Privacy Policy
Contents
1. Foreword and selected terms
2. Responsible body and data protection officer
3. Overview
4. Legal bases for the processing of personal data
5. Your rights under the General Data Protection Regulation
6. External hosting
7. Automatic server log files
8. Use of Cookies
9. Cookie settings with CCM19
10. Forms, email communication, telephone and fax
11. Online Store
12. Direct marketing and newsletters
13. Information for applicants
14. Analysis Tools, Tracking and Advertising
15. Plugins and Content Delivery Networks
16. Social Media Appearances
17. Participation in our sweepstakes
18. Sweepstakes on social networks
19. Online Meetings with Microsoft Teams
20. Additional data protection information for our business partners
1. Foreword and selected terms
On the one hand, this data protection declaration clarifies the visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations that do not primarily take place online.
- GDPR stands for the European General Data Protection Regulation.
- BDSG is the abbreviation for the Federal Data Protection Act in its current version.
- Personal data are all individual details that allow conclusions to be drawn about a natural person (see Art. 4 Para. 1 GDPR for definition). This includes, for example, names, e-mail addresses, telephone numbers, but also data such as IP addresses or customer numbers.
- The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 DSGVO).
- The data subject within the meaning of data protection law is any natural person whose personal data is processed.
- Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Art. 4 of the GDPR (definitions).
2. Responsible body and data protection officer
2.1 Name and address of the responsible body
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
COLUMBUS Verlag GmbH & Co. KG
Am Bahnhof 272505 Krauchenwies
Germany
Telephone: +49 (0) 7576 96 03 0
Email: info@columbus-verlag.de
Web: https://www.columbus-verlag.de
2.2 Name and address of the data protection officer
The data protection officer of the person responsible is:
DSB Externer Datenschutzbeauftragter Stuttgart
Fabian Henkel
Kantstraße 14
1277 Rutesheim
E-Mail: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de
3. Overview
The following content gives you a brief overview of the processing of personal data. You can find more detailed information in the passages presented in detail.
Security on our website (SSL Secure Socket Layer)
Our website is provided with an SSL certificate, which is used to encrypt data transmission processes. This happens, for example, if you send us a message via a form. However, as a precaution, we would like to point out that 100% security in electronic data processing is not possible and that there is always a residual risk.
Data that you transmit to us
On this site, we process the data that you enter yourself, for example in a form. In this case, the purpose of the processing results from the type of form and, on the other hand, from this data protection declaration. Even if you send us a message by e-mail, for example, or contact us in some other way, we process your data in accordance with the purpose of the contact.
Automatic Server Log Files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files), this serves to ward off attacks, analyze access numbers and ensure smooth operation.
Use of Cookies
Cookies help us to provide various services, you can find more information on this in this data protection declaration.
Analysis and tracking Tools
In addition to the pure server log files, which also provide us with information on page views, we use analysis tools. These tools give us detailed insights about the content visited on our site, the flow of behavior and, for example, the country accessed from. In order for such services to work, cookies must be set for the site visitor or scripts must be executed.
Plugins and Content Delivery Networks
We sometimes use plugins and content delivery networks. Well-known examples of such services would be the YouTube video service or the Google Maps map service. If such services are integrated via a website, access data will be transmitted to the services. As a rule, this is your IP address and other metadata, such as the time and date of access. As a rule, the provision takes place by setting cookies.
Newsletter / Direct Marketing
a) Direct marketing to existing customers in the legitimate interest
We reserve the right to send our customers newsletters on the basis of Section 7 (3) UWG ui.vm Art. 6 Para. 1 lit. f GDPR. You can of course object to receiving direct marketing information at any time.
b) Direct marketing based on your consent
If you give us your consent, we will send you newsletters until you withdraw your consent. You can revoke your consent to us at any time with effect for the future.
Other Data Recipients
a) Use of processors
We use processors in accordance with the provisions of Art. 28 GDPR, for example in the area of IT services, web hosting, e-mail hosting or printing services. They process personal data for us in accordance with our instructions.
b) Passing on within the group of companies
Transfer of data to joint companies (Franckh-Kosmos Verlags-GmbH & Co. KG) for administrative and accounting purposes ; this is done within a joint responsibility based on legitimate interests.
b) Use of non-specialist services
If it is necessary (e.g. to execute a contract), we pass on your data to banks, other payment service providers, shipping service providers, our tax consultants or lawyers.
c) Legal obligations
In addition, in certain cases we are obliged to make a report to the responsible authorities on the basis of the Money Laundering Act. In addition, we are subject to other legal obligations, such as commercial laws or tax law, in this context we must pass on certain data, for example, to tax authorities.
d) Investigation of crimes
If it is necessary to investigate a crime, we pass on data to the law enforcement authorities.
General information on Deletion Periods for personal Data
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract. In addition, we are obliged to comply with statutory storage obligations. If the data processing is based on your consent, we will delete your data after your revocation.
