Privacy Policy

I. General information

1. Contact

ADFERENCE GmbH
Auf der Hude 74
21339 Lüneburg
Telefon: +49 (0) 4131 2173 014
E-Mail: info@adference.com

2. Legal basis

The term "personal data" under data protection law refers to all information relating to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the DSGVO and the BDSG. Our data processing only takes place on the basis of a legal permission. We process personal data only with your consent (Art.6 para.1 lit.a DSGVO), for the performance of a contract to which you are a party, at your request for the performance of pre-contractual measures (Art.6 para.1 lit.b DSGVO), or for the performance of a legal obligation (Art.6 Para.1 letter c DSGVO) or if the processing is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, override (Art.6 Para.1 letter f DSGVO).

3. Duration of storage

Unless otherwise stated in the following notes, we store data only for as long as is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

4. Data recipients categories

We use processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, accounting and billing, and marketing activities. A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company's bank, tax advisors/auditors, or tax authorities. Further recipients may result from the following information.

5. Data transfer to third countries

Visiting our website may involve the transfer of certain personal data to third countries, i.e., countries in which the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such a decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards are in place in accordance with Art.46 of the GDPR or if one of the conditions of Art.49 of the GDPR is met.

Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087 bzw. https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Art.49 para.1 letter a DSGVO.

6. Processing in the exercise of your rights

If you exercise your rights under Articles 15 to 22 of the GDPR, we will process the transmitted personal data for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will process data stored for the purpose of providing information and its preparation only for this purpose and for the purpose of data protection control and will otherwise restrict the processing in accordance with Art.18 DSGVO.

These processing operations are based on the legal basis of Art.6 Abs.1 lit.c DSGVO in conjunction with Art.15 to 22 DSGVO. Art.15 to 22 DSGVO and §34 Abs.2 BDSG.

7. Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

In accordance with Art.15 DSGVO and §34 BDSG, you have the right to request information about whether and to what extent we process personal data about you.

You have the right to request us to correct your data in accordance with Art.16 DSGVO.

You have the right to request the deletion of your personal data in accordance with Art.17 DSGVO and §35 BDSG.

You have the right to have the processing of your personal data restricted in accordance with Art.18 DSGVO.

You have the right, in accordance with Art.20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer that data to another controller.

If you have given us separate consent for data processing, you may revoke this consent at any time in accordance with Art. 7 (3) DSGVO. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.

If you believe that a processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art.77 GDPR.

8. Right to object

In accordance with Art. 21 (1) DSGVO, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) DSGVO on grounds relating to your particular situation. If we process your personal data for the purpose of direct marketing, you may object to this processing pursuant to Art. 21 (2) and (3) DSGVO.

9. Data Protection officer

You can reach our data protection officer using the following contact details:

Email: privacy@adference.com
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de

‍

II. Data processing on our website

When you use the website, we collect information that you provide. In addition, during your visit to the website, certain information about your use of the website is automatically collected. In data protection law, your IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

1. Hosting and server log files

During purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e., not via registration). This includes: browser name/version, operating system used, requested page, previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code. This processing is carried out to protect our legitimate interests and is based on the legal basis of Art.6 para.1 lit.f DSGVO. This processing serves the technical administration and security of the website. The stored data will be deleted unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary. We are not able to identify you as a data subject from the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 (2) of the GDPR, unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.

We use Hubspot CMS for the purpose of hosting and displaying our website. Hubspot CMS is offered by the service provider HubSpot Inc. (USA). Unless otherwise stated in the following notes, all data collected on our website is processed on our behalf on the servers of HubSpot Inc. The use of the service and the associated processing of your personal data is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f DSGVO. This processing serves the technical administration and presentation of our website.

