1. Introduction
Below we provide information about the processing of personal data when using [this service/service].
our website https://de.ingarden.com
our social media profiles.
Personal data is any data that relates to a specific natural person, e.g. their name or IP address.
1.1. Contact details
The data controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is Mühlenstraße 8a, 14167 Berlin , Germany, email: info.de@ingarden.com. We are legally represented by Christian Saitner.
1.2. Scope of data processing, processing purposes and legal bases
The scope of data processing, processing purposes, and legal bases are explained in detail below. The following are generally possible legal bases for data processing:
Article 6 paragraph 1 sentence 1 letter a GDPR serves as our legal basis for processing operations for which we obtain consent.
Article 6(1)(b) GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g., when a website visitor purchases a product from us or we perform a service for them. This legal basis also applies to processing necessary for pre-contractual measures, such as inquiries about our products or services.
Article 6 paragraph 1 sentence 1 letter c GDPR applies if we fulfill a legal obligation by processing personal data, as may be the case, for example, in tax law.
Article 6 paragraph 1 sentence 1 letter f GDPR serves as the legal basis when we can rely on legitimate interests for the processing of personal data, e.g. for cookies that are necessary for the technical operation of our website.
1.3. Data processing outside the EEA
Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed, where available (e.g. for Canada and Israel), by adequacy decisions of the EU Commission (Art. 45 para. 3 GDPR).
If no adequacy decision exists (e.g., for the USA), the legal basis for data transfer is generally, unless we provide a different indication, standard contractual clauses. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Article 46(2)(b) GDPR, they guarantee the security of data transfer. Many providers have issued additional contractual guarantees beyond the standard contractual clauses, which protect the data beyond the scope of the standard contractual clauses. These include, for example, guarantees regarding data encryption or the third party's obligation to inform data subjects if law enforcement agencies wish to access their data.
The transfer of data to third parties in the United Kingdom of Great Britain and Northern Ireland is currently based on the transitional arrangement in the Trade and Cooperation Agreement between the European Union and the United Kingdom.
1.4. Storage duration
Unless expressly stated otherwise in this privacy policy, the data we store will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted, meaning the data will be blocked and not processed for other purposes. This applies, for example, to data that we are required to retain for commercial or tax law reasons.
1.5. Rights of those affected
Data subjects have the following rights with regard to their personal data:
Right to information,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to withdraw consent at any time.
Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data.
1.6. Obligation to provide data
Customers, prospective customers, or third parties are only required to provide us with the personal data necessary for establishing, executing, and terminating a business or other relationship, or which we are legally obligated to collect. Without this data, we will generally have to refuse to enter into a contract or provide a service, or we may no longer be able to perform an existing contract or other relationship.
Mandatory fields are marked as such.
1.7. No automatic decision-making in individual cases
We generally do not use fully automated decision-making pursuant to Article 22 GDPR for establishing and maintaining a business relationship or other relationship. Should we use these procedures in individual cases, we will inform you separately, provided this is required by law.
1.8. Making contact
When you contact us, for example by email or telephone, we store the data you provide (e.g., names and email addresses) in order to answer your questions. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries addressed to us. We delete the data collected in this context once storage is no longer necessary, or restrict processing if there are statutory retention obligations.
1.9. Competitions
Occasionally, we offer prize draws via our website or other means. We process the data requested in these draws to determine and notify the winners. Afterwards, we delete the data. We may also offer prize draws exclusively to existing customers. In this case, we only process the name to determine the winners and the contact details to notify them. It is in our legitimate interest to offer prize draws for customer acquisition or to interact with our existing customers. The legal basis for this data processing is Article 6(1)(f) GDPR.
1.10. Customer surveys
From time to time, we conduct customer surveys to better understand our customers and their needs. We collect the data requested in each survey. It is in our legitimate interest to better understand our customers and their needs, so the legal basis for the associated data processing is Article 6(1)(f) GDPR. We delete the data once the survey results have been evaluated.
2. Newsletter
We reserve the right to inform customers who have already used our services or purchased goods from us about our offers from time to time via email or other electronic means, unless they have objected to this. The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in direct marketing (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time without additional costs, for example, via the link at the end of each email or by sending an email to our email address provided above.
Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration solely for sending the newsletter. Registration is completed by selecting the corresponding field on our website, by ticking the corresponding box in a paper document, or by any other unambiguous action, thereby indicating the interested party's consent to the processing of their data. The legal basis for this processing is Article 6(1)(a) of the GDPR. Consent can be withdrawn at any time, for example, by clicking the corresponding link in the newsletter or by contacting us at the email address provided above. Data processing prior to withdrawal remains lawful even after withdrawal.
