operation of a website (e.g. to save logins or other user inputs or for reasons of security).
  • Statistics, marketing and personalization s: Furthermore, s are also used as part of the range measurement and when the interests of a user or his behavior (e.g. considering certain content, benefits, etc.) are stored on individual websites in a user profile. Such profiles serve to display content, for example, that correspond to their potential interests. This procedure is also referred to as "tracking", i.e. tracking the potential interests of the users. As far as we use s or "tracking" technologies, we will inform you separately in our data protection declaration or as part of the obtaining consent.

Notes on legal bases: On which legal basis we process your personal data with the help of s depends on whether we ask you for consent. If this applies and consent to the use of s, the legal basis for processing your data is the declared consent. Otherwise, the data processed using s is processed on the basis of our legitimate interests (e.g. on a business operation of our online offer and its improvement) or if the use of s is required to meet our contractual obligations.

Storage duration: If we do not provide you with any explicit information about the memory duration of permanent s (e.g. as part of a so-called opt-ins), please assume that the memory duration can be up to two years.

General information on the revocation and contradiction (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option of revoking consent or contradicting your data by technologies at any time (summary as "opt-out"). You can first explain your contradiction using the settings of your browser, e.g. by deactivating the use of s (whereby this can also restrict the functionality of our online offer). A contradiction to the use of s for the purpose of online marketing purposes can also be done by means of a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ be explained. In addition, you can receive further information information on the information used for the service providers and s used.

Processing of data based on consent: We use a procedure for acceptance management, in which the consent of the users in the use of s, or the processing and providers mentioned in the context of the acceptance management procedure and managed and managed by the users can be revoked. The declaration of consent is stored in order not to have to repeat their query again and to be able to prove the consent in accordance with the legal obligation. The storage can be made servers and/or in a (so-called opt-in , or with the help of comparable technologies) in order to be able to assign the consent to a user or his device. Subject to individual information on the providers of management services, the following indications apply: The duration of the storage of consent can be up to two years. Here, a pseudonym user identifier is formed and with the time of consent, information on the reach of the consent (e.g. which categories of s and/or service providers) as well as the browser, system and used end device.

  • Processed data species: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), justified interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Provision of the online offer and web hosting

In order to be able to provide our online offer safely and efficiently, we take advantage of the services from one or more web hosting providers, from whose servers (or you managed servers) the online offer can be called up. For these purposes, we can use infrastructure and platform services, computing capacity, storage space and database services as well as safety services and technical maintenance services.

The data processed as part of the provision of the hostin range can include all the users of our online offer that occur in the context of use and communication. This regularly includes the IP address that is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or websites.

E-mail shipping and hosting: The web hosting services we use also include shipping, reception and storage of emails. For these purposes, the addresses of the recipients as well as the sender as well as further information regarding the mail order (e.g. the providers involved) and the content of the respective email are processed. The aforementioned data can also be processed for the purposes of detection of spam. We ask you to note that emails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted on the transport route, but (unless so-called end-to-end encryption procedure is used) are not on the servers, from which they are sent and received. We can therefore take no responsibility for the transfer route of the emails between the sender and the reception on our server.

Collection of access data and log files: We (or our web hosting provider) collect data for every access to the server (so -called server log files). For the server log files, the address and name of the accessed websites and files, date and time of access, transferred amounts of data, report on successful access, browser type and version, the operating system of the user, referrer URL (the previously attended page) and as a rule IP- Addresses and the inquiring provider belong.

The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (especially in the case of misuse, so-called DDOS attacks) and on the other hand to ensure the utilization of the server and their stability.

Content-Delivery-Network: We use a "Content Delivery Network" (CDN). A CDN is a service with which the content of an online offer, especially large media files, such as graphics or program scripts, can be delivered faster and more safely with the help of regionally distributed and connected servers via the Internet.

  • Processed data species: Content data (e.g. input in online form), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purpose of processing: Provision of our online offer and user friendliness, Content Delivery Network (CDN).
  • Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). The readers' data is only processed for the purposes of the publication medium insofar as it is necessary for its presentation and communication between authors and readers or for reasons of security. In addition, we refer to the information on the processing of visitors to our publication medium as part of this data protection information.

Comments and posts: If users leave comments or other posts, your IP addresses can be saved on the basis of our legitimate interests. This is done for our security if someone leaves illegal content in comments and contributions (insults, forbidden political propaganda etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.

Furthermore, we reserve the right to process the information from the users for spam recognition based on our legitimate interests.

