Privacy policy

Information obligations (according to Art. 13 and 14 DS-GVO)

As of 25 May 2018, the General Data Protection Regulation (DS-GVO) issued by the European Union is is directly applicable.

We would hereby like to inform you of the following:

Responsible for the processing of your data is:

 

senswork GmbH

Industrial Park Lindach D 3

84489 Burghausen / Germany

Telephone: +49 (0) 8677 40 99 58 0

Fax: +49 (0) 8677 40 99 58 9

E-mail: info@senswork.com

 

You can reach our data protection officer / person responsible for data protection at: datenschutz@itago.de

 

In order to process your request, we need various information from you, including personal data.

We take the protection of your data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations, and only within the scope of our legal mandate or the fulfilment of a contract or within the scope of your consent (if any).

If you do not provide the required data, you must expect that your request cannot be processed or a contract with you cannot be concluded.

Your data will be stored by the responsible body for as long as is necessary for the fulfilment of its tasks, taking into account the respective statutory retention periods.

You also have the right to information about the data stored about you (Art. 15 DSGVO). If incorrect data has been processed, you have the right to rectification (Article 16 of the GDPR). In exceptional cases, you may request the deletion or restriction of processing and object to processing (Art. 17, 18 and 21 of the GDPR). If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have the right to data portability (Art. 20 GDPR). If you wish to make use of these rights, the controller will check whether the legal requirements are met.

You can lodge a complaint with a supervisory authority at any time, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the responsible body.

For Bavaria:

A list of the supervisory authority (for the non-public sector) with address can be found at:

https://www.lda.bayern.de/media/veroeffentlichungen/flyer_baylda_organisation_de.pdf

A list of the supervisory authority (for the public sector) with address can be found at:

https://www.bfdi.bund.de

For all other federal states (except Bavaria):

A list of supervisory authorities (for the non-public sector) with address can be found at:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If you have consented to the processing of your data by making a corresponding declaration, you can revoke your consent to data processing at any time with effect for the future. This does not affect the lawfulness of the processing up to the time of the revocation. However, it may not be possible to continue processing your request.

If you would like further information on the purpose and legal basis of the data processing, possible further recipients and storage periods or criteria for deletion, you can obtain this information from the responsible office in writing or verbally.

 

Your data subject rights

You can exercise the following rights at any time using the contact details provided by our data protection officer:

- Information about your data stored by us and its processing,

- Correction of incorrect personal data,

- deletion of your data stored by us,

- Restriction of data processing if we are not yet allowed to delete your data due to legal obligations,

- objection to the processing of your data by us, and - Data portability, provided you have consented to the data processing or have concluded a contract with us.

If you have given us consent, you can revoke this at any time with effect for the future.

You can lodge a complaint with the supervisory authority responsible for you at any time. Your competent supervisory authority depends on the federal state of your residence, your work or the alleged violation. A list of the supervisory authorities (for the non-public sector) with their addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

Purposes of data processing by the data controller and third parties

We process your personal data only for the purposes stated in this privacy policy. Your personal data will not be transferred to third parties for purposes other than those stated. We will only disclose your personal data to third parties if:

- you have given your express consent to this,

- the processing is necessary for the performance of a contract with you,

- processing is necessary to comply with a legal obligation,

- the processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.

The basis for the data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Deletion or blocking of data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

Collection of general information when visiting our website

When you access our website, general information is automatically collected by means of a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and the like. This is exclusively information that does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the contents of web pages requested by you and is compulsory when using the Internet. In particular, it is processed for the following purposes:

- Ensuring a smooth connection of the website,

- Ensuring the smooth use of our website,

- evaluating system security and stability, and

- for other administrative purposes.

The processing of your personal data is based on our legitimate interest in the aforementioned purposes of data collection. We do not use your data to draw conclusions about your person. Recipients of the data are only the responsible body and, if applicable, order processors.

Anonymous information of this kind may be statistically evaluated by us in order to optimise our website and the technology behind it.

