- 01. Who is accountable for processing my personal data?
- 02. What data is collected?
- 03. What cookies are used?
- 04. What personal data is collected and for what purpose?
- 05. Who comes into possession of my personal data?
- 06. Is my personal data processed outside of the EU or EEA (‘transfer to a third country’)?
- 07. What data privacy rights do I have?
- 08. To what extent is automated decision-making and profiling utilised?
- 09. Final/version information
Who is accountable for processing my personal data?
An der Autobahn 200
Tel.: + 49-5241-80 0
is responsible for processing your data on this website (hereinafter referred to as “company”). The company processes personal data in accordance with the GDPR and laws locally applicable.
The company data protection officer can be reached at the above postal address by adding “For the attention of the data protection officer” or at the email address: firstname.lastname@example.org.
What data is collected?
When you visit our website, the data of the computer you use to access our website is automatically logged (“access data”). This access data includes server log files that generally consist of information pertaining to your web browser type and version, your operating system, your internet service provider (ISP), the date and time you used the website, the websites previously visited by you and the websites you accessed from our website, in addition to the IP address of your computer. With the exception of your IP address, the information contained in the server log files is not personally identifiable. An IP address is personally identifiable when it is static (permanently allocated when using internet access) and the ISP is able to attribute it to a specific person.
If you continue to use the services of the website, pseudonymous usage profiles and/or the data entered by you on the website (for example, search words, login data, ratings, form or contract entries, click data) will be processed.
Some features of our website require that you divulge personal information to us. In this case, the information provided by you is used to provide the service requested by you or process a matter submitted by you (e.g. search queries, entries made in forms or contracts, click data).
What cookies are used?
As a general principle, cookies enable online recognition without reference to a specific person. Cookies may become personally identifiable when the information they contain is merged with other information apart from the information generated by the cookies themselves. Here a distinction is made between cookies that are necessary for the provision of website features, and cookies that are required for other purposes, e.g. analysis of user behaviour or displaying advertising-related content.
The cookies that are required for the provision of website features include the following in particular:
- Cookies that are used to identify or authenticate the user;
- Cookies used to temporarily store user input (e.g. the content of a shopping cart or online form);
- Cookies used to store user preferences (e.g. search or language settings);
- Cookies that store data to enable the trouble-free rendering of video or audio content.
Cookies that are required for further purposes include in particular the following:
- Analysis cookies to record our users’ usage behaviour (such as clicked advertising banners, visited subpages, requested search queries) and to evaluate them in statistical form;
- Advertising cookies that are used to create user behaviour profiles (such as clicked banner ads, visited sub-pages, requested search queries) to show the user advertisements or offers tailored to their inter-ests (“interest-based advertising”);
- Third party advertising cookies that are used to create user behaviour profiles (such as clicked banner ads, visited sub-pages, requested search queries) and which enable the controller and the third party to show the user advertisements or offers tailored to their interests (hereinafter “third party cookies”);
- Tracking cookies related to social plugins.
What personal data is collected and for what purpose?
The purpose of data processing may be based on technical, contractual or statutory requirements or result from consent having been given by the user.
We use the data described in section 2 for the following purposes:
- To provide website features and content and ensure technical security in trouble-shooting technical issues and also to ensure that unauthorized persons do not gain access to our website systems;
- To conduct marketing reach measurements and web analyses in order to make our website more efficient and interesting for you, and for market research purposes;
- To implement our own and external advertising (online advertising);
- For communication, completion of precontractual procedures, and customer care purposes;
- To send out newsletters via email;
- For event registration and participation; and
4.1 Provision of the website
4.1.1 Description and scope of data processing
In order to enable the proper functioning of our website, security analyses to be conducted, and denial-of-service attacks to be prevented and stopped, server log files are automatically collected and saved on a short-term basis as an integral part of access data that is created by the system of the visiting computer upon accessing our website and while using it (see section 2). The content of the server log files is not merged with other data. We use the server log files for statistical analyses to troubleshoot and remedy technical issues, prevent and defend against denial-of-service attacks and attempted fraud, and to optimize the proper functioning of our website.