On the same legal basis, we reserve the right to save the IP addresses of the users for their duration in the event of surveys and use s in order to avoid multiple partitions.

The information on the person, any and websites information given as part of the comments and contributions, as well as the content information as well as the content details are permanently stored by us to the contradiction of the users.

  • Processed data species: Inventory data (e.g. names, addresses), details (e.g. email, telephone numbers), content data (e.g. inputs in online form), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP -Adens).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purpose of processing: Provision of contractual services and customer service, feedback (e.g. collecting feedback via online form), security measures, administration and answering inquiries.
  • Legal bases: Contract fulfillment and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), justified interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Contact and inquiry management

When ing us (e.g. via form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information from the requesting persons is processed if this is necessary to answer the inquiries and any request.

The answering of the inquiries as well as the management of and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to answer (before) contractual inquiries and, moreover, on the basis of the legitimate interests in answering the inquiries and maintenance User or business relationships.

  • Processed data species: Inventory data (e.g. names, addresses), details (e.g. email, telephone numbers), content data (e.g. inputs in online formal).
  • Affected people: Communication partner.
  • Purpose of processing: Contact inquiries and communication.
  • Legal bases: Contract fulfillment and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), justified interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Online marketing

We process personal data for the purposes of online marketing, including the marketing of advertising space or representation of advertising and other content (summary as "content") based on potential interests of the users and the measurement of their effectiveness.

For these purposes, so -called user profiles are created and stored in a file (so -called "") or similar procedures are used, by means of which the information relevant for the presentation of the aforementioned content is stored. For example, contained content, visited websites, used online networks, but also communication partners and technical information, such as the browser used, can include the computer system used and information about usage times used. If users have consented to the collection of their location data, they can also be processed.

The IP addresses of the users are also saved. However, we use available IP masking methods (i.e., pseudonymization by reducing the IP address) to protect users. In general, no clard data from users (such as e-mail addresses or names) are stored as part of the online marketing process, but pseudonyms. This means that we and the providers of the online marketing procedures do not know the identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the s or using similar methods. These s can generally also be used on other websites that use the same online marketing procedure, read out and analyzed for the purpose of presenting content as well as with further data and stored on the server of the online marketing process provider.

In exceptional cases, clard data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing procedures we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. through consent as part of the registration.

In principle, we only get access to the summarized information about the success of our advertisements. However, within the framework of so -called conversion measurements, we can check which of our online marketing methods have led to a so -called conversion, i.e. for example, for a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, we ask you to assume that s used are saved for a period of two years.

Notes on legal bases: If we ask the users for their consent in the use of the third -party providers, the legal basis of processing data is the consent. Otherwise, the data of the users are processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient -friendly services). In this context, we would also like to point out the information on the use of s in this data protection declaration.

  • Processed data species: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purpose of processing: Marketing, profiles with user -related information (creating user profiles).
  • Safety measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), justified interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
  • Opportunity possibility (opt-out): We refer to the data protection instructions of the respective providers and the opposition options given to the providers (so-called "opt-out"). If no explicit opt-out possibility has not been given, there is the possibility that you will switch off s in the settings of your browser. This means that functions of our online offer can be restricted. We therefore also recommend the following opt-out options, which are summarized for respective areas: a) Europe: https://www.youronlinechoices.eu。 b) Kana: https://www.youradchoices.ca/choices. c) one: https://www.aboutads.info/choices. d) across territory: https://optout.aboutads.info.

Used services and service providers:

  • Google Analytics: Online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Data protection: https://policies.google.com/privacy; Opportunity possibility (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.

Affiliate programs and affiliate links

In our online offer we bind so-called affiliate links or other references (e.g. search masks, widgets or discount codes) to the offers and services of third-party providers (summarized as "affiliate links"). If users follow the affiliate links or then perceive the offers, we can receive a commission or other advantages from these third-party providers (summarized as a "commission").

In order to be able to track whether the users have perceived the offers of an affiliate link we use, it is necessary that the respective third-party providers learn that users followed an affiliate link used within our online offer. The assignment of the affiliate links to the respective business conclusions or for other actions (e.g. purchases) only serves the purpose of the commission accounting and is canceled as soon as it is no longer necessary for the purpose.

For the purposes of the aforementioned assignment of the affiliate links, the affiliate links can be supplemented by certain values that are part of the link or otherwise, e.g. in a . In particular, the starting website (referrer), the time, the time, an online detection of the operators of the website on which the affiliate link was located, can be online identifier of the respective offer, the type of link used, the type of offer And belong to the user's online detection.

