Our Data protection declaration
Modern information and communications technologies play an increasingly large role in the activities of the BÜFA Group. That is why we take the protection of your privacy and personal particulars that you make available to us very seriously. We observe the provisions of the German Federal Data Protection Act as a matter or course. Details of any data we possibly collect and how we handle such data are set out below.
Responsibility
BÜFA GmbH & Co. KG
Stubbenweg 40
26125 Oldenburg, Germany
Phone +49 441 9317-0
E-mail: info@buefa.de
Contact details of the Data Protection Officer
We are supported by our data protection officer in fulfilling our data protection obligations. In the event of an enquiry, please name the company concerned which is involved. The contact details of our data protection officer are as follows:
Dr. Uwe Schläger
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen, Germany
Web: www.datenschutz-nord-gruppe.de
E-mail: office@datenschutz-nord.de
Phone: 0421 69 66 32 0
What personal data are collected and processed?
You can visit our websites without us requiring any personal data from you. We only learn the name of your Internet Service Provider, the website from which you visit us and the pages that you visit on our website. Personal data are only requested and processed if you use specific services. Your attention is then specifically drawn to this in the menu.
For what purposes do we collect and process your personal data?
As we are constantly endeavouring in a continuous process to improve both our services and your experience with our websites, the above general data are evaluated statistically. However, for this purpose we are interested in your personal opinion and your sphere in this connection. That is why at some points we request you to provide additional information. This information is voluntary and we naturally treat it confidentially.
If you use our services, generally we only collect such data as we need to provide the services. In as far as we ask you for any further data, this comprises voluntary information. The personal data are processed solely to perform the service requested and to maintain our own justified business interests.
Are personal data passed on to third parties?
We will only pass on your personal data to third parties in as far as this is absolutely necessary to provide the service requested. Beyond this we will not disclose, pass on, sell or otherwise market your personal data to other enterprises or institutions unless your express declaration of agreement to this is received. The situation is different if we are obligated to disclose and transmit the data by law or by a court judgement.
Use of IP addresses
It is pointed out that this website uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed in abbreviated form in order to exclude direct personal references.
Cookies
We use cookies in some areas of our websites. These are identifiers that allow us to provide you with our services on a more individual basis during your visit. We do not use cookies to collect personal data. If you would like to be informed about the use of cookies by your browser or would like to exclude them, you should activate the corresponding browser settings.
BÜFA Session Storage
In order to define our lead and revenue sources more precisely in future and to be able to evaluate them further, we use BÜFA's own session storage on our website, in which marketing information about users of our website is stored. This allows us to analyse which BÜFA measures and campaigns lead to success and to calculate the profitability of marketing measures. For this purpose, the source of the contact enquiry (e.g. source, medium and campaign) is stored in a session storage and transmitted to our CRM (Customer Relationship Management) when a user fills out and submits a contact form on one of our websites.
The information stored in the cookie includes:
- Sources, e.g. Google, LinkedIn, Facebook, Instagram, trade fairs, print materials, newsletters, etc.
- Medium, e.g. email, organic and paidsearch, organic and paidsocial, QR codes
- Campaign information, e.g. name and ID of the campaign
The information is kept in session storage for the duration of the session and deleted at the end of the session.
The legal basis for the processing of personal data is your consent in accordance with Art. 6 section 1 sentence 1 lit. a GDPR, provided that you have given your consent via our consent banner. If you have not given your consent, no data will be stored via the cookie.
Consent banner
We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform as well as the logging of the settings you have made is carried out on the basis of Art. 6 (1) sentence 1 lit. f DSGVO, in our legitimate interest to play out our content according to your preferences and to be able to prove the consent(s) you have given. The settings you have made, the consent you have given and parts of your usage data are stored in a cookie. This means that the cookie is retained for subsequent page requests and your consent can still be traced. You can find more information on this under the section "Required cookies".
You can change the cookie settings at any time using the blue fingerprint button at the bottom left of the website.
The provider of the consent management platform acts for us as a strictly instruction-bound service provider (order processor). An order processing contract in accordance with Art. 28 DSGVO has been agreed.
Google Consent Mode (Basic)
We use Google Consent Mode V2 (basic mode). This means that your IP address is transmitted to Google irrespective of your settings in the banner. However, this is deleted by Google immediately after collection and is not logged. The processing is based on our legitimate interest in being able to better control and use certain functions of the Google services used on the website that require consent. The legal basis for processing is Art. 6 (1) (f) GDPR.
