DATA PROTECTION AGREEMENT

This privacy policy explains to you the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the websites, functions and content associated with it, as well as external online presences, such as our social media profile (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “processing” or “responsible person”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

person responsible

ADSI — Austrian Drug Screening Institute GmbH
Innrain 66a, 6020 Innsbruck

Phone +43 512 504-26418
Email: office (at) adsi.ac.at

Commercial register number: FN 375923 d
Commercial register court: Innsbruck Regional Court
Sales tax identification number (UID): ATU67065445

management
Professor Dr. Markus Pasterk

Types of data processed:

— Inventory data (e.g. names, addresses).
— contact details (e.g. email, telephone numbers).
— Content data (e.g. text inputs, photographs, videos).
— Usage data (e.g. websites visited, interest in content, access times).
— Meta/communication data (e.g. device information, IP addresses).

Categories of affected persons

Visitors and users of the online offer (hereinafter, we also refer to the persons concerned collectively as “users”).

Purpose of processing

— Provision of the online offer, its functions and content.
— Answering contact requests and communicating with users.
— Safety measures.
— Reach measurement/marketing

Terms used

“Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special characteristics that express the physical, physiological, genetic, mental, economic, are the cultural or social identity of that natural person.

“Processing” means any process carried out with or without the aid of automated procedures or any such series of processes in connection with personal data. The term is broad and covers virtually any handling of data.

“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.

“Profiling” means any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or changes of location.

“Responsible person” is the natural or legal person, authority, agency or other body which, alone or together with others, decides on the purposes and means of processing personal data.

“Processor” means a natural or legal person, authority, agency or other body which processes personal data on behalf of the person responsible.

Relevant legal bases

In accordance with Article 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures and answer inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our rights Interests are Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Safety measures

In accordance with Article 32 GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as access to, input, transfer, availability and separation of data. We have also set up procedures that ensure the exercise of data subject rights, deletion of data and response to data risks. Furthermore, we take the protection of personal data into account right from the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through privacy-friendly default settings (Art. 25 GDPR).

Cooperation with contract processors and third parties

If, as part of our processing, we disclose data to other persons and companies (contract processors or third parties), transfer it to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary in accordance with Art. 6 para. 1 lit. b GDPR), you have given your consent, a legal obligation to do so, or on the basis of our legitimate Interests (e.g. when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called “order processing contract,” this is done on the basis of Article 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this is done as part of the use of third-party services or disclosure or transfer of data to third parties, this is only done if it is done to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permits, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects

You have the right to request confirmation as to whether the relevant data is being processed and for information about this data as well as further information and a copy of the data in accordance with Article 15 GDPR.

They have accordingly. Art. 16 GDPR, the right to request the completion of data concerning you or the correction of incorrect data concerning you.

In accordance with Article 17 GDPR, you have the right to request that the relevant data be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with Article 18 GDPR.

You have the right to request that the data concerning you that you have provided to us be received in accordance with Article 20 GDPR and to request that it be transmitted to other responsible persons.

In accordance with Article 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.

Right of Withdrawal

You have the right to withdraw your consent in accordance with Article 7 (3) GDPR with effect for the future

Right to object

You can object to the future processing of data concerning you at any time in accordance with Article 21 GDPR. In particular, the objection may be made against processing for direct marketing purposes.

Cookies and right of objection in the case of direct advertising

“Cookies” are small files that are stored on users' computers. Various information can be stored within cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or even after their visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie can store, for example, the content of a shopping cart in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be saved if users visit it after several days. Such a cookie can also store the interests of users, which are used for audience measurement or marketing purposes. “Third party cookies” are cookies that are offered by providers other than the person responsible for operating the online offer (otherwise, if they are only their cookies, they are referred to as “first-party cookies”).

We can use temporary and permanent cookies and explain this as part of our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Saved cookies can be deleted in the browser's system settings. The exclusion of cookies may result in functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can be made on a variety of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ be explained. Cookies can also be saved by switching them off in the browser settings. Please note that you may then not be able to use all functions of this online offer.

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its purpose and the deletion does not conflict with any legal storage requirements. If the data is not deleted because it is necessary for other and legally permitted purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.

