6. Background Data Processing on our Website
6.1 Data Processing when Visiting our Website (Log File Data)
When you visit our Website, the servers of our hosting provider Platform.sh, Koblenzer Str. 11, 50968 Köln, Deutschland; Hetzner Online Data Center Park, Am Datacenter-Park 1 in Falkenstein/Vogtland, Deutschland temporarily store every access in a log file. The following data is collected without your intervention and stored by us until automatically deleted:
- IP address of the requesting computer;
- date and time of access;
- name and URL of the accessed file;
- website from which the access was made, if applicable, with the search word used;
- operating system of your computer and the browser you are using (including type, version, and language setting);
- device type in case of access from mobile phones;
- city or region from which the access was made; and
- name of your internet service provider.
The collection and processing of this data is carried out for the purpose of enabling the use of our Website (establishing a connection), ensuring the long-term security and stability of the system, and enabling error and performance analysis and optimisation of our Website (see also Section 6.3. regarding the latter points).
In case of an attack on the network infrastructure of the Website or suspicion of other unauthorised or improper use of the Website, the IP address and other data will be analysed for clarification and defence purposes; if necessary, they may be used in civil or criminal proceedings for the identification of the respective user.
The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in the purposes described above.
Cookies are information files that your web browser stores on the hard drive or in the memory of your computer when you visit our Website. Cookies are assigned identification numbers that enable your browser to be identified, and allow the information contained in the cookie to be read.
The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in providing a user-friendly and up-to-date website.
You may also be able to configure your browser to prevent cookies from being stored on your computer or receive a notification whenever a new cookie is being sent. On the following pages, you will find instructions on how to configure cookie settings for selected browsers.
Disabling cookies may prevent you from using all the features of our Website.
6.3 Tracking and Web Analytics Tools
6.3.1 General Information about Tracking
For the purpose of customising and continuously optimising our Website, we use the web analytics services listed below. In this context, pseudonymised usage profiles are created, and cookies are used (please also see Section 6.2). The information generated by the cookie regarding your use of our Website is usually transmitted to a server of the service provider, where it is stored and processed, together with the Log File Data mentioned in Section 6.1. This may also result in a transfer to servers abroad, e.g., the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3).
Through the data processing, we obtain, among others, the following information:
- navigation path followed by a visitor on the site (including content viewed, products selected or purchased, or services booked);
- time spent on the Website or specific page;
- the specific page from which the Website is left;
- the country, region, or city from where an access is made;
- end device (type, version, colour depth, resolution, width, and height of the browser window); and
- returning or new visitor.
The provider, on our behalf, will use this information to evaluate the use of the Website, in particular to compile Website activity reports and provide further services related to Website usage and internet usage for the purposes of market research and the customisation of the Website. For these processing activities, we and the providers may be considered joint controllers in terms of data protection to a certain extent.
The legal basis for this data processing with the following services is your consent within the meaning of Article 6(1)(a) of the GDPR. You can withdraw your consent or oppose to processing at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 6.2) or by using the service-specific options described below.
6.3.2 Google Analytics
We use the web analytics service Google Analytics provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).
Contrary to the description in Section 6.3.1, IP addresses are not logged or stored in Google Analytics (in the version used here, "Google Analytics 4"). For accesses originating from the EU, IP address data is only used to derive location data and is immediately deleted thereafter. When collecting measurement data in Google Analytics, all IP searches take place on EU-based servers before the traffic is forwarded to Analytics servers for processing. Google Analytics utilises regional data centres. When connecting to the nearest available Google data centre in Google Analytics, the measurement data is sent to Analytics via an encrypted HTTPS connection. In these centres, the data is further encrypted before being forwarded to Analytics' processing servers and made available on the platform. The most suitable local data centre is determined based on the IP addresses. This may also result in a transfer of data to servers abroad, eg., the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3).
We also use the technical extension called "Google Signals", which enables cross-device tracking. This makes it possible to associate a single website visitor with different devices. However, this only happens if the visitor is logged into a Google service during the website visits and has activated the "personalised advertising" option in their Google account settings. Even in such cases, we do not have access to any personal data or user profiles; they remain anonymous to us. If you do not wish to use "Google Signals," you can deactivate the "personalised advertising" option in your Google account settings.
Users can prevent the collection of data related to their Website usage (including IP address) generated by the cookie as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
As an alternative to the browser plugin, users can click on this link to prevent Google Analytics from collecting data on the website in the future. This will place an opt-out cookie on the user's device. If users delete cookies (see Section 6.2 on Cookies), they will need to click the link again.
6.4 Social Media
6.4.1 Social Media Profile
Our Website contains links to our profiles on the social networks of the following providers:
- Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA;
- Instagram Inc. 1601 Willow Road, Menlo Park, CA 94025, USA;
- Twitter Inc. mit Sitz in 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;
- Linkedin Unlimited Company, Wilton Place, Dublin 2, Irland.
- Xing, New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland
If you click on the icons of the social networks, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. As a result, the social network receives information that you have visited our Website with your IP address and clicked on the link. This may also involve the transfer of data to servers abroad, e.g., in the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3).