4.1.2 Purpose and legal basis of data processing
The legal basis for the creation of server log files follows from Art. 6(1)(f) GDPR. Our legitimate interests lie in the proper functioning of our website, conducting security analyses and defending against threats.
4.1.3 Duration of storage or criteria applied in defining this period
When the pages of our website are accessed, information is logged to server log files that are stored on our web server; the IP address contained in them is deleted after 7 days at the latest. No analysis is conducted during this time unless there is a denial of service or other attack.
4.1.4 Options for lodging an objection and having your data removed
You have the right to lodge an objection to the processing of your data contained in the server log files provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1.
4.2 Contact form, email and telephone contact information
4.2.1 Description and scope of data processing
On our website you have the option of contacting us by way of a contact form, by email, by telephone or by chat using the designated email address and phone number. If you take advantage of this option, the information you enter in the contact form, your email address and/or your phone number are disclosed to us. Depending on the reason you are contacting us (questions about our products and services, pursuing your rights as a data subject, e.g. submitting a request for information) your contact details are processed (with the assistance of service providers). If necessary for processing your request, this information may be shared with third parties (e.g. partner companies).
4.2.2 Purpose and legal basis of data processing
The legal basis for processing your contact details follows from Art. 6(1)(f) GDPR. We have legitimate interests in processing your request and in continued communication. If the purpose for your establishing contact with us is to enter into a contract with our company, the legal basis for processing your contact details follows from Art. 6(1)(b) GDPR.
4.2.3 Duration of storage or criteria applied in defining this period
Your contact details are deleted once your request has been processed and further communication has been discontinued. This does apply if the purpose of your establishing contact with us is to conclude a contract or you wish to exercise your right as a data subject (e.g. request information). In this case your details are stored until all contractual and/or statutory obligations have been fulfilled and statutory retention periods (currently 6 to 10 years) do not prevent this information from being deleted.
4.2.4 Options for lodging an objection and having your data removed
You have the right to lodge an objection to the processing of your contact information provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1. If you lodge an objection, communication with you cannot be continued. This does not apply if the storage of your contact details is necessary for completing precontractual procedures, fulfilling a contract or exercising your rights as a data subject.
4.3 Asserting your rights as a data subject
4.3.1 Description and scope of data processing
On the website you have the possibility of asserting your rights as a data subject, e.g. request information on your personal information that is currently stored by us. In order to assert your rights as a data subject, it may be necessary that you provide information to Bertelsmann and/or its subsidiaries pertaining to your person and the specific information that has been processed. Without providing this information, Bertelsmann and/or its subsidiaries are not able to cater to your rights as a data subject.
4.3.2 Purpose and legal basis of data processing
The legal basis for processing your personal information in asserting your rights as a data subject follows from Art. 6 (1) point c GDPR, “Complying with a legal obligation”.
4.3.3 Duration of storage or criteria applied in defining this period
Bertelsmann and/or its subsidiaries store(s) the correspondence exchanged with you in relation to your asserting your rights as a data subject for a period of three years. This does not apply to information obtained to clarify your identity, e.g. by way of a labeled photocopy of your personal identity card, where Bertelsmann and/or its subsidiaries have been provided one. It will be deleted within one week at the latest of establishing your identity.
4.3.4 Options for lodging an objection and having your information removed
The processing of your information is required for complying with your rights as a data subject, and to that extent you have no right to revoke your consent to its processing.
4.4.1 Description and scope of data processing
The website offers the possibility to subscribe to newsletters. Your data from the registration screen will be transmitted to the company and processed further (also with the help of service providers) for the dispatch of newsletters. When registering, your consent will be obtained and saved using the double-opt-in procedure. Your data is not transferred to third parties.
