We're updating the Privacy Notice. These updates will come into effect on 6 December 2024. Read the new Privacy Notice here.
Person responsible
Pocketbook Readers GmbH
Richard-Wagner-Straße 11
01445 Radebeul
Amtsgericht Dresden, Registered HRB 29866
Managing Director: Enrico Müller
Phone: +49 (0) 351 79556300
Fax: +49 (0) 351 79556320
Email: [email protected]
1. Scope of application and legal basis
(1) This data protection declaration is intended to clarify the type, scope and purpose of the processing of personal data within our online offer and the associated websites, functions and contents.
(2) As regards the terms used, such as ‘personal data’ or its ‘processing’, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
(3) The term 'user(s)' covers all categories of data subjects. They include our business partners, customers, interested parties and other visitors to our online offer. The terms used, e.g. ‘user’, are to be understood in a non-gender-specific way.
(4) The personal data of users processed within the scope of this online offer includes
-
Inventory data (e.g., customers’ names and addresses),
-
Contact data (e.g., e-mail address, phone number),
-
Contract data (e.g., services used or products purchased, contract content, contractual communication and payment information),
-
Usage data (e.g. access times and the visited websites of our online offer),
-
Content data (e.g., information on forms or in e-mails) as well as
-
Technical data (e.g., IP addresses, device information)
(5) The processing of users’ personal data takes place for the following purposes in particular:
-
Provision of the online offer, its contents and functions,
-
Provision of our contractual services and performances,
-
Customer care,
-
Responding to contact requests and communication with users,
-
Marketing as well as
-
Security of the online offer.
(6) We process users’ personal data only in compliance with the relevant data protection regulations. This means that user data will only be processed if a legal permission has been granted. This is particularly the case if data processing is necessary or legally required for the fulfilment of our contractual services (e.g., for the placement or processing of orders) as well as our online performance, if user consent has been obtained or if based on our legitimate interests. For that purpose, the analysis, optimization, security as well as the economic and user-friendly operation of our online offer are considered as legitimate interests.
(7) We point out that the legal basis for consent are Art. 6 par. 1 clause 1 lit. a) and Art. 7 GDPR, the legal basis for the processing for the purpose of fulfilling our services and performing contractual or pre-contractual measures is Art. 6 par. 1 clause 1 lit. b) GDPR, the legal basis for the processing for the purpose of fulfilling our legal obligations is Art. 6 par. 1 clause 1 lit. c) GDPR and the legal basis for the processing for the purpose of protecting our legitimate interests is Art. 6 par. 1 clause 1 lit. f) GDPR.
2. Security measures
(1) In accordance with Art. 32 GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and liberty of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. In this way, the data processed by us shall be protected in particular against accidental or intentional manipulation, loss, deletion or against unauthorized access by third parties. The security measures also include the encrypted transmission of data between your browser and our server.
(2) In addition, we have established procedures to ensure that data subjects can exercise his rights, data can be deleted and threats to data can be responded to.
3. Disclosure of data to third parties and third-party providers, payment service providers
(1) If, in the course of our processing, we disclose data to other persons and companies (contract processors or third parties), transfer it to them or otherwise grant them access to the data, this is only done on the basis of a legal permit. This applies, for example, to the transfer of data to third parties, such as to the shipping service provider in accordance with Art. 6 Para. 1 clause 1 lit. b) GDPR, as this is necessary for the fulfilment of the contract, if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, webhosts, etc.).
(2) Within the framework of contractual relationships, in particular for the fulfilment of a user’s payment obligations, we use payment service providers (heidelpay as well as PayPal) on the basis of Art. 6 para. 1 clause 1 lit. b) GDPR, which process the data required for the payment process (inventory data, bank data as well as contract, aggregate and recipient-related data). With one exception, however, these data are only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with the payment confirmation or a negative information. Only in the case of payment by credit card (via heidelpay), when the user’s credit card data is collected for the first time, we will store it pseudonymously (by means of a hash function) in the user account for future order transactions. The user may object to this processing at any time by deleting his credit card in the personal area of the user account. Under certain circumstances, the user’s data may be transmitted by the payment service providers to credit agencies. Such transmission serves check identity and creditworthiness. For this purpose, we refer to the Terms and Conditions and the data protection information of the respective payment service providers, which can be accessed within the respective websites or transaction applications. There you will also find further information as well as notes on the assertion of rights of revocation, information and other data subject’s rights.