Google Tag Manager
We use Google Tag Manager from Google Inc. for our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Tag Manager is used to manage the tools and external services that we use on our website and allows the use of so-called tags. A tag is a code element that is stored in the source code of the website, for example to control which page or service elements and tools are activated and loaded in which order. The tool triggers other tags, which in turn may collect data and which are explained further in this privacy policy. For example, only the tools for which consent has been given via the consent banner can be displayed.
The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it (e.g. Google Analytics).
If services have been deactivated at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. For more information on Google Tag Manager, see https://www.google.com/intl/de/tagmanager/use-policy.html.
The processing of personal data in connection with the use of Google Tag Manager can be legitimised on the basis of our legitimate interests in the efficient management of the tracking tools used. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
We have concluded a data processing agreement with Google for the use of Google Tag Manager (Art. 28 GDPR). Google only processes the data on our behalf in order to trigger the stored tags and display the services on our website.
Google may also process data outside the EU or the EEA (in particular in the USA). Google has certified itself in accordance with the EU-U.S. Data Privacy Framework and is listed on the Data Privacy Framework List. Accordingly, transfers of personal data to the USA can be based on the adequacy decision pursuant to Art. 45 GDPR. An adequate level of data protection is guaranteed by the adequacy decision. Google also undertakes to conclude standard contractual clauses with other sub-processors.
Google Analytics
We use the web analysis tool "Google Analytics" (including "Google Search Console") to design our websites according to your needs. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read out by us. In this way we are able to recognise returning visitors and count them as such.
Google Ireland Limited and Google LLC support us within the framework of Google Analytics. (USA) support us as processors according to Art. 28 GDPR. Data processing can therefore also take place outside the EU or EEA. With regard to Google LLC, no adequate level of data protection can be assumed due to the processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without your being informed or having the right to appeal. Please take this into account if you decide to give your consent to our use of Google Analytics.
The data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or § 15 TMG, if you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 para. 1 lit. a GDPR.
Google Analytics with Google Signals technical extension
On our website, we use the technical extension Google Signals, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We use the technical extension Google Signals on our website to perform cross-device tracking. This allows us to establish an association of a single website visitor with different end devices. However, this is only the case if you have logged into a Google service while visiting our website and at the same time activated the "personalized advertising" option in your Google account settings. We do not receive any personal data from Google, but statistics compiled on the basis of Google Signals.
Google can analyze user behavior across devices and create database models based on this. The logins and device types of all page visitors who were logged into a Google account and executed a conversion are taken into account. The data shows, among other things, on which device you first clicked on an ad and on which device the associated conversion took place.
The legal basis for the processing of personal data is your consent pursuant to Art. 6 (1) lit. a DSGVO, provided you have given your consent via our banner.
If you do not wish to be used by Google Signals via our website, deactivate the "personalized advertising" option in your Google account settings. Please note the following information: https://support.google.com/ads/answer/2662922?hl=de
For more information on data use for advertising purposes by Google, settings and opt-out options, please visit Google's websites:
http://www.google.com/analytics/terms/de.html
https://www.google.de/intl/de/policies/
https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/
Google Ads Remarketing
We use the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently display interest-based advertising in the Google advertising network (remarketing or retargeting).
For these purposes, when our and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or codes, also known as web beacons) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, what content they are interested in and which offers have been clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer. The user's IP address is also recorded
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. smartphone) can also be displayed on another of your end devices (e.g. tablet or PC).
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
The cookies are stored on your end device for 13 months if you are from the European Economic Area (EEA), Switzerland or the United Kingdom (UK). Otherwise, the storage period is 24 months.
As we use a third-party provider, Google, which is also based in the USA, it cannot be ruled out that your data will also be processed in the USA. An adequate level of data protection is guaranteed for transfers to the USA due to the provider's certification under the EU-U.S. Data Privacy Framework.
If you have a Google account, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.
Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.
Google Fonts
We use Google Fonts from Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for the functional display of our website. The service enables us to use external fonts. When you visit our website, your IP address is transmitted via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, this transmission is separate from other Google services.
In addition, information such as language settings, screen resolution, name and version of the browser are transmitted to Google. Google stores this data for one year. We have no influence on the scope and further use of the data that is collected and processed by the provider through the use of the service.
The legal basis for data processing is the consent you have given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time. To do so, please click on the fingerprint at the bottom left and make the appropriate settings via our banner.
For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework).
Further information on Google Fonts can be found in Google's privacy policy, which you can access here: https://policies.google.com/privacy?hl=de&tid=311141511
Microsoft Advertising (formerly Bing Ads)
On our websites, we use Microsoft Advertising (formerly Bing Ads) from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as Microsoft or Third Party Provider), so that you can be shown targeted advertising on other websites based on your visit to our websites and so that we can see how effective our advertising measures have been.