Notes on legal bases: If we ask the users for their consent in the use of the third -party providers, the legal basis of processing data is the consent. Furthermore, their use can be part of our (before) contractual services, provided that the use of third -party providers has been agreed in this context. Otherwise, the data of the users are processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient -friendly services). In this context, we would also like to point out the information on the use of s in this data protection declaration.

  • Processed data species: Contract data (e.g. contractual object, duration, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purpose of processing: Affiliate tracking.
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 Lit. a. GDPR), fulfillment of the contract and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Change and update of the data protection declaration

We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes in the data processing we have necessary make this necessary. We will inform you as soon as the changes are required to take part (e.g. consent) or other individual notification.

If we provide addresses and information from companies and organizations in this data protection declaration, please note that the addresses can change over time and ask the information to check before .

Rights of the persons concerned

According to the GDPR, they are entitled to various rights as those affected, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object at any time against the processing of the personal data relating to it due to Art. 6 Para. 1 Lit. E or F GDPR; This also applies to a profiling based on these provisions. If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; This also applies to profiling, insofar as such direct advertising is connected.
  • Right of withdrawal in the event of consent: You have the right to revoke consent at any time.
  • Right of providing information: You have the right to request a confirmation of whether relevant data is processed and information about this data as well as further information and copy of the data in accordance with the legal requirements.
  • Right to correction: In accordance with the legal requirements, you have the right to request the completion of the data relating to it or to correct the incorrect data relating to it.
  • Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to request that you to be deleted immediately or, as an alternative, to request a restriction of the processing of the data in accordance with the legal requirements.
  • Right to data portability: You have the right to maintain data that you have provided to us in accordance with the legal requirements in a structured, common and machine -readable format or to request it to be transferred to another person.
  • Complaint to the supervisory authority: Without prejudice to any other administrative or judicial legal remedy, you have the right to complain to a supervisory authority, in particular in the member state of your habitual place of residence, your job or the place of the alleged violation if you believe that the processing of your personal data against the Terms of the GDPR.

Definitions

In this section you will receive an overview of the terminology used in this data protection declaration. Many of the terms are taken from the law and defined especially in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, should primarily serve to understand. The terms are sorted alphabetically.

  • Affiliate tracking: As part of the affiliate tracking, links, with the help of which the linking websites refer users to websites with product or other offers. The operators of the linking websites can receive a commission if users follow these so-called affiliate links and then perceive the offers (e.g. buy goods or use services). This requires that the providers can follow whether users who are interested in certain offers then perceive them at the reason for the affiliate links. It is therefore necessary for the functionality of affiliate links to be supplemented by certain values ​​that become part of the link or otherwise, e.g. in a . The values ​​include the starting website (referrer), the time, an online detection of the operators of the website on which the affiliate link was located, an online detection of the respective offer, an online detection of the user as well how, e.g. advertising material ID, partner ID and categorizations
  • Content Delivery Network (CDN): A "Content Delivery Network" (CDN) is a service with which the content of an online offer, especially large media files, such as graphics or program scripts with the help of regionally distributed and connected via the Internet, can be delivered faster and safely.
  • IP-Masking: "IP masking" is a method in which the last octet, i.e. the last two numbers of an IP address, is deleted so that the IP address can no longer serve to clearly identify a person. Therefore, IP masking is a means of pseudonymization of processing procedures, especially in online marketing
  • Personal data: "Personal data" is all information that relates to an identified or identifiable natural person (hereinafter "data subject"); A natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by assigning to an identifier such as a name, to an identification number, on site data, for an online detection (e.g. ) or for one or more special features,,, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
  • Profiles with user -related information: The processing of "Profiles with user -related information" or "profiles" briefly includes any type of automated processing of personal data that is used in the fact that this personal data is used to refer to certain personal aspects that relate to a natural person ( According to the type of profile formation, different information regarding demography, behavior and interests, such as interaction with websites and their content, etc.), can be analyzed, evaluated or to predict them (e.g. the interests in certain content or products Click behavior on a website or the location). Cookies and web biacons are often used for the purposes of the profiling.
  • Responsible: The natural or legal person, authority, institution or other body, which decides on the purposes and means of processing personal data alone, is referred to as the "person responsible".
  • Processing: "Processing" is every process carried out with or without the help of automated procedures or any such series of transaction in connection with personal data. The term extends wide and extends practically every handling of data, be it, evaluating, evaluating, saving, transmitting or deleting.

Created with free datenschutz-generator.de by Dr. Thomas Schwenke