(3) Furthermore, if we process data in a third country (i.e., outside the European Union or the European Economic Area) or if this is done in the context of using the services of third parties or of disclosing or transferring data to third parties, this will only be done if the special requirements of Art. 44 et seq. GDPR are also met. This means that the processing is carried out, for example, in compliance with officially recognized special contractual obligations (so-called ‘standard contractual clauses’).
(4) If we assign third parties with processing data on the basis of a so-called ‘contract processing agreement’, this will be done on the basis of Art. 28 GDPR.
4. Collection of access data and log files
(1) On the basis of our legitimate interests within the meaning of Art. 6 para. 1 clause 1 lit. f) GDPR, we collect data on every access to the server on which this service is located (so-called server log files). These data are technically necessary to display the respective website and to ensure stability and security. The access data includes in particular the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, the website previously visited and the IP address.
(2) For security reasons (e.g. for the investigation of abuse or fraud), log file information is stored for a maximum period of ninety days and then deleted. Data whose further storage is required for evidential purposes is excluded from deletion until final clarification of the respective incident.
5. Registration and provision of contractual services
(1) The use of our products, in particular our e-readers and digital content (eBooks and audiobooks), requires the user to register in our online shop. This registration can be revoked at any time by notifying us, e.g., by e-mail.
(2) As part of the registration process, the required mandatory data (name, e-mail address and password) are collected and stored in the customer account. As part of the login process, the user’s e-mail address and password are collected. Furthermore, the date and time as well as the IP address of the user are stored at the time of registration and login.
(3) If necessary, the user’s address and, if applicable, his credit card data (in pseudonymous form, see Section 3 para. 2 of this privacy policy) will be collected and saved in the customer account. In addition, other voluntarily provided data, such as the user’s telephone number or differing delivery addresses, may be stored there.
(4) In the customer account, the user can view and manage his orders, equipment used by him or, in the event that he places products from our online offer on the wish list, his wish list. The same applies to his personal data.
(5) If the user is not yet registered for our cloud service, a customer account will be created for him there when digital content is purchased for the first time via our online shop, so that the purchased digital content can be made available to the user. The operator of the cloud service is Pocketbook International SA, Crocicchio Cortogna, 6, 6900 Lugano, Switzerland. Use of the cloud service is subject to the terms of use published there, which the user must confirm when logging in for the first time. The same applies to the notes on data protection.
(6) The registered user also has the possibility to log in with his access data to our online shop (e-mail address and password) at the rating service www.readrate.com of Pocketbook International SA, Crocicchio Cortogna, 6, 6900 Lugano, Switzerland, and to create a customer account there. The use of this service is subject to the terms of use published there, which the user must confirm during registration. The same applies to the notes on data protection. If the user makes use of this possibility, for technical reasons, the service provider will ask us or check whether the access data used are known. If this is the case, the service provider will be informed positively and the subsequent activation will be carried out by the service provider.
(7) In addition, the user has the opportunity to use the ‘Send-to-Pocketbook’ service available on our e-readers by means of his access data to our online shop (e-mail address and password) to send the digital content stored on the e-readers by e-mail.
(8) We process the aforementioned user data for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 clause 1 lit b) GDPR. The legal basis for the registration in our online shop is Art. 6 para. 1 clause 1 lit. a) GDPR. The storage of technical or usage data during registration and login is based on our legitimate interests, as well as the user’s interest in protection against misuse and other unauthorized use and for any support requests in accordance with Art. 6 Paragraph 1 clause 1 lit. f) GDPR.