Microsoft Advertising serves our online advertisements on the Bing search engine, Yahoo and Microsoft partner websites. When an ad is clicked, Microsoft sets cookies. Cookies are small text files that are stored in your computer's browser. Microsoft uses cookies to store data about the use of our website (e.g. length of visit, which areas of the website were visited and which ad you used to access our website) and, in the case of an order based on these data, the order value and the time of the order. All this data relates to your user behaviour. We therefore receive Microsoft advertising data and evaluations of your web behaviour.
As we use a third party provider based in the USA, it cannot be ruled out that your data will also be processed in the USA. For transfers to the USA, an appropriate level of data protection is guaranteed due to the certification of the provider under the EU-U.S. Data Privacy Framework.
Data processing is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a DSGVO, provided you have given your consent via our banner.
Furthermore, you can object to the use of data by Microsoft for the receipt of interest-based advertising by deactivating the corresponding setting via this link.
Cookies from the third-party provider are stored on your terminal device for 180 days.
For more information on data protection and the cookies used by Microsoft Advertising, please see the Microsoft privacy policy.
Hotjar
We use Hotjar to better understand the needs of our users and optimize the experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click on, what they like and don't like, etc.) and this helps us tailor our offerings based on our users' feedback. Hotjar works with cookies and other technologies to collect information about our users' behavior and about their devices (in particular, IP address of the device (collected and stored only in anonymized form), screen size, device type (unique device identifiers), information about the browser used, location (country only), language preferred to view our website). Hotjar stores this information in a pseudonymized user profile. The information is not used by Hotjar or us to identify individual users or merged with other data about individual users.
For more information, please see Hotjar's privacy policy here:
https://www.hotjar.com/legal/policies/privacy.
Within the scope of the Hotjar service, Hotjar Limited Malta supports us as a processor in accordance with Art. 28 DSGVO. In this context, data processing may also take place by Hotjar outside the EU or the EEA (in particular in the USA). With regard to Hotjar, no adequate level of data protection can be assumed due to processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or having legal recourse. Please keep this in mind if you decide to give your consent to our use of Hotjar.
Data processing is based on your consent, if you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 (1) lit. a DSGVO.
Embedded videos
On our websites we embed videos that are not stored on our servers. In order to ensure that calling up our web pages with embedded videos does not automatically lead to the reloading of third-party content, in a first step we only display locally stored preview images of the videos. This does not provide the third party provider with any information.
Only after a click on the preview image, content from the third party provider is loaded. The third party provider receives the information that you have called up our site and the usage data that is technically required in this context. We have no influence on further data processing by the third party provider. By clicking on the preview image, you give us the consent to reload contents of the third party provider.
The embedding takes place on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or § 15 TMG, if you have given your consent by clicking on the preview picture. Please note that the embedding of many videos leads to your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is based on Art. 49 para. 1 lit. a GDPR.
Provider: YouTube / Google (USA)
Maximum storage period: Google does not specify a specific duration for this.
Adequate level of data protection: No adequate level of data protection. The transmission is based on Art. 49 para. 1 lit. a GDPR.
Revocation of consent: If you have clicked on a thumbnail, the contents of the third party provider are immediately reloaded. If you do not wish such reloading on other sites, please do not click on the thumbnails anymore.
Map services
On our web pages we embed map services that are not stored on our servers. In order to ensure that calling up our web pages with embedded map services does not automatically lead to third-party content being loaded, we only display locally saved preview images of the maps in a first step. This does not provide the third party provider with any information.
Only after a click on the preview image will the content of the third party provider be loaded. The third party provider is then informed that you have called up our site and receives the usage data that is technically required for this purpose. We have no influence on further data processing by the third party provider. By clicking on the preview image, you give us the consent to reload contents of the third party provider.
The embedding takes place on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or § 15 TMG, provided that you have previously given your consent by clicking on the preview image.
Please note that the embedding of some card services means that your data will be processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is based on Art. 49 para. 1 lit. a GDPR.
Provider: Google LLC (USA)
Maximum storage period: Google does not specify a specific duration for this.
Adequate level of data protection: No adequate level of data protection. The transmission is based on Art. 49 para. 1 lit. a GDPR.
Revocation of consent: If you have clicked on a thumbnail, the contents of the third party provider are immediately reloaded. If you do not wish such reloading on other sites, please do not click on the thumbnails anymore.
