Privacy Policy for www.datacroft.de (Datacroft)

Information to be provided where personal data are collected on the www.datacroft.de website
(Article 13 General Data Protection Regulation (GDPR))

1. General information about data processing

1.1.  Name and address of the controller:

 

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States as well as other data protection regulations is:

FELD M GmbH

Sandstraße 33

80335 Munich

Germany

Tel: +49.89.5529756.0

Fax +49.89.5529756.22

Managing Director: Lutz Wiechert

contact@feld-m.de

https://datacroft.de/

1.2. Data protection officer’s contact details

The data protection officer responsible for compliance with the General Data Protection Regulation and supplementary data protection regulations is:

Feld M GmbH

– Datenschutz –

Sandstraße 33

80335 Munich

Germany

Tel +49 (0) 89 / 60807600

datenschutz@feld-m.de

 

1.3. Recipients of the collected data

Access to your personal data collected during your visit to www.datacroft.de will only be granted to those who need it to fulfil our contractual obligations. Specifically, these are:

  • The Datacroft sales team for the purpose of contacting you by means of the contact form.
  • The Webanalytics team for optimising our marketing efforts.
  • Processors, such as external hosts, for ensuring the operation of the website and individual functional areas, e.g. the Login area for customers.
  • Other recipients are commissioned processors who use tools for web analysis and controlling online marketing measures (remarketing), as well as Tableau when access to the Login area is granted for demonstration purposes or for customer-specific data in the context of a given order.

 

 

1.4. Extent to which personal data is processed

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG-new) on the basis of the following legal principles:

 

(1) Article 6(1) point (b) GDPR
Personal data may be processed for the performance of a contract or pre-contractual measures.

(2) Article 6(1) point (f) GDPR
The controller may process personal data to the extent required to safeguard its own legitimate interests.

In accordance with legal requirements, we only collect data appropriate for the intended purpose.

1.5. Transfer of personal data to third countries

Personal data is transferred to third countries via the cookies and tracking tools used on www.datacroft.de. The necessary contractual agreements exist with the respective service providers.

 

1.6. Duration of storage

We principally erase personal data collected on www.datacroft.de once it is no longer required for the processing purpose or on completion of any legal verification and retention period.

If the data are no longer required for the performance of contractual or legal obligations, these are regularly erased unless their temporary processing is necessary for the following purposes:

  • Preservation of evidence in the context of the statutory statute of limitations. According to Section 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the standard period of limitation is 3 years.

 

1.7. Rights of the data subject

If personal data relating to you is processed, you are considered to be a data subject within the meaning of the GDPR and you have the following rights in respect to the controller:

1.7.1. Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data relating to you is processed by us.

If that is the case, you can request information from the controller about the following information:

(1)       The purposes for which the personal data are processed;

(2)       The categories of personal data being processed;

(3)       The recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;

(4)          The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(5)          All available information on the source of the data if the personal data are not collected from the data subject;

(6)          The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

(7)          Whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard you have the right to be informed about appropriate safeguards pursuant to Article 46 relating to the transfer.

 

1.7.2. Right to rectification

You have the right to obtain from the controller the rectification and/or completion of personal data relating to you insofar that the processed personal data is incorrect or incomplete. The controller must make the rectification without undue delay.

 

1.7.3. Right to restriction of processing

You may request the restriction of the processing of your personal data relating to you under the following conditions:

(1)          You contest the accuracy of the personal data relating to you, for a period enabling the controller to verify the accuracy of the personal data;

(2)          The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3)          The controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or

(4)          You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your reasons.

If the processing of personal data relating to you has been restricted, this data – with the exception of storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing in accordance with the above conditions, you will be notified by the controller before the restriction of processing is lifted.

 

1.7.4. Right to erasure

a)  Erasure obligation

You can demand that the controller deletes your personal data relating to you without undue delay, and the controller shall have the obligation to erase this data without undue delay where one of the following grounds applies:

(1)          The personal data relating to you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2)          You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing.

(3)          You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for processing, or you object to the processing pursuant to Article 21(2) GDPR.

(4)          The personal data relating to you have been processed unlawfully.

(5)          The erasure of the personal data relating to you is required to fulfil a legal obligation under Union or Member State law, to which the controller is subject.