(9) The above-mentioned data will be deleted as soon as they are no longer necessary for the purpose of their collection. If users have cancelled their customer account, the data relating to the customer account will be deleted, subject to their retention being required for legal reasons (Art. 6 para. 1 clause 1 lit. c) GDPR). It is the user’s responsibility to back up his data when the customer account is terminated. Otherwise, we delete the data on the occasion of the initiation and fulfilment of the contract after the expiry of statutory warranty and comparable obligations, i.e., principally after the expiry of four years, unless the data is stored in the user’s customer account or the data must be retained for statutory archiving reasons (e.g., for tax purposes usually ten years, Art. 6 para. 1 clause 1 lit. c) GDPR). For security reasons and for support requests, the technical or usage data provided during registration and login are stored for a maximum of 90 days and deleted afterwards.
6. Establishing contact
When contacting us (e.g., by e-mail), the user’s details (your e-mail address, your name, the content of the message and any other data provided voluntarily) are processed in order to process the contact request and to handle it in accordance with Art. 6 Paragraph 1 clause 1 lit. b) GDPR (within the framework of pre-contractual/contractual relations) or, in the case of other requests, on the basis of our legitimate interest in accordance with Art. 6 Paragraph 1 clause 1 lit. f) GDPR in offering you decent service. The aforementioned data will be deleted as soon as they are no longer required for the purpose of their collection. This is usually the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified. In all other respects the statutory archiving obligations apply. This applies in particular to data on the occasion of contractual relationships which must be stored for reasons of commercial or tax law.
7. Product rating
You may submit product reviews in our online shop. Your rating will be published with your name along the respective product. We recommend using an alias instead of your real name. The indication of your user name as well as your review is required, all other information is voluntary. If you submit a review, we will continue to store your IP address, which we will delete after 90 days. The storage is necessary for us to be able to defend ourselves against liability claims in cases of possible publication of illegal content. The legal basis is Art.6 para. 1 clause 1 lit. b) and f) GDPR. The ratings are not checked before publication. We reserve the right to delete comments if they are objected to as illegal by third parties. In all other respects, the personal information provided in the context of the review and the content details remain permanently stored until the user objects.
8. Newsletter
(1) With the following information, we will inform you about the contents of our newsletter as well as the registration and dispatch procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
(2) We send our e-mail newsletter with promotional information only with the consent of the recipients. Our newsletters contain information about our products and services, promotions and our company.
(3) Subscription to our newsletter is effected in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The purpose of the procedure is to be able to prove your registration and, if necessary, to be able to clarify any misuse of your personal data.
(4) The newsletter is dispatched via CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as ‘shipping service provider’ (website: https://www.cleverreach.com/de; privacy policy: https://www.cleverreach.com/de/datenschutz/). The e-mail addresses of our newsletter recipients as well as their further technical data described in the context of this information are stored on the servers of the shipping service provider. The dispatch service provider uses this information for the dispatch and evaluation of the newsletter on our behalf. Furthermore, the shipping service provider may use this data in pseudonymous form, i.e., without assigning it to a user, to optimize or improve its own services, e.g., for technical dispatch optimization and presentation of the newsletters or for statistical purposes, e.g., to identify the countries where recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or pass them on to third parties. We trust in the reliability and in the IT and data security of the shipping service provider. To this end, we have concluded an order processing contract with the shipping service provider. This is an agreement in which the shipping service provider has undertaken to protect the data of our users, to process it in accordance with the data protection provisions in our contract and in particular to refrain from disclosing it on to third parties.
(5) To subscribe to the newsletter, it is sufficient to enter your e-mail address. We store your e-mail address for the purpose of sending you the newsletter.
(6) Statistical survey and analysis: The newsletters contain a so-called ‘web-beacon”, i.e., a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined by means of the IP address) or the access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our nor the dispatch service provider’s intention to observe individual users. Evaluations rather serve to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
(7) The dispatch of the newsletter and the associated assessment of effectiveness (statistical survey and analyses) are based on the consent of the recipients in accordance with Art. 6 para. 1 clause 1 lit. a), Art. 7 GDPR. The use of the dispatch service provider and the logging of the registration procedure are based on our legitimate interests in accordance with Art. 6 Paragraph 1 clause 1 lit. f) GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system which meets our business interests, meets the expectations of the users and enables us to provide proof of the users’ consent.
