- Coya AG
- Ohlauer Straße 43
- 10999 Berlin
Managing Board: Thomas Münkel (Vorsitzender / CEO), Laura Kauther, Andrew Shaw
Link to our legal notice: https://coya.com/impressum_en
Contact data protection officer: firstname.lastname@example.org
Types of personal data:
- Inventory data (for example, names, addresses).
- Contact details (e.g., e-mail, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (hereinafter referred to as "users").
Purpose of processing
- Providing the online offer, its functions and contents.
- Responding to contact requests and communication with users.
- Security measures.
- Range measurement/marketing
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. "Processing" means any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data. The term goes a long way and covers practically every handling of data.
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person. "Profiling" means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Applicable legal bases
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consents is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and performance of contractual measures as well as for answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis. The legal basis for the processing required to carry out a task in the public interest or in the exercise of official authority assigned to the person responsible is Art. 6 para. 1 lit. e GDPR. The legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. The processing of data for purposes other than those for which they were collected is governed by the provisions of Art. 6 para. 4 GDPR. The processing of special categories of data (in accordance with Art. 9 para. 1 GDPR) is governed by the provisions of Art. 9 para. 2 GDPR.
We take appropriate technical and organisational measures to ensure an appropriate amount of protection against risks. This takes into account the maintaining of the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the varying probability in occurrence and severity of the risk regarding the rights and freedom of natural persons, in accordance with the applicable legal provisions.
Such measures shall in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. Furthermore, we have established procedures to ensure the exercise of rights of data subjects, deletion of data and reaction to endangerment of data. In addition, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Art. 25 GDPR).
Cooperation with processors and third parties
In the case that data is disclosed to other persons and companies (contract processors or third parties) as part of our processing, transmitted to them or access to the data is otherwise granted, this transaction shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b GDPR for contract fulfilment is necessary), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we disclose, transfer or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis in accordance with legal requirements.
Transmissions into third countries
In the case that we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or Switzerland) or if this occurs in the use of third-party services or the disclosure or transfer of data to third parties, this shall only takes place if it fulfills our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if these involve the legal requirements. This means, for example that processing is carried out on the basis of special guarantees, such as the officially recognised determination of the data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations.
Rights of data subjects
You have the right to request confirmation as to whether the data concerned is being processed and to request information about these data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 of the GDPR, you have the right to request the completion of data or the rectification of inaccurate data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that relevant data be erased immediately or alternatively demand a restriction on the processing of the data in accordance with Art. 18 GDPR.
In accordance with Art. 20 GDPR, you have the right to request the reception of the data which you have provided us with and concerning you as well as its transmission to other controllers.
In accordance with Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.
Right to withdraw
You have the right to withdraw consents granted pursuant to Art. 7 para. 3 GDPR with future effect.
Right to object
You can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.
Cookies and right of objection in direct advertising
"Cookies" are small files that are stored on the user's computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping basket in an online shop or a login status can be stored. Cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. For example, the login status can be saved when users visit it after several days. Likewise, the interests of users used for range measurement or marketing purposes may be stored in such a cookie. Third-party cookies" are cookies that are offered by providers other than the controller for servicing the online offer (otherwise, if they are only its cookies, they are referred to as "first-party cookies").
Cookies and the right of objection to direct advertising
"Cookies" are small files stored on the user's computer and which can hold different forms of data. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. Cookies are considered "permanent" or "persistent" and remain stored even after the browser is closed. For example, the login status can be saved several days after users visit a site. Likewise, cookies may store the interests of users as used for range measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller servicing the online offer (in which case they are referred to as "first-party cookies").
We may use temporary and permanent cookies and clarify this within the framework of our data protection declaration. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Erasure of data
We ask you to inform yourself regularly about the contents of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Order processing and customer account ("Dashboard")
We process our customers' data in the course of ordering our insurance products in order to enable them to select and order the selected products and services, as well as their payment and delivery or execution. The processed data includes inventory data, communication data, contract data, payment data of our customers. The processing takes place for the purpose of providing contractual services within the scope of our online offer, billing and customer service. We use session cookies for the storage of the data and permanent cookies for the storage of the login status. The processing is carried out to fulfil our services and to carry out contractual measures (e.g. execution of order transactions) and to the extent required by law (e.g. legally required archiving of business transactions for commercial and tax purposes). Users must create a user account ("dashboard") in which they can, in particular, view and, in some cases, change their data, documents, information and products. During the registration process, the required information will be communicated to the users. Customer accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to its storage is necessary for commercial or tax reasons. Information remains in the customer account until it is deleted with subsequent archiving in the event of a legal obligation or our legitimate interests (e.g. in the event of legal disputes). It is up to the users to save their data before the end of the contract if they have given notice of termination.