(6)          The personal data relating to you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b)  Information to third parties

Where the controller has made the personal data public and is obligated to erase the personal data pursuant to Article 17(1) GDPR, the controller, taking available technology and the cost of implementation into account, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c)  Exceptions

The right to erasure does not apply to the extent that the processing is necessary

(1)          for exercising the right of freedom of expression and information;

(2)          for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in exercising official authority vested in the controller;

(3)          for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;

(4)          for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, in so far as the law referred to in subparagraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5)          for the establishment, exercise or defence of legal claims.

 

1.7.5. Right to be informed

If you have exercised your right to obtain from the controller the rectification, erasure or restriction of processing, it is obliged to notify all recipients to whom your personal data have been disclosed about the rectification or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed by the controller about these recipients.

 

1.7.6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, provided that

(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or is based on a contract pursuant to point (b) of Article 6(1) GDPR; and

(2) the processing is carried out by automated means.

In exercising this right you also have the right to have the personal data concerning you transmitted directly from one controller to another, provided that this is technically feasible. These rights should not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in exercising official authority vested in the controller.

 

1.7.7. Right to object

You have the right at any time, for reasons that arise from your particular situation, to object to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

 

1.7.8. Right to revoke your declaration of consent concerning data privacy

If the processing of your personal data is based on your consent, you may revoke your consent to processing at any time with future effect. The relevant data will then be blocked or erased immediately in accordance with legal storage periods.

The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can carry out your revocation in the same way as your consent. Alternatively you can send your revocation of consent, stating your full name and email address, to the following postal or email address:

Feld M GmbH

– Datenschutz –

Sandstraße 33

80335 Munich

Germany

Tel +49 (0) 89 / 60807600

datenschutz@feld-m.de

 

1.7.9. Exclusion right in automated decisions on a case-by-case basis, including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision

(1) is required for the conclusion or performance of a contract between you and the controller,

(2) is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3) is made with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

 

1.7.10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Article 78 of the GDPR.

A list of data protection officers and their contact details can be found on the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

 

2. Provision of the website and creation of log files

2.1. Description and scope of the data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected in this regard:

  1. Browser type and browser version
  2. Operating system used
  3. Referrer URL
  4. Host name of the computer accessing the site
  5. Time of the server request
  6. IP address
  7. Language
  8. Device type

This data will not be merged with other data sources.

The data is also stored in our system’s log files. This data is not stored together with the user’s other personal data.

 

 

2.2. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. To achieve this, the user’s IP address must be stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

2.3. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1) point (f) GDPR. The legitimate interest of the website operator lies in the trouble-free provision of the website and the associated website services for users.

2.4. Duration of storage

The data will be erased as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

The data is erased after 14 days. The service provider uses script-based deletion.

2.5. Means of objection and termination

The collection of data for providing the website and the storage of data in log files is absolutely imperative for operating the website. Users therefore do not have any possibility to object.

3. Use of cookies

Datacroft’s Internet pages use cookies. Cookies are text files that are stored on computer systems via an Internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows the visited Internet pages and servers to distinguish each data subject’s individual browser from other Internet browsers that contain other cookies. A particular web browser can be recognised and identified by the unique cookie ID.

The use of cookies enables FELD M GmbH to provide users of this website with more user-friendly services that would not otherwise be possible without setting the cookies.

The cookies enable the information and services provided by our website to be optimised in the interests of users. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users of websites that use cookies do not have to keep re-entering their access data each time they visit the websites, as this is done by the websites and the cookies stored on the users’ respective computer systems. Another example is the cookie used for shopping baskets in online shops. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent our website from setting cookies at any time by accordingly adjusting the settings on the Internet browser used and thus permanently disabling the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all standard Internet browsers. However, not all the functions on our website may be fully usable if the data subject disables the setting of cookies in the Internet browser used.

3.1. Use of retargeting and remarketing technologies

We deploy technologies on our websites for so-called retargeting and remarketing. This is an online marketing tracking process in which visitors to a website are tagged and subsequently matched on other websites with targeted advertising. We use this new technology to make our offering even more attractive and to inform and remind you about current offers which you have already viewed in our online shop. The following retargeting or remarketing technologies are used:

– Google DoubleClick remarketing pixels

– Google Ads remarketing

– Google Ads conversion tracking

Technically, depending on the retargeting service, either an additional cookie is stored on your computer or cookies already set in your browser are used to identify you or your computer or browser as an internet user via the so-called cookie ID, usually anonymously, and to log your surfing behaviour, in particular which of our web pages you have accessed. The cookie can then be read and evaluated by the targeting providers with whom we cooperate (see below). As a result, you may also see advertisements for our products or recommendations for comparable third-party products on other websites, for example displayed as personalised banner ads.