Cookies

Like many other websites, we also use so-called "cookies". Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data such as IP address, browser used, operating system and your connection to the Internet.

Cookies cannot be used to launch programs or transmit viruses to a computer. The information contained in cookies enables us to make navigation easier for you and to display our web pages correctly.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can also view our website without cookies. Internet browsers are usually set to accept cookies. In general, you can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

Use of Google Analytics

Nature and purpose of processing:

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter: "Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The purpose of the data processing is to evaluate the use of the website and to compile reports on website activities. Based on the use of the website and the internet, other related services shall then be provided.

Legal basis:

The processing of the data is based on the user's consent (Art. 6 para. 1 lit. a DSGVO).

Recipient:

The recipient of the data is Google as an order processor. For this purpose, we have concluded the corresponding order processing agreement with Google.

Storage period:

The data is deleted as soon as it is no longer required for our recording purposes.

Third country transfer:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Provision prescribed or required:

The provision of your personal data is voluntary, based solely on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of consent:

 

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: Browser Add On to deactivate Google Analytics. In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.

Profiling:

With the help of the tracking tool Google Analytics, the behaviour of visitors to the website can be evaluated and interests analysed. For this purpose, we create a pseudonymous user profile.

YouTube videos

Type and purpose of processing:

We embed YouTube videos on some of our websites. The operator of the corresponding plugins is Y-ouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter "YouTube"). When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells YouTube which pages you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account first.

If a YouTube video is started, the provider uses cookies that collect information about user behaviour.

For more information on the purpose and scope of data collection and processing by YouTube, please refer to the provider's privacy policy, where you will also find further information on your rights in this regard and settings options for protecting your privacy (https://policies.google.com/privacy). Google processes your data in the USA and has submitted to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework

Legal basis:

The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DSGVO).

Recipient:

Calling up YouTube automatically triggers a connection to Google.

Storage period and revocation of consent:

Anyone who has deactivated the storage of cookies for the Google ad programme will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in your browser.

Further information on data protection at "YouTube" can be found in the provider's data protection statement at: https://www.google.de/intl/de/policies/privacy/

Third country transfer:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Provision mandatory or required:

The provision of your personal data is voluntary, based solely on your consent. If you prevent access, this may result in functional restrictions on the website.

Google AdWords

Type and purpose of processing:

Our website uses Google conversion tracking. The company operating the Google Ad-Words services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you have accessed our website via an ad placed by Google, Google Adwords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google.

If the user visits certain pages of our website and the cookie has not yet expired, we and Google will be able to recognise that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.

Legal basis:

The legal basis for the integration of Google AdWords and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a DSGVO).

Recipients:

Whenever you visit our website, personal data, including your IP address, is transferred to Google in the USA. This personal data is stored by Google. Google may pass on this personal data collected via the technical process to third parties.

Our company does not contain any information from Google by means of which the data subject could be identified.

Storage period:

These cookies lose their validity after 30 days and are not used for personal identification.

Third country transfer:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Withdrawal of consent:

If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this purpose - for example, by using a browser setting that generally deactivates the automatic setting of cookies or by setting your browser to block cookies from the domain "googleleadservices.com".

Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. Once you have deleted all your cookies from your browser, you will need to set the relevant opt-out cookie again.

Provision mandatory or required:

The provision of your personal data is voluntary, based solely on your consent. If you prevent access, this may result in functional restrictions on the website.

Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in connection with the

functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600

Amphitheatre Parkway, Mountain View, CA 94043, USA.

This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you log in with your Google account.

To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting. You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account; follow this link: https://www.google.com/settings

/The aggregation of the collected data in your Google account is based solely on your consent, which you can give or withdraw at Google (Art. 6 para. 1 lit. a DSGVO). In the case of data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 (1) lit. f DSGVO. The legitimate interest results from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes. Further information and the data protection provisions can be found in the Google data protection declaration at: https://www.google.com/policies/technologies/ads/.

