Full Transparency

What happens with your data

Data privacy statement

This data privacy statement explains the type, scope and purpose of the processing of personal data (hereinafter in brief “data”) within our online offer and the associated websites, functions and contents, as well as external online presences such as our social media profile (hereinafter referred to collectively as “online offer”). Regarding the terminology used such as “processing” or “responsible party”, we refer to the definitions in Art. 4 of the General Data Protection Declaration (GDPR).

Responsible party

LearnChamp Consulting GmbH
Währinger Straße 3/9
A-1090 Vienna

Tel: +43-1-9081323-0
Fax: +43-1-9081323-99
Mail: info@learnchamp.com
Web: www.learnchamp.com

Company register number: 205474v
UID: ATU51670909

Legal notice

Type of processed data

  • Data pool (e.g. names, addresses)
  • Contact data (e.g. e-mail, telephone numbers)
  • Content data (e.g. text entries, photographs, videos)
  • Usage data (e.g. visited websites, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)

Categories of data subject

Visitors and users of the online offer (hereinafter the data subjects are referred to collectively also as “users”).

Purpose of the processing

  • Provision of the online offer, its functions and contents
  • Answering contact queries and communication with users
  • Security measures
  • Scope measurements/marketing

Terminology used

“Personal data” is all information pertaining to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered identifiable if they can be identified directly or indirectly, especially by means of an attributed designation such as a name, a number, location data, online reference (e.g. cookie) or one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

“Processing” is every procedure carried out with or without the help of automated processes or any such procedural sequence in relation to personal data. The term has a wide scope and comprises practically every handling of data.

“Pseudonymisation” is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without referring to additional information, insofar as this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal data can not be attributed to an identified or identifiable natural person.

“Profiling” is any form of automated processing of personal data that consists in this personal data being used to evaluate certain personal aspects pertaining to a natural person, especially to analyse or predict aspects regarding the work performance, economic status, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person.

“Responsible party” refers to the natural or legal person, authority, establishment or other office that decides alone or together with others about the purposes and means of the processing of personal data.

“Orderprocessor” is a natural or legal person, authority, establishment or other officethat processes personal data on behalf of the responsible party.

Key legal bases

According to Art. 13 GDPR, we are informing you of the legal bases of our data processing. If the legal basis is not stated in the data privacy statement, the following applies: The legal basis for securing consents is Art. 6 par. 1 lit. a and Art. 7 GDPR, the legal basis for the processing for the fulfilment of our services and implementing contractual measures as well as answering queries is Art. 6 par.1 lit. b GDPR, the legal basis for the processing for the fulfilment of our legal duties is Art. 6 par.1 lit. c GDPR, and the legal basis for the processing to maintain our legitimate interests is Art. 6 par. 1 lit. f GDPR. In case vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 par. 1 lit. d GDPR serves as the legal basis.

Security measures

In accordance with Art. 32 GDPR and in consideration of the latest technology, the implementation costs, the type, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the severity of the risk for the rights and freedoms of natural persons, we take suitable technical and organisational measures to ensure a level of protection commensurate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data through controlling physical access to the data, as well as access, entry, transmission, ensuring availability and the separation of the data. In addition, we have set up procedures that ensure the exertion of data subject rights, the deletion of data and the response to threats against the data. In addition, we already consider the protection of personal data during the development or selection of hardware, software and processes, according to the principle of data protection through technology and through data-protection-friendly presetting (Art. 25 GDPR).

Cooperation with order processors and third parties

If we disclose data to other persons and companies (order processors or third parties) as part of our processing, transfer data to them or otherwise grant access to the data, this is only on the basis of legal permission (e.g. if the transmission of data to third parties, such as a payment service provider, is necessary for contract fulfilment in accordance with Art. 6 par. 1 lit.b GDPR), or your consent, or it is prescribed by a legal obligation, or on the basis of our legitimate interests (e.g. when using agents, web hosters etc.).

If we appoint third parties with the processing of data on the basis of a so-called “order processing contract”, this is based on Art. 28 GDPR.