Transmission of personal Data to a third Country
We try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for Data Processing Agreementin accordance with Article 28 GDPR, taking into account suitable guarantees. In individual cases, we can use plugins or tools that are hosted in third countries, but we use them on the basis of our legitimate interests. In these cases, we will point out the circumstance if necessary.
Legal or contractual Obligation to provide personal Data
This website can generally be visited without providing personal data. For purchases in our online shop, it is necessary to provide personal data in order to conclude a purchase contract.
4. Legal bases for the Processing of personal Data
The legal bases for the processing of personal data are exceptions that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR. The legal bases on which we process personal data are described in the individual processing operations in this data protection declaration.
Consent given (Art. 6 para. 1 lit. a GDPR)
The Data subjects consent is a legal bases and requires that the consenting person consents in an informed manner and on a voluntary basis. Consent based on Art. 6 Para. 1 lit a GDPR can be revoked at any time without giving reasons.
Data Processing based on contractual Purposes (Art. 6 Para. 1 lit. b GDPR)
The processing of personal data for the initiation or execution of contracts is also a legal basis and is defined in Art. 6 Para. 1 lit. b GDPR.
Legal Obligation (Art. 6 Para. 1 lit. c GDPR)
The exceptional circumstances of data processing due to a legal obligation can be found in Art. 6 Para. 1 lit. c GDPR, for example we are obliged to comply with certain retention periods under commercial law and tax law.
Legitimate Interests (Art. 6 Para. 1 lit. f GDPR)
The processing of personal data on the basis of a balancing of interests pursuant to Art. 6 Para. 1 lit .
5. Your rights under the General Data Protection Regulation
Every natural person is entitled to certain rights, these are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can assert against us.
Right to revoke a given consent according to Art. 7 GDPR
You can revoke a given consent to us at any time without giving reasons with effect for the future.
Right to information according to Art. 15 GDPR (restrictions according to § 34 BDSG possible)
You have the right to request information about the data processed by you and the purposes of the processing at any time.
Right to rectification according to Art. 16 GDPR
If you find out that we are processing incorrect or incomplete data about you, you have the right to rectification.
Right to deletion according to Art. 17 GDPR (restrictions according to § 35 BDSG possible)
You have the right to request the deletion of your personal data that we process about you at any time. If complete deletion is not possible, for example because we have to fulfill legal storage obligations or we can assert legitimate interests for other reasons, we restrict your data until these reasons no longer apply.
Right to restriction of processing according to Art. 18 GDPR
You have the right to demand the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the examination, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to demand that the processing of your personal data be restricted instead of being deleted.
- If you have lodged an objection in accordance with Art. 21 (1) GDPR, your interests and ours must be weighed up. As long as it has not yet been determined whose interests prevail, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State are processed.
Right to data portability according to Art. 20 GDPR
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done to the extent that it is technically feasible.
Right to object to certain processing operations and direct advertising in accordance with Article 21 GDPR
If the data processing is based on Article 6 Paragraph 1 lit. e or f GDPR, you have the right at any time, for reasons that arise from your particular situation, object to the processing of your personal data; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).
If your personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object, your personal data will then no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).
Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR in conjunction with accordance with Section 19 BDSG
In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
6. External Hosting
This website is hosted externally. The personal data collected on this website is stored on the server of the host. This can include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.
External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para. 1 lit. f GDPR). If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit . B. Device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Our host(s) will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
Service provider used
dogado GmbH
Antonio-Segni-Straße 11
D-44263 Dortmund
Data Processing Agreement
We have concluded an Data Processing Agreementcontract (AVV) with our hosting service provider. Personal data will only be processed according to our instructions and in compliance with the GDPR. The subcontractor Amazon Web Services is also subject to these instructions.
7. Automatic Server Log Files
Our web server automatically logs all accesses and thus also the IP addresses of the visitors. This serves to ward off attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).
- In addition to the IP address, the server log usually records other metadata about the session; you can find this data below.
- Date and time of retrieval
- Information about the browser type and version browser used
- Information about the operating system used
- device (client)
- Referrer URL (which page you used to land on our website)
- Hyperlinks accessed
We only process this data for the purposes mentioned above. We delete server log files after three months at the latest.
8. Use of Cookies
Our website uses so-called "cookies". Cookies are small data packages and do not damage your end device. They are stored on your end device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
You can find out which cookies and services are used on this website in this data protection declaration.
Legal basis for the use of cookies
Cookies that are required to carry out the electronic communication process, to provide certain functions you want (e.g. for the shopping basket function) or to optimize the website (e.g. cookies for measuring the web audience). (necessary cookies) are stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is given. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies was requested, processing takes place exclusively on the basis of this consent (Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG); the consent can be revoked at any time.
The individual legal bases for the use of various tools that use cookies can be found in the respective passages in our data protection declaration.
9. Cookie settings with CCM19
This website uses CCM19's consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, website: https://CCM19s.com/de/ (hereinafter “ CCM19”).
