Data Privacy Statement

Last change: 09.12.2021

This privacy statement applies to the processing of your data including your personal data on the Internet page “virtualminds.de” with all ancillary and sub-pages. The email address of the Operator is: info@virtualminds.de. Full contact details can be found in the Imprint of the Operator. The Platform is designed to provide information for the delivery of advertising on the Internet and to manage the advertising delivery. The Platform is thus also used by customers of the Operator. In this regard, the Operator will process data on behalf of the respective customer responsible for proper data processing according to the contract. You may retrieve the contents of this Privacy Statement at any time on the Platform via the sub-page of the same name and also print or save a copy by using the corresponding functions in your web browser. Customers of the Operator using the Platform are directed to the privacy policy of the respective customer.

I. Preliminary remarks

The Operator takes the protection of your data very seriously and complies with the data protection laws. These laws serve the protection of natural persons with regard to the processing of personal data, which is any information relating to an identified or identifiable natural person. Such data will be processed only to the extent that is required for the performance of any contract or the provisioning and improvement of the Platform. The processing for the performance of the contract is effected only if you initiate or complete a contract with the Operator. In this respect, reference is made to the User Contract. The processing for provisioning and improvement is carried out only if it is provided below or with separate consent, ordered by government authorities or court order or otherwise provided by law. The data is processed by the Operator only in the Member States of the European Union (EU). In particular, the data processing Internet servers of the Operator are located in the Member States of the EU. There is generally no transfer to a third country or an international organization.

II. Data processing

Your data will be processed both independent of and dependent on a form. Form-dependent data represents data entered in a form on the Platform. Form-independent data is data that you also leave behind on the servers of the Operator without entering it in a form. You may also leave behind form-independent data on the servers of the Operator when you use an app or the web page of a customer of the Operator. This data, however, is processed by the Operator only on behalf of its customer responsible for the processing of data. You may find the data privacy notice of this customer on the respective app or website

1. Form-dependent processing
The data you enter in a form on the Platform is processed when using the form, in particular after submitting the form. This includes contact details and, if you are a customer of the Operator, your customer account data. Personal data that you provide on a designated form is generally transmitted in encrypted form to the server of the Operator.

a) Contact form

If you contact the Operator via a form, the data entered in the contact form will be encrypted on the server of the Operator and transmitted to the Operator by email. There is no further automated processing of your personal data in this respect. The personal data transmitted about your person will be used only for processing your request. If the request is in connection with data processing that the Operator carries out on behalf of a customer, the Operator will transmit your request in encrypted form to the respective customer. Responses are generally sent by email, which will also be transmitted in encrypted form insofar as your mail service provider supports this feature. After final processing of the request, your personal data that you entered in the contact form or in a response to the operator will be deleted. This does not apply if the data is still required for the performance of the contract or statutory retention obligations. In this respect, however, the processing of your data is restricted.

b) Customer account

A customer account will be set up for you as a customer of the Operator. In this respect, the data provided in the User Contract and, if applicable, subsequently entered in forms in the customer account, in particular your contact and campaign data, will be stored on the servers of the Operator. You may view the stored data at any time in the customer account as well as edit and complete it by means of the forms in the settings. You can, of course, also personally contact the Operator for example by using the aforementioned email address. The same applies to the erasure of the customer account. However, your data may be erased only if it is no longer required for the performance of the contract or is not subject to statutory retention obligations. In the meantime, the processing of your data is restricted and, in particular, the customer account will be locked.