When using Hubspot services, personal data may be transferred to the USA. Please note the information in the section titled "Data transfer to third countries." . You can find more information about data protection at Hubspot at:https://www.hubspot.de/data-privacy/gdpr/hubspot-product-playbook

2. Cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for certain cases. The use of cookies is partly technically necessary for the operation of our website and therefore permitted without the consent of the user. In addition, we may use cookies to offer special features and content as well as for analysis and marketing purposes. These may also include cookies from third-party providers (called third-party cookies). We only use such technically unnecessary cookies with your consent pursuant to Art. 6 (1) a DSGVO. You can find information about the purposes, providers, technologies used, data stored, and the storage period of individual cookies in the settings of our consent management tool.

3. Consent Management Tool

This website uses a consent management banner to control cookies. The consent banner enables you, as a user of our website, to give your consent to certain data processing procedures or to revoke a given consent. By clicking the "Accept all" button or by saving individual cookie settings, you consent to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 (1) a DSGVO.

In addition, the banner helps us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data.

The processing of this data is necessary to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).

4. Contact options and requests

a) Contact form

Our website contains contact forms that visitors can use to get in touch with us. The forms are provided by Hubspot, a service of HubSpot Inc. (USA). When you send us a contact request, we forward your data to Hubspot, which processes the data exclusively on our behalf. The transfer of your data is encrypted (recognizable by the "https" in the address bar of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this information will result in us not being able to process your request. The provision of further data is voluntary. We process your data on the basis of our legitimate interest to get in contact with inquiring persons. The legal basis for data processing is Art. 6 (1) f DSGVO.

When using Hubspot services, personal data may be transferred to the USA. Please note the information in the section titled "Data transfer to third countries." . You can find more information about data protection at Hubspot at: https://www.hubspot.de/data-privacy/gdpr/hubspot-product-playbook

b) Chat
We use chat forms on our website from Hubspot, which is operated by HubSpot Inc. (USA). When inquiries are submitted via the chat form, the information provided in the form will be stored by Hubspot for the purpose of processing the inquiry and in the event of follow-up questions. We process your data based on our legitimate interest to get in touch with you and to answer your chat request. The legal basis for data processing is Art. 6 (1) f DSGVO.

When using Hubspot services, personal data may be transferred to the USA. Please note the information in the section titled "Data transfer to third countries." . You can find more information about data protection at Hubspot at: https://www.hubspot.de/data-privacy/gdpr/hubspot-product-playbook

5. Registration

In order for costumers to use our services, registration via the website is required. You will receive the necessary login data when concluding a contract. The necessary data is processed for the purpose of providing the service. The processing is based on the legal basis of Art. 6 para. 1 letter b DSGVO. If your data is processed as a contact person for our commercial customers, this is done on the basis of our legitimate interest according to Art. 6 (1) f DSGVO.

6. Newsletter

Visitors to our website can register for our newsletter. After registering, you will regularly receive the latest news on our offers. A valid e-mail address is required to register for the newsletter. To verify your e-mail address, you will receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name based on the consent you have given. The processing is based on the legal basis of Art. 6 (1) a DSGVO. You can revoke your consent at any time by clicking, the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above. The legality of the data processing operations already carried out remains unaffected by the revocation. When registering for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).

We also analyze the reading behavior and open rates of our newsletter. We evaluate the data generated during the delivery and retrieval of our emails in aggregated and anonymized form (delivery rate, opening rate, click rates, unsubscribe rate, bounce rate, visits, completions) in order to measure the use and success of these emails. The legal basis for the analysis of our newsletter is Art. 6 para. 1 lit. f DSGVO and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the above mentioned contact channels.

We also evaluate the data generated when you retrieve and use these e-mails (time of opening, hyperlinks clicked, documents downloaded) as well as transaction data on downstream websites in connection with your e-mail address in order to send you individualized information in the future, which takes your interests and needs into account. We use the collected anonymous and personal data to provide you with personalized content and individualized information. The legal basis for this data processing is Art. 6 (1) a DSGVO. You can revoke your consent at any time by clicking the "Unsubscribe" link in the newsletter or by contacting us via the channels mentioned above.