(8) You may revoke your consent to receiving our newsletter at any time. You will find a link to exercise your right of withdrawal at the end of each newsletter. Registered users can also cancel the newsletter via their personal settings in their customer account. A separate revocation of the assessment of effectiveness is unfortunately not possible. In such case, the newsletter must be cancelled altogether.
(9) We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests in accordance with Art. 6 para. 1 clause 1 lit. f) GDPR before deleting them in order to be able to prove a previously given consent. The processing of the data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time. In case of obligations regarding permanent observations of objections, we reserve the right to store the e-mail address in a blacklist solely for this purpose.
9. Cookies
(1) For our online offer, we use certain technologies on various pages, including so-called cookies. Cookies are small text files or other memory notes that store information on the user's terminal device and read information from the terminal devices. This is primarily information about a user during or after a visit within our online offer. The stored information may include, for example, language settings, login status, a shopping cart content or the user's wish list. Cookies may also be used for purposes of functionality, security and convenience of our online offer, the creation of analyses of visitor flows or for marketing purposes.
(2) Types of cookies: Cookies are categorized with regard to the storage period (session cookies or permanent cookies), the provider (first-party or third-party cookies) and the purpose of use. Users can obtain further information on the categories mentioned and the respective assignment of the cookies we use from the Cookie Consent Management Tool we use.
(3) Consent: Unless exceptionally unnecessary, we obtain consent from users before using cookies. Consent is not required, however, if the storage and reading of information is absolutely necessary to provide users with a telemedia service (our online offering) that they have expressly requested.
(4) Legal basis under data protection law: The legal basis under data protection law on which we process personal data using cookies depends on whether we ask the user for consent. If this is the case and consent is granted, the legal basis for the processing of the data is Art. 6 (1) p. 1 lit. a) GDPR. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations (Art. 6 para. 1 p. 1 lit. b) GDPR). Before a required consent of the user has not been expressed, cookies are used at most, which are absolutely necessary for the operation of our online offer. For what purposes the cookies are processed by us, we clarify in the context of this privacy policy.
(5) Revocation/objection: Insofar as users have consented to the use of the technologies in accordance with Art. 6 (1) p. 1 lit. a) GDPR, they can change and revoke their consent at any time via the cookie icon on the homepage: Cookie Consent Management Tool. In addition, users can file an objection against the processing in accordance with the legal requirements of Art. 21 GDPR. Users can also declare their objection by means of their browser settings.
(6) Cookie Consent Management Tool: For our online offer, we use the CookiePro tool to inform users about the use of cookies and other technologies, as well as to obtain, manage and document their consent, if required, to their use and to the processing of their personal data by these technologies. Pursuant to Art. 6 para. 1 p. 1 lit. c) GDPR, this is necessary to fulfill our legal obligation under Art. 7 para. 1 GDPR to be able to prove the consent of users. CookiePro is an offer of the provider OneTrust Technology Limited (UK headquarters: 82 St John Street, London, England, EC1M 4JN). OneTrust stores information about the categories of cookies used within our online offering and whether users have given or revoked their consent to the use of each category. The storage takes place in a cookie (so-called opt-in cookie) in order to be able to assign the consent to a user or their device. The duration of the storage of the consent is 1 year. Here, a pseudonymous user identifier is formed and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.
(7) Specific cookies used: Users can find details on the cookies used within our online offer, in particular information on the type and function of the cookies, the storage period and the respective provider in the Cookie Consent Management Tool we use.
10. Google Analytics
(1) We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).
(2) Google Analytics also uses cookies, i.e., text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the U.S. and saved there.
(3) On our website, IP anonymization has been activated, so that your IP address will initially be shortened by Google within member states of the European Union or in other states which are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the U.S. and shortened there.
(4) Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide further services related to website and Internet use to us as a website operator. The IP address transmitted by your browser within the scope of Google Analytics is not cross-linked with other data from Google.
(5) Consent and objection: Google Analytics cookies are saved only and thus your usage behavior is tracked only if you have previously consented to such tracking. You can revoke this consent at any time with effect for the future.