Transmissions to third countries

If we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or this occurs as part of making use of third-party services, or if data is disclosed or transmitted to third parties, this is only on the basis of fulfilling our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Legal or contractual permissions excepted, we process your data or have it processed in a third country only subject to the special conditions of Art. 44 et seqq. GDPR. I.e. the processing is e.g. on the basis of special guarantees, such as the officially recognised confirmation of a data protection level of an EU standard (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contract clauses”).

Rights of the data subjects

Data subjects have the right to request confirmation of whether relevant data is being processed and to request information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.

They have the right, in accordance with Art. 16 GDPR, to request the supplementation of the data or the correction of incorrect data relating to them.

In accordance with Art. 17 GDPR, they have the right to request that relevant data is deleted immediately, or alternatively according to Art. 18 GDPR that the processing of the data is restricted.

They have the right to request receipt of the relevant data they have provided to us in accordance with Art. 20 GDPR and to request its transmission to other responsible parties.

They also have the right, in accordance with Art. 77 GDPR, to submit a complaint at the responsible supervisory authority.

Right of revocation

They have the right to revoke granted consents in accordance with Art. 7 par. 3 GDPR with effect for the future.

Right of objection

They may object at any time to the future processing of data relating to them in accordance with Art. 21 GDPR. The objection can be in particular against processing for the purposes of direct advertising.

Cookies and right of objection to direct advertising

“Cookies” refers to small files that are deposited on user devices. Various details can be stored within cookies. A cookie serves primarily to store details about a user (or the device on which the cookie is stored) during or after their visit of an online offer. Temporary cookies, “session cookies” or “transient cookies” refer to cookies that are deleted after a user has quit an online offer and closes their browser. E.g. the content of a shopping basket in an online shop or a login status can be stored in such a cookie. “Permanent” or “persistent” refers to cookies that remain stored even after the browser has been closed. In this way e.g. the login status can be stored and retrieved if users call it up several days later. Such a cookie can also store the interests of the users and be used for reach measurement or marketing purposes. “Third-party cookie” refers to cookies that are placed by other suppliers than the responsible party operating the online offer (otherwise, if it is only the cookies of the latter, they are called “first-party cookies”).
We may use temporary and permanent cookies and explain this within our data privacy statement.

If users do not wish cookies to be stored on their device, they are requested to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of the online offer.

A general objection to the use of cookies placed for the purposes of online marketing can be declared for many services, especially in the case of tracking, through the American page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. In addition, the storing of cookies can be prevented through deactivation in the browser settings. Please note that in this case it is possible that not all functions of the online offer can be used.

Deletion of data

The data processed by us is deleted or processing is restricted in accordance with Art. 17 and 18 GDPR. If not stated explicitly as part of this data privacy statement, the data we store is deleted as soon as it is no longer required for the stated purpose and if the deletion does not contravene any legal retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. I.e. the data is blocked and not processed for other purposes. This applies e.g. to data that must be retained for commercial or tax law reasons.

According to legal directives in Germany, the retention is for 10 years according to §§ 147 par. 1 AO, 257 par. 1 nos. 1 and 4, par. 4 HGB - Commercial Code (books, recordings, inventory reports, invoicing receipts, trade, account books, documents relevant for taxation etc.) and 6 years according to § 257 par. 1 nos. 2 and 3, par. 4 HGB (business letters).

According to legal directives in Austria, the retention is for 7 years in accordance with § 132 par. 1 BAO (accounting documents, receipts/invoices, accounts, business papers, account balances etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronic services, telecommunications, broadcasting and  TV services, provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.

Agency services

We process the data of our customers as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consultancy or support, implementation of campaigns and processes/handling, server administration, data analysis/advisory services and training services.