According to legal requirements in Germany, storage takes place in particular for 10 years in accordance with Sections 147 Paragraph 1 AO, 257 Paragraph 1 No. 1 and 4, Paragraph 4 HGB (books, records, accounting documents, documents relevant to taxation, etc.) and 6 years in accordance with Section 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (commercial letters).

According to legal requirements in Austria, storage is carried out in particular for 7 years in accordance with Section 132 (1 BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenditure, etc.), for 22 years in connection with land and for 10 years for documents relating to electronically provided services, telecommunications, radio and television services provided to non-contractors in EU Member States and for which the Mini one-stop shop (MOSS) is used.

Contractual services

We process the data of our contractual partners and interested parties as well as other clients, customers, clients or contract partners (uniformly referred to as “contractual partners”) in accordance with Article 6 (1) lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship.

The processed data includes the master data of our contractual partners (e.g., names and addresses), contact details (e.g. email addresses and telephone numbers) as well as contract data (e.g., services used, contract content, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).

As a matter of principle, we do not process special categories of personal data, unless these are part of commissioned or contracted processing.

We process data that is necessary to establish and fulfill the contractual services and point out the need to provide them, unless this is obvious to the contractual partners. Disclosure to external persons or companies only takes place if required as part of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and legal requirements.

When using our online services, we can save the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as the interests of users in protecting against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims in accordance with Art. 6 para. 1 lit. f. GDPR or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c. GDPR.

The data is deleted when the data is no longer required to fulfill contractual or legal duties of care and to deal with any warranty and comparable obligations, with the need to store the data being reviewed every three years; otherwise, the legal storage obligations apply.

Administration, financial accounting, office organization, contact management

We process data as part of administrative tasks, organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c DSGVO, Art. 6 para. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided for these processing activities.

In doing so, we disclose or transfer data to tax authorities, consultants, such as tax advisors or auditors, as well as other fee agencies and payment service providers.

On the basis of our business interests, we also store information about suppliers, organizers and other business partners, e.g. for the purpose of contacting you later. We generally store this mostly company-related data permanently.

Akismet anti-spam check

Our online offering uses the “Akismet” service, which is offered by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR. With the help of this service, comments made by real people are differentiated from spam comments. For this purpose, all comment information is sent to a server in the USA, where it is analyzed and stored for four days for comparison purposes. If a comment has been classified as spam, the data is stored beyond this time. This information includes the name entered, the email address, the IP address, the comment content, the referrer, information about the browser used and the computer system and the time of entry.

More detailed information on the collection and use of data by Akismet can be found in Automattic's privacy policy: https://automattic.com/privacy/.

Users are welcome to use pseudonyms or refrain from entering their name or email address. You can completely prevent the transfer of data by not using our comment system. That would be a shame, but unfortunately we don't see any other alternatives that work just as effectively.

Retrieve emojis and smilies

Within our WordPress blog, graphical emojis (or smilies), i.e. small graphic files that express feelings, are used, which are obtained from external servers. Here, the providers of the servers collect the IP addresses of the users. This is necessary so that the emoji files can be transmitted to users' browsers. The emoji service is offered by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Automattic's privacy policy: https://automattic.com/privacy/. The server domains used are s.w.org and twemoji.maxcdn.com, which, to our knowledge, are so-called content delivery networks, i.e. servers that only serve to transfer files quickly and securely and delete users' personal data after transmission.

The use of emojis is based on our legitimate interests, i.e. interest in an attractive design of our online offering in accordance with Art. 6 para. 1 lit. f. GDPR.

contacting

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user's information is processed to process the contact request and to process it in accordance with Art. 6 para. 1 lit. b. (within the framework of contract/pre-contractual relationships), Art. 6 para. 1 lit. f. (other inquiries) GDPR. User information can be stored in a customer relationship management system (“CRM system”) or comparable request organization.

We delete the requests if they are no longer required. We review the requirement every two years; the legal archiving obligations also apply.

Hosting and email delivery

The hosting services we use are intended to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services that we use for the purpose of operating this online offer.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of order processing agreement).

Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The tag manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users' personal data, reference is made to the following information about Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

We use Google Analytics, a web analysis service provided by Google LLC (“Google”), on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) lit. f. GDPR). Google uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status;=Active).