You can also prevent the storage of cookies by adjusting your browser software accordingly. In addition, you can prevent the collection of data generated by the cookies and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. The Google’s privacy policy can be found at https://www.google.com/policies/privacy/partners/?hl=de.
(6) The processing of your data by means of Google Analytics takes place on the legal basis of Art. 6 para. 1 clause 1 lit. a) GDPR in connection with the consent you have given. Your data collected by Google Analytics will be deleted after 24 months at the latest.
11. Online marketing/Facebook pixel
(1) We process personal data (in particular usage data and technical data) for the purposes of online marketing via the Facebook social network, which includes in particular the marketing of advertising space based on the potential interests of users and the measurement of its effectiveness. For this purpose, user profiles are created and saved in a file, with the help of which the relevant information about the user is collected for the presentation of the advertising content. This information includes, for example, the content viewed, websites visited, online networks used and technical details such as the browser used, the computer system used and information on usage times. Furthermore, the IP addresses of the users are stored. However, for their protection we use the available IP masking procedure, in which IP addresses are pseudonymized by shortening them. As a general rule, no plain data of users (such as e-mail addresses or names) are stored, but pseudonyms. This means that neither we nor Facebook know the actual identity of users, but only the information saved in their profiles.
(2) The information saved in the profiles is stored in cookies or by similar technical means, usually for a period of two years. These cookies can also be read out on other websites that use the same online marketing procedure and analyzed for the purpose of presenting advertising content and supplemented with additional data and stored on the server of the provider of the online marketing procedure. As an exception, plain data can also be assigned to the profiles. This is the case if the users are members of the social network of Facebook, and Facebook links users’ profiles with the aforementioned data. For this purpose, however, the user can make additional agreements with Facebook, e.g., by giving consent during registration. As a matter of principle, we only receive access to summarized information about the success of our advertisements.
(3) With the help of the Facebook pixel used by us, Facebook is able to determine the visitors of our online offer as a target group for the presentation of ads (so-called ‘Facebook ads’). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and, if applicable, within the services of partners cooperating with Facebook who have also shown an interest in our online offer or who have certain characteristics (e.g., interest in certain content or products) that we transmit to Facebook (so-called ‘Custom Audiences’). In this way, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. Finally, the Facebook pixel allows us to track the effectiveness of Facebook ads for statistical purposes. This enables us to see whether users have been redirected to our website after clicking on a Facebook ad.
(4) In addition, when applying the Facebook pixel, we use the additional function ‘extended matching’. Thereby, data such as users’ e-mail addresses or Facebook IDs are transmitted (in encrypted form) to Facebook to form target groups (‘Custom Audiences’ or ‘Look Alike Audiences’). For further notes on ‘extended matching’, please see: https://www.facebook.com/business/help/611774685654668).
(5) We also use the ‘Custom Audiences from File’ procedure. In this case, the e-mail addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is only used to determine recipients of our Facebook ads. We want to ensure that the ads are displayed only to users who have an interest in our information and services.
(6) The service provider of the Facebook pixel is: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, U.S.A.; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy.
(7) The processing of your data in connection with the use of the Facebook pixel takes place on the legal basis of Art. 6 para. 1 clause 1 lit. a) GDPR in conjunction with the consent you have given, which you can revoke at any time with effect for the future, in particular for extended data matching and for target group formation by way of data upload. You can also object to the collection by the Facebook pixel and use of your data for the display of Facebook ads at any time. To set which types of advertisements are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, which means that they are applied to all devices, such as desktop computers or mobile devices. It is also possible to disable cookies in the settings of your browser. However, this may restrict the functions of our online offer. You can find more information on this in the above section on the use of cookies.
12. Online presence in social networks
(1) We maintain online presence within the social networks of Facebook, Instagram and YouTube to communicate with our users/interested parties and to present ourselves and our services.
(2) Due to the fact that the respective social network providers are located in the U.S., there is the possibility that users’ data may be processed outside the European Union, which in turn may entail risks, e.g., in the enforcement of users’ rights.