Use and application of DoubleClick

The controller has integrated components of DoubleClick by Google on this website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. The operating company of DoubleClick by Google is Google Inc., 1600 Amphi theatre Pkwy, Mountain View, CA 94043-1351, USA. DoubleClick by Google transfers data to the DoubleClick server with each impression as well as with clicks or other activities. Each of these data transfers triggers a cookie request to the browser of the person concerned. If the browser accepts this request, DoubleClick sets a cookie on the data subject's information technology system. What cookies are has already been explained above. The purpose of the cookie is the optimisation and display of advertising. The cookie is used, among other things, to serve and display user-relevant advertising and to create reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple displays of the same advertisement. DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is needed, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, if a DoubleClick ad was previously displayed to a user and the user subsequently makes a purchase on the advertiser's website using the same internet browser. A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which the user has already been in contact. Each time one of the individual pages of this website operated by the data controller is called up and on which a DoubleClick component has been integrated, the internet browser on the information technology system of the person concerned is automatically caused by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. In the course of this technical procedure, Google obtains knowledge of data that is also used by Google to generate commission statements. Among other things, Google can track the fact that the data subject has clicked on certain links on our website. The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Google can be deleted at any time via an internet browser or other software programmes. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://www.google.com/intl/de/policies/.

HubSpot

On this website we use the service HubSpot for various purposes. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500. https://www.hubspot.de/

Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include:

Email Marketing, Social Media Publishing & Reporting, Reporting, Contact Management (e.g. user segmentation & CRM), Landing Pages and Contact Forms.

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact and other demographic information. This information and the content of our website is stored on servers run by our software partner HubSpot. We may use this information to contact visitors to our website and to determine which of our services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimise our marketing activities.

More information about HubSpot's privacy policy. Privacy policy of HubSpot: https://legal.hubspot.com/de/product-privacy-policy

More information from HubSpot regarding EU data protection regulations.

As part of the optimisation of our marketing measures, the following data may be collected and processed via Hubspot:

- Geographical position

- Browser type

- Navigation information

- Referral URL

- Performance data

- Information on how often the application is used

- Mobile apps data

- Login information for the HubSpot subscription service

- Files viewed on site

- Domain names

- Pages viewed

- Aggregated usage

- Operating system version

- Internet service provider

- IP address

- Device identifier

- Duration of the visit

- Where the application was downloaded from

- Operating system

- Events that occur within the application

- Access times

- Clickstream data

- Device model and version

In addition, we also use Hubspot to provide contact forms.

The legal basis of the processing is your consent in accordance with Art. 6 (1) lit. a DSGVO. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.

The personal data will be kept for as long as it is required to fulfil the purpose of the processing. The data will be deleted as soon as they are no longer required to achieve the purpose.

Within the scope of processing via HubSpot, data may be transmitted to the USA. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent pursuant to Article 49 (1) a of the GDPR may serve as the legal basis for the transfer to third countries.

Insofar as non-anonymised data is processed in the USA, we would like to point out that HubSpot Inc. is certified under the Privacy Shield Agreement and thereby assures that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active).

Use of script libraries (Google Web Fonts)

In order to display our content correctly and in a graphically appealing manner across browsers, we use "Google Web Fonts" from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") to display fonts on our website. The Google Fonts are installed locally. There is no connection to Google servers.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

 

Mailchimp

We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This enables us to contact subscribers directly. In addition, we analyse your usage behaviour in order to optimise our offer.

 

For this purpose, we pass on the following personal data to Mailchimp

 

Email address

[First name]

[surname]

[Telephone number]

 

[Our email mailings contain a link that you can use to update your personal data].

 

Mailchimp is the recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned. The processing of the data specified in this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot send you a newsletter.

 

In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your end device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data such as date and time, when you opened the email / campaign and browser activities (e.g. which emails / websites were opened) are collected. Mailchimp requires this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of misuse. This corresponds to Mailchimp's legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the fulfilment of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). Mailchimp also analyses performance data, such as email delivery statistics and other communication data. This information is used to compile usage and performance statistics for the services.

 

Mailchimp also collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process.

