Privacy Policy

Introduction

The following Privacy Policy is intended to inform you about the types of personal data (hereinafter also referred to as “data”) we process, the purposes for which we process it, and the scope of such processing. This Privacy Policy applies to all processing of personal data carried out by us, both in connection with the provision of our services and, in particular, on our websites as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offer”).

The terms used are not gender-specific.

Data Controller

Datta Yoga Center Switzerland

Bächlerstrasse 55
8046 Zurich
Tel: +41 76 531 91 93

dycs[at]dyc.ch

Authorized Representatives: Ursula Honegger

Legal Notice here

Translated with DeepL.com (free version)

Overview of Processing Methods

The following overview summarizes the types of data processed and the purposes of such processing, and identifies the data subjects.

Types of data processed

  • Event Data (Facebook) (“Event Data” refers to data that we may transmit to Facebook, for example via Facebook Pixel (through apps or other means), and that relates to individuals or their actions; this data includes, for example, information about website visits, interactions with content, features, app installations, product purchases, etc.; Event Data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as comments posted), login information, or contact information (i.e., no names, email addresses, or phone numbers). Event data is deleted by Facebook after a maximum of two years; the target groups created from this data are deleted upon deletion of our Facebook account.
  • Master data (e.g., names, addresses).
  • Content data (e.g., entries in online forms).
  • Contact data (e.g., email, phone numbers).
  • Meta/communication data (e.g., device information, IP addresses).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Location data (information regarding the geographic position of a device or a person).
  • Contract data (e.g., subject matter of the contract, term, customer category).
  • Payment data (e.g., bank details, invoices, payment history).
  • Translated with DeepL.com (free version)

Categories of data subjects

  • Business and contractual partners.
  • Prospective customers.
  • Communication partners.
  • Customers.
  • Members.
  • Users (e.g., website visitors, users of online services).

Purposes of processing

  • Provision of our online services and user-friendliness.
  • Office and organizational procedures.
  • Direct marketing (e.g., via email or mail).
  • Interest-based and behavioral marketing.
  • Contact requests and communication.
  • Profiling (creation of user profiles).
  • Remarketing.
  • Reach measurement (e.g., access statistics, recognition of returning visitors).
  • Security measures.
  • Tracking (e.g., interest-based/behavioral profiling, use of cookies).
  • Provision of contractual services and customer service.
  • Management and response to inquiries.

Relevant legal basis

Data processing is carried out in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as the association’s purposes as set forth in its bylaws and the consent of the data subjects.

Security measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, and disclosure of the data, ensuring its availability, and maintaining its separation. Furthermore, we have established procedures to ensure that data subjects’ rights are upheld, that data is deleted, and that appropriate responses are made in the event of a data breach. Furthermore, we take the protection of personal data into account from the very beginning of the development and selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

SSL encryption (https): To protect the data you submit through our website, we use SSL encryption. You can recognize these encrypted connections by the https:// prefix in your browser’s address bar.

Transfer and Disclosure of Personal Data

In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, payment institutions in connection with payment transactions, service providers entrusted with IT tasks, or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

Data transfer within the organization: We may transfer personal data to other departments within our organization or grant them access to such data. To the extent that such disclosure is made for administrative purposes, the disclosure of data is based on our legitimate business and operational interests, or is made to the extent necessary to fulfill our contractual obligations, or when consent from the data subjects or a legal authorization is available.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if such processing occurs in connection with the use of third-party services or the disclosure or transfer of data to other individuals, entities, or companies, this is done solely in accordance with legal requirements.

Vorbehaltlich ausdrücklicher Einwilligung oder vertraglich oder gesetzlich erforderlicher Übermittlung verarbeiten oder lassen wir die Daten nur in Drittländern mit einem anerkannten Datenschutzniveau, vertraglichen Verpflichtung durch sogenannte Standardschutzklauseln der EU-Kommission, beim Vorliegen von Zertifizierungen oder verbindlicher internen Datenschutzvorschriften verarbeiten.

Use of Cookies

Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after their visit to a website. The stored information may include, for example, language settings on a website, login status, a shopping cart, or the point at which a video was viewed. We also include other technologies that perform the same functions as cookies under the term “cookies” (e.g., when user information is stored using pseudonymous online identifiers, also known as “user IDs”).