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on activities within this online offer and to provide us with other services related to the use of this online offer and Internet usage. Pseudonymous user profiles of users can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of users is abbreviated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there.

The IP address transmitted by the user's browser is not combined with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Users' personal data will be deleted or anonymized after 14 months.

Google Universal Analytics

We use Google Analytics in the form of”Universal analytics“one. “Universal Analytics” means a Google Analytics process in which user analysis is based on a pseudonymous user ID and a pseudonymous user profile is thus created with information from the use of various devices (so-called “cross-device tracking”).

Target group building with Google Analytics

We use Google Analytics to display ads placed within Google and its partners advertising services only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in specific topics or products, which are determined on the basis of the websites visited), which we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of Remarketing Audiences, we also want to ensure that our ads meet the potential interest of users.

Google Adsense with personalized ads

We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR).

Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status;=Active).

We use the AdSense service, which helps display ads on our website and we receive remuneration for their display or other use. Usage data, such as clicking on an ad and the user's IP address, is processed for these purposes, with the IP address being abbreviated by the last two digits. User data is therefore processed pseudonymized.

We use Adsense with personalized ads. Google draws conclusions about their interests based on the websites visited or apps used by users and the user profiles created in this way. Advertisers use this information to align their campaigns with these interests, which is beneficial to users and advertisers alike. For Google, ads are personalized when collected or known data determines or influences ad selection. This includes previous searches, activity, website visits, app usage, demographic and location information. In detail, this includes: demographic targeting, interest category targeting, remarketing, as well as targeting customer matching lists and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.

For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Google Adsense with non-personalized ads

We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR).

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status;=Active).

We use the AdSense service, which helps display ads on our website and we receive remuneration for their display or other use. Usage data, such as clicking on an ad and the user's IP address, is processed for these purposes, with the IP address being abbreviated by the last two digits. User data is therefore processed pseudonymized.

We use Adsense with non-personalized ads. The ads are not displayed based on user profiles. Non-personalized ads aren't based on previous user behavior. Targeting uses contextual information, including rough (e.g. at location level) geographical targeting based on current location, content on the current website or app, and current search terms. Google prevents any personalized targeting, including demographic targeting and targeting based on user lists.

For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Google AdWords and conversion measurement

We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR).

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status;=Active).

We use the Google “AdWords” online marketing process to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offering in a more targeted manner in order to only present users with ads that potentially match their interests. For example, if a user is shown ads for products that they have shown interest in on other online offerings, this is referred to as “remarketing.” For these purposes, when you visit our and other websites on which the Google advertising network is active, Google directly executes a code from Google and integrates so-called (re) marketing tags (invisible graphics or code, also known as “web beacons”) into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, which content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and further information on the use of the online offer.

We also receive an individual “conversion cookie”. The information collected using the cookie is used by Google to generate conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.

User data is processed pseudonymously as part of the Google advertising network. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. In other words, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google's servers in the USA.

For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Google DoubleClick

We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR).

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status;=Active).

We use the Google “DoubleClick” online marketing process to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). Double Click is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to display ads for and within our online offering in a more targeted manner in order to only present users with ads that potentially match their interests. For example, if a user is shown ads for products that they have shown interest in on other online offerings, this is referred to as “remarketing.” For these purposes, when you visit our and other websites on which the Google advertising network is active, Google directly executes a code from Google and integrates so-called (re) marketing tags (invisible graphics or code, also known as “web beacons”) into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, which content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and further information on the use of the online offer.

The IP address of users is also collected, which is abbreviated within member states of the European Union or in other states party to the Agreement on the European Economic Area and only in exceptional cases transmitted entirely to a Google server in the USA and abbreviated there. Google may also combine the above information with such information from other sources. If the user then visits other websites, ads tailored to him may be shown in accordance with his presumed interests on the basis of his user profile.

User data is processed pseudonymously as part of the Google advertising network. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. In other words, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users by Google marketing services is transmitted to Google and stored on Google's servers in the USA.

For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Jetpack (WordPress Stats)

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR), we use the Jetpack plugin (here the “Wordpress Stats” subfunction), which integrates a tool for statistical evaluation of visitor access, and from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website.