When you enter our website, the following personal data will be transferred to CCM19:
- Your consent(s) or the revocation of your consent(s)
- your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
Furthermore, CCM19 stores a cookie in your browser in order to be able to assign you the consent you have given or its revocation. The data collected in this way will be stored until you request us to delete it, delete the CCM19 cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention requirements remain unaffected. CCM19 is
used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR. Furthermore, we have a legitimate interest in using a user-friendly and established system. The legal basis here is Art. 6 Para. 1 lit. f GDPR.
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
10. Forms, E-mail Communications, Telephone and Fax
Message via contact form
You have the option of sending us messages via the contact form. We process the data that you entered in the data entry mask. Mandatory fields are marked and must be specified. The purpose of the data processing is to process your request and, if necessary, to contact you afterwards.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.
This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried; consent can be revoked at any time.
We store the transmitted data until the purpose of data storage is achieved or you revoke your consent. Please note that the process may be subject to legal retention periods. In this case, we will restrict your data from further processing until it expires.
Communication via e-mail
If you send us an e-mail, we process your data in accordance with the content and purpose of the message. As a rule, processing takes place on the basis of pre-contractual measures or as part of the implementation of a contractual relationship on the basis of Art. 6 Para. 1 lit. b GDPR and Art. 6 Para. 1 lit. f GDPR. It is in our legitimate interest to process your request quickly and efficiently.
Insofar as it is a product or service-related message, we usually process your data on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. b GDPR.
Please note that we store all incoming e-mails for a period of ten years in accordance with the principles of proper accounting, starting on the first day of the following year in which the message was received. If you ask us to delete the data, we will from now on restrict your data from being processed and only store it for the purpose of complying with retention periods in our legitimate interest.
Communication by telephone or fax
Even if you contact us by telephone or fax, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and/or in our legitimate interest, analogous to contacting us via email. Mail.
We do not record the content of the conversation, but we may take notes to process your request. This will be stored until the purpose of the data processing has been achieved and we no longer have a legitimate interest in the processing. If necessary, the content of the conversation is stored anonymously for statistical purposes. Of course, you can request deletion at any time.
11. Online Store
Registering a customer account/user account
You have the option of creating a user account. This enables you to have extended functionality, but is not absolutely necessary. In the registration process you will be asked to enter various data, some of these fields are mandatory and marked accordingly.
With a user account, you can log in to the site with a username and password. Passwords are always stored in encrypted form.
Legal basis for creating a customer account / user account
You are free to create a user account. The processing of the data entered during registration takes place on the one hand for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 Para. 1 lit. b DSGVO).
On the other hand, your data will be processed for this purpose based on your consent (Art. 6 Para. 1 lit. a GDPR). Of course, you can revoke your consent at any time with future effect and ask us to delete your user account.
Deletion of a user account/customer account
Your data will be stored for as long as you maintain your user account on our site. You can ask us to delete your customer account at any time or – if currently available as a function in our shop – delete your account yourself.
Please note that deleting your customer account does not necessarily lead to the deletion of all personal data. For example, if you have made a purchase in our shop, the statutory retention periods must be adhered to. In this case, the retention period is usually 10 years (§147 AO / §257 HGB / §14b UstG).
Data processing when purchasing in our shop
We collect your personal data to process the purchase contract, usually this is
- your name
- Your Address
- Your email address
- If applicable, telephone number
- Address and, if applicable, delivery address
- customer number
- Order number
- order date
- Purchased Products
- amount in Euro
- payment method
- payment details
The collection takes place on the basis of Article 6 Paragraph 1 Letter b GDPR to fulfill a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
We are obliged to comply with legal retention periods (legal basis legal obligation according to Art. 6 Para. 1 lit. c DSGVO), these amount to 10 years according to §257 Para. 1 HGB and §147 Para. 2 AO (legal basis), starting with the year which follows the legal transaction.
You do not necessarily have to register a user account to make a purchase in our shop and you can place a guest order.
Processing of existing customer data for direct marketing purposes
In addition, we reserve the right to use your personal data for direct advertising by e-mail or post, provided you do not object or have objected to the use. The legal basis is Art. 6 Para. 1 lit. f GDPR in conjunction with Section 7 (3) UWG. See "Direct Marketing" for more information.
Transmission to other data recipients for the purchase process
We only transmit your personal data to third parties if this is necessary in the context of contract processing. When purchasing in our shop, this is done for the disposition, preparation and dispatch of your order. Your name and address data will be transmitted, the legal basis is Article 6 Paragraph 1 Letter b GDPR and Article 6 Paragraph 1 Letter f GDPR in terms of our legitimate interest in using professional service providers.
