Data protection information

1. data protection at a glance

1. data protection at a glance

We would like to inform you below about the processing of personal data in the context of the use of our website. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). The terms used are not gender-specific.

Responsible party

The controller for this website is

Verkehrsverbund Rhein-Ruhr AöR
Augustastrasse 1
45879 Gelsenkirchen 
Telephone: +49 209 1584-0
E-mail: info@vrr.de

Further information about our company and the authorised representatives can be found in our legal notice.

What data is processed?

Legal basis for data processing

In order to be able to offer you our website and the associated services, we process personal data on the basis of the following legal bases

  • Consent (Art. 6 para. 1 lit. a) GDPR)
  • for the fulfilment of contracts (Art. 6 para. 1 lit. b) GDPR)
  • on the basis of a balancing of interests (Art. 6 para. 1 lit. f) GDPR)
  • for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c) GDPR)

We will refer to the relevant terms in connection with the respective processing so that you can categorise the basis on which we process personal data.

If personal data is processed on the basis of your consent, you have the right to withdraw your consent from us at any time with effect for the future.

If we process data on the basis of a balancing of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 GDPR.

Access data

When you visit our website, personal data is processed in order to display the content of the website on your device.

In order for the pages to be displayed in your browser, the IP address of the device you are using must be processed. Further information about the browser on your device is also processed.

We are also obliged under data protection law to guarantee the confidentiality and integrity of the personal data processed with our IT systems.

For this purpose and out of this interest, the following data is logged on the basis of a balancing of interests:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server enquiry
  • IP address (for max. 6 months)
  • Names assigned to the IP address
  • Port number of the browser
  • Accepted file types

The IP address will be deleted from all systems used in connection with the operation of this website after 6 months at the latest. We can then no longer establish a personal reference from the remaining data.

The data is also used to identify and rectify errors on the website.

Contact form

We offer a contact form on our website that you can use to send us enquiries or contact us in general.

We need this information in order to process your enquiry, address you correctly and send you a reply. In the case of specific enquiries, data is processed for the fulfilment of a contract or the initiation of a contract. General enquiries are processed on the basis of a balancing of interests.

Enquiries received via the contact form on our website are processed electronically by us in order to answer your enquiry. In this context, other persons or departments and possibly third parties may also become aware of the content of the form that you have sent.

Form data is transmitted via the Internet using encrypted connections.

Live chat function

Our homepage allows you to contact us using the "Live Chat" function. You can use the chat to chat with the employees of our service provider almost in real time.

Data categories, purpose, legal basis and storage period

The technology used for this, software from Serviceware SE, uses cookies and the local memory of the medium you are using. This is necessary to enable a personal dialogue with you digitally and to provide the necessary functionalities.

The following personal data is collected when the chat is started:

  • Time, date and duration of the call
  • Browser type/version
  • IP address
  • Operating system used
  • URL of the previously visited website
  • Amount of data sent
  • If required, further context data, e.g. e-mail address

Depending on the course of the conversation, further personal data may be collected in the chat and entered by you. The type of this data depends largely on your enquiry or the request you describe to us. For example, the chat history can be sent to you by e-mail after the chat has ended if you wish.

The purpose of processing all this data is to provide you with a quick and efficient means of contact and thus improve our customer service. We store the chat history for a period of three months. The purpose of this is to save you from having to go into the history of your enquiry and to ensure the ongoing quality control of our chat service. The right to cancellation remains unaffected. A longer storage period is permitted in the case of statutory retention periods.

The legal basis for the processing of personal data is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Furthermore, we have a legitimate interest in processing personal data in accordance with Art. 6 para. 1 lit. f) GDPR in order to ensure the security of our information technology systems, to ensure the proper functioning of our services and to improve and accelerate our processing procedures. 

You can find more information here: https://serviceware-se.com/de/datenschutz

Newsletter

You can also subscribe to an e-mail newsletter on our website. In addition to the voluntary information in the respective form, we only process your e-mail address. However, this is also mandatory in order to be able to send you the newsletter.

You can unsubscribe from the newsletter at any time. Alternatively, you will find an unsubscribe link in every newsletter e-mail.

In order to be able to analyse the popularity of our newsletter mailings and optimise them, we record when links are clicked. This usage analysis is carried out on the basis of a balancing of interests. You can object to this processing by unsubscribing from the newsletter.