For the management of subscribers, the dispatch of the newsletter and the analysis we use the service Hubspot of HubSpot Inc. (USA). Your email address will therefore be transmitted by us to HubSpot in the USA. Please note the information in the section titled "Data transfer to third countries." . Further information on data protection at Hubspot is available at: https://www.hubspot.de/data-privacy/gdpr/hubspot-product-playbook

7. Google Tag Manager

We use Google Tag Manager of Google Ireland Limited. To manage our website tags Google Tag Manager is a cookie-less domain that does not collect or store any personal data. Google Tag Manager merely triggers other tags, which in turn may collect data without accessing that data themselves. If a deactivation has been made at the domain or cookie level (e.g., via the consent management tool), it remains in place for all tracking tags implemented with Google Tag Manager.

8. Analysis of our website

a) Google Analytics

We use Google Analytics of the provider Google Ireland Limited (Ireland/EU) on our website. Google Analytics is a web analytics service that allows us to collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies for this purpose. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interactions with our website. Some of this data is information that is stored in the terminal device you are using. In addition, further information is also stored on your device via cookies. Such storage of information by Google Analytics or access to information that is already stored in your terminal device only takes place with your consent.

Google Ireland will process the data collected on our behalf in order to evaluate visitors' use of our website, to compile reports on the activities within our website, and to provide us with further services related to the use of our website and the internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data.

Data about user actions are stored for a period of 14 months and then automatically deleted. All other event data is stored for two months and then automatically deleted. Deletion of the data whose storage period has expired takes place automatically once a month.

You can find more information about this processing activity, the technologies used, data stored, and the storage period in the settings of our consent management tool. The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Art. 6 (1) a DSGVO. You can revoke your consent via our Consent Management Tool.

In the case of Google services, the transmission of data to Google Inc. in the USA cannot be ruled out. Please note the information in the section titled "Data transfer to third countries." . You can find more information about data protection at Google in Google's privacy policy: https://www.google.com/policies/privacy

b) Hubspot Analytics

To evaluate visits to our website, we use Hubspot Analytics, a service provided by HubSpot Inc. (USA). Hubspot uses cookies and similar technologies that enable analysis of your use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, and device identifiers are processed by Hubspot on our behalf to evaluate use of our online offer by users and to compile reports for us on activities within our website. In doing so, usage profiles of users can be created from the processed data. Further information about this processing activity, the technologies used, data stored and the storage period can also be found in the settings of our consent management tool.

The setting of cookies and the processing of personal data described here only takes place with your consent. The legal basis for data processing in connection with the Hubspot service is therefore Art. 6 (1) a DSGVO. You can revoke your consent via our consent management tool.

When using Hubspot services, personal data may be transferred to the USA. Please note the information in the section titled "Data transfer to third countries." . You can find more information about data protection at Hubspot at: https://www.hubspot.de/data-privacy/gdpr/hubspot-product-playbook

c) Hotjar

We use Hotjar service of the provider Hotjar Ltd. (Malta, EU) on our website to analyze movements on our website using so-called "heat maps". For example, it is possible to see how far users scroll and how often they click on which buttons. Furthermore, with the help of the tool it is also possible to obtain feedback directly from the users of the website. In this way, we obtain valuable information to make our website even faster and more customer-friendly. With Hotjar, we can only track which buttons are clicked, mouse history, how far scrolled, device screen size, device type and browser information. We also receive information about your geographic location (country) and preferred language for viewing our website. Areas of the websites in which personal data of you or third parties are displayed are automatically hidden by Hotjar and are therefore not traceable by the tool at any time.

The processing of your data is based on your consent in accordance with Art. 6 (1) a DSGVO.

Cookies are set on your terminal device to integrate the service. The setting of cookies and access to information stored in your end device is done with your consent, which you can revoke at any time with future effect via our Consent Management Tool. For more information on data protection at Hotjar, please refer to the Hotjar privacy policy at https://www.hotjar.com/legal/policies/privacy/.