We thereby process held data (e.g. customer core data, such as names or addresses), contact details (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), contract data (e.g. contract object, running period), payment data (e.g. bank details, payment history), usage and metadata (e.g. as part of the evaluation and success measurement of marketing measures). In principle we do not process special categories of personal data, except if these are part of an ordered processing. The data subjects include our customers, interested parties and their customers, users, website visitors or employees as well as third parties. The purpose of the processing is the fulfilment of contract services, invoicing and our customer service. The legal bases of the processing are Art. 6 par. 1 lit. b GDPR (contractual services), Art. 6 par. 1 lit. f. GDPR (analysis, statistics, optimisation, security measures). We process data that is required for the foundation and fulfilment of the contractual services and point out the necessity of providing us with this information. Disclosure to external parties only takes place if it is required as part of an assignment. When processing the data transmitted to us as part of an assignment, we act according to the instructions of the contracting party as well as the legal regulations of order processing according to Art. 28 GDPR and process the data for no other purposes than those pertaining to the assignment.

We delete the data after expiry of the legal warranty and comparable obligations. The necessity of storing the data is checked every three years; in the case of legal archiving duties, the deletion occurs after their expiry (6 years according to § 257 par. 1 HGB - Commercial Code, 10 years according to § 147 par. 1 AO - Revenue Code). In the case of data disclosed to us as part of an assignment by the contracting party, we delete the data according to the specifications of the assignment, in principle when the assignment ends.

Administration, financial accounting, office organisation, contact management

We process data as part of administrative tasks as well as the organisation of our business, financial accounting and pursuit of legal obligations, e.g. archiving. We thereby process the same data that we process in relation to fulfilling our contractual services. The processing bases are Art. 6 par. 1 lit. c. GDPR, Art. 6 par. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, in other words tasks that serve the maintenance of our business activities, the fulfilment of our tasks and the provision of our services. The deletion of data regarding contractual services and contractual communication corresponds to the guidelines stated for these processing activities.

We thereby disclose or transmit data to the finance department, consultants such as e.g. tax adviser or auditor, as well as other fees authorities and payment service providers.

In addition, on the basis of our business interests, we store details about suppliers, organisers and other business partners e.g. for the purpose of making contact later. In principle, we store this largely company-related data permanently.

Participation in affiliate partner programmes

Within our online offer, based on our legitimate interests (i.e. interest in the analysis, optimisation and business operation of our online offer) in accordance with Art. 6 par. 1 lit. f GDPR, we use standard tracking measures, insofar as these re required for operating the affiliate system. In the following we explain the technical backgrounds to users.

The services offered by our contract partners can also be advertised and linked on other websites (so-called affiliate links or after-buy systems, if e.g. links or services of third parties are offered after concluding a contract). The operators of the respective websites receive a commission if users follow the affiliate links and then take up the offers.

In summary, it is necessary for our online offer that we can trace whether users who are interested in affiliate links and/or the offers available from us then take up the offers prompted by the affiliate links or our online platform. To do so, the affiliate links and our offers have certain values added that can be a part of the link or placed elsewhere, e.g. in a cookie. The values include, in particular, the initial website (referrer), the time, an online reference for the operator of the website that the affiliate link was part of, an online reference for the respective offer, an online reference for the user, as well as tracking-specific values such as e.g. advertising means ID, partner ID and categorisations.

Theonline references for the users that we use are pseudonymised values. I.e. theonline references themselves contain no personal data such as names or e-mailaddresses. They only help us to determine whether the same user who clicked onan affiliate link or was interested in an offer through our online presentationtook up the offer i.e. for example concluded a contract with the supplier. Theonline reference is, however, only person-related insofar as the onlinereference is available to the partner company and also to us together withother user data. This is the only way for the partner company to inform uswhether that user has taken up the offer and we can pay out e.g. the bonus.

Date protection guidelines in the application process

We process the applicant data only for the purpose and in the context of the application process, in accordance with legal directives. The processing of the applicant data takes place for the fulfilment of our (pre)contractual obligations as part of the application procedure in accordance with Art. 6 par.1 lit. b. and GDPR Art. 6 par. 1 lit. f. GDPR, insofar as the data processing is necessary for us e.g. in relation to legal procedures (in Germany, § 26 BDSG - Federal Data Protection Act - also applies).