Use of cookies

Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after their visit to an online service. The information stored may include, for example, the language settings on a website, the login status, a shopping basket or the location where a video was watched. The term "cookies" also includes other technologies that fulfil the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as "user IDs")

A distinction is made between the following cookie types and functions

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or favourite content can be displayed directly when the user visits a website again. The interests of users that are used for reach measurement or marketing purposes can also be stored in such a cookie.
  • First-party cookies: First-party cookies are set by us.
  • Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to save logins or other user input or for security reasons).
  • Statistical, marketing and personalisation cookies: Cookies are also generally used to measure reach and when a user's interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also referred to as "tracking", i.e. tracking the potential interests of users. If we use cookies or "tracking" technologies, we will inform you when we obtain your consent.
  • Information on legal bases: If you consent to the use of cookies, the legal basis for processing your data is the consent you have given. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offering and its improvement) or, if the use of cookies is necessary to fulfil our contractual obligations.
  • Storage period: If we do not provide you with explicit information on the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.
  • General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out").
  • Processing of cookie data on the basis of consent: Before we process or have data processed in the context of the use of cookies, we ask users for their consent, which can be revoked at any time. Before consent has not been given, cookies that are absolutely necessary for the operation of our online offer will be used at most.
  • Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
     

Notes on consent management

You can find an overview of all cookies and the option to change your consent here.

All of the aforementioned cookies are absolutely necessary for the operation of our website. Cookies that are not absolutely necessary are only used with your consent. In these cases, a corresponding consent form will be displayed on the website.

Hier fehlt die Überschrift

Plugins and embedded functions and content

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or social media buttons and posts (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contact data (e.g. email, telephone numbers), content data (e.g. text input, photographs, videos), inventory data (e.g. names, addresses).

Data subjects: Users (e.g. website visitors, users of online services), communication partners.

Purposes of Processing: Provision of our online services and usability, contact requests and communication, Direct marketing (e.g. by e-mail or postal), Targeting (e.g. profiling based on interests and behaviour, use of cookies), Interest-based and behavioral marketing, Profiling (Creating user profiles), Contractual services and support, Security measures, Managing and responding to enquiries.

Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR), Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR).

Services used and service providers:

YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Possibility of objection (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de,   Settings for the display of adverts: https://adssettings.google.com/authenticated.

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they thereby undertake to comply with the data protection standards of the EU.

Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The user profiles can in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer (see above), in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data subjects: Users, interested parties (e.g. website visitors, users of online services).

Purposes of Processing: Contact requests and communication, Tracking (e.g. profiling based on interests and behaviour, use of cookies), Remarketing, Web Analytics (e.g. access statistics, recognition of returning visitors).

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Services used and service providers:

Instagram : Social network; Service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA

Website:
https://www.instagram.com

Data protection policy:
https://instagram.com/about/legal/privacy

Facebook: Social network; service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA

Website:
https://www.facebook.com

Data protection policy:
https://www.facebook.com/about/privacy

Possibility of objection (opt-out): Settings for adverts:
https://www.facebook.com/settings?tab=ads

Additional information on data protection: Agreement on joint processing of personal data on Facebook pages:
https://www.facebook.com/legal/terms/page_controller_addendum

Data protection information for Facebook pages:
https://www.facebook.com/legal/terms/information_about_page_insights_data

Twitter: Social network; service provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Data protection policy:
https://twitter.com/de/privacy (settings) https://twitter.com/personalization.

YouTube: Social network; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data protection policy:
https://policies.google.com/privacy

Possibility of objection (opt-out): 
https://adssettings.google.com/authenticated

Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offering. The Tag Manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users' personal data, please refer to the following information on Google services. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Website:
https://marketingplatform.google.com

Data protection policy:
https://policies.google.com/privacy

The following link provides valuable tips on how to set up profiles in social networks as securely and with as little data as possible. https://www.sicher-im-netz.de/sicher-unterwegs-sozialen-netzwerken

The following link provides information on how to use social networks in a data-saving manner.
https://www.sicher-im-netz.de/sicher-unterwegs-sozialen-netzwerken

Web analysis

This website uses the web analysis tool "Google Analytics", a service offered by Google Ireland Limited. The purpose of its use is the "needs-based design" of this website, which is carried out on the basis of a balancing of interests. The web analysis also enables us to recognise and correct errors on the website, e.g. due to incorrect links.