Disclosure of personal data to affiliated companies
Within the framework of administrative and accounting purposes, we are supported by affiliated companies of the Franckh Media Group. In this context, we pass on personal data to Franckh-Kosmos Verlags-GmbH & Co. KG, Pfitzerstr. 5-7, 70184 Stuttgart, continue. The transfer takes place within the framework of joint responsibility according to Art. 26 DSGVO. The legal basis is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
Shipping Service Providers
As a rule, orders are shipped via the following shipping services:
- DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn sowie die
- Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn
- DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg
Shipping by freight forwarder is carried out by the following service providers:
- DACHSER SE Head Office Thomas-Dachser-Str. 2 87439 Kempten
Information about our Payment Services
We integrate payment services from third party companies on our website. If you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contract and data protection provisions of the respective provider apply to these transactions. The payment service providers are used on the basis of Art. 6 Para. 1 lit. b GDPR (contractual processing) and in the interest of a payment process that is as smooth, convenient and secure as possible (Art. 6 Para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 Para. 1 lit. a GDPR is the legal basis for data processing; Consent can be revoked at any time for the future.
Payment methods without third party involvement
Advance Payment / Bank Transfer
With this payment method, you transfer the amount for contract processing to the current account specified by us. When paying in advance, the service provider PayPal is not involved.
Payment Methods offered by third Parties
Integration of payment services via PayPal
We have integrated various payment methods via the provider PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). Unzer's privacy policy can be found at https://www.paypal.com/webapps/mpp/ua/privacy-full.
Your personal data will be transmitted and processed to PayPal and its partner companies for the purpose of processing payments based on Art. 6 Para. 1 lit. b GDPR, accounting processing and, if necessary, refinancing.
The use of PayPal is also based on our legitimate interests (Art. 6 Para. 1 lit. f GDPR) in using a secure payment service.
Credit checks for insecure payment methods
The service provider PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") carries out a risk and credit assessment for insecure payment methods. The credit report can contain probability values (so-called score values). For this purpose, the data entered during the order (e.g. name, address, invoice amount, bank details) are forwarded to publicly accessible databases and credit information agencies via PayPal via queries and requests for information. Information and, if necessary, credit reports based on statistical methods can be requested from the following providers in particular. The probability of a payment default is determined on the basis of this data. If there is an excessive risk of non-payment, the relevant payment method can be refused.
The credit check is carried out on the basis of contract fulfillment (Art. 6 Para. 1 lit. b GDPR) and to avoid payment defaults (legitimate interest according to Art. 6 Para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 Para. 1 lit. DSGVO); the consent can be revoked at any time.
You can object to this processing of your data at any time by sending a message to the person responsible for data processing or to Unzer. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
Payment via PayPal
The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Details can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Payment by Mastercard via PayPal
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard"). Mastercard may transfer data to its parent company in the United States. Data transmission to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
VISA Card via PayPal
The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, Great Britain (hereinafter "VISA"). Great Britain is regarded as a safe third country under data protection law. This means that Great Britain has a data protection level that corresponds to the data protection level in the European Union. VISA may transfer data to its parent company in the United States. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/bedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-status-questions-fur-den-ewr.html. For more information, see VISA's privacy policy: https://www.visa.de/bedingungen/visa-privacy-center.html.
Purchase on account via PayPal
If the payment method purchase on account is selected, personal data and data on the order (such as shopping cart, invoice amount, order history, payment history) are transmitted to Unzer for the purpose of a credit check and payment processing.
12. Direct Marketing and Newsletter
Direct marketing to existing Customers in the legitimate Interest
We reserve the right to use the data collected as part of a purchase contract or service contract for direct advertising by e-mail or post in accordance with Section 7 (3) UWG if the customer does not or has not objected to this use. Direct advertising exclusively includes offers for similar products or services to the products or services already purchased from us by the user. We use your data for up to five years after the last purchase for direct marketing purposes in the legitimate interest.
We have a legitimate economic interest (Art. 6 Para. 1 lit. f GDPR) in informing our customers about new products and improving our services. Of course, you can object to receiving direct markteing emails at any time. Address your objection to the above-mentioned responsible body. In every newsletter you will find a link with which you can object to receiving the newsletter.
Postal advertising to existing Customers in the legitimate Interest
We reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. to send interesting offers and information about our products by post. This serves to safeguard our overriding legitimate interests in advertising to our customers in accordance with Art. 6 Para. 1 lit. f GDPR.
The advertising mailings are provided by a service provider as part of processing on our behalf, to whom we pass on your data for this purpose.
Of course, you can object to receiving direct mail by email at any time. Address your objection to the above-mentioned responsible body.
Direct marketing based on your Consent
You have the option of giving your consent to receive direct marketing content (our newsletter), the legal basis is Art. 6 Para. 1 lit. a GDPR. To ensure that the e-mail address you provide is correct, we use the so-called double opt-in procedure. If the double opt-in procedure is not available due to temporary technical reasons, we will send you an email to which you can reply without text to confirm your identity.
Revocation
You can revoke your consent at any time with effect for the future. You will find a “unsubscribe” link in every newsletter. Alternatively, please address your objection to the responsible body.