9. Marketing

a) Google Ads
We use the online advertising program Google Ads of Google Ireland Limited, through which we place advertisements on the Google search engine. If you access our website via a Google ad, Google sets a cookie on your terminal device ("conversion cookie"). A different conversion cookie is assigned to each Google Ads customer, so that cookies are not tracked across the websites of different Ads customers. The information obtained with the help of the cookie is used to create conversion statistics. Thus, we learn the total number of users who clicked on one of our Google ads. However, we do not receive any information to personally identify users. You can find more information about this processing activity, the technologies used, data stored, and the storage period in the settings of our consent management tool. This processing is only carried out with your consent in accordance with Art.6 para.1 lit.a DSGVO. You can revoke your consent via our consent management tool. In the case of Google services, a transfer of data to Google Inc. in the USA cannot be ruled out. Please note the information in the section titled "Data transfer to third countries." . Users can find further information on data protection at Google in Google's privacy policy: https://www.google.com/policies/privacy

‍b) Microsoft Ads
We use the Microsoft Advertising service of the provider Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads) on our website. Microsoft Advertising is an online marketing service that uses Universal Event Tracking (UET) to help us display targeted advertisements via the Microsoft Bing search engines. Microsoft Advertising uses cookies for this purpose. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings are processed.

Microsoft Advertising is used for the purpose of optimizing the placement of advertisements. You can find more information about these processing activities, the technologies used, data stored and the storage period in the settings of our consent management tool. This processing is only carried out with your consent in accordance with Art.6 para.1 lit.a DSGVO. You can revoke your consent via our consent management tool.

In the case of Microsoft services, a transfer of data to Microsoft Corp. in the USA cannot be ruled out. Please note the information in the section titled "Data transfer to third countries." . You can find more information about data protection at Microsoft in the Microsoft data protection information at https://privacy.microsoft.com/de-de/privacystatement.
‍
c) Facebook Pixel
We use the Facebook pixel on our website, a business tool provided by Facebook Ireland Limited (Ireland/EU). The Facebook pixel is a JavaScript code snippet that allows us to track visitors' activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:

- information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
- specific pixel information such as the pixel ID and the Facebook cookie;
- information about buttons clicked by visitors to the website;
- information present in the HTTP header, such as IP addresses, web browser information, page location, and referrer;
- information about the status of disabling/restricting ad tracking.

Some of this event data is information that is stored on the device you are using. In addition, the Facebook pixel also uses cookies to store information on the device you are using. Such storage of information by the Facebook pixel or access to information that is already stored in your end device only takes place with your consent.

Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We can use tracked conversions to measure the effectiveness of our ads, set custom audiences for ad targeting, dynamic ads campaigns, and analyze the effectiveness of our website's conversion funnels. The features we use via the Facebook pixel are described in more detail below.

Processing of event data for advertising purposes

Event data collected through the Facebook pixel is used to target our ads and improve ad delivery, personalize features and content, and improve and secure Facebook products.

For this purpose, event data is collected on our website by means of the Facebook pixel and transmitted to Facebook Ireland. This only takes place if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Facebook Ireland is therefore Art.6 para.1 lit.a DSGVO.

This collection and transfer of event data is carried out by us and Facebook Ireland as joint controllers. We have entered into a joint controller processing agreement with Facebook Ireland that sets forth the allocation of data protection responsibilities between us and Facebook Ireland. In this agreement, we and Facebook Ireland have agreed, among other things,

- that we are responsible for providing you with all information according to Art. 13, 14 DSGVO about the joint processing of personal data;
- that Facebook Ireland is responsible for enabling the rights of data subjects under Articles 15 to 20 of the GDPR with respect to the personal data stored by Facebook Ireland following joint processing.

You can review the agreement entered into between us and Facebook Ireland at https://www.facebook.com/legal/controller_addendum.

Facebook Ireland is the sole data controller for the subsequent processing of the submitted event data. For more information about how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how you can exercise your rights against Facebook Ireland, please see Facebook Ireland's Data Policy at. https://www.facebook.com/about/privacy

Processing of event data for analysis purposes
We have also commissioned Facebook Ireland to prepare reports on the impact of our advertising campaigns and other online content (campaign reports) and to create analyses and insights about users and their use of our website, products and services (analyses) on the basis of the event data collected via the Facebook pixel. We transfer personal data contained in the Event Data to Facebook Ireland for this purpose. The submitted personal data is processed by Facebook Ireland as our processor to provide us with the campaign reports and analytics.