The precondition of the application procedure is for applicants to transmit application details to us. The necessary application data is indicated if we offer an online form, otherwise are indicated in the job descriptions, including in principle details about the person, postal and contact addresses and the documents associated with the application, such as a letter of application, CV and diplomas. In addition, applicants can provide us with voluntary additional information.

By transmitting the application to us, applicants declare that they consent to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data privacy statement.

Insofar as special categories of personal data are provided voluntarily as part of the application process in accordance with Art. 9 par. 1 GDPR, their processing is in addition in accordance with Art. 9 par. 2 lit. b GDPR (e.g. health data, such as severe disability, or ethnic background). Insofar as special categories of personal data are requested from applicants as part of the application process in accordance with Art. 9 par. 1 GDPR, their processing is in addition in accordance with Art. 9 par. 2 lit. a GDPR (e.g. health data, if this is necessary for exercising the job).

If provided, applicants can submit their applications by means of an online form on our website. The data is transmitted to us encrypted according to state-of-the-art technological standards.
In addition, applicants can submit their applications via e-mail. We request, however, to note that e-mails are principally not sent encrypted and the applicants themselves must ensure encryption. We can therefore assume no responsibility for the transmission channel of the application between the sender and the receipt on our server and thus recommend using an online form or sending by post. Instead of application through the online form and e-mail, applicants also have the possibility to send us the application via post.

The data provided by the applicants can be processed further by us in the case of a successful application, for the purposes of the employment relationship. Otherwise, if the application for a job position is not successful, the applicant’s data is deleted. The applicant data is also deleted if an application is withdrawn, which applicants are entitled to at any time.

Deletion occurs, notwithstanding a legitimate revocation by the applicant, after the expiry of a time period of six months, so that we can reply to any follow-up questions about the application and can fulfil our verification obligations pertaining to the General Act on Equal Treatment. Invoices for any travel expense reimbursement are archived according to tax law directives.

Talent-Pool

As part of the applications, we offer applicants the possibility to be included in our “talent pool” for a period of two years based on consent in accordance with Art. 6 par. 1 lit. b. and Art. 7 GDPR.

The application documents in the talent pool are processed exclusively in the context of future job openings and the employment search and are destroyed at the latest after the deadline has expired. The applicants are notified that their consent to admission to the talent pool is voluntary, has no influence on the current application procedure and that they can revoke this consent at any time in future as well as declare an objection in accordance with Art. 21 GDPR.

Registration function

Users can set up a user account. As part of the registration, the required mandatory information is notified to the users and processed on the basis of Art. 7 par. 1 lit. b GDPR for the purposes of providing the user account. The processed data includes in particular the login information (name, password and an e-mail address). The data entered as part of the registration is used for the purposes of using the user account and its functions.

Users can be provided with information relevant for their user account, e.g. technical amendments, by e-mail. If users have terminated their user account, their data in relation to the user account is deleted, subject to a legal storage obligation. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irrevocably delete all user data stored over the course of the contract.

As part of using our registration and login functions, as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is on the basis or our legitimate interests, as well as protecting the user against misuse and other unauthorised use. In principle there is no passing on of this data to third parties, unless it is required to pursue our claims or there is a legal obligation in accordance with Art. 6 par. 1 lit. c GDPR. The IP addresses are anonymised or deleted at the latest after 7 days.

Comments and contributions

If users leave comments or other contributions, their IP addresses may be stored for 7 days on the basis of our legitimate interests in accordance with Art. 6 par. 1 lit. f. GDPR. This is for our security, in case anyone has left illegitimate content in the comments and contributions (insults, forbidden political propaganda etc.). In this case, we ourselves could be prosecuted for the comment or contribution and are therefore interested in the identity of the author.

In addition, we reserve the right based on our legitimate interests in accordance with Art. 6 par. 1 lit. f. GDPR to process the user details for the purpose of identifying spam.

On the same legal basis, we reserve the right in the case of surveys to store the IP address of users for their duration and to use cookies to avoid multiple entries.