 

Further information on objection and removal options vis-à-vis Mailchimp can be found at: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts

 

The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent to the processing of your personal data at any time. There is a corresponding link in all mailings. You can also revoke your consent using the contact options provided. The declaration of revocation does not affect the legality of the processing carried out so far.

 

Your data will be processed for as long as the corresponding consent is available. Apart from this, it will be deleted after termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.

 

Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities in which Mailchimp processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information can be found at: https://mailchimp.com/legal/data-processing-addendum/

LinkedIn

We operate an account of the social media network LinkedIn, of the company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For the European Economic Area and Switzerland, the company LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data processing.

What is LinkedIn?

LinkedIn is the largest social network for business contacts. Companies can use the platform to present services and products and to establish business relationships.

Many people also use LinkedIn to look for a job or to find suitable employees for their own company. tion or to find suitable employees for their own company.

What data is stored by LinkedIn?

Your browser establishes a direct connection to LinkedIn's servers. In this way, the company logs various usage data. In addition to your IP address, this may include login data, device information or information about your internet or mobile phone provider. If you access LinkedIn services via your smartphone, your location (after you have allowed this) can also be determined. LinkedIn may also share this data with third party advertisers in a "hashed" form. Hashing means that a set of data is transformed into a string of characters. This makes it possible to encrypt the data in such a way that people can no longer be identified.

Most data about your user behaviour is stored in cookies. These are small text files that are usually set in your browser. However, LinkedIn may also use web beacons, pixel tags, display tags and other device identifiers.

Legal basis:

The legal basis for the processing of personal data and the associated data transfer to LinkedIn is your consent (Art. 6 para. 1 lit. a DSGVO).

Storage period:

In principle, LinkedIn will store your personal data for as long as it considers it necessary to provide its own services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn will retain some data in aggregate and anonymised form even after you delete your account. Once you delete your account, other people will no longer be able to see your data within one day. LinkedIn generally deletes the data within 30 days. However, LinkedIn retains data if it is necessary for legal reasons. Data that can no longer be assigned to a person remains stored even after the account has been closed. The data is stored on various servers in America and presumably also in Europe.

You also have the option in your browser to prevent data processing by LinkedIn. As mentioned above, LinkedIn stores most data via cookies that are set in your browser. You can manage, deactivate or delete these cookies. Depending on which browser you have, the management works slightly differently.

You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Recipients:

Recipient of the data is LinkedIn and, if applicable, order processors.

Third country transfer:

LinkedIn is an active participant in the EU-U.S. Privacy Shield Framework. This framework ensures correct data transfer between the USA and the European Union. You can learn more about it at https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0. At https://www.linkedin.com/legal/privacy-policy you can learn even more about the data processing of the social media network LinkedIn.

Twitter

We have integrated Twitter functions on our website. These are, for example, embedded tweets, timelines, buttons or hashtags. Twitter is a short message service and a social media platform of the company Twitter Inc, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

To the best of our knowledge, no personal data or data about your web activities are transmitted to Twitter in the European Economic Area and in Switzerland by the mere inclusion of the Twitter function. Only when you interact with the Twitter functions, such as clicking on a button, can data be sent to Twitter, stored and processed there. We have no influence on this data processing and bear no responsibility for it.

Within the framework of this privacy policy, we want to give you an overview of what data Twitter stores, what Twitter does with this data and how you can protect yourself to a large extent from the data transfer.

What is Twitter?

For some, Twitter is a news service, for others a social media platform and still others speak of a microblogging service. All these terms have their justification and mean more or less the same thing.

Both private individuals and companies use Twitter to communicate with interested people via short messages. Twitter only allows 280 characters per message. These messages are called "tweets". Unlike Facebook, for example, the service does not focus on developing a network for "friends", but wants to be understood as a worldwide and open news platform. With Twit-ter you can also have an anonymous account and tweets can be deleted by the company on the one hand and by the users themselves on the other.

Why do we use Twitter on our website?

Like many other websites and companies, we try to offer our services and communicate with our customers through different channels. Especially Twitter has grown on us as a useful "little" news service.