Security
We have taken technical and organisational measures to prevent the personal data you provide against loss, destruction, tampering and unauthorised access. This includes the encrypted transmission of data using sha256RSA (2048 bits) signature algorithm. All our staff and third parties participating in data processing are obligated to observe the German Federal Data Protection Act and treat personal data confidentially.
We reserve the right to modify this declaration at any time. It does not constitute any contractual or other formal right vis-à-vis or on behalf of any party.
Information according to Art. 13, 14 GDPR for applicants
The information regarding data protection for applicants can be found here.
Right of appeal to a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection provisions. The right of appeal can be asserted in particular with a supervisory authority in the member state of your residence, your place of work or the place of the presumed infringement.
Contacting
You may contact us via our contact form. In order to use our contact form, we first require the data marked as mandatory.
The legal basis for this processing is Art. 6 (1) (f) GDPR in order to respond to your request. In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not mandatory for contacting us. We process the information you provide voluntarily on the basis of your consent (Art. 6 (1) (a) GDPR).
Your data will only be processed to respond to your enquiry. We delete your data if it is no longer required and there are no legal retention obligations in conflict to that.
Concerning the processing according to Art. 6 (1) (f) GDPR, you have the right to object at any time. You can also withdraw your consent to the processing of the data you provided voluntarily at any time. To do so, please contact the e-mail address stated in the imprint.
Basic data protection regulation for social media
The information regarding the data protection of our social media presences can be found here.
Your rights as a user
When processing your personal data, the GDPR grants you as a website user certain rights:
1.) Right to information (Art. 15 GDPR):
You have the right to request confirmation as to whether personal data relating to you are being processed; if this is the case, you have the right to access this personal data and the information specified in Art. 15 GDPR.
2.) Right to rectification and cancellation (Art. 16 and 17 GDPR):
You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data.
They also have the right to demand that personal data relating to them be deleted immediately if one of the reasons specified in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.
3.) Right to limit the processing (Art. 18 GDPR):
You have the right to demand the restriction of the processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection against the processing for the duration of any examination.
4.) Right to data transferability (Art. 20 GDPR):
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.
5.) Right of objection (Art. 21 GDPR):
If data is collected on the basis of Art. 6 para. 1 lit. f (data processing to safeguard legitimate interests), you have the right to object to such processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are verifiable compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
Our data protection regulation for social media
When you visit our social media pages, data relating to you will be processed. Therefore we would like to inform you, in accordance with Art. 13 of the General Data Protection Regulation (GDPR), about our handling of your data and your rights resulting from this.
Controller
We, the BÜFA GmbH & Co. KG, are operating the following social media pages:
- Facebook: https://www.facebook.com/buefagruppe/
- Instagram: https://www.instagram.com/buefa_group/
- LinkedIn: https://de.linkedin.com/company/b%C3%BCfa-gmbh-co-kg
- YouTube: https://www.youtube.com/user/BUEFAHolding/videos
- XING: https://www.xing.com/pages/bufagmbh-co-kg
You can find our contact details in the imprint.
Data processing by us
Public relations
The data you provide on our social media pages, such as usernames, comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not processed by us for any other purpose at any time. We only reserve the right to delete content if this is necessary. Where appropriate, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform.
If you send us an enquiry on the social media platform, depending on the content, we may also refer you to other secure communication channels that guarantee confidentiality. For example, you have the option at any time to send us your enquiries to our address or e-mail address stated in the imprint. It is your own responsibility to choose the appropriate communication channel.
The legal basis for the aforementioned processing of your data is Art. 6 (1) (f) GDPR. We process the data in our legitimate interest of carrying out public relations work for our company and being able to communicate with you.
Management of social media channels with Hootsuite
The data provided to us by the social media network operators (e.g. reports) are processed by us in the social media management software "Hootsuite" from HootSuite Media Inc, 111 East 5th Avenue, Vancouver, BC, V5T 4L1, Canada.
Hootsuite enables us to manage multiple social media accounts. Posts can be prepared, planned, published, liked and shared. At the same time, the channels of the various services can also be tracked within Hootsuite in order to follow discussions on the social web that are relevant to us. The BÜFA Group only has limited access to your publicly accessible social media profile data.
This data is processed on the basis of Art. 6 (1) (f) GDPR and pursues our legitimate interests in the most efficient and successful presentation of our company on various social media channels.
We have concluded an data processing addendum with the service provider for the use of Hootsuite (Art. 28 GDPR). The data is therefore only processed strictly in accordance with instructions.
Data processing may also take place in Canada and thus outside the EU or the EEA. The European Commission has issued an adequacy decision for commercial offers from Canada in accordance with Art. 45 (1) GDPR. This means that there is an adequate level of protection for data transfers to Canada.