The data stated as part of the comments and contributions are stored by us permanently until objection by the users.

Comment subscriptions

The follow-up comments can be subscribed to by users with their consent in accordance with Art. 6 par. 1 lit. a GDPR. Users receive a confirmation e-mail to check whether they are the owner of the stated e-mail address. Users can unsubscribe at any time from running comment subscriptions. The confirmation e-mail will contain information about the revocation options. For the purposes of verification of user consent, we store at the time of registration the IP address of users and delete this information when users unsubscribe.

You can terminate receipt of our subscription at any time, i.e. revoke your consent. We can store the given e-mail addresses for up to three years on the basis of our legitimate interests before we delete them, to be able to prove a previously stated consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, insofar as at the same time the existence of a previous consent is confirmed.

Making contact

When making contact with us (e.g. through contact form, e-mail, telephone or via social media), the details of the user are used to process the contact enquiry and its fulfilment in accordance with Art. 6 par. 1 lit. b GDPR. The details of the user can be stored in a Customer Relationship Management System (“CRM System”) or in a comparable enquiry organisation.

We delete the enquiries if these are no longer required. We check the necessity every two years; in addition, the legal archiving directives apply.

CRM system HubSpot

We use the CRM system “HubSpot” from the provider HubSpot Ireland Limited , Guild Street, Dublin, Ireland to be able to process user enquiries more quickly and efficiently (legitimate interest according to Art.6 par. 1 lit. f. GDPR).

HubSpot is certified under the Privacy Shield agreement and therefore provides an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG).
HubSpot only uses the user data for the technical processing of the enquiries and does not pass them on to third parties. To use the HubSpot, it is necessary at least to state a correct e-mail address. Pseudonymised use is possible. Over the course of processing service enquiries, it may be necessary for further data to be collected (name, address). The use of HubSpot is optional and serves the purpose of the improvement and streamlining of our customer and user service.
If users do not agree with data collection through and data storage in the external system of HubSpot, we offer alternative contact options for submitting service enquiries via e-mail, telephone, fax or post.
Further information is available to users in the data privacy declaration of HubSpot: https://legal.hubspot.com/de/privacy-policy
Content of the newsletter: We send newsletters, e-mails and further electronic notices with advertising information (hereinafter “Newsletter”) only with the consent of the recipients or with legal permission. If as part of the registration for the newsletter its content is concretely described, this is decisive for the consent of the users. In addition, our newsletters contain information about our products and the accompanying information (e.g. safety instructions), offers, campaigns and our company.

Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. I.e. after registration you receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody with other e-mail addresses can register. The registrations for the newsletter are logged to be able to verify the registration process in accordance with legal requirements. This includes the storing of the registration and the confirmation time, as well as the IP address. The changes to your data stored by the dispatch service provider are also recorded.

Registration data: To register for the newsletter, it is sufficient if you state your e-mail address. We optionally request stating a name for the purpose of personal address in the newsletter.

The dispatch of the newsletter and the associated success evaluation are on the basis of the consent of recipients in accordance with Art. 6 par. 1 lit. a, Art. 7 GDPR in connection with § 107 par. 2 TKG (Telecommunications Act), or if consent is not required, on the basis of our legitimate interests regarding direct marketing in accordance with Art. 6 par. 1 lt. f GDPR in connection with § 107 par. 2 and 3 TKG.

The logging of the registration procedure is on the basis of our legitimate interests in accordance with Art. 6 par. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system that both serves our business interests and corresponds to user expectations and furthermore permits the verification of consents.

Termination/revocation - you can terminate receipt of our newsletter at any time i.e. revoke your consent. You can find a link to the termination of the newsletter at the end of each newsletter. We can store the given e-mail addresses for up to three years on the basis of our legitimate interests before we delete them, to be able to prove a previously stated consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, insofar as at the same time the former existence of a consent is confirmed.