If you click on a link to a social network while you are logged into your user account on that social network, the content of our website can be associated with your profile, allowing the social network to directly link your visit to our website to your account. If you want to prevent this, please log out of your account before clicking on the respective links. A connection between your access to our website and your user account will always be established if you log in to the respective social network after clicking on the link. The data processing associated with this is the responsibility of the respective provider in terms of data protection. Therefore, please refer to the privacy notices on the social network's website.
The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in the use and promotion of our social media profiles.
6.4.2 Social Media Plugins
On our website, you can use social media plugins from the following providers:
- Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA
- Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
- Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
- Linkedin Unlimited Company, Wilton Place, Dublin 2, Irland
- Xing, New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland
We use the social media plugins to make it easier for you to share content from our Website. The social media plugins help us to increase the visibility of our content on social networks, thereby contributing to better marketing.
The plugins are deactivated by default on our Website, and therefore, no data is sent to the social networks when you simply access our Website. To enhance data protection, we have integrated the plugins in such a way that a connection is not automatically established with the servers of the social networks. Only when you activate the plugins by clicking on them, and thus give your consent to the transmission and further processing of data by the providers of the social networks, your browser establishes a direct connection to the servers of the respective social network.
The content of the plugin is transmitted directly from the social network to your browser and integrated into the Website. As a result, the respective provider receives information that your browser has accessed the corresponding page of our Website, even if you do not have an account with that social network or are not currently logged in to it. This information (including your IP address) is transmitted from your browser directly to a server of the provider (usually located in the USA) and stored there (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3). We have no influence on the scope of data collected by the provider through the plugin, although from a data protection perspective, we may be considered joint controllers with the providers up to a certain extent.
If you are logged into the social network, it can assign your visit to our Website directly to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like a product or service from us) may also be published on the social network and displayed to other users of the social network. The provider of the social network may use this information for the purpose of displaying advertisements and tailoring the respective offering to your needs. For this purpose, usage, interest, and relationship profiles may be created, e.g., to evaluate your use of our Website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our Website, and to provide other services associated with the use of the social network. The purpose and scope of the data collection, further processing and use of the data by the providers of the social networks, as well as your rights in this regard and options for protecting your privacy can be found directly in the privacy policies of the respective providers.
6.5 Online Advertising and Targeting
6.5.1 In general
We use services of various companies to provide you with interesting offers online. In the process of doing this, your user behaviour on our website and websites of other providers is analysed in order to subsequently be able to show you online advertising that is individually tailored to you.
Most technologies for tracking your user behaviour (Tracking) and displaying targeted advertising (Targeting) utilise cookies (see also Section 6.2), which allow your browser to be recognised across different websites. Depending on the service provider, it may also be possible for you to be recognised online even when using different end devices (e.g., laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with several devices.
- information about you that you provided when registering or using a service from advertising partners (e.g., your gender, age group); and
- user behaviour (e.g., search queries, interactions with advertisements, types of websites visited, products or services viewed and purchased, newsletters subscribed to).
We and our service providers use this data to determine whether you belong to the target audience we address and take this into account when selecting advertisements. For example, after visiting our Website, you may see advertisements for the products or services you have viewed when you visit other sites (Re-targeting). Depending on the amount of data, a user profile may also be created, which is automatically analysed; the advertisements are then selected based on the information stored in the profile, such as belonging to certain demographic segments or potential interests or behaviours. These advertisements may be displayed to you on various channels, including our website or app (as part of on- and in-app marketing), as well as advertising placements provided through the online advertising networks we use, such as Google.
The data may then be analysed for the purpose of settlement with the service provider, as well as for evaluating the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the performance of an action (e.g., visiting certain sections of our Website or submitting information) can be attributed to a specific advertising. We also receive from service providers aggregated reports of advertisement activity and information on how users interact with our Website and advertisements.
The legal basis for this data processing is your consent within the meaning of Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 6.2). Further options for blocking advertising can also be found in the information provided by the respective service provider, such as Google.
6.5.2 Google Ads
The legal basis for this data processing is your consent within the meaning of Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 6.2). Further options for blocking advertising can be found here.
7. Retention Periods
8. Data Security
We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, in particular unauthorised access by third parties. Our employees and the service companies mandated by us are obliged to maintain confidentiality and uphold data protection. Furthermore, these persons are only granted access to personal data to the extent necessary for the performance of their tasks.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot, therefore, provide any absolute guarantee for the security of information transmitted in this way.
9. Your rights
If the legal requirements are met, as a data subject, you have the following rights with respect to data processing:
- Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we process such data. This gives you the opportunity to check what personal data concerning you we process and whether we process it in accordance with applicable data protection regulations.
- Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed about the rectification. In this case, we will also inform the recipients of the data concerned about the adaptations we have made, unless this is impossible or involves disproportionate effort.
- Right to erasure: You have the right to obtain the erasure of your personal data under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the erasure may be replaced by a blocking of the data if the requirements are met.
- Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
- Right to data portability: You have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.
- Right to object: You have the right to object at any time to data processing, especially with regard to data processing related to direct marketing (e.g., marketing emails).
- Right to withdraw consent: You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful due to your withdrawal.
To exercise these rights, please send us an e-mail to the following address: [email protected]
- Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the manner in which your personal data is processed.