The following types and functions of cookies are distinguished:

  • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves a website and closes their browser.
  • Persistent cookies: Persistent cookies remain stored even after the browser is closed. For example, this allows a user’s login status to be saved or preferred content to be displayed immediately when the user visits a website again. Similarly, user interests—which are used for audience measurement or marketing purposes—can be stored in such a cookie.
  • First-party cookies: First-party cookies are set by us.
  • Third-party cookies: Third-party cookies are primarily used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or strictly necessary) cookies: Cookies may be strictly necessary for the operation of a website (e.g., to store logins or other user input, or for security reasons).
  • Statistik-, Marketing- und Personalisierungs-Cookies: Ferner werden Cookies im Regelfall auch im Rahmen der Reichweitenmessung eingesetzt sowie dann, wenn die Interessen eines Nutzers oder sein Verhalten (z.B. Betrachten bestimmter Inhalte, Nutzen von Funktionen etc.) auf einzelnen Webseiten in einem Nutzerprofil gespeichert werden. Solche Profile dienen dazu, den Nutzern z.B. Inhalte anzuzeigen, die ihren potentiellen Interessen entsprechen. Dieses Verfahren wird auch als „Tracking“, d.h., Nachverfolgung der potentiellen Interessen der Nutzer bezeichnet. Soweit wir Cookies oder „Tracking“-Technologien einsetzen, informieren wir Sie gesondert in unserer Datenschutzerklärung oder im Rahmen der Einholung einer Einwilligung.

Information on Legal Bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is your explicit consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., in the business operation of our online offering and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Storage period: Unless we provide you with specific information regarding the storage period of persistent cookies (e.g., as part of a so-called cookie opt-in), please assume that the storage period may be up to two years.

General Information on Withdrawal of Consent and Opting Out: Depending on whether the processing is based on consent or legal authorization, you have the option at any time to withdraw your consent or to object to the processing of your data through cookie technologies (collectively referred to as “opting out”). You can initially express your objection through your browser settings, e.g., by disabling the use of cookies (although this may also limit the functionality of our online offering). Objections to the use of cookies for online marketing purposes can also be submitted via a variety of services, particularly in the case of tracking, through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. Additionally, you can find further information on how to object in the details provided regarding the service providers and cookies used.

Processing of cookie data based on consent: Before we process or have processed data in connection with the use of cookies, we ask users for their consent, which may be revoked at any time. Until consent is given, we will only use cookies that are strictly necessary for the operation of our website.

  • Types of data processed: Usage data (e.g., websites visited, content interests, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).

Performance of duties in accordance with the bylaws or rules of procedure

We process the data of our members, supporters, prospective members, business partners, or other individuals (collectively, “data subjects”) when we have a membership or other business relationship with them, when we are performing our duties, or when they are recipients of services or benefits. In addition, we process the data of data subjects based on our legitimate interests, e.g., in connection with administrative tasks or public relations work.

The data processed in this context, as well as the nature, scope, purpose, and necessity of its processing, are determined by the underlying membership or contractual relationship, from which the necessity of any data provision also arises (we will otherwise indicate which data is required).

We delete data that is no longer necessary for the fulfillment of our statutory and business purposes. This is determined in accordance with the respective tasks and contractual relationships. We retain the data for as long as it may be relevant for business transactions, as well as with regard to any warranty or liability obligations based on our legitimate interest in their resolution. The necessity of retaining the data is reviewed regularly; otherwise, the statutory retention obligations apply.

  • Types of data processed: Master data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., subject matter of the contract, term, customer category).
  • Data subjects: Users (e.g., website visitors, users of online services), members, business and contractual partners.
  • Purposes of processing: Provision of contractual services and customer service, contact requests and communication, management and response to inquiries.

Commercial and business services

We process data from our contractual and business partners, such as customers and prospective customers (collectively referred to as “contractual partners”), in connection with contractual and similar legal relationships, as well as related measures and communications with contractual partners (or in the pre-contractual phase), for example, to respond to inquiries.

We process this data to fulfill our contractual obligations, to safeguard our rights, and for the purposes of administrative tasks associated with this information as well as for business organization. We disclose the data of contractual partners to third parties within the scope of applicable law only to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations, or with the consent of the data subjects (e.g., to involved telecommunications, transportation, and other support services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within the scope of this Privacy Policy.