We process your data for the purpose of sending our email newsletters until you withdraw your consent. The processing takes place as described until you revoke your consent.
13. Information for Applicants
If you apply to us, whether for an advertised position or on your own initiative, we process your data to carry out the selection process. It is irrelevant to us whether you apply by post, email or, if available for the position in question, using the online form.
In principle, as part of an application process, we only process the data that you have provided to us yourself. The use of additional sources may only be considered after information and consultation with you. For example, whether we can contact a former employer.
The legal basis for carrying out an application process is Section 26 BDSG in conjunction with Article 6 Paragraph 1 Letter b GDPR (initiation of an employment contract). Insofar as you give us your consent to the longer-term storage of your data, this takes place on the legal basis of Art. 6 Para. 1 lit. a GDPR.
Deletion periods of applicant data
We delete applicant data a maximum of 4 months after completion of the application process (when a candidate has been selected and all applicants have been informed of the outcome). In principle, the purpose of the data processing no longer exists at the end of the selection process, but we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in being able to defend ourselves against any claims by rejected applicants. If you have the impression that your interests in immediate deletion outweigh your interests, you have the option of requesting us to do so. We will then examine your request and give you feedback.
After the above period has expired, your data will be deleted, unless we have to defend ourselves, for example, in ongoing proceedings, for example due to a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the process has been completed, unless there are no statutory retention periods.
If we are allowed to store your data for a longer period on the basis of your consent, we will delete your data if you ask us to do so and withdraw your consent. If necessary, we will also delete your data before revoking your consent if it is clear that no position will be available.
Inclusion in our pool of applicants
If we cannot offer you a position at the current time, we may ask for your consent to the further storage of your data. This serves the purpose of offering you a suitable position at a later date. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 Para. 1 lit. a GDPR). Of course, you can revoke your consent at any time with effect for the future. If you do not revoke your consent yourself within a period of two years, we will then delete your data from our pool of applicants at the latest.
14. Analysis Tools, Tracking and Advertising
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that we can use to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not save any cookies and does not carry out any independent analyses. It is only used for the administration and display of the tools integrated via it. However, the Google Tag Manager records your IP address, which can also be transmitted to Google's parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on its website. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para B. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Google Analytics
We use the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables us to analyze the behavior of website visitors. The website operator receives various usage data, such as B. Page views, length of stay, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.
Furthermore, we can use Google Analytics to record your mouse and scrolling movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the recorded data sets and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the user to be recognized for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Google signals
We use Google signals. When you visit our website, Google Analytics records, among other things, your location, search history and YouTube history as well as demographic data (visitor data). This data can be used for personalized advertising with the help of the Google signal. If you have a Google account, the Google signal visitor data will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymous statistics on the user behavior of our users.
Google Analytics E-Commerce Measurement
We use the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, we can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing a product to purchasing it are recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.
Data Processing Agreement
We have concluded an Data Processing Agreementcontract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Ads
We use Google Ads. Google Ads is an online advertising program from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available on Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example by analyzing which search terms led to our advertisements being displayed and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/ .
Google Ads Remarketing
We use the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing we can assign people who interact with our online offering to specific target groups in order to then display interest-based advertising to them in the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have a Google account, you can object to personalized advertising using the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG. The consent can be revoked at any time.
Further information and the data protection regulations can be found in Google's data protection declaration at: https://policies.google.com/technologies/ads?hl=de.
Google Conversion Tracking
We use Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Conversion Tracking, we and Google can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.
The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG. The consent can be revoked at any time.
You can find more information on Google Conversion Tracking in Google's data protection regulations: https://policies.google.com/privacy?hl=de.
15. Plugins and Content Delivery Networks
YouTube
We embed videos from the YouTube website on our website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers will be established. The YouTube server is informed which of our pages you have visited.
Furthermore, YouTube can store various cookies on your end device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, to improve user-friendliness and to prevent attempts at fraud.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further information on how to handle user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.
16. Social Media Appearances
We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below.
Social networks such as Facebook, Twitter, etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-related processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, however, your personal data can also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both inside and outside of the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Please also note that we cannot trace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection regulations of the respective social media portals.
Legal Basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a DSGVO).
Controller and Assertion of Rights
If you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data transferability and complaints) both against us as well as the operator of the respective social media portal (e.g. vs. Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the corporate policy of the respective provider.
Storage Duration
The data collected directly by us via the social media presence will be deleted from our systems as soon as you request deletion, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your end device until you delete them. Mandatory legal provisions - especially retention periods - remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).
Social Networks in Detail
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta, the data collected is also transferred to the USA and other third countries. We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement defines which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads. Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/5669946660333381. Details on how they handle your personal data can be found in Instagram's data protection declaration: https://help.instagram.com/519522125107875.
We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. You can adjust your Twitter data protection settings independently in your user account. To do this, click on the following link and log in: https://twitter.com/personalization. Details can be found in Twitter's privacy policy: https://twitter.com/de/privacy.