Newsletter dispatch service provider

The dispatch of the newsletter is through the dispatch service provider [NAME, ADDRESS, COUNTRY]. The data protection guidelines of the dispatch service provider can be viewed here: [LINK TO THE DATA PROTECTION GUIDELINES]. The dispatch service provider is used on the basis of our legitimate interests in accordance with Art. 6 par. 1 lit. f GDPR and an order processing contract according to Art. 28 par. 3 lit. 1 GDPR.

The dispatch service provide can use the data of the recipients in a pseudonymised form, i.e. without attribution to a user, for the optimisation or improvement of their own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletter, or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to address the latter themselves or to pass the data on to third parties.

Hosting and sending e-mails

The hosting services we use serve the purpose of the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, sending e-mails, security services and technical maintenance services that we use for the purpose of operating this online offer.

We or our hosting supplier hereby process inventory data, contact data, content data, contract data, usage data, meta and communication data about customers, interested parties and visitors to this online offer, on the basis of our legitimate interests in the efficient and secure provision of our online offer in accordance with Art. 6 par. 1 lit. f. GDPR in connection with Art. 28 GDPR (Conclusion of Order Processing Contract).

Collection of access data and logfiles

We, or our hosting supplier, collect data on the basis of our legitimate interests according to Art. 6 par. 1 lit. f. GDPR about each access to the server on which this service is present (so-called server logfiles). The access data includes the name of the called-up website, the file, date and time of the call-up, transmitted data volume, notification of the successful call-up, browser type, along with the version, the operating system of the user, referrer URL (the page visited previously), IP address and enquiring provider.

Logfile information is stored for a maximum of 7 days for safety reasons (e.g. to resolve misuse or fraud incidents) and then deleted. Data whose further storage is required for the purposes of proof is excepted from the deletion until the final resolution of the respective incident.

Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags through an interface (and thereby incorporate e.g. Google Analytics as well as other Google marketing services in our online offer). The Tag Manager itself (which implements the tags) does not process personal data of users. Regarding the processing of personal data of users, reference is made to the following details of Google services (user guidlines).

Google Analytics

On the basis of our legitimate interests (i.e. interest in analysis, optimisation and business operation of our online offer in accordance with Art. 6 par. 1 lit. f. GDPR), we use Google Analytics, a web analysis service from Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield agreement and therefore offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports about activities within this online offer and to provide us with further services associated with the use of this online offer and use of the Internet. Pseudonymised user profiles may be compiled from the processed data.

We only use Google Analytics with an activated IP anonymisation. This means that the IP address of users is abbreviated by Google within member states of the European Union or in other contracting states of the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

The IP address transmitted by the user’s browser is not merged with other data by Google. Users can prevent the depositing of cookies through a corresponding setting of their browser software; in addition, users can prevent the collection of the data generated by the cookie and relating to their use of the online offer by Google, as as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information about data usage by Google, settings and objection options is available in the Google data privacy statement (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertising inserts by Google (https://adssettings.google.com/authenticated).

The personal data of users is deleted or anonymised after 14 months.

Google Universal Analytics

We use Google Analytics in the form of „Universal-Analytics“.  “Universal Analytics” refers to a tool by Google Analytics in which the user analysis is on the basis of a pseudonymised user ID and therefore a pseudonymised user profile is compiled with information from the use of various devices (so-called “cross-device tracking”).

Google AdWords and conversion measuring

On the basis of our legitimate interests (i.e. interest in analysis, optimisation and business operation of our online offer in accordance with Art. 6 par. 1 lit. f. GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy Shield agreement and therefore offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the online marketing tool Google “AdWords” to place advertisements in the Google advertising network (e.g. in search results, in videos, on websites etc.), so that they are displayed to users who have a suspected interest in the advertisements. This allows us to display advertisements for and within our online offer to present users only with advertisements that potentially correspond to their interests. If a user is shown e.g. advertisements for products for which they have displayed an interest on other online offers, this is referred to as “remarketing”. For these purposes, when calling up our and other website where the Google advertising network is active, a Google code is assigned directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are incorporated into the website. With their help, an individual cookie i.e. a little file is stored on the user’s device (instead of cookies, comparable technologies may also be used). This file records which websites are called up by users, what contents they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, linked websites, visiting duration and other details of the use of the online offer.