For DoubleClick remarketing pixels, web bugs perform a similar function to cookies. Web bugs send your IP address, the Internet address (URL), the time the web bug was viewed, your browser type and previously set cookie information to a web server.

The data collected about your browsing behaviour through cookies or web bugs cannot be used to personally identify you as a visitor to our websites. We use the data only to improve our offering and to evaluate the user behaviour on our websites (e.g. responses to advertising promotions); there is no other use or disclosure to third parties. This information is anonymous and not associated with personal data on your computer or database.

All the services listed below are used for advertising and marketing purposes with the aim of making our offering more attractive. As described with the individual services, we take your right to privacy seriously by enabling you to opt out of all services and by informing you in advance about our Privacy Policy.

3.1.1. Google DoubleClick remarketing pixels and Google Ads remarketing or similar audiences features

Description and scope of the data processing

On our websites, we use the DoubleClick remarketing pixels and Google Ads remarketing or similar audiences features, both services from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (“Google”). With the help of these services we can provide you with advertising messages relating to our online shop, e.g. interesting product offers, on the websites of other providers who also use these Google services (“partners” in the Google Display Network). In addition, we can use Google Ads remarketing to remind you on the websites of other providers in the Google Display Network to complete your order if you have recently placed an order in our online store. This is done using the cookie technology.

To do this Google stores a small file with a sequence of numbers (so-called cookie ID) in your browser to remember you as a visitor to our website and to collect further anonymous data about the use of our websites. The cookie ID is stored by us and is used only for clearly identifying your browser and not for identifying you as a person. Personal data about you will not be collected or stored through these services.

For more information about Google’s remarketing services, details about the data processing by these services and Google’s Privacy Policy, please visit http://www.google.com/policies/technologies/ads/.

Purpose of the data processing

The purpose is to process and optimise information derived from marketing campaigns to further address the target group for Datacroft products.

Legal basis for data processing

The legal basis for the remarketing measures is Article 6(1) point (f) GDPR. The legitimate interest of the website operator lies in specifically addressing a very small, specific target group from the business sector who has already shown interest in the services offered by Datacroft.

Duration of storage

The storage period is 26 months.

Means of objection and termination

You can permanently disable the use of cookies by Google by downloading and installing the browser plug-in available under the following link (https://www.google.com/settings/ads/plugin) or by clicking the corresponding opt-out link in the grey box further down in this section and following any further instructions that may appear. Google’s Ad Settings let you manage which ads you see and opt out of interest-based ads. If you do not want to see advertisements generated by the targeting service, you can opt out of using retargeting technology on our websites by visiting the link www.google.com/settings/ads from any of the web browsers you use and making the settings you want.

3.1.2. Google Ads conversion tracking

Description and scope of the data processing

Google Ads is an Internet advertising service that allows advertisers to place ads in both Google’s search engine results and the Google Advertising Network. Google Ads allows an advertiser to pre-define specific keywords that will only display an ad in Google’s search engine results when the user uses the search engine to retrieve a keyword-relevant search result. In the Google Network, ads are distributed to thematically relevant web pages using an automated algorithm and according to pre-defined keywords.

The operator for the Google AdWords service is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

If a data subject arrives on our website via a Google ad, a so-called conversion cookie will be stored by Google on the data subject’s information technology system. An explanation of what cookies are has already been provided above. Conversion cookies expire after thirty days and are not used to identify the data subject. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the contact form, have been accessed on our website. The conversion cookie tells both us and Google whether a data subject who came to our website via a Google ad has submitted a request.

The data and information collected through the use of the conversion cookie are used by Google to collate visitor statistics for our website. These visitor statistics are then used by us to determine the total number of users who have been referred to us through Google ads, i.e. to determine the success or failure of each Google ad in order to optimise our Google ads for the future. Neither our company nor other Google Ads advertisers will receive information from Google that could identify the data subject.

The conversion cookie stores personal information, such as the web pages visited by the data subject. Each time our website is visited, personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.

Purpose of the data processing

The purpose of Google Ads is to promote our website by displaying interest-based advertising on the websites of third-party companies and in the search engine results of the Google search engine.

Legal basis for data processing

The legal basis for the measures is Article 6(1) point (f) GDPR. The justified interest of the website operator lies in addressing, as specifically as possible, a small, specialist target group from the business sector who have already shown interest in Datacroft’s offerings.

Duration of storage

The storage period is 26 months.