When registering, re-registering and using our online services, we store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests as well as the user's protection against misuse and other unauthorized use. A passing on of this data to third parties does not take place in principle, unless it is necessary to pursue our legal claims as a legitimate interest or there is a legal obligation to do so. The data will be deleted upon expiry of statutory warranty and other contractual rights or obligations (e.g. payment claims or performance obligations arising from contracts with customers), whereby the necessity of storing the data is checked every three years; in the case of storage due to statutory archiving obligations, the data will be deleted insofar after their expiry.
External payment service providers
We use external payment service providers through whose platforms users and we can make payment transactions (currently Stripe (https://stripe.com/de/privacy). As part of the fulfilment of contracts, we suspend the payment service providers on the basis of Art. 6 para. 1 lit. b. GDPR. Furthermore, we employ external payment service providers on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR to provide our users with effective and secure payment options. The data processed by the payment service providers includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, totals and recipient information. This information is required to execute the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card related information, but only information with confirmation or negative information about the payment. The data may be transferred by the payment service providers to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. For this we refer to the terms and conditions and data protection information of the payment service providers. For payment transactions, the terms and conditions and the data protection information of the respective payment service providers, which can be accessed within the respective websites or transaction apps, apply. We refer to these also for the purpose of further information and assertion of rights of revocation, information and other interested parties.
Participation in Affiliate Partner Programs
Within our online offer, we use customary tracking measures on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer) pursuant to Art. 6 Para. 1 lit. f DSGVO, insofar as these are necessary for the operation of the affiliate system. In the following we inform the users about the technical background.
The services offered by our contractual partners can also be advertised and linked on other websites (so-called affiliate links or after-buy systems if, for example, links or services of third parties are offered after a contract is concluded). The operators of the respective websites receive a commission if users follow the affiliate links and then take advantage of the offers.
In summary, our online offering requires us to be able to track whether users who are interested in affiliate links and/or the offers available from us subsequently perceive the offers at the instigation of the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented by certain values that can be set as part of the link or otherwise, e.g. in a cookie. The values include in particular the source website (referrer), time, an online identification of the operator of the website on which the affiliate link was located, an online identification of the respective offer, an online identification of the user, as well as tracking specific values such as advertising material ID, partner ID and categorizations.
The online identifiers of the users used by us are pseudonymous values. This means that the online identifiers themselves do not contain any personal data such as names or e-mail addresses. They only help us to determine whether the same user who clicked on an affiliate link or was interested in an offer via our online offer has taken up the offer, i.e. concluded a contract with the provider, for example. However, the online identifier is personal to the extent that the partner company and we have the online identifier together with other user data. This is the only way the partner company can tell us whether the user has taken up the offer and we can, for example, pay out the bonus.
The affiliate systems we use include in particular: financeAds GmbH & Co. KG, Karlstrasse 9, 90403 Nuremberg, Germany
Data protection information in the application process
Applicant data is solely processed for the purpose and in the context of the application procedure in accordance with the legal requirements. We process the applicant’s data in order to fulfil our (pre)contractual obligations in the context of the application procedure as stated in Art. 6 para. 1 lit. b. GDPR and Art. 6 para. 1 lit. f. GDPR if data processing becomes necessary for us, e.g. within the framework of legal procedures (in Germany § 26 BDSG additionally applies).
Insofar as special categories of personal data as stated in Art. 9 para. 1 GDPR are voluntarily communicated within the scope of the application procedure, they are additionally processed in accordance with Art. 9 para. 2 lit. b. GDPR (e.g. health data, e.g. severely disabled status or ethnic origin). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants during the application procedure, they are additionally processed in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data, if these are required for the exercise of the profession). If made available, applicants can send us their applications via an online form on our website. The data is encrypted and transmitted to us according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We cannot therefore accept any responsibility for the transmission of the application between the sender and receipt on our server and therefore recommend that you use an online form or the postal dispatch. Instead of using the online application form and e-mail, applicants can still send us their application by post. If the application is successful, the data provided by the applicants can be further processed by us for the purpose of employment. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.
The erasure will take place after a period of six months and is subject to a justified withdrawal by the applicant, so that we can answer any follow-up questions to the application and meet our obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
As part of the application, we offer applicants the opportunity to be included in our "talent pool" for a period of two years on the basis of consent within the meaning of Art. 6 para.1 lit, b and Art. 7 GDPR. The application documents in the talent pool will only be processed in the context of future job advertisements and the search for employees and will be destroyed at the latest on expiry of the deadline. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application procedure and they can withdraw this consent at any time for the future and declare their objection within the meaning of Art. 21 GDPR.