In addition, we receive an individual “conversion cookie”. The information collected with the help of the cookie serves Google to compile conversion statistics for us. However, only the anonymous total number of users who have clicked on our advertisement, who were then forwarded to a page with a conversion tracking tag, is revealed to us. However, we do not receive information with which users can be identified personally.

The user data is processed pseudonymously as part of the Google advertising network. I.e. Google does not store and process e.g. the name or e-mail address of the users but processes the relevant data in relation to cookies within pseudonymous user profiles. I.e. from the point of view of Google, the advertisements are not administrated and displayed for a concretely identified person but for the cookie owner, independently of who this cookie owner is. This does not apply if a user has explicitly permitted Google to process the data without this pseudonymisation. The information collected about the users is transmitted to Google and stored on Google servers in the USA.

Further information about data usage by Google, settings and objection options is available in the Google data privacy statement (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertising inserts by Google (https://adssettings.google.com/authenticated).

Online presence in social media

We entertain online presences within social networks and platforms in order to communicate with the active customers, interested parties and users there and to be able to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing directives of the respective operators apply.

If not specified otherwise as part of our data privacy statement, we process the data of users insofar as they communicate with us within the social networks and platforms, e.g. entering contributions on our online presences or sending us messages.

Incorporation of third-party services and contents

Within our online offer, based on our legitimate interests (i.e. interest in analysis, optimisation and business operation of our online offer in accordance with Art. 6 par. 1 lit. f GDPR), we use third-party content or services in order to incorporate their content and services e.g. videos or fonts (hereinafter referred to uniformly as “Content”).

This is always on the presumption that the third-party providers of this content identify the IP address of the users, as the content could not be sent to their browsers without the IP address. The IP address is therefore necessary for the presentation of this content. We make every effort only to use such content whose provider only uses the IP address for the provision of the content. Third-party provider can also use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. Through the “pixel tags”, information such as the visitor traffic on the pages of this website can be evaluated. The pseudonymised information can also be stored in cookies on the user’s device and contain e.g. technical information about the browser and operating system, linked websites, visiting duration and other details about the use of our online offer, as well as be linked with such information from other sources.

Vimeo

We may incorporate videos from the platform “Vimeo” from the provider Vimeo Inc.. Note: Legal Department, 555 West 18th Street New York, New York 10011, USA. Data privacy statement: https://vimeo.com/privacy. We would like to point out that Vimeo may use Google Analytics and refer in relation to this to the data privacy statement (https://www.google.com/policies/privacy) as well as opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or the Google settings for data usage for marketing purposes (https://adssettings.google.com/).

YouTube

We incorporate videos from the platform “YouTube” from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.

Google Fonts

We incorporate fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We incorporate the function for the recognition of bots e.g. for entries on online forms (“ReCaptscha”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.

Google Maps

We incorporate the maps of the service “Google Maps” from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include in particular IP addresses and location data of the users, but which is not collected without their consent (usually as part of the settings of their mobile devices). The data can be processed in the USA.
Data privacy statement: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.

Typekit fonts from Adobe

On the basis of our legitimate interests (i.e. interest in analysis, optimisation and business operation of our online offer in accordance with Art. 6 par. 1 lit. f GDPRR), we use external “Typekit” fonts from the provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield agreement and therefore provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).

Use of Facebook social plugins

On the basis of our legitimate interests (e.g. interest in analysis, optimisation and business operation of our online offer in accordance with Art. 6 par. 1 lit. f GDPR), we use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can represent interaction elements or contents (e.g. videos, graphics or text contributions) and can be identified by one of the Facebook logos (white “f” on a blue tile, the terms “Like” or a “Thumbs up” sign) or are indicated by the mention “Facebook Social Plugin”. The list and the appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield agreement and therefore offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

If a user accesses a function of this online offer that contains such a plugin, their device establishes a direct link to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and is incorporated into the online offer. User profiles of the users may be compiled from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and thus inform users according to the best of our knowledge.