Google Analytics uses so-called "cookies" (see above). The use of a web analysis system is absolutely necessary for us to provide this website, as this is the only way we can measure the success of advertising expenditure.

The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, as we have activated IP anonymisation on this website and have concluded a corresponding data processing agreement with Google, your IP address will be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Google in the USA is certified according to the so-called "Privacy Shield"(find out more). An appropriate level of data protection is guaranteed by Google.

You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

You can find more information on the Google Analytics terms of use and data protection information at https://policies.google.com/privacy

Google Adsense with personalised ads: We use the Google Adsense service with personalised ads, with the help of which ads are displayed within our online offer and we receive remuneration for their display or other use. service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy.

Twitter: Twitter Marketing and Ads; Service provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Website: https://twitter.com/de; Privacy Policy: https://www.facebook.com/about/privacy. Option to object (opt-out): https://twitter.com/personalization.

Facebook pixel:

With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of adverts (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook adverts for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advert (so-called "conversion measurement").

Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user's device).

Data subjects: Users (e.g. website visitors, users of online services), interested parties.

Purposes of Processing: Tracking (e.g. profiling based on interests and behaviour, use of cookies), Remarketing, Conversion Tracking, Interest-based and behavioral marketing, Profiling (Creating user profiles), Conversion tracking (Measurement of the effectiveness of marketing activities), Web Analytics (e.g. access statistics, recognition of returning visitors), Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content), Cross-Device Tracking (Device-independent processing of user data for marketing purposes).

Security measures: IP masking (pseudonymisation of the IP address).

Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Purposes of the processing of personal data

We process the aforementioned data for the operation of our website and for the fulfilment of contractual obligations towards our customers or the protection of our legitimate interests.

Communication via messenger

We use messengers for communication purposes and therefore ask you to observe the following information on the functionality of the messengers, encryption, the use of communication metadata and your options to object.

You can also contact us by alternative means, e.g. by telephone or email. Please use the contact options provided to you or the contact options provided within our online offering.

In the case of end-to-end encryption of content (i.e. the content of your message and attachments), we would like to point out that the communication content (i.e. the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption enabled to ensure that the message content is encrypted.

However, we would also like to point out to our communication partners that although the messenger providers cannot view the content, they can find out that and when communication partners communicate with us and that technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) is also processed.

Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and you contact us, for example, on your own initiative, we use Messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and fulfilment of our communication partners' needs for communication via Messenger. We would also like to point out that we will not transmit the contact data provided to us to the messengers for the first time without your consent.

Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (i.e., for example, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention obligations.

Reservation of reference to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer enquiries via Messenger. This is the case if, for example, internal contractual information requires special confidentiality or a reply via Messenger does not fulfil the formal requirements. In such cases, we will refer you to more appropriate communication channels.

Processed data types: Contact data (e.g. email, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. entries in online forms).

Data subjects: Communication partners.

Purposes of processing: Contact enquiries and communication, direct marketing (e.g. by email or post).

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Services used and service providers:

Microsoft Teams: Microsoft Teams - Messenger; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA

Website: 
https://products.office.com

Privacy policy: 
https://privacy.microsoft.com/de-de/privacystatement

Security information: 
https://www.microsoft.com/de-de/trustcenter

 

Video conferences, online meetings, webinars and screen sharing

We use platforms and applications from other providers (hereinafter referred to as "third-party providers") for the purpose of holding video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we observe the legal requirements.

In this context, data of the communication participants are processed and stored on the servers of the third-party providers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen content.

If users are referred to third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimisation or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.

Notes on legal bases: If we ask users for their consent to the use of third-party providers or certain functions (e.g. consent to the recording of conversations), the legal basis for processing is consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of the third-party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data subjects: Communication partners, users (e.g. website visitors, users of online services).

Purposes of Processing: Provision of contractual services and customer support, contact requests and communication, Office and organisational procedures.

Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Services used and service providers:

GoToMeeting: Conference software; Service provider: LogMeIn Ireland Limited, Bloodstone Building Block C 70, Sir John Rogerson's Quay Dublin 2, Ireland, parent company: LogMeIn, Inc, 320 Summer Street, Boston, MA 02210 320 Summer Street Boston, Massachusetts 02210, USA;

Website: 
https://www.gotomeeting.com/de-de

Data protection policy: 
https://www.logmeininc.com/de/legal/privacy

Hinweise zu Rechtsgrundlagen


Voluntary information

If you provide us with data voluntarily, e.g. in forms, and this data is not required for the fulfilment of our contractual obligations, we process this data on the legitimate assumption that the processing and use of this data is in your interest.