When contacting us (e.g. via contact form, e-mail, telephone or social media), the user's details are processed for processing the contact enquiry and its processing in accordance with Art. 6 para. 1 lit. b. GDPR. User information can be stored in a customer relationship management system ("CRM system") or comparable request organization. When contacting us (e.g. via contact form, e-mail, telephone or social media), the user's details are processed in order to complete the contact enquiry and together with its processing in accordance with Art. 6 para. 1 lit. b. GDPR. User information can be stored in a customer relationship management system ("CRM system") or comparable request organization.
We delete the requests if they are no longer necessary. We review this requirement every two years; the statutory archiving obligations also apply. Requests that are no longer needed are deleted. We review this requirement every two years; here statutory archiving obligations also apply.
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter you agree to the receipt and the described procedures. The following information informs you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter you agree to the reception and the described procedures.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletters") only with the recipients consent or legal permission. If the content of a newsletter is specifically described as part of the registration, this is are decisive for the users’ consent. In addition, our newsletters contain information about us and our services.
Double opt-in and logging: Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. The changes to your data stored with the shipping service provider are also logged.
Credentials: To subscribe to the newsletter, simply enter your e-mail address. Optionally, we ask you to enter a name in the newsletter in order to address us personally. The dispatch of the newsletter and the performance measurement associated with it are based on the recipient's consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lit. f. GDPR in conjunction with Section 7 para. 3 UWG. The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. We are interested in the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to provide proof of consent. Cancellation/Withdrawal - You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent, through a cancelation link at the end of each newsletter. In order to prove a previously given consent, we may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them. The processing of this data is limited to the purpose of a possible defence against claims. An individual application for cancellation is possible at any time, provided that a former existence of a consent is confirmed at the same time.
Newsletter - Hubspot
The newsletter is sent by the mail service provider Hubspot, a newsletter delivery platform of the Hubspot Inc., is a company based in 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Hubspot Inc. is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active).
The newsletter service provider is used on the basis of our legitimate interests according to Art. 6 para. 1 lit. f. GDPR and an order processing contract according to Art. 28 para. 3 s. 1 GDPR .
The newsletter service provider can use the recipient's data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the newsletter service does not use the data of our newsletter recipients to write them down itself or to pass the data on to third parties.
Newsletter - measurement of success
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file, which is downloaded from our server when the newsletter is opened, or, if we use a server from a shipping service provider. During this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. The information is used for the technical improvement of the services and is based on the technical data or the target groups, their reading behaviour traced through their retrieval locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavour, nor, if used, that of the shipping service provider, to observe individual users. The evaluations simply serve the purpose to recognize the reading habits of our users and to adapt our content to them or send different content according our users interests. A separate withdrawal of the success measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled.
Hosting and email dispatch
Our hosting services serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail delivery, security services and technical maintenance services uses for the purpose of operating this online offer. We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer according to Art. 6 para. 1 lit. f GDPR in conjunction with. Art. 28 GDPR (conclusion of commissioned data processing contract).
Google is certified under the Privacy Shield Agreement and thereby offers a guarantee of compliance with European privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on the activities within this online service and to provide us with other services associated with the use of this online service and the Internet. Pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The personal data of the users will be deleted or anonymized after 14 months.
Google Universal Analytics
We use Google Analytics in the form of "universal analytics". "Universal Analytics" refers to a Google Analytics process in which user analysis is performed on the basis of a pseudonymous user ID, thereby creating a pseudonymous profile of the user with information from the use of various devices (so-called "cross-device tracking").
Target group formation with Google Analytics
We use Google Analytics to display ads placed by Google and its partners within our advertising services only to users who have shown an interest in our online services or who have specific characteristics (e.g. interests in specific topics or products determined on the basis of the websites visited) that we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our ads match the potential interest of users.
Google AdWords and Conversion-measurement
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we make use of Hotjar, a web analytics tool provided by Hotjar Ltd (Level 2, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe), to record randomly selected, individual visits (only with an anonymous IP address). This creates a log of mouse movements and clicks with the intention of randomly displaying individual website visits and deriving potential improvements for the website. In addition we use Hotjar in order to obtain user feedback for improving customer experience. The data which is collected by Hotjar is by default not visible for and will not be disclosed by us.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
Hubspot- online marketing analysis / customer communication
Besides for newsletters as outlined above, on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we make use of the tool Hubspot from Hubspot Inc. also for online marketing analysis and customer communication. Among other, this includes content management, e-mail marketing, reporting (traffic sources, accesses,...), contact management, landing page tracking.