Further information and the currently applicable data protection provisions of Hootsuite can be found at https://hootsuite.com/de/legal/privacy and at https://hootsuite.com/de/legal/general-data-protection-regulation.
Data processing as a joint controller
For some processing activities we act as a joint controller with the respective operator of the social media platform.
Therefore, we have concluded the necessary agreement in accordance with Art. 26 GDPR, provided that the operator of the social media platform offers this option.
https://www.facebook.com/about/privacy/update
https://www.facebook.com/legal/terms/page_controller_addendum
https://de-de.facebook.com/legal/controller_addendum
https://www.instagram.com/legal/privacy/
https://www.facebook.com/legal/terms/page_controller_addendum
https://www.linkedin.com/static?key=privacy_policy
https://legal.linkedin.com/pages-joint-controller-addendum
You can find the essential components of joint responsibility in the following section.
Statistics (Insights)
The social media platforms regularly provide statistics (insights) based on usage data that contain information about your interaction with our social media site. We cannot determine the performance and provision of these statistics.
However, we do not use optional statistics from the social media platform.
We process the aforementioned information (statistics) in accordance with Art. 6 (1) (f) GDPR in the legitimate interest of validating the use of our social media pages and improving our content in target group-oriented manner.
Target group advertising
We also use the mentioned social media platforms to place target group-oriented advertising.
For this purpose, we use target group definitions that are provided to us by the social media provider. We use only anonymous target group definitions - we define characteristics based on, for example, general demographics, behaviour, interests and connections. The social media provider uses this information to display advertisements to its users. The legal basis for this is the consent that the provider of the social media platform has requested from its users.
If you wish to withdraw your consent, please use the withdrawal options provided by the the social media provider, as the social media provider acts as controller for this processing.
We or the social media provider also use publicly available data for target group definition. The legal basis for this processing is then Art. 6 (1) (f) GDPR. The legitimate interest on our part in this context is to define a target group that is as suitable as possible. We never use sensitive categories of personal data mentioned in Articles 9 and 10 GDPR (e.g. political opinions, sexual orientation) to define target groups.
We also use information about visits to or interaction with other websites (so-called remarketing) to define target groups. We also use cookies for this purpose. In these cases, however, we obtain the users' consent in advance via a consent banner on the respective other pages and inform them about the data processing at this point. You can withdraw this consent at any time by calling up the consent banner of the corresponding website again.
Data processing by the social media provider
The social media provider uses web tracking methods. The web tracking can also take place regardless of whether you are registered on the social media platform or not.
Therefore we would like to point out that it cannot be excluded that the social media provider uses and evaluates your profile and behavioural data for its own purposes. We have no influence on the processing of your data by the social media provider. Please keep this in mind when using the social media platform.
For more information on data processing by the social media provider, configuration options to protect your privacy and further objection options, please refer to the operator's privacy policy.
Storage period
We delete your personal data when they are no longer required for the aforementioned processing purposes and there are no legal retention obligations that prevent us from deleting the data.
Your rights as a user
As a user, you have the possibility to demand the following rights from us as well as from the operator of the social media platform if the requirements are fulfilled:
Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data of you is being processed; if this is the case, you have the right to obtain information about the processed personal data and to receive the information listed in detail in Art. 15 GDPR.
Right to rectification and erasure (Art. 16 and 17 GDPR)
You have the right to request the rectification of any inaccurate personal data relating to you and, where applicable, the completion of any incomplete data, without delay. You also have the right to request that personal data concerning you will be deleted without delay if one of the reasons listed in detail in Article 17 GDPR applies, e.g. if the data is no longer required for the purposes for which they were collected.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, for example if you have objected to the processing, for the duration of any review.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly and machine-readable format or to request the transfer of this data to a third party.
Right of objection (Art. 21 GDPR)
If data is processed on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the data is processed on the basis of legitimate interest for the purpose of direct marketing, you have a specific right of objection which you may exercise at any time without providing reasons and the exercise of which will result in the termination of the processing for the purpose of direct marketing.
Right of withdrawal (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal of the consent only effective for the future.
Right of appeal to a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data violates data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.
Contact details of our data protection officer
Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:
datenschutz nord GmbH
E-mail: office@datenschutz-nord.de
Phone: +49 421 69 66 32-0 (Bremen), +49 40 593 61 60-400 (Hamburg), +49 30 308 77 49-0 (Berlin).
If you contact our data protection officer, please also state the controller of the data processing named in the imprint.