Based on the consent of the recipients (Art. 6 para. 1 sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients.
We send newsletters using the Klaviyo tool from Klaviyo, Inc., 125 Summer St, Floor 6 , Boston, MA 02111 USA (Klaviyo) (Privacy Policy: https://www.klaviyo.com/legal/dpa ). The provider processes content, usage, meta/communication data and contact data in the USA.
3. Data processing on our website
3.1. Informational use of the website
When you use our website for informational purposes only, i.e., when visitors do not separately provide us with information, we collect the personal data that your browser transmits to our server in order to ensure the stability and security of our website. This constitutes our legitimate interest, and the legal basis for this processing is Article 6(1)(f) GDPR.
This data is:
IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request originates
browser
Operating system and its interface
Language and version of the browser software.
This data is also stored in log files. It is deleted when its storage is no longer necessary, at the latest after 14 days.
3.2. Web hosting and provision of the website
Our website is hosted by Shopify International Limited, Victoria Buildings, 2nd Floor , 1-2 Haddington Road , Dublin 4, D04 XN32, Ireland (Privacy Policy: https://www.shopify.de/legal/datenschutz ). The provider processes personal data transmitted via the website, such as content, usage, meta/communication data, and contact information. Providing a website is in our legitimate interest, so the legal basis for this data processing is Article 6(1)(f) GDPR.
We use a content delivery network to help us provide our website. The provider is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA (Privacy Policy: https://aws.amazon.com/de/privacy/?nc1=f_pr). The provider processes personal data transmitted via the website, such as content, usage, meta/communication data, and contact information. Providing a website is in our legitimate interest, so the legal basis for this data processing is Article 6(1)(f) GDPR.
3.3. Contact form
When you contact us via the contact form on our website, we store the data requested there and the content of the message.
The legal basis for this processing is our legitimate interest in responding to inquiries addressed to us. Therefore, the legal basis for this processing is Article 6(1)(f) GDPR.
We delete the data collected in this context once storage is no longer necessary, or restrict processing if there are legal retention obligations.
3.4. Job advertisements
We publish job openings within our company on our website, on pages linked to the website, or on third-party websites.
The data provided during the application process is processed for the purpose of carrying out the application procedure. Insofar as this data is necessary for our decision to establish an employment relationship, the legal basis is Article 88 Paragraph 1 GDPR in conjunction with Section 26 Paragraph 1 BDSG (German Federal Data Protection Act). We have marked or indicated the data required for the application procedure accordingly. If applicants do not provide this data, we cannot process their application.
Providing further information is voluntary and not required for an application. If applicants provide additional information, this is based on their consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
We ask applicants to refrain from including information about political opinions, religious beliefs, and similarly sensitive data in their CV and cover letter. This information is not required for an application. If applicants nevertheless include such information, we cannot prevent its processing within the context of processing the CV or cover letter. In this case, such processing is based on the applicant's consent (Art. 9 para. 2 lit. a GDPR).
Finally, we process applicants' data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Article 6(1)(a) GDPR.
We pass on the applicants' data to the responsible employees in the human resources department, to our data processors in the field of recruiting and to other employees involved in the application process.
If we enter into an employment relationship with the applicant following the application process, we will only delete the data after the employment relationship has ended. Otherwise, we will delete the data no later than six months after an applicant has been rejected.
If applicants have given us their consent to use their data for further application processes, we will only delete their data one year after receiving the application.
3.5. Customer Area
Website visitors can create a customer account on our website. We process the data requested in this context to fulfill the respective user agreement concluded for the account, so the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
3.6. Offering of goods or services
We offer goods and services through our website. We involve service providers in the ordering and shipping process, who receive only the personal data necessary to provide their services. This data processing is carried out to fulfill the contract concluded with the respective website visitor (Art. 6 para. 1 sentence 1 lit. b GDPR).
3.7. Payment service providers
We use payment processors to process payments; these processors are themselves data controllers within the meaning of Article 4 No. 7 GDPR. Insofar as they receive data and payment information entered by us during the ordering process, we thereby fulfill the contract concluded with our customers (Article 6 Paragraph 1 Sentence 1 Letter b GDPR).