Time and again we tweet or retweet exciting, funny or interesting content. We realise that you can't follow every channel separately. After all, you also have something else to do. That's why we have also integrated Twitter functions on our website. You can follow our Twitter activity "on the spot" or follow a direct link to our Twitter page. Through this integration, we want to strengthen our service and the user-friendliness of our website.

What data is stored by Twitter?

On some of our sub-pages you will find built-in Twitter functions. When you interact with the Twitter content, for example by clicking on a button, Twitter may collect and store data. This is the case even if you do not have a Twitter account yourself. Twitter calls this data "log data". This includes demographic data, browser cookie IDs, the ID of your smartphone, hashed email addresses, and information about which pages you have visited on Twitter and what actions you have performed. Twit-ter naturally stores more data if you have a Twitter account and are logged in. Mostly, this storage happens via cookies.

Cookies are small text files that are usually set in your browser and transmit different information to Twitter.

We will now show you which cookies are set if you are not logged in to Twitter but visit a website with built-in Twitter functions. Please consider this list as an example. We can by no means guarantee completeness here, as the choice of cookies is always changing and depends on your individual actions with the Twitter content.

How long and where is the data stored?

When Twitter collects data from other websites, this data is deleted, aggregated or otherwise obscured after a maximum of 30 days. The Twitter servers are located on various server centres in the United States. It can therefore be assumed that collected data is collected and stored in America. After our research, we could not clearly determine whether Twitter also has its own servers in Europe. In principle, Twitter can store the collected data until it is no longer useful to the company, you delete the data or there is a statutory deletion period.

How can I delete my data or prevent data storage?

Twitter repeatedly emphasises in its data protection guidelines that it does not store any data from external website visitors if you or your browser are located in the European Economic Area or in Switzerland.

However, if you interact with Twitter directly, Twitter will of course also store data about you.

If you have a Twitter account, you can manage your data by clicking on "More" under the "Profile" button. Then click on "Settings and data protection". Here you can manage your data processing individually.

If you do not have a Twitter account, you can go to twitter.com and then click on "Individualisation". Under the item "Individualisation and data" you can manage your collected data.

Most data is stored via cookies, as mentioned above, and you can manage, deactivate or delete these in your browser. Please note that you only "edit" the cookies in the browser you have chosen. This means: if you use a different browser in the future, you will have to manage your cookies there again according to your wishes.

You can also manage your browser in such a way that you are informed for each individual cookie. Then you can always decide individually whether to allow a cookie or not.

Twitter also uses the data for personalised advertising inside and outside Twitter. You can switch off personalised advertising in the settings under "Individualisation and data".

If you use Twitter on a browser, you can disable personalised advertising at http://optout.aboutads.info/?c=2&lang=EN.

Twitter is an active participant in the EU-U.S. Privacy Shield Framework. This framework ensures proper data transfer between the U.S. and the European Union. You can find out more about it at https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO.

We hope we have given you a basic overview of Twitter's data processing. We do not receive any data from Twitter and are not responsible for what Twitter does with your data. If you have any further questions on this topic, we recommend that you read the Twitter privacy statement at https://twitter.com/de/privacy.

Facebook pixel

We use the Facebook pixel from Facebook on our website. We have implemented a code on our website for this purpose. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions that allow Facebook to track your user actions if you have come to our website via Facebook ads.

For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to match your user data (customer data such as IP address, user ID) with the data of your Facebook account. Facebook then deletes this data again. The collected data is anonymous and not visible to us and can only be used in the context of ad placements. If you are a Facebook user and are logged in, your visit to our website is automatically assigned to your Facebook user account.

We only want to show our services and products to people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. In this way, Facebook users (provided they have allowed personalised advertising) see suitable advertising. Furthermore, Facebook uses the collected data for analysis purposes and its own advertisements.

In the following, we show you those cookies that were set by integrating the Facebook pixel on a test page. Please note that these are only sample cookies. Different cookies are set depending on the interaction on our website.