2. Form-independent processing
The data that the operator requires for the provision or improvement of the Platform is processed independent of a form. This may include in particular browser cookies, mobile identifiers and access protocols, the data being generally transferred in encrypted form.

a) Browser cookies

The Platform uses cookies. Cookies are small text files or simple entries in a database that are stored in your browser. The data in the cookies can be read again only by the platform that initially stored it. On the one hand, the platform uses cookies when you log in to your account. These cookies ensure that only you can access the data stored in your customer account after logging in. A session ID is stored in the cookie for this purpose. After logging off, the cookie with the ID will be deleted. On the other hand, cookies are used when you visit a web page that uses the Platform or, in other words, if you visit a site that delivers advertising via the Platform or prepares the delivery of advertising. The purpose of these cookies is to deliver advertising in a target group-oriented and interest-oriented manner. An ad ID is stored in the cookie in the process (so that you are not always shown the same advertising, for example). This ID may also be assigned to advertising categories (such as age 18-35/interest in cars). However, these categories may correspond to a larger group of people both individually and together. This means that the Operator is not able to identify you as a person via the ad ID itself or the ID of the assigned categories. Cookies including an ad ID may also be used by customers on whose behalf the Operator processes data when delivering advertising via the Platform. The customers of the Operator may assign the ad ID to their own ID with advertising categories. In this respect, however, the respective customer to which the data privacy statement on the website that you visit applies will be responsible for the data processing. The cookies used by the Platform do not harm your device (e.g. computer/tablet). In particular, they do not contain viruses. You may refuse the use of cookies by selecting the appropriate settings in your browser. In this case, you may not be able to use all functions of the Platform or the website visited. The same applies to the deletion of stored cookies.

b) Mobile identifier

It is also possible to deliver advertising in mobile applications (apps) via the Platform. For this purpose, the apps may use a mobile identifier that is provided by the operating system of your device (Apple iOS or Google Android). This identifier ultimately corresponds with the advertising ID from a cookie. This means that the identifier can be assigned to advertising categories in order to customise the advertising in the apps appropriately to target groups and interests. However, the categories always apply to a larger group of people. Therefore, the Operator cannot identify you as a person by means of the identifier as such or by the assigned categories. Customers for which the operator delivers the advertising may also use the identifier and assign their own ID to advertising categories. In this respect, however, the respective customer is responsible for the processing of data. The Operator itself cannot read, modify or delete the identifier. However, you may prevent the use of the identifier by selecting the appropriate settings in the app or your operating system. In this case, you may not be able to use all the features of the app or system. The same also applies to changing or deleting the identifier depending on the application and operating system. Reference is made to the data privacy statements of the respective app and your system for details.

c) Access protocols

The use of the platform and the advertising delivery are statistically analysed. For this purpose and in order to prevent abuse of the Platform, the Operator creates an access protocol. The number of accesses to the Platform and the retrieval of stored advertising are stored in the protocol. This includes data that is transmitted when establishing a connection between your browser and the Platform. In other words, this includes your IP address, the time of your access or retrieval, the ID in a Platform cookie or the mobile identifier, which address (URL) was accessed, whether the access was successful and the size of the data transferred by the Platform. Insofar as your browser transmits the corresponding data, the previous address (referrer) as well as information about the used operating system and browser (e.g. saved version) is also stored. You may prevent the transfer of this data by adjusting the settings of your browser, however. The protocols are also statistically analysed for customers that use the Platform for advertising delivery. The analysis shows which advertising was delivered and when and to which web page or which app. This means that the logged data is visible only to a limited extent. In particular, the last octet of the IP address are redacted. Such an analysis therefore does not allow the identification of your person. To prevent abuse, the protocols are encrypted and stored separately from the statistics. The protocols are decrypted and merged with other data only in definite cases of suspected abuse. In such cases the Executive Board and the Data Protection Officer of the Operator, and possibly the affected customer, are consulted. The logs will be deleted as soon as they are no longer necessary to prevent abuse. At the latest, they are deleted three months after the end of the calendar month in which the data was logged.

d) Social networks
The Platform links social networks operated by third parties. The purpose is to share or like the Platform or posts on it in the respective network. However, a connection to such a network is established only after you click the button/link for the respective network on the Platform. Owing to the processing of personal data by social networks on which the Operator has no influence, reference is made to the privacy policy of the respective operator:

1. XING (XING SE): https://www.xing.com/privacy
2. LinkedIn (LinkedIn Ireland U.C.): https://www.linkedin.com/legal/privacy-policy
3. Facebook (Facebook Ireland Ltd.): https://www.facebook.com/privacy/explanation
4. Twitter (Twitter