(3) Via the online presence in the aforementioned social networks, users’ data can be processed for analysis and advertising purposes. It is thus possible to create anonymous user profiles derived from user behavior and resulting interests, which in turn are used to place, for example, advertisements within and outside the respective social networks that correspond to presumed users’ interests. For these purposes, cookies are usually used and stored on users’ end devices, which contain information on the user behavior and their interests. In addition, device-independent data can also be saved in the user profiles. This applies in particular if the users are members of the respective network and are logged on to it.
(4) The maintenance of online presence in the aforementioned social networks and the associated data processing is based on our legitimate interests (provision of interesting information outside our online offer, further possibility of communication with our users/interested parties) in accordance with Art. 6 para. 1 clause 1 lit. f) GDPR. Should a provider request you to consent to data processing, the legal basis for processing is Art. 6 para. 1 clause 1 lit. a) in conjunction with Art. 7 GDPR.
(5) For a detailed presentation of the respective processing and the possibilities of objection (opting out), we refer users to the following linked information of the respective providers. There, users can make their requests for information and assert their data protection rights, as only the respective provider has access to the users’ data and can carry out the necessary measures and provide information. Should users nevertheless require our support, please contact us using the contact details given at the beginning of this data protection declaration.
(6) Providers and further information:
(a) Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) based on an Agreement on the joint processing of personal data – Privacy policy: https://www.facebook.com/about/privacy/ as well as https://www.facebook.com/legal/terms/information_about_page_insights_data, Opting out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
(b) Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, U.S.A.): website: https://www.instagram.com; Privacy policy: http://instagram.com/about/legal/privacy.
(c) YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy policy: https://policies.google.com/privacy, Opting out: https://adssettings.google.com/authenticated
13. Your rights
To the extent the respective legal requirements are met, you have the following rights:
(1) You have the right to obtain confirmation from us as to whether personal data concerning you is being processed; if this is the case, you have the right to be informed of this personal data and the information specified in Art. 15 GDPR.
(2) You have the right to ask us for correction of incorrect personal data concerning you and, if necessary, for completion of incomplete personal data (Art. 16 GDPR).
(3) You have the right to request us for deletion of personal data relating to you immediately if one of the reasons listed in Art. 17 GDPR applies, for example, if the data is no longer needed for the purposes for which it was collected (right to deletion).
(4) You have the right to request us for the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, for example, if you have lodged an objection to processing, for the duration of the examination by us.
(5) You have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing. You also have the right to object at any time to processing operations carried out pursuant to Art. 6 (1) clause 1 lit. e) or f) GDPR for reasons arising from your particular situation (Art. 21 GDPR). You will find a supplementary note on the right of objection in Section 14 of this Privacy Policy.
(6) You have the right to revoke a given consent at any time with effect for the future (right of revocation).
(7) You have the right to receive from us the data concerning you which you have provided us with in a structured, common and machine-readable format. You may also transmit this data to other entities or have it transmitted by us (right to data transferability).
(8) Please contact our data protection officer to exercise your rights using the contact details given above.
(9) Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority if you consider that the processing of personal data relating to you is in breach of the GDPR (Art. 77 GDPR).
14. Right of objection
(1) You have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing. You also have the right to object at any time to processing operations carried out on the basis of Art. 6 para. 1 clause 1 lit. e) or f) GDPR for reasons arising from your particular situation (Art. 21 GDPR).
(2) We will then no longer process the personal data for the purposes of direct advertising and otherwise only if we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
15. Provision of personal data
The provision of personal data for the use of our online offer is neither legally nor contractually required. Nor are you obliged to provide us with personal data within the scope of this online offer. However, in order to conclude a contract with us, it is necessary for the user to provide us with personal data, which must subsequently be processed by us. Failure to provide personal data would mean that a contract with the user could not be concluded.
16. Automated decision-making
Automatic decision-making or profiling according to Art. 22 GDPR is not carried out by us.
17. Changes to the privacy policy
Users are requested to inform themselves regularly about the content of our privacy policy. We adapt the data protection declaration as soon as changes in the data processing carried out by us or amended legal provisions make this necessary. We will inform you as soon as the changes require cooperative action on your part (e.g., consent) or other individual notification.
Status: February 2022