These payment processors are:
PayPal (Europe) S.à rl et Cie, SCA, Luxembourg
Braintree (Europe) S.à rl et Cie, SCA, Luxembourg
Shopify International Limited, Ireland
Amazon Payments Europe SCA, Luxembourg
Klarna Bank AB (publ)., Sweden
3.8. Third-party tools
3.8.1. Later
We use the analytics tool “Later” from Victory Square Media Inc., 88 E Pender Street, #500 Vancouver, Canada, for our social media presence to evaluate the effectiveness of our advertising measures based on user behavior (legal basis is Art. 6 (1) 1 f) GDPR). The data collected in this way is anonymous for us, meaning we do not see the personal data of individual users. The provider has concluded a data processing agreement with us and has implemented measures to ensure GDPR-compliant data processing (https://docs.later.com/en/articles/1843287-gdpr-compliance). According to a decision by the EU Commission, Canada has an adequate level of data protection.
3.8.2. Shopify
We use the Shopify platform to operate our online store. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor , 1-2 Haddington Road , Dublin 4, D04 XN32, Ireland . The provider processes metadata and communication data (e.g., device information, IP addresses) within the EU. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at https://www.shopify.de/legal/datenschutz .
3.8.3. Microsoft Advertising (Bing Ads)
We use the Microsoft Advertising tool (Bing Ads) for analysis and advertising. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The provider processes meta/communication data (e.g., device information, IP addresses) and usage data (e.g., websites visited, interest in content, access times) in the USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is [missing information]. We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.
3.8.4. Facebook Custom Audiences
We use the Facebook Custom Audiences tool for advertising. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) in the USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses (Article 46(2)(c) GDPR) adopted in accordance with the review procedure pursuant to Article 93(2) GDPR, which we have agreed upon with the provider. We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at https://www.facebook.com/policy.php.
3.8.5. Google Webfonts
We use Google Web Fonts for fonts on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is consent. Further information can be found in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
3.8. 6. Google Ads
We use the Google Ads tool for advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the review procedure pursuant to Article 93(2) GDPR (Article 46(2)(c) GDPR), which we have agreed upon with the provider. We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
3.8. 7. Google Analytics
We use Google Analytics for analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses (Article 46(2)(c) GDPR) adopted in accordance with the review procedure pursuant to Article 93(2) GDPR, which we have agreed upon with the provider. The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
3.8. 8. Google Marketing Platform
We use the Google Marketing Platform tool for analysis and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the review procedure pursuant to Article 93(2) GDPR (Article 46(2)(c) GDPR), which we have agreed upon with the provider. We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
3.8. 9. Google Tag Manager
We use the Google Tag Manager tool for analytics and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) in the USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses (Article 46(2)(c) GDPR) adopted in accordance with the review procedure pursuant to Article 93(2) GDPR, which we have agreed upon with the provider. We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
3.8.10. Facebook Pixel
We use the Facebook Pixel tool for analytics. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) in the USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses (Article 46(2)(c) GDPR) adopted in accordance with the review procedure pursuant to Article 93(2) GDPR, which we have agreed upon with the provider. The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at https://www.facebook.com/policy.php.
3.8.11. Pinterest Conversion Tracking:
Our website uses the conversion tracking technology of the social network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). This technology allows us to show our website visitors who have already shown interest in our website and our content/offers, and who are also Pinterest members, relevant advertising and offers on Pinterest. For this purpose, a so-called conversion tracking pixel from Pinterest is integrated into our pages. This pixel informs Pinterest that you have visited our website and which parts of our offerings you were interested in. For example, if you were interested in our subscriptions on our website, you may be shown an ad for our subscriptions on Pinterest. You can opt out of data collection for interest-based advertising on Pinterest at any time in your Pinterest account settings at https://www.pinterest.de/settings (under "Personalization," deactivate the "Use information from our partners to better tailor recommendations and ads on Pinterest to you" button) or at https://help.pinterest.com/de/article/personalization-and-data#info-ad (uncheck the box under "Disable personalization").
3.8.12. ausgezeichnet.org
We use a rating seal from AUBII GmbH, Alsterufer 34, 20354 Hamburg, Germany (“Ausgezeichnet.org”). The provider processes usage data (e.g., websites visited, interest in content, access times). The legal basis for this processing is Article 6(1)(f) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at https://www.ausgezeichnet.org/datenschutz/.