The information generated by the cookie about your use of this online offer is stored on a server in the USA. User profiles of users can be created from the processed data, which are only used for analysis and not for advertising purposes. For more information, please see Automattic's privacy statements: https://automattic.com/privacy/ and notes about Jetpack cookies: https://jetpack.com/support/cookies/.

Online presence on social media

We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services there.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. With regard to US providers who are certified under the Privacy Shield, we would like to point out that they are committed to complying with EU data protection standards.

Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably match the interests of users. For these purposes, cookies are usually stored on users' computers, in which the user behavior and interests of the users are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

Users' personal data is processed on the basis of our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 para. 1 lit. f. GDPR. If users are asked by the respective providers for consent to data processing (i.e. declare their consent, e.g. by ticking a check box or confirming a button), the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

For a detailed description of the respective processing and the options for objection (opt-out), we refer to the information provided by the providers linked below.

Even in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to user data and can directly take appropriate measures and provide information. Should you still need help, you can contact us.

— Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) — Privacy Policy: https://www.facebook.com/about/privacy/, Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status;=Active.

— Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) — Privacy Policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status;=Active.

— Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) — Privacy Statement/ Opt-Out: http://instagram.com/about/legal/privacy/.

— Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) — Privacy Policy: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status;=Active.

— Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) — Privacy Statement/ Opt-Out: https://about.pinterest.com/de/privacy-policy.

— LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) — Privacy Policy https://www.linkedin.com/legal/privacy-policy , Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status;=Active.

— Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) — Privacy Statement/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

— Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) — Privacy Statement/ Opt-Out: https://wakelet.com/privacy.html.

— Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany) — Privacy Statement/ Opt-Out: https://soundcloud.com/pages/privacy.

Integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in analyzing, optimizing and operating our online offering within the meaning of Article 6 (1) (f) GDPR), we use content or service offerings from third parties to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content recognize the users' IP addresses, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We make every effort to use only content whose respective providers only use the IP address to deliver the content. Third parties can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and include technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

Vimeo

We can integrate the videos from the “Vimeo” platform from the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy statement: https://vimeo.com/privacy. We would like to point out that Vimeo can use Google Analytics and refer to the privacy policy (https://www.google.com/policies/privacy) and opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or Google's settings for data use for marketing purposes (https://adssettings.google.com/).

YouTube

We integrate the videos from the “YouTube” platform from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We integrate fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Use of Facebook social plugins

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR), we use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Facebook. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status;=Active).

When a user accesses a function of this online offer that contains such a plugin, their device creates a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to the user's device and integrated by the user into the online offering. User profiles of users can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects using this plugin and therefore informs users to the best of our knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, for example by pressing the Like button or making a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible that Facebook will find out and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of data collection and further processing and use of the data by Facebook, as well as the related rights and settings options to protect the privacy of users, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his membership data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

twitter

Within our online offering, functions and content of the Twitter service offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Twitter.
If users are members of the Twitter platform, Twitter can assign the access to the above content and functions to the users' profiles there. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status;=Active). Privacy statement: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.

instagram

Within our online offering, functions and content of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Instagram. If users are members of the Instagram platform, Instagram can assign the access to the above content and functions to the users' profiles there. Instagram's privacy policy: http://instagram.com/about/legal/privacy/.

pinterest

Within our online offering, functions and content of the Pinterest service, offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Pinterest. If users are members of the Pinterest platform, Pinterest can assign the access to the above content and functions to the users' profiles there. Pinterest privacy policy: https://about.pinterest.com/de/privacy-policy.

xing

Within our online offering, functions and content of the Xing service offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Xing. If users are members of the Xing platform, Xing can assign the access to the above content and functions to the users' profiles there. Xing's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

linkedin

Within our online offering, functions and content of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within LinkedIn. If users are members of the LinkedIn platform, LinkedIn can assign the access to the above content and functions to the users' profiles there. LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status;=Active). Privacy statement: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Google+

Within our online offering, functions and content from the Google+ platform, offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Google. If users are members of the Google+ platform, Google can assign the access to the above content and functions to the users' profiles there.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status;=Active). For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Created with Datenschutz-generator.de by RA Dr. Thomas Schwenke