Data Privacy Statement
Last change: 09.12.2021
I. Preliminary remarks
The Operator takes the protection of your data very seriously and complies with the data protection laws. These laws serve the protection of natural persons with regard to the processing of personal data, which is any information relating to an identified or identifiable natural person. Such data will be processed only to the extent that is required for the performance of any contract or the provisioning and improvement of the Platform. The processing for the performance of the contract is effected only if you initiate or complete a contract with the Operator. In this respect, reference is made to the User Contract. The processing for provisioning and improvement is carried out only if it is provided below or with separate consent, ordered by government authorities or court order or otherwise provided by law. The data is processed by the Operator only in the Member States of the European Union (EU). In particular, the data processing Internet servers of the Operator are located in the Member States of the EU. There is generally no transfer to a third country or an international organization.
II. Data processing
Your data will be processed both independent of and dependent on a form. Form-dependent data represents data entered in a form on the Platform. Form-independent data is data that you also leave behind on the servers of the Operator without entering it in a form. You may also leave behind form-independent data on the servers of the Operator when you use an app or the web page of a customer of the Operator. This data, however, is processed by the Operator only on behalf of its customer responsible for the processing of data. You may find the data privacy notice of this customer on the respective app or website
1. Form-dependent processing
The data you enter in a form on the Platform is processed when using the form, in particular after submitting the form. This includes contact details and, if you are a customer of the Operator, your customer account data. Personal data that you provide on a designated form is generally transmitted in encrypted form to the server of the Operator.
a) Contact form
If you contact the Operator via a form, the data entered in the contact form will be encrypted on the server of the Operator and transmitted to the Operator by email. There is no further automated processing of your personal data in this respect. The personal data transmitted about your person will be used only for processing your request. If the request is in connection with data processing that the Operator carries out on behalf of a customer, the Operator will transmit your request in encrypted form to the respective customer. Responses are generally sent by email, which will also be transmitted in encrypted form insofar as your mail service provider supports this feature. After final processing of the request, your personal data that you entered in the contact form or in a response to the operator will be deleted. This does not apply if the data is still required for the performance of the contract or statutory retention obligations. In this respect, however, the processing of your data is restricted.
b) Customer account
A customer account will be set up for you as a customer of the Operator. In this respect, the data provided in the User Contract and, if applicable, subsequently entered in forms in the customer account, in particular your contact and campaign data, will be stored on the servers of the Operator. You may view the stored data at any time in the customer account as well as edit and complete it by means of the forms in the settings. You can, of course, also personally contact the Operator for example by using the aforementioned email address. The same applies to the erasure of the customer account. However, your data may be erased only if it is no longer required for the performance of the contract or is not subject to statutory retention obligations. In the meantime, the processing of your data is restricted and, in particular, the customer account will be locked.
2. Form-independent processing
The data that the operator requires for the provision or improvement of the Platform is processed independent of a form. This may include in particular browser cookies, mobile identifiers and access protocols, the data being generally transferred in encrypted form.
a) Browser cookies
b) Mobile identifier
It is also possible to deliver advertising in mobile applications (apps) via the Platform. For this purpose, the apps may use a mobile identifier that is provided by the operating system of your device (Apple iOS or Google Android). This identifier ultimately corresponds with the advertising ID from a cookie. This means that the identifier can be assigned to advertising categories in order to customise the advertising in the apps appropriately to target groups and interests. However, the categories always apply to a larger group of people. Therefore, the Operator cannot identify you as a person by means of the identifier as such or by the assigned categories. Customers for which the operator delivers the advertising may also use the identifier and assign their own ID to advertising categories. In this respect, however, the respective customer is responsible for the processing of data. The Operator itself cannot read, modify or delete the identifier. However, you may prevent the use of the identifier by selecting the appropriate settings in the app or your operating system. In this case, you may not be able to use all the features of the app or system. The same also applies to changing or deleting the identifier depending on the application and operating system. Reference is made to the data privacy statements of the respective app and your system for details.
c) Access protocols
The use of the platform and the advertising delivery are statistically analysed. For this purpose and in order to prevent abuse of the Platform, the Operator creates an access protocol. The number of accesses to the Platform and the retrieval of stored advertising are stored in the protocol. This includes data that is transmitted when establishing a connection between your browser and the Platform. In other words, this includes your IP address, the time of your access or retrieval, the ID in a Platform cookie or the mobile identifier, which address (URL) was accessed, whether the access was successful and the size of the data transferred by the Platform. Insofar as your browser transmits the corresponding data, the previous address (referrer) as well as information about the used operating system and browser (e.g. saved version) is also stored. You may prevent the transfer of this data by adjusting the settings of your browser, however. The protocols are also statistically analysed for customers that use the Platform for advertising delivery. The analysis shows which advertising was delivered and when and to which web page or which app. This means that the logged data is visible only to a limited extent. In particular, the last octet of the IP address are redacted. Such an analysis therefore does not allow the identification of your person. To prevent abuse, the protocols are encrypted and stored separately from the statistics. The protocols are decrypted and merged with other data only in definite cases of suspected abuse. In such cases the Executive Board and the Data Protection Officer of the Operator, and possibly the affected customer, are consulted. The logs will be deleted as soon as they are no longer necessary to prevent abuse. At the latest, they are deleted three months after the end of the calendar month in which the data was logged.
d) Social networks
1. XING (XING SE): https://www.xing.com/privacy
2. LinkedIn (LinkedIn Ireland U.C.): https://www.linkedin.com/legal/privacy-policy
3. Facebook (Facebook Ireland Ltd.): https://www.facebook.com/privacy/explanation
4. Twitter (Twitter