3.8.13. y42
We use a cloud-based data processing program to store, aggregate, and retrieve data of all kinds. The provider is Datos-Intelligence GmbH, Lohmühlenstr. 65, 12435 Berlin, Germany. The legal basis for this processing is Article 6(1)(f) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at https://www.y42.com/legal/privacy .
3.8.14. Airtable
We use a cloud-based data processing program to store, aggregate, and retrieve data of all kinds. The provider is Formagrid, Inc., 799 Market Street, 8th Floor, San Francisco, California 94103, USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses (Article 46(2)(c) GDPR) adopted in accordance with the review procedure under Article 93(2) GDPR, which we have agreed upon with the provider. The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at https://www.airtable.com/privacy .
3.8.15. Zapier
We use a tool to import email addresses from other platforms or sources for our email service providers. The provider is Zapier, Inc., 548 Market St #62411, San Francisco, California 94104, USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses (Article 46(2)(c) GDPR) adopted in accordance with the review procedure pursuant to Article 93(2) GDPR, which we have agreed upon with the provider. The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at https://zapier.com/privacy .
3.8.16. Google BigQuery
We use a multi-cloud-based data warehouse to store our y42 data . The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g., websites visited, interest in content, access times) in the USA. The legal basis for this processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses (Article 46(2)(c) GDPR), which we have agreed upon with the provider and which were adopted in accordance with the review procedure pursuant to Article 93(2) GDPR. We delete the data when the purpose for which it was collected no longer applies. Further information can be found in the provider's privacy policy at https://policies.google.com/privacy .
3.8.17. front
We use the Front tool for communication with our customers. The provider is FrontApp, SARL, 15 Rue Saint-Martin, 75003 Paris, France . The legal basis for processing is Article 6(1)(a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example, by contacting us using the contact details provided in our privacy policy. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data will be deleted when the purpose for which it was collected no longer applies and there is no legal obligation to retain it. Further information can be found in the provider's privacy policy at https://front.com/privacy-policy.
3.8.18. Facebook automatic extended matching privacy policy
We have also activated Automatic Advanced Matching as part of the Facebook Pixel function. This pixel function allows us to send hashed email addresses, names, genders, cities, states, postal codes, dates of birth, and phone numbers to Facebook as additional information, provided you have given us this data. This activation allows us to tailor advertising campaigns on Facebook even more precisely to people who are interested in our services or products.
4. Data processing on social media platforms
We are present on social media networks to introduce our company and services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles based on online behavior, which are used, for example, to display advertising on the networks' pages and elsewhere on the internet that matches the users' interests. To do this, the network operators store information about usage behavior in cookies on users' computers. It is also possible that the operators combine this information with other data. Further information and instructions on how users can object to data processing by the network operators can be found in the respective operators' privacy policies listed below. It is also possible that the operators or their servers are located in non-EU countries, meaning they process data there. This may pose risks for users, for example, because enforcing their rights may be more difficult or government agencies may gain access to the data.
When users of these networks contact us via our profiles, we process the data they provide in order to answer their inquiries. This constitutes our legitimate interest, and the legal basis for this processing is Article 6(1)(f) GDPR.
4.1. Facebook
We maintain a profile on Facebook. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here: https://www.facebook.com/policy.php. You can object to data processing via your ad settings: https://www.facebook.com/settings?tab=ads.
Based on an agreement with Facebook, we are jointly responsible for processing the data of visitors to our profile in accordance with Article 26 of the GDPR. Facebook explains exactly which data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights against both us and Facebook. However, according to our agreement with Facebook, we are obligated to forward inquiries to Facebook. Therefore, data subjects will receive a faster response if they contact Facebook directly.
4.2. Instagram
We maintain a profile on Instagram. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here: https://help.instagram.com/519522125107875
4. 3. TikTok
We maintain a profile on TikTok. The operator is musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA. The privacy policy can be found here: https://www.tiktok.com/de/privacy-policy .
4. Pinterest
We maintain a profile on Pinterest. The operator is Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. The privacy policy can be found here: https://about.pinterest.com/de/privacy-policy. You can object to data processing via the ad settings: https://about.pinterest.com/de/privacy-policy.
4. 5. YouTube
We maintain a profile on YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy can be found here: https://policies.google.com/privacy?hl=de.
4. 7. LinkedIn
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE. You can object to data processing via your ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
5. Changes to this Privacy Policy
We reserve the right to amend this privacy policy with effect for the future. The current version is always available here.
6. Questions and comments
For questions or comments regarding this privacy policy, please feel free to contact us using the contact details provided above.