We point out that the company may evaluate your user behaviour when sending newsletters. To carry out this evaluation, the emails sent include web beacons or tracking pixels, which are one-pixel image files stored on the website. For the purpose of evaluations, the company could link your data and the web beacons with your email address and an individual ID. With the data obtained in this manner, the company would be able to create a user profile with which the newsletter can be tailored to your indi-vidual interests. To do this, the company records which links you click on when you read the newslet-ter and uses these to derive your personal interests. The company could associate this data with your behaviour on our website.
4.4.2 Purpose and legal basis of data processing
The processing of your data via the login form is required to inform you about and advertise the company's goods and/or services. The legal basis for processing the data when registering for the newsletter is the consent according to Art. 6 (1) lit. a GDPR with reference to Section 7 (2) No. 3 of the Act Against Unfair Competition (hereinafter referred to as “UWG”).
The legal basis for the processing of your data after purchasing the company’s goods and/or ser-vices is Art. (6) 1 lit. f GDPR with reference to Section 7 (3) of the Act Against Unfair Competition (hereinafter referred to as “UWG”). Advertising to existing customers is in the company’s legitimate interest.
4.4.3 Duration of storage or criteria applied in defining this period
The data will be stored for as long as the newsletter is subscribed to. If you revoke your consent, your data will be blocked for this processing purpose. The data will be stored until the contractual and/or legal obligations have been fulfilled and deletion is not precluded by statutory retention peri-ods.
4.4.4 Options for lodging an objection and having your data removed
You can revoke your consent to receiving the newsletter at any time by clicking on the unsubscribe link provided in each newsletter or by writing to:
Newsletter of Arvato Systems, Arvato Systems GmbH via E-Mail: email@example.com or via mail to „An der Autobahn 200, 33333 Gütersloh, Germany“.
4.5.1 Description and scope of data processing
4.5.2 Purpose and legal basis of data processing
Processing the information entered by you in the registration form is necessary for participating at the respective event. The legal basis for this is your consent pursuant to Art. 6(1)(a) GDPR.
4.5.3 Duration of storage or criteria applied in defining this period
Your information is stored until the end of the event. This does not apply, if during the event contract negotiations were initiated and your data needs to be stored for the creation of a customer record.
4.5.4 Options for lodging an objection and having your data removed:
You can revoke your consent to receiving press releases at any time by writing to Arvato Systems GmbH via E-Mail: firstname.lastname@example.org or via mail to „An der Autobahn 200, 33333 Gütersloh, Germany“.
The website has built-in services that optimise usability and measure the reach of the website. Your access data (see Section 2) will be recorded and the usage behaviour will be evaluated using analysis cookies (see Section 3). Personal identification is basically not required for web tracking, meaning that when you enter your access data, the stored IP address is either not used or only a shortened version is used and pseudonymous usage profiles are created. These are not merged with other data and you have the option of revocation at any time. Personal usage profiles are only created in excep-tional cases and if you have given your consent.
Web tracking services are usually provided by service providers who process the data only as di-rected by the controller and not for its own purposes as a processor. This is ensured on the basis of data processing contracts. If the service providers outside the European Union or the European Eco-nomic Area (hereinafter referred to as "EU or EEA") process your data, a third country transfer takes place. This is permissible provided that you have given your consent, the company has provided guarantees of a data protection level that meets the European standard or the EU Commission has classified the respective third country as a safe third country. The third country transfer of the respec-tive service is indicated below. Further information regarding the recipients of your data can be found in sections 4.5.1, 4.5.2 and 4.5.3.
The website’s web tracking services are described in more detail below.
4.6.1 Adobe Tag Manager
This website uses Adobe Tag Manager. Adobe Tag Manager is a service provided by Adobe Systems Software Irland Limited, 6 Riverwalk Naas Road Dublin 24, Ireland (Adobe). Adobe Tag Manager managers „tags“(placeholder for website code). Adobe Tag Manager does not collect data and data collected by the tags cannot be accessed by the Adobe Tool Manager.