Pinterest
The operator is Pinterest Inc., 1008 Brannan Street San Francisco, CA 94103-490, USA (“Pinterest”). Details on how they handle your personal data can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.
Youtube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's data protection declaration: https://policies.google.com/privacy?hl=de.
17. Participation in our Raffles
If you take part in one of our Raffles, we will process the data you provide as part of the competition for the purposes described here.
We process the personal data of the competition participants to carry out the competition. This includes checking whether a participant is eligible to participate, determining and notifying the winners and delivering the prize.
The winner will be notified in the manner specified in the competition. As a rule, winners are contacted by email, but this can vary depending on the type and design of the competition.
Purposes of data processing and legal basis
for the implementation of the competition
By accepting the terms and conditions of participation and your participation in the competition, a contractual relationship is created; accordingly, we process your data on the basis of Art. 6 Para. 1 lit. b GDPR. This includes in particular the transfer of your data to a shipping service provider for prize delivery.
Data categories required for participation in the competition are usually visible on the competition form.
Processing based on your consent
If you have consented to further processing purposes as part of the competition, we will process your personal data for these purposes based on your consent (Art. 6 Para. 1 lit. a GDPR).
Some of our competitions require your consent to the processing of your data for advertising purposes; this will be clearly highlighted on the respective competition form and communicated transparently. The types of advertising measures that are part of the consent are also indicated on the competition form. Processing for advertising purposes is based on your consent (Art. 6 Para. 1 lit. a GDPR). For this purpose, please also note the data protection information on the subject of newsletters.
You can revoke your consent at any time, address your revocation to the responsible body (the lottery organizer). The legality of the data processing operations that have already taken place remains unaffected by the revocation, as the revocation is only future-oriented.
Other recipients of your data
We never pass on your data to unauthorized third parties. It will only be passed on if this is necessary to process the competition or if you have expressly consented to the transfer.
Processors
Under certain circumstances, we work together with processors as part of our competitions. This will be announced on a case-by-case basis during the competition.
Shipping service provider
In order to deliver a prize, we will pass on your data to a shipping service provider, if necessary. In individual cases, these can be, for example, DHL, TNT, Hermes, GLS or Deutsche Post.
Cooperation partners
In some cases we work with cooperation partners as part of competitions; this is clearly stated in the respective competition. In some cases, a cooperation partner sends the prize, this is done either on the basis of an Data Processing Agreementcontract or your consent.
Provision of personal data
Please note that participation in the competition - especially for delivery of the prize - is generally only possible if you provide us with the data required to participate in the respective competition.
Transfer to unsafe third countries
We generally process your personal data within Germany, the European Union and safe third countries.
Storage period
We delete the data collected in the competition no later than four weeks after the competition has been concluded (the winner has been determined), unless explicitly stated otherwise in the respective competition.
We have to store the data of winners for 10 years due to legal retention periods according to §257 HGB and §147 AO. The period begins on the first day of the year following the competition.
If you have given us your consent for further purposes, we will process your personal data until you revoke your consent.
18. Raffles on Social Networks
We occasionally run Raffles on our social media sites that require commenting on a post or otherwise interacting with one of our social media sites to participate.
If we run a competition in a social network, we usually process the following data (unless otherwise explicitly stated in the competition):
- Public profile information including username
- Submitted comment (text & image) or other type of interaction
Purpose of data processing and legal bases
Conducting the competition
The purpose of data processing is to conduct the competition, which includes checking eligibility to participate and determining the winner or winners. The winner or winners will be notified by personal message on the respective social network and/or, if necessary, announced publicly in connection with the competition (according to the information provided about the competition).
By accepting the conditions of participation and your participation in the competition, a relationship with a contractual character comes about, so we process your data on the basis of Article 6 Paragraph 1 lit. b GDPR. In particular, this also includes the transmission of your data to a shipping service provider for the delivery of prizes.
We also usually request the following data from winners:
- Name first Name
- address
- E-mail address
The purpose of the processing is to deliver or issue the prize. It may be necessary for us to pass on the winners' data to a shipping service provider (such as Deutsche Post) so that the prize can be delivered.
In some cases, the prize can be sent by email or direct message on the respective social network, for example when it comes to vouchers.
Processing for other purposes based on your consent
If you have consented to further processing purposes as part of the competition, we will process your personal data for these purposes on the basis of your consent (Art. 6 Para. 1 lit. a GDPR).
Some of our competitions require your consent to the processing of your data for advertising purposes. This will be clearly highlighted and communicated transparently on the respective competition form. The types of advertising measures that are part of the consent are also indicated on the competition form. Processing for advertising purposes is based on your consent (Art. 6 Para. 1 lit. a GDPR). For this purpose, please also note the data protection information on the subject of newsletters.
You can revoke your consent at any time, address your revocation to the responsible body (the lottery organizer). The legality of the data processing operations that have already taken place remains unaffected by the revocation, since the revocation is only forward-looking.