Means of objection and termination

As described above, you can prevent our website from setting cookies at any time by correspondingly adjusting the settings on the Internet browser used and thus permanently disabling the setting of cookies. Such an adjustment of the Internet browser settings would also prevent Google from setting a conversion cookie on your information technology system. In addition, a cookie already set by Google Ads can be deleted at any time via the Internet browser or other software programs.

In addition, you can opt out of Google’s interest-based advertising. To do this you must access the link www.google.com/settings/ads from each of the Internet browsers you use and make the desired settings there.

Further information and Google’s currently applicable Privacy Policy can be found at https://www.google.com/intl/en/policies/privacy/.

 

4. Web analysis by Google Analytics (with anonymisation function)

4.1. Description and scope of the data processing

Google Analytics (with an anonymisation function) is integrated on our website. Google Analytics is a web analytics service. Web analysis refers to the capturing, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject came to our website (so-called referrers), which subpages of the website were accessed or how often, and for how long the subpage was viewed. We use web analytics primarily for optimising our website and for conducting cost-benefit analyses of the internet advertising.

The operator for the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the application “_gat._anonymizeIp” for web analytics through Google Analytics. By means of this application, the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our website from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area.

Google Analytics sets a cookie on the data subject’s information technology system. An explanation of what cookies are has already been provided above. Setting this cookie enables Google to analyse the usage of our website. Each time one of the webpages is accessed on this website, which is operated by the controller and in which a Google Analytics component has been integrated, the Internet browser on the data subject’s information technology system is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google is provided with personal data, such as the IP address of the data subject, which among other things help Google to track the origin of the visitors and clicks, and subsequently enable the settlement of commissions.

The cookie stores personal information, such as the access time, the location from where the access was made, and the frequency with which our website is visited by the data subject. Each time you visit our website, your personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.

4.2. Purpose of the data processing

The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.

4.3. Legal basis for data processing

The legal basis for the web analysis by Google Analytics is Article 6(1) point (f) GDPR. The legitimate interest of the website operator lies in tracking user interests through their use of our website. With the help of the data we would like to constantly optimise our website and our marketing measures, and make them more relevant for our users.

4.4. Duration of storage

The storage period is 26 months.

4.5. Means of objection and termination

As described above, the data subject can prevent our website from setting cookies at any time by accordingly adjusting the settings on the Internet browser used and thus permanently disabling the setting of cookies. Such an adjustment of the Internet browser settings would also prevent Google from setting a cookie on the data subject’s information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

 

Furthermore, you can prevent Google from logging the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: (https://tools.google.com/dlpage/gaoptout?hl=en).

 

As an alternative to installing the browser plugin, especially on Internet browsers on mobile devices, you can prevent your data from being collected by Google Analytics by clicking on the following link:

Google Analytics:

This stores a so-called opt-out cookie on your device which prevents the future collection of your data by Google Analytics when visiting this website.

Please note that if you delete cookies in your browser settings, the opt-out cookie from Google Analytics could also be deleted, which would then have to be re-enabled by you.

Further information and Google’s currently applicable Privacy Policy can be found at https://www.google.com/intl/en/policies/privacy/ and at https://www.google.com/analytics/terms/gb.html. Google Analytics is explained in more detail at https://www.google.com/intl/en_en/analytics/.

5. Web analysis by Webtrekk

5.1. Description and scope of the data processing

The controller responsible for the processing has integrated Webtrekk components on this website. Webtrekk is a combined analysis and marketing solution in one system. Webtrekk allows the website operator to collect data on the use of the website and to customise the marketing activities.

The operator of Webtrekk is Webtrekk GmbH, Robert-Koch-Platz 4, 1115 Berlin, Germany.

The data collected through the Webtrekk component will not be used to identify the data subject without first obtaining the specific and explicit consent of the data subject. These data are not combined with personal data or other data containing the same pseudonym.

Webtrekk sets a cookie on the data subject’s information technology system. An explanation of what cookies are has already been provided above. Webtrekk, on behalf of the controller, uses the data and information obtained through our website to evaluate the user behaviour of data subjects who our website. In addition, Webtrekk uses the data to create user activity reports on our behalf and to provide other services to our company related to the use of our website. Webtrekk does not combine the IP address of the data subject with other personal data.

5.2. Purpose of the data processing

Each time one of the webpages is accessed on this website, which is operated by the controller, Webtrekk collects and stores data for marketing and optimisation purposes. The data obtained are used to create pseudonymised user profiles. The pseudonymised user profiles are used for the purpose of analysing visitor behaviour and enable us to improve our website.