4.6.2 Google Analytics
This website uses Google Analytics. Google Analytics is a service provided by Google Inc. Google Analytics causes a usage profile to be created in order to optimize the user-friendliness of our website. A pseudonym is assigned to this profile. In so doing, your access data is collected as described in section 2 and your usage behaviour analyzed using analytics cookies as described in section 3. Personal identification is not necessary for web tracking: when collecting your access data your IP address is shortened before being transmitted to Google Inc., meaning no information can be attributed to you. These usage profiles to which pseudonyms are assigned are analyzed for the purpose of optimizing user-friendliness. This data is not merged with other data by Google Inc. We ensure that Google Inc. only uses this data as instructed by us under a contract data processing contract we have concluded with Google Inc.
The use of Google Analytics entails a third county transfer (see Section 4.7). However, Google en-sures that the European level of data protection is ensured for third country transfer with certification under the EU-US Privacy Shield.
4.6.3 Adobe Analytics (Omniture)
This website uses Adobe Analytics. Adobe Analytics is a service provided by Adobe Systems Software Irland Limited, 6 Riverwalk Naas Road Dublin 24, Ireland (Adobe). Adobe Analytics causes a usage profile to be created in order to optimize the user-friendliness of our website. A pseudonym is assigned to this profile. In so doing, your access data is collected as described in section 2 and your usage behaviour analyzed using analytics cookies as described in section 3. Personal identification is not necessary for web tracking: when collecting your access data your IP address is shortened before being transmitted to Adobe meaning no information can be attributed to you. These usage profiles to which pseudonyms are assigned are analyzed for the purpose of optimizing user-friendliness. This data is not merged with other data by Adobe. We ensure that Adobe only uses this data as instructed by us under a con-tract data processing contract we have concluded with Adobe.
4.6.4 Matomo (formerly Piwik)
Our website uses Matomo (formerly Piwik). The provider is InnoCraft LtD, 150 Willis St, 6011 Welling-ton, New Zealand. Matomo uses analysis cookies to create a pseudonymous usage profile on the company’s website to optimise the website’s user-friendliness. This usage profile is stored exclusive-ly on the company's web servers and is not transmitted to the InnoCraft LtD web server. Pseudonymi-ty is ensured by the fact that the IP address (which is recorded as part of the server log files when the website is made available by the website operator) is shortened before transmission to InnoCraft LtD so that any reference to you is not possible. This IP address will not be merged with other data. This and the evaluation of the pseudonymous usage profile is carried out exclusively on behalf of the company and is ensured on the basis of a data processing contract concluded with InnoCraft LtD.
Analysis cookies are always set at Matomo when you visit the website. The cookies remain for six months, unless you delete them beforehand using the browser setting.
Furthermore, the use of Matomo entails a third-country transfer. No data is transmitted to the In-noCraft LtD web server.
4.6.5 Google Ads
4.6.6 Purpose and legal basis of data processing
The legal basis for collecting and analyzing pseudonym usage profiles follows from Art. 6(1)(f) GDPR / Section 15(3) German Telemedia Act (TMG). We have a legitimate interest in optimizing the user-friendliness of our website and performing marketing reach measurements. If personal usage profiles are recorded and evaluated, the legal basis is your consent in accordance with Art. 6 (1) lit. a GDPR.
4.6.7 Duration of storage or criteria applied in defining this period
As a general rule, the data that is collected and analyzed in association with Google and Adobe Analytics remains stored until you raise an objection to it being used in this manner.
4.6.8 Options for lodging an objection and having your data removed
You can raise an objection to the use of Google Analytics by changing your browser settings and/or clicking on the following links to download and install the browser plug-ins and/or opt-out:
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Adobe Analytics: http://bertelsarvatoprod.d3.sc.omtrdc.net/optout.html
4.7 Links to other websites
This website contains links to the website of other website operators. Clicking on the links takes you to the respective websites (e.g. Facebook, YouTube). With the exception of your access data to make the other website available, no data of yours is transmitted to these website operators.
4.8 External services and content on our website
We integrate external services and content on our website. If you use one of these services or you are shown the content of third parties, communication data is exchanged between you and the provider of that service or content for technical purposes.