You can find more information about these processing activities, the technologies used, data stored, and the storage period in the settings of our consent management tool.

A processing of personal data for the creation of analyses and campaign reports only takes place if you have previously given your consent to this. The legal basis for this processing of personal data is therefore Art.6 para.1 lit.a DSGVO.

A transfer of data to Facebook Inc. in the USA cannot be ruled out. Please note the information in the section titled "Data transfer to third countries." .

d) LinkedIn Ads

We use the LinkedIn Insight tag on our website, a marketing service provided by LinkedIn Ireland Unlimited Company (Ireland/EU). The LinkedIn Insight tag is a JavaScript code snippet that is triggered by LinkedIn when you visit our website and saves a cookie on the device you are using. This allows us to evaluate conversions – that is, to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. LinkedIn does not provide us with personally identifiable information, but only provides reports (in which you are not identified) about site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes. Members' direct identifiers are removed by LinkedIn within seven days to pseudonymize the data. LinkedIn then deletes this remaining pseudonymized data within 180 days.

You can find more information about these processing activities, the technologies used, data stored, and the storage period in the settings of our consent management tool. LinkedIn services are only used with your consent pursuant to Art.6 para.1 letter a DSGVO.

In the case of LinkedIn services, a transfer of data to LinkedIn Inc. in the USA cannot be ruled out. Please note the information in the section titled "Data transfer to third countries." . You can find more information on data protection at LinkedIn in the LinkedIn data protection information at https://www.linkedin.com/legal/privacy-policy

10. External media

a) YouTube

We use the YouTube service of Google Ireland Limited (Ireland/EU) on our website to integrate videos. As part of this integration, processing your IP address is necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Google, and Google may set its own cookies. We use YouTube in "extended data protection mode" so that no cookies are set by YouTube to analyze user behavior.

You can find more information about these processing activities, the technologies used, data stored, and the storage period in the settings of our consent management tool. YouTube is only used with your consent pursuant to Art.6 para.1 letter a DSGVO.

During the integration, transmission of data to Google Inc. and YouTube LLC in the USA cannot be ruled out. Please note the information in the section titled "Data transfer to third countries." . Users can find further information on data protection at Google in Google's data protection information at https://www.google.com/policies/privacy

b) Captivate Podcast Player

We use the Captivate Podcast Player of Captivate Audio Ltd (UK) on our website to integrate podcasts. As part of this integration, processing your IP address is necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Captivate Audio Ltd, and Captivate Audio Ltd may set its own cookies. The use of the Captivate Podcast Player only takes place with your consent pursuant to Art. 6 (1) a DSGVO.

Captivate also processes the following data for statistical purposes: type of end device and name of the app you use, referrer URL, IP address for geolocation and abuse prevention, date and time of retrieval, file name, and whether it was retrieved in full or in part. Captivate deletes this data after 26 months. We receive only aggregate reports from Captivate (e.g., the total number of retrievals) that are not attributable to individual users.

For more information about these processing activities, the technologies used, data stored, and storage period, please see the settings of our consent management tool and the Captivate privacy notice at https://www.captivate.fm/privacy-policy-for-listeners/

In the case of integration, a transfer of data to the United Kingdom cannot be ruled out. The transfer takes place on the basis of the adequacy decision pursuant to Art. 45 DSGVO, which the European Commission has issued for the United Kingdom: https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf

‍

III. Data processing on our social media pages

We are represented on several social media platforms with a company page, including:

Facebook

LinkedIn

Xing

YouTube

When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected, which may also constitute personal data.