5.3. Legal basis for data processing

The legal basis for the analysis by Webtrekk is Article 6(1) point (f) GDPR. The legitimate interest of the website operator lies in tracking user interests through their use of our website. With the help of the data we would like to constantly optimise our website and our marketing measures, and make them more relevant for our users.

5.4. Duration of storage

The storage period is 26 months.

5.5. Means of objection and termination

As described above, you can prevent our website from setting cookies at any time by accordingly adjusting the settings on the Internet browser used and thus permanently disabling the setting of cookies. Such an adjustment of the Internet browser settings would also prevent Webtrekk from setting a cookie on your information technology system. In addition, cookies that have already been set by Webtrekk can be deleted at any time using an Internet browser or other software programs.

As described above, you can prevent our website from setting cookies at any time by accordingly adjusting the settings on the Internet browser used and thus permanently disabling the setting of cookies. Such an adjustment of the Internet browser settings would also prevent Webtrekk from setting a cookie on your information technology system. In addition, cookies that have already been set by Webtrekk can be deleted at any time using an Internet browser or other software programs.

Alternatively, you can prevent or opt-out of the collection of data generated by the Webtrekk cookie which is related to the use of this website and the processing of this data by Webtrekk. To do this you will need to click on the following link: (https://www.webtrekk.com/en/legal/opt-out-webtrekk/), which sets an opt-out cookie.

The opt-out cookie will be stored on the information technology system used by you. Please note that if you delete the cookies on your system after opting out, you will need to click on this link again so that a new opt-out cookie can be set.

Setting the opt-out cookie could mean, however, that our Internet pages are no longer fully usable.

Webtrekk’s currently applicable Privacy Policy can be found at https://www.webtrekk.com/en/why-webtrekk/data-protection/.

 

6. Contact form

6.1. Description and scope of the data processing

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the enquiry and in case of follow-up questions. We will not share this information without your consent. The only mandatory fields are your first and last name, your company and your professional email address. The data is required to send you the associated documents in a personalised way.

 

The information you provide in the contact form will remain with us until you ask us to delete it, or the purpose for storing the data no longer applies (for example, after your enquiry has been processed). Mandatory statutory provisions – especially retention periods – remain unaffected.

 

6.2. Purpose of the data processing

The personal data from the input mask is processed for the sole purpose of dealing with your enquiries. In the case of contact by email, we have a legitimate interest in processing the data since we as a company always strive to deal with your inquiries.

The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

6.3. Legal basis for data processing

The legal basis for processing the data when contacting us via the contact form for requesting further details about the Link Manager or TV2WEB offerings is the performance of a contract or pre-contractual measures pursuant to Article 6(1) point (b) GDPR.

 

6.4. Duration of storage

The data will be erased as soon as it is no longer necessary for the purpose of its collection. For personal data entered in the input mask in the contact form and personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

The additional personal data collected during the sending process will be erased at the latest after a period of 14 days.

 

6.5. Means of objection and termination

Users can terminate the contractual or pre-contractual relationships at any time. If users contact us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored for contact purposes will be erased in this case.

 

7. Login area

7.1. Description and scope of the data processing

The Login area gives customers access to their individual Tableau dashboard with the data generated for them via a personal login (email address). For demonstration purposes, access to a demo dashboard can also be requested using your own personalised email address. Before access is allowed, use of the email address must be confirmed in advance.

My Login will save the following user data:

  • Email address
  • Log file data (14 days storage time at external server host)

 

7.2.                   Purpose of the data processing

The purpose of the data processing is to defend against and trace hacker attacks. Further user data is not saved or processed.

 

7.3. Legal basis for data processing

The legal basis for processing your personal data for logging into the Login area is the performance of a contract or pre-contractual measures pursuant to Article 6(1) point (b) GDPR.

 

7.4. Duration of storage

The log file data are erased after 14 days storage time at an external server host.

 

7.5. Means of objection and termination

Users can revoke their consent to the processing of the personal data at any time. If users contact us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored for contact purposes will be erased in this case.

 

8. Definitions

FELD M GmbH/Datacroft’s Privacy Policy is based on the terminology used by the European legislative and regulatory bodies in adopting the EU General Data Protection Regulation (GDPR). Our Privacy Policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to first of all explain the terminology used.

Among others we use the following terms in this Privacy Policy:

8.1. Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

8.2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

8.3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

8.4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

8.5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

8.6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

8.7. Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8.8. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

8.9. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

8.10. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

8.11. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.