That provider may use your data for their own purpose. To the best of our knowledge and belief, we have configured the services or content of third-party providers who are known to use data for their own purposes so that communication for purposes other than rendering their content or services on our website is prevented or communication does not come about unless you actively decide to use the service. However, since we have no control over the data collected by third parties and its processing by them we are unable to make any binding statements pertaining to the purpose and scope of the processing of your data.
- YouTube: https://support.google.com/youtube/answer/7671399
- Google Maps: https://maps.google.com/help/terms_maps.html
4.9 Use of the blog
4.9.1 Description and scope of the data processing
If you want to use the comment function of blogs, you must specify a name and your email address in addition to the actual comment. The username for this purpose is freely selectable, so there is no clear name obligation and the company provides you with the option to remain pseudonymous to the other users. Comments are only published after review and approval by the company. If you post comments, these will generally be made accessible to unregistered users (hereinafter referred to as “anyone”), stating your username, time and date of the comment.
4.9.2 Purposes and legal basis of the data processing
Data is processed on the blog for the purpose of collective discussion between users on various topics. The legal basis is Art. 6 (1) lit. f GDPR. The legitimate interest lies in promoting exchange with-in the interested community.
4.9.3 Duration of storage or criteria for determining this duration
Your user data is stored until the intended purpose is fulfilled. Your published comments will be stored until deleted and are accessible to anyone. If you wish for your contributions to be deleted, you can send your deletion request to the company under Section 1.
4.9.4 Possibility of objection and deletion
Processing your user data is required to use the blog’s comment function. You cannot object to this, but you can exercise your right to deletion of data.
Who comes into possession of my personal data?
Those entities within the company who need your data to fulfil the purposes described in Section 4 above. Also, service providers employed by the company may gain access to your data (“proces-sors”, such as data centres, newsletters, customer service or debtor management). Data processing contracts ensure that these service providers commit to instructions, data security and the confiden-tial handling of your data.
Your data is only transferred to other recipients at your request or if required by law. The following third parties are included in the data transfer:
Providers of social media services that for their own purposes merge your data from the website with the data already stored there.
Providers of measurements and web analytics, who for their own purposes measure the reach of websites and create user profiles.
Affiliate companies to which you refer in your request
Public bodies and institutions, such as law enforcement agencies, who receive access to your data for reasons of compliance with legal or regulatory obligations
Is my personal data processed outside of the EU or EEA (‘transfer to a third country’)?
If the service providers listed in Section 5 and/or third parties outside the EU or the EEA process your data for the purposes specified in Section 4, this may result in your data being transmitted to a coun-try where a level of data protection equivalent to that in the EU or the EEA cannot be guaranteed. However, such a level of data protection can be ensured with a suitable guarantee. For example, standard contractual clauses provided by the EU Commission may qualify as a suitable guarantee. You can request a copy of these guarantees from the contact details listed in Section 1. By way of exception, any guarantee can be waived if you give your consent to this or if the third country transfer is required to fulfil your contract with the company. The EU Commission has also recognised certain third countries as safe third countries, meaning it is also not necessary for the company to provide any suitable guarantees at this point.
What data privacy rights do I have?
You have the right to request access to your personal data that is currently stored by us. If this data is incorrect or not up to date, you have the right to request rectification. You also have the right to have your personal data erased and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. You also have the right to request a copy of the personal data provided by you in a structured, commonly-used, machine-readable format (right to data portability).
If you have given your consent to the processing of your personal information for specific purposes, you can revoke that consent at any time for the future. Your notice of revocation is to be addressed to us by writing to the contact address indicated in section 1.
Pursuant to Art. 21 GDPR, you also have the right for reasons relating to your specific situa-tion to raise an objection to the processing of your data that is done on the basis of Art. 6(1)(f) GDPR. You also have the right to lodge an objection to the processing of your personal infor-mation for direct marketing purposes. The same applies to automated processes involving the use of individual cookies, unless they are required for providing the functionality of our website.
You also have the possibility to contact a data protection authority and file a complaint. A list of data protection authorities and their contact data can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html