Recipients / forwarding of data

Data that you provide to us will not be passed on to third parties. In particular, your data will not be passed on to third parties for their advertising purposes.

However, we may use service providers for the operation of this website or for other products or services of ours. In such cases, a service provider may gain knowledge of personal data. We select our service providers carefully - particularly with regard to data protection and data security - and take all measures required under data protection law for authorised data processing.

Data processing outside the European Union

If personal data is processed outside the European Union, you can see this in the previous explanations.


Data protection officer

We have appointed a data protection officer.

You can contact him as follows:

Verkehrsverbund Rhein-Ruhr AöR
Data Protection Officer
Augustastrasse 1
45879 Gelsenkirchen 

Telephone: +49 209 1584 0
E-mail: datenschutz@vrr.de


Your rights as a data subject

You have the right to information about the personal data concerning you. You can contact us at any time for information.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so.

Finally, you have the right to object to processing within the scope of the statutory provisions.

You also have the right to data portability within the framework of data protection regulations.
 

Deletion of data

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint about our processing of your personal data with a data protection supervisory authority.

Changes to this data protection notice

We will revise this data protection notice in the event of changes to this website or other occasions that make this necessary. The current version can always be found on this website.

Definitions of terms

This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are listed in alphabetical order.

Conversion tracking: "Conversion tracking" refers to a process that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the user's device within the websites on which the marketing measures take place and then retrieved again on the target website. For example, we can track whether the adverts we placed on other websites were successful).

Cross-device tracking: Cross-device tracking is a form of tracking in which user behaviour and interest information is recorded across devices in so-called profiles by assigning users an online identifier. This allows user information to be analysed for marketing purposes, regardless of the browser or device used (e.g. mobile phones or desktop computers). For most providers, the online identifier is not linked to clear data such as names, postal addresses or email addresses.

IP masking: "IP masking" refers to a method in which the last octet, i.e. the last two numbers of an IP address, is deleted so that the IP address can no longer be used to uniquely identify a person. IP masking is therefore a means of pseudonymising processing methods, particularly in online marketing

Interest-based and behavioural marketing: Interest-based and/or behavioural marketing is when the potential interests of users in advertisements and other content are predetermined as precisely as possible. This is done on the basis of information about their previous behaviour (e.g. visiting certain websites and lingering on them, purchasing behaviour or interaction with other users), which is stored in a so-called profile. Cookies are generally used for these purposes.

Conversion measurement: Conversion measurement is a process that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the user's device within the websites on which the marketing measures take place and then retrieved again on the target website. For example, this allows us to track whether the adverts we have placed on other websites have been successful.

Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiling: "Profiling" means any form of automated processing of personal data consisting of the use of personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this includes information relating to age, gender, location data and movement data, interaction with websites and their content, shopping behaviour, social interactions with other people) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.

Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include the behaviour or interests of visitors in certain information, such as website content. With the help of reach analysis, website owners can, for example, recognise at what time visitors visit their website and what content they are interested in. This enables them, for example, to better customise the content of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis purposes in order to recognise returning visitors and thus obtain more precise analyses of the use of an online offer.

Remarketing: The term "remarketing" or "retargeting" is used when, for example, it is noted for advertising purposes which products a user was interested in on a website in order to remind the user of these products on other websites, e.g. in adverts.

Tracking: The term "tracking" is used when the behaviour of users can be traced across several online offers. As a rule, behavioural and interest information is stored in cookies or on the servers of the providers of the tracking technologies with regard to the online offers used (so-called profiling). This information can then be used, for example, to display adverts to users that are likely to correspond to their interests.

Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and encompasses practically every handling of data, whether it is collecting, analysing, storing, transmitting or deleting.

Target group formation: Target group formation (or "custom audiences") is when target groups are determined for advertising purposes, e.g. the display of adverts. For example, based on a user's interest in certain products or topics on the internet, it can be concluded that this user is interested in adverts for similar products or the online shop in which they viewed the products. In turn, "lookalike audiences" (or similar target groups) are when the content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are generally used for the purpose of creating custom audiences and lookalike audiences.