1. Visit a social media page

a) Facebook page

When you visit our company Facebook page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU - "Facebook"). Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation. Facebook offers the option to object to certain data processing; information and opt-out options in this regard can be found under https://www.facebook.com/settings?tab=ads

Facebook provides us with anonymized statistics and insights for our Facebook page that help us gain insights about the types of actions people take on our page (known as "Page Insights"). Page Insights are created based on certain information about individuals who have visited our page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these insights. The legal basis for this processing is Art. 6 (1) (f) DSGVO. We cannot assign the information obtained via Page Insights to individual user profiles interacting with our Facebook page. We have entered into a joint controller agreement with Facebook, which specifies the distribution of data protection obligations between us and Facebook. For details about the processing of personal data to create Page Insights and the agreement entered into between us and Facebook, please see https://www.facebook.com/legal/terms/information_about_page_insights_data. In relation to this data processing, you have the option of asserting your data subject rights (see "Your rights") against Facebook. Further information on this can be found in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.

Please note that according to Facebook's privacy policy, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.

b) LinkedIn page

LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is the sole responsible party for the processing of personal data when you visit our LinkedIn page. Further information about the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions that people take on our site (Page Insights). For this purpose, LinkedIn processes data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size, and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With the Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Article 6(1)(f) DSGVO. We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:

- LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn via the following link https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or by using the contact information in the Privacy Policy. You can contact the privacy officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.You can also contact us at the contact details provided to exercise your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.

- LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission. (www.dataprotection.ie) or to any other supervisory authority.

Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision of the European Commission pursuant to Article 45 of the GDPR is available or on the basis of appropriate safeguards pursuant to Article 46 of the GDPR.

c) Twitter
For the processing of personal data when visiting our Twitter profile, Twitter Inc. (USA) is the sole responsible party. Further information about the processing of personal data by Twitter Inc. can be found at https://twitter.com/de/privacy

d) Xing
New Work SE (Germany/EU) is the sole responsible party for the processing of personal data when you visit our Xing profile. Further information about the processing of personal data by New Work SE can be found at https://privacy.xing.com/de/datenschutzerklaerung

e) YouTube
Google Ireland Limited (Ireland/EU) is the sole responsible party for the processing of personal data when you visit our YouTube channel. Further information about the processing of personal data by YouTube and Google Ireland Limited can be found at https://policies.google.com/privacy

2. Comments and direct messages

We also process information that you have provided to us via our company pages on various social media platforms. Such information may include your user name, contact details, and messages sent. We carry out these processing operations by us are carried out as the sole responsible party. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO. Further data processing may take place if you have consented (Art. 6 para. 1 letter a DSGVO) or if this is necessary for the fulfillment of a legal obligation (Art. 6 para. 1 letter c DSGVO).

‍

IV. Other data processing

1. Contact by e-mail

If you send us a message via the contact email provided, we will process the transmitted data for the purpose of responding to your inquiry. We process this data based on our legitimate interest to get in contact with inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO.

2. Customer and prospect data

If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of the personal master, contract, and payment data provided to us as well as contact and communication data of our contact persons at commercial customers and business partners. The legal basis for these processing operations is Art. 6 para. 1 lit. f DSGVO. We also process customer and prospective customer data for evaluation and marketing purposes. These processing operations are carried out on the legal basis of Art. 6 Para. 1 Letter f DSGVO and serve our interest to further develop our offer and to inform you specifically about our offers. Further data processing may take place if you have consented (Art. 6 para. 1 letter a DSGVO) or if this is necessary for the fulfillment of a legal obligation (Art. 6 para. 1 letter c DSGVO).

‍3. Use of e-mail addresses for marketing purposes

We may use the email address you provide during registration or ordering to inform you about similar products and services that we offer. The legal basis is Art. 6 para. 1 lit. f DSGVO in conjunction with. § 7 para. 3 UWG. You can object to this at any time without incurring any costs other than the transmission costs according to prime rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an e-mail to info@adference.com

4. Application

If you apply for a job at our company, we will process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you provide for up to six months after any rejection for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage. The legal basis for data processing is § 26 para. 1 p. 1 BDSG. If we store your applicant data for longer than six months and you have expressly consented to this, this consent can be freely revoked at any time in accordance with Art. 7 Para. 3 DSGVO. Such revocation shall not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.