Hubspot Inc., is a company based in 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Hubspot Inc. is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active).
Facebook-Pixel, Custom Audiences, Lead Ads and Facebook-Conversion
Due to our legitimate interests in the analysis, optimisation and economic operation of our online offer and for these purposes the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used within our online offer.
We use Facebook Lead Ads to obtain contact information from potential customers who sign up via Facebook to receive information about our products or our company. Amongst others the following information is collected: Full name, email address, mobile number, postal code as well as the product for which information is requested. We use the information about your name to contact you personally, your email address as well as the further data to send you the requested information.
Online presence in social media
We would like to point out that user data can be processed outside the European Union. This can pose risks for users because, for example, the enforcement of users' rights could be made more difficult. With regard to US providers certified under the Privacy Shield, we would like to point out that they commit themselves to comply with EU data protection standards. Furthermore, user data is usually processed for market research and advertising purposes. Thus, for example, user profiles can be created from the user behavior and the resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to these). The processing of users' personal data is carried out on the basis of our legitimate interests in effective user information and communication with users pursuant to Art. 6 para. 1 lit. f. GDPR. If the users are asked by the respective providers for consent to data processing (i.e. to give their consent e.g. by ticking a checkbox or confirming a button), the legal basis of processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the information provided by the providers linked below. Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.
Integration of third-party services and content
Based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, such as to include videos or fonts (collectively referred to as "content"). This always presupposes that the third party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as be linked to such information from other sources.
Using Facebook Social Plugins
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Facebook. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). When a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offer. The processed data can be used to create user profiles. We therefore have no influence on the amount of data Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge. By integrating the plugins, Facebook receives information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of users' privacy, can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/. If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his membership data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. Twitter Functions and contents of the Twitter service, offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within
On the basis of our legitimate interests (i.e. interest in the analysis of our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we make use of some services from LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland) as described below. We use the site-wide Insight Tag on all our website pages to record actions taken by members reaching a specific URL and also the event-specific pixel to track conversions without an associated URL. The LinkedIn Insight Tag enables the collection of data regarding members’ visits to your website, including the URL, referrer, IP address, device and browser characteristics, timestamp, and page views. This data is encrypted, then de-identified within seven days, and then de-identified data is deleted within 90 days. LinkedIn does not share the personal data with us, it only provides aggregated reports about the website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling us to show personalized ads off the website by using this data, but without identifying the member.
We use the services of OptioPay (Global Payment Processing AG, An den Treptowers 1, 12435 Berlin) on the basis of our legitimate interest for the attraction of customers or customer loyalty. OptioPay offers the establishment and execution of voucher programs as a service. OptioPay will receive your name and email address so that OptioPay can send you the voucher codes. OptioPay is a processor commissioned by us and is subject to the same data protection regulations which apply to us. For more information about OptioPay's usage and privacy policies for the services offered by OptioPay, please visit: https://www.optiopay.com/de/privacy-policy/
We use the services of Outbrain UK Limited, London, UK (www.outbrain.com). This use is based on our legitimate interests in the economic operation of our online service (as defined in Art. 6 para. 1 lit. f. DSGVO).
Using the UUID, Outbrain catalogs and analyzes the content the UUID consumes on partner sites to recommend additional relevant content for that particular UUID.
The data collected by Outbrain is also data:
- - User Agent Data: Device type (e.g., iPhone), browser type (e.g., chrome), operating system (e.g., iOS);
- - the pages visited;
- - the time of the visit; and
- - referring URLs and other information normally transmitted in HTTP requests.
Within our online offer we use a pixel ("outbrain pixel") of Outbrain UK Limited, London, UK (www.outbrain.com) due to our justified interests in analysis and optimization of our online offer (in terms of Art. 6 para. 1 lit. f. DSGVO). The purpose of the outbrain pixel is to provide analysis related to our campaigns (ads) and advanced targeting capabilities. The pixel captures what Outbrain UUID (unique user ID) has interacted with pages on which the pixels are installed, the relevant timestamp, the referring source, and the fact that a conversion has taken place. The pixel only tracks activity on an anonymous basis. The pixel does not track or collect any personal data. If the Outbrain pixel is implemented and you visit our website, the Outbrain pixel determines if you have an Outbrain UUID. If this is the case, Outbrain will give us the total number of UUIDs that have reached the site. We also have the possibility to retarget these UUIDs. If no UUID is detected, the outbrain pixel does not collect any information.
We have signed a joint accountability agreement with Outbrain. We or Outbrain can send these to you on request. You can exercise your rights with us as well as with Outbrain.