Other recipients of your data
We never pass on your data to unauthorized third parties. It will only be passed on if this is necessary to process the competition or if you have expressly consented to the transfer.
Processors
Under certain circumstances, we work together with processors as part of our competitions. This will be announced on a case-by-case basis during the competition.
Shipping service provider
In order to deliver a prize, we will pass on your data to a shipping service provider, if necessary. In individual cases, these can be, for example, DHL, TNT, Hermes, GLS or Deutsche Post.
Cooperation partners
In some cases we work together with cooperation partners in the context of competitions, this is clearly stated in the respective competition. In some cases, a cooperation partner sends the prize, this is done either on the basis of an Data Processing Agreementcontract or your consent.
Provision of personal data
Please note that participation in the competition - in particular for the delivery of the prize - is usually only possible if you provide us with the data required to participate in the respective competition.
Transmission to unsafe third countries
We usually process your personal data within Germany, the European Union and safe third countries.
Storage period
We delete the data collected in the competition no later than four weeks after the end of the competition (determination of the winner), unless explicitly stated otherwise in the respective competition.
We have to store the data of winners for 10 years due to legal retention periods according to §257 HGB and §147 AO. The period begins on the first day of the year following the competition.
If you have given us your consent for further purposes, we will process your personal data until you withdraw your consent.
19. Online Meetings with Microsoft Teams
We use the "Microsoft Teams" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings"). "Microsoft Teams" is a Microsoft service from Microsoft Operations Ireland Ltd., a subsidiary of the Microsoft group, which is headquartered in the USA.
Please note the following information
If you access the "Microsoft Teams" website , the provider of "Microsoft Teams" is responsible for data processing. However, calling up the website is only necessary to use "Microsoft Teams" in order to download the software for using "Microsoft Teams". You can also use "Microsoft Teams" if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the "Microsoft Teams" app. If you do not want to or cannot use the "Microsoft Teams" app, the basic functions can also be used via a browser version, which you can also find on the "Microsoft Teams" website.
Legal basis
Insofar as personal data is processed by employees of KOSMOS, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Microsoft Teams", personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary part of the use of "Microsoft Teams", Art. 6 Para. 1 lit. f ) GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of "online meetings".
Otherwise, the legal basis for data processing when conducting "online meetings" is Art. 6 (1) lit. b GDPR, insofar as the meetings are held within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Article 6 Paragraph 1 Letter f) GDPR. Here, too, we are interested in the effective implementation of "online meetings".
Scope of processing of personal data
When using "Microsoft Teams" different types of data are processed. The scope of the data also depends on what information you provide before or when you participate in an "online meeting". In order to take part in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.
User information
First name, last name, phone (optional), email address, password (if "single sign-on" is not used), profile picture (optional), department (optional) meeting metadata topic, description (optional ), subscriber IP addresses, device/hardware information
When dialing in with the telephone,
details of the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data
You may have the option of using the chat, question or survey functions in an "online meeting". In this respect, the text you enter will be processed in order to display it in the "online meeting" and, if necessary, to log it. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera on the end device are processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the " Microsoft Teams" applications. If necessary for the purposes of logging results of an online meeting, we will log the chat content. However, this will usually not be the case.
Recordings
We use "Microsoft Teams" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording is also displayed in the "Microsoft Teams" app. Recording includes MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
Meeting metadata
If you are registered as a user with "Microsoft Teams", then reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, polling function in webinars) can be stored for up to one month with "Microsoft Teams " get saved.
Automated decision-making Automated decision-making within the meaning of Art. 22 GDPR is not used.
Other recipients
The provider of "Microsoft Teams" necessarily receives knowledge of the above data, insofar as this is provided for in the context of our Data Processing Agreementcontract with "Microsoft Teams". Personal data processed in connection with participation in "online meetings" are generally not passed on to other third parties unless they are specifically intended to be passed on. Please note that content from "online meetings" as well as from face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Data processing outside the European Union
"Microsoft Teams" is a service provided by a provider headquartered in the United States. Processing of personal data may also take place in a third country. We have concluded an Data Processing Agreementcontract with the provider of "Microsoft Teams" which meets the data protection requirements.
20 . Additional Privacy Notice for Business Partners
Categories of Data and Purposes of Processing
We process personal data from our service providers and partners, which we receive directly as part of our business relationship. If we have received data from you, we will generally only process it for the purposes for which we received or collected it.
As a rule, we process the following categories of data
- Name first Name
- Address and/or company address
- Telecom Data
- E-mail address
- company
- professional function and/or position
- Bank details / other payment details
- Data on the history of the business relationship
As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or one of our employees, further personal data is generated, e.g. B. Information about contact channel, date, reason and result; (Electronic) copies of correspondence and information about participation in direct marketing measures.
On the other hand, we process personal data that we have legitimately obtained and are allowed to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).