Through the incorporation of the plugin, Facebook receives the information that a user has called up the respective page of the online offer. If a user is logged into Facebook, Facebook can attribute the visit to their Facebook account. If users interact with the plugins, for example by activating the Like button or entering a comment, the respective information is transmitted from the device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook gains knowledge of their IP address and stores it. According to Facebook, in Germany only an anonymised IP address is stored.

The purpose and scope of the data collection and further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of the privacy of users, can be viewed in the Facebook data privacy specifications: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect their data through this online offer and to link it with their member data stored at Facebook, they must log out of Facebook before using our online offer and delete their cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads  or on the American page http://www.aboutads.info/choices or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices such as desktop computer or mobile devices.

Twitter

Within our online offer, functions and contents of the service Twitter, provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA,  may be incorporated. This may include e.g. contents such as images, videos or texts and interfaces with which users can share contents of this online offer within Twitter.
If users are members of the platform Twitter, Twitter can attribute access to the aforementioned contents and functions to the user profiles. Twitter is certified under the Privacy Shield agreement and therefore offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
Data privacy statement: https://twitter.com/de/privacy,
Opt-Out: https://twitter.com/personalization.

Instagram

Within our online offer, functions and contents of the service Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be incorporated. This may include e.g. contents such as images, videos or texts and interfaces with which users can share contents of this online offer within Instagram. If users are members of the platform Instagram, Instagram can attribute access to the aforementioned contents and functions to the user profiles. Data privacy statement of Instagram: http://instagram.com/about/legal/privacy/.

Pinterest

Within our online offer, functions and contents of the service Pinterest, offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA, may be incorporated. This may include e.g. contents such as images, videos or texts and interfaces, with which users can share contents of this online offer within Pinterest. If users are members of the platform Pinterest, Pinterest can attribute access to the aforementioned contents and functions to the user profiles. Data privacy statement of Pinterest: https://about.pinterest.com/de/privacy-policy.

Xing

Within our online offer, functions and contents of the service Xing, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, may be incorporated. This may include e.g. contents such as images, videos or texts and interfaces with which users can share contents of the online offer within Xing. If users are members of the platform Xing, Xing can attribute access to the aforementioned contents and functions to the user profiles. Data privacy statement of Xing: https://www.xing.com/app/share?op=data_protection.

LinkedIn

Within our online offer, functions and content of the service LinkedIn, provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be incorporated. This may include e.g. contents such as images, videos or texts and interfaces with which users can share contents of this online offer within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can attribute the access to the aforementioned contents and functions to the user profiles. Data privacy statement of LinkedIn: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield agreement and therefore offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).
Data privacy statement: https://www.linkedin.com/legal/privacy-policy,
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Google+

Within our online offer, functions and contents of the platform Google+, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), may be incorporated. This may include e.g. contents such as images, videos or texts and interfaces with which users can share contents of this online offer within Twitter. If the users are members of the platform Google+, Google can attribute the access to the aforementioned contents and functions to the user profiles.

Google is certified under the Privacy Shield agreement and therefore offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Further information about data usage through Google, settings and objection options is available in the Google data privacy statement (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertising inserts through Google (https://adssettings.google.com/authenticated).

Sharing functions of AddThis

Within our online offer, the “AddThis” (1595 Spring Hill Rd Suite 300 Vienna, VA 22182, USA) is used to shared contents of this online offer within social networks (so-called sharing).

The use is on the basis of our legitimate interests, i.e. interest in the distribution of our online offer in accordance with Art. 6 par. 1 lit. f GDPR

AddThis uses the personal information of the users for the provision and execution of the sharing functions. In addition, AddThis can use pseudonym information of the users for marketing purposes. This data is stored on the computer of the user with the help of so-called “cookie” text files. Data privacy statement: http://www.addthis.com/privacy,
Opt-Out: http://www.addthis.com/privacy/opt-out.