If you are logged in to Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/adpreferences/advertisers/. If you are not a Facebook user, you can generally manage your use-based online advertising at

https://www.youronlinechoices.com/de/praferenzmanagement/ to manage your usage-based online advertising. There you have the option of deactivating or activating providers.

Facebook also processes your data in the USA, among other places. Facebook and Meta Platforms are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information on this can be found at https://commission.europa.eu/document/fa09cbad- dd7d-4684-ae60-be03fcb0fddf en.

In addition, Facebook uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there.

Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an EU Commission enforcement decision. You can find the decision and the corresponding standard contractual clauses, among others, here: https://eur- lex.europa.eu/eIi/dec impl/2021/914/oj?IocaIe=en

Facebook's data processing terms and conditions, which refer to the standard contractual clauses, can be found at.

https://www.facebook.com/legal/terms/dataprocessing.

If you want to learn more about Facebook's privacy policy, we recommend you read the company's own data policy at https://www.facebook.com/privacy/policy.

XING

We operate an account of the social media network Xing, of the company Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany. Through these functions, you can, for example, share content on Xing directly via our website, log in via Xing or follow interesting content. When you call up the website, data may be transmitted to the "Xing servers", stored and evaluated.

What is Xing?

Xing is a social network with its headquarters in Hamburg. The company specialises in managing professional contacts. This means that unlike other networks, Xing is primarily about professional networking. The platform is often used for job searches or to find employees for one's own company. In addition, Xing offers interesting content on various professional topics. The global counterpart is the American company LinkedIn.

What data does Xing store?

Xing offers the share button, the follow button and the log-in button as plug-ins for websites. As soon as you open a page where a social plug-in from Xing is installed, your browser connects to servers in a data centre used by Xing. In the case of the share button, according to Xing, no data is stored that could be directly linked to a person. In particular, Xing does not store your IP address. Furthermore, no cookies are set in connection with the share button. This means that no evaluation of your user behaviour takes place. You can find more information on this at https://www.xing.com/app/share%3Fop%3Ddata_protection.

As soon as you are logged in or become a member of Xing, further personal data is definitely collected, processed and stored. Xing also passes on personal data to third parties if this is necessary for the fulfilment of its own business purposes, if you have given your consent or if there is a legal obligation.

Legal basis:

The legal basis for the processing of personal data and the associated data transfer to Xing is your consent (Art. 6 para. 1 lit. a DSGVO).

Storage period:

Xing stores the data on various servers in various data centres. The company stores this data until you delete the data or until a user account is deleted. Of course, this only affects users who are already Xing members.

Recipients:

The recipient of the data is Xing and, if applicable, order processors.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. Even if you are not a Xing member, you can use your browser to prevent possible data processing or manage it according to your wishes. Most data is stored via cookies. Depending on which browser you have, the administration works slightly differently.

You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to accept the cookie or not.

You can find out more about the data processing of the social media network Xing at https://privacy.xing.com/de/datenschutzerklaerung.

Changes to our data protection policy

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection statement will then apply to your next visit.

International data transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer (see Art. 49 of the GDPR), we only process or leave the data in third countries with a recognised level of data protection (Art. 45 of the GDPR), in the presence of and compliance with contractual obligations through so-called standard protection clauses of the EU Commission (Art. 46 of the GDPR) or in the presence of certifications or binding internal data protection regulations (see Art. 44 to 49 of the GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Trans-Atlantic Data Privacy Framework (TADPF): Within the framework of the so-called "Data Privacy Framework" (DPF), the level of data protection in the EU was also recognised for certain companies from the USA. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. Information in German and other languages can be found on the website of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_de. We also inform you about the companies we use that are certified under the Data Privacy Framework.

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

Questions for the data protection officer

If you have any questions about data protection, please write us an e-mail or contact the person responsible for data protection in our organisation directly:

Dipl-Inform.(FH) Stefan Michl

datenschutz@itago.de

Sources: Our data protection declaration was created using the data protection generators of AdSimple and ActiveMind, among others.