Data processing for other purposes can only be considered if the necessary legal requirements in accordance with Art. 6 Para. 4 GDPR are in place. In this case, we will of course observe any information obligations under Art. 13 Para. 3 GDPR and Art. 14 Para. 4 GDPR.
Legal Bases According to which we process your Data
On the basis of your consent (Art. 6 Para. 1 lit. a DSGVO)
We process personal data for one or more specific purposes if you have given us your consent. If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time with effect for the future.
Data processing for the fulfillment of contracts (Art. 6 Para. 1 lit. b GDPR)
We process personal data for the fulfillment of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that is necessary to carry out pre-contractual measures, such as initiating a contract, and which are carried out at your request.
Data processing based on a legal obligation (Art. 6 Para. 1 lit. c GDPR)
Like every company, we must fulfill retention obligations and other documentation obligations; this can also affect documents with personal information. Insofar as we process data for these purposes, the processing takes place on the basis of a legal obligation.
Data processing on the basis of a balance of interests (Art. 6 Para. 1 lit. f GDPR)
If we process data on the basis of a balance of interests, you as the data subject have the right, taking into account the provisions of Article 21 GDPR, to the processing of personal data contradict. As far as the specific purpose allows, we process your data pseudonymously or anonymously.
Other Recipients of your Data
Passing on to affiliated companies within the scope of Art. 26 GDPR
We pass on data for administrative and accounting purposes within the Franck Mediengruppe group of companies to Franck-Kosmos Verlags-GmbH & Co. KG, Pfitzerstr. 5 - 7, 70184 Stuttgart. This transfer takes place within the framework of joint responsibility (Article 26 GDPR) based on our legitimate interests within the meaning of Article 6 Paragraph 1 lit. f GDPR.
Disclosure to processors within the framework of Art. 28 GDPR Processors
employed by us (Art. 28 GDPR), in particular in the area of IT services and, for example, printing services, who process your data for us in accordance with our instructions. If we commission service providers to fulfill our tasks, we always observe the data protection regulations, in particular, data is only passed on after contracts for Data Processing Agreementhave been concluded. We would be happy to let you know which processors we use.
Disclosure to providers of third-party specialist services
Insofar as it is necessary for the execution of the contract, legitimized by our legitimate interests or required due to legal obligations, providers of third-party specialist services process personal data for us. These are in particular tax consultants, auditors and banks.
Passing on to carry out a contractual relationship
If it is necessary to carry out the contract with you, we pass on your data to our bank for processing payments or to shipping service providers, for example.
Disclosure due to a legal obligation
If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).
Other bodies, insofar as you have given us your consent.
If you have given us your explicit consent, we will also pass on your data to other bodies. However, this is done within the limits of demonstrable consent from you.
Information on Deletion Periods of personal Data
Principle of purpose limitation and compliance with statutory retention periods
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.
In addition, like any company, we are obliged to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as there are legal storage obligations, the relevant personal data will be stored for the duration of the storage obligation. The storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch - BGB), can usually be three years, but can also be up to thirty years in certain cases. After the storage obligation has expired, it is checked whether there is a further need for processing. If it is no longer necessary, the data will be deleted.
As a rule, such retention periods in the context of legal transactions (according to §147 AO / §257 HGB / §14b UstG) are 10 years, starting with the year following the legal transaction.
Specific example
If you provide us with your contact details, for example by e-mail, telephone or by handing over your business card, we store this data on the basis of Article 6 Paragraph 1 lit. b GDPR on the basis of pre-contractual measures and in the legitimate Interest (Art. 6 Para. 1 lit. f GDPR) in smooth and targeted communication. If no legal transaction is concluded, we will delete your data if you ask us to do so or if there is no further contact within a period of three years. If you enter into a legal transaction with us (Art. 6 Para. 1 lit b GDPR), we will store your data for ten years until the commercial and tax regulations expire. After this period, we check whether we can delete the data and, if necessary, delete it.
Emails and business letters
We archive all of our email traffic for ten years. If you write us an email, your data and the entire email content will be stored for 10 years. Most e-mails count as business letters, and e-mails can also contain information relevant to tax law. In our opinion, the effort involved in checking each individual email is not proportionate to the benefit and legitimate interests of the sender. Of course, you can ask us to delete it at any time and we will carry out an individual case check and inform you of the result. This may result in erasure or restriction of processing, depending on the content of the correspondence.
Revocation of your consent
If we process your data based on your consent (Art. 6 Para. 1 lit. a GDPR), we will delete it after your revocation. Unless there are legitimate interests against complete deletion. For example, we generally store the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 Para. 1 lit. f GDPR). We only keep the consent with restriction of processing in order to be able to defend ourselves in the event of a dispute.
Legal or contractual Obligation to provide personal Data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, it is not possible for us to conclude and fulfill a contract with you.
Transmission to a third Country
We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. Transmission to a third country is only possible if you have given us your consent or we have concluded a contract for Data Processing Agreementin accordance with Article 28 GDPR, taking into account suitable guarantees or other suitable guarantees.