We inform the contracting parties of which data is required for the aforementioned purposes prior to or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or in person.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving purposes (e.g., for tax purposes, typically 10 years). We delete data disclosed to us by the contractual partner in the context of an order in accordance with the terms of the order, generally upon completion of the order.

To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply to the relationship between users and the providers.

Shop and E-Commerce: We process our customers’ data to enable them to select, purchase, or order the chosen products, goods, and related services, as well as to facilitate their payment, delivery, or fulfillment. If necessary for the fulfillment of an order, we engage service providers—in particular postal, freight, and shipping companies—to carry out the delivery or fulfillment for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is identified as such during the ordering or comparable purchase process and includes the details necessary for delivery, provision, and billing, as well as contact information to facilitate any necessary communication.

  • Types of data processed: Master data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., subject matter of the contract, term, customer category), usage data (e.g., websites visited, interest in content, access times), Meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Prospective customers, business and contractual partners, customers.
  • Purposes of processing: Provision of contractual services and customer service, contact requests and communication, office and organizational procedures, management and response to inquiries, security measures.

Payment service provider

In the context of contractual and other legal relationships, in accordance with legal obligations, or otherwise based on our legitimate interests, we offer data subjects efficient and secure payment options and, for this purpose, engage not only banks and credit institutions but also other payment service providers (collectively, “payment service providers”).

The data processed by the payment service providers includes master data, such as name and address; bank details, such as account numbers or credit card numbers; passwords, TANs, and checksums; as well as information related to the contract, amount, and recipient. This information is necessary to execute the transactions. However, the data entered is processed and stored solely by the payment service providers. This means that we do not receive any account or credit card-related information, but only information confirming the payment or indicating that the payment was declined. Under certain circumstances, the data may be transmitted by the payment service providers to credit bureaus. The purpose of this transmission is to verify identity and creditworthiness. In this regard, we refer you to the terms and conditions and privacy policies of the payment service providers.

The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions; these are available on the respective websites or within the transaction applications. We also refer you to these for further information and to exercise your rights of withdrawal, access, and other data subject rights.

Types of data processed:

  • Master data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contract data (e.g., subject matter of the contract, term, customer category), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses) .
  • Data subjects: Customers, prospective customers.
  • Purposes of processing: Provision of contractual services and customer service.

Services used and service providers:

  • PayPal: Payment services and solutions (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Provision of the online service and web hosting

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers whose servers (or servers managed by them) make our online services accessible. For these purposes, we may utilize infrastructure and platform services, computing capacity, storage space, and database services, as well as security and technical maintenance services.

The data processed in connection with the provision of the hosting service may include all information relating to users of our online service that is generated during use and communication. This typically includes the IP address, which is necessary to deliver the content of online services to browsers, and all entries made within our online service or on websites.

Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as other information regarding email transmission (e.g., the involved providers) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that emails are generally not sent in encrypted form over the Internet. As a rule, emails are encrypted during transmission, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We therefore cannot assume any responsibility for the transmission of emails between the sender and their receipt on our server.

Collection of access data and log files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, a notification of successful access, browser type and version, the user’s operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider.

The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (particularly in the case of malicious attacks, so-called DDoS attacks), and, on the other hand, to ensure server capacity and stability.

  • Types of data processed: Content data (e.g., entries in online forms), usage data (e.g., websites visited, content interests, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).

Registration, Login, and User Account

Users can create a user account. During registration, users are informed of the required mandatory information, which is processed for the purpose of providing the user account based on the fulfillment of contractual obligations. The data processed includes, in particular, login information (name, password, and email address). The data entered during registration is used for the purposes of using the user account and its intended function.

Users may be notified via email about matters relevant to their user account, such as technical changes. If users have terminated their user account, their data related to the user account will be deleted, subject to any legal retention requirements. It is the users’ responsibility to back up their data prior to the end of the contract in the event of termination. We are entitled to irrevocably delete all user data stored during the term of the contract.

When using our registration and login functions, as well as when using the user account, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. This data is generally not disclosed to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so.

  • Types of data processed: Master data (e.g., names, addresses), contact data (e.g., email addresses, phone numbers), content data (e.g., entries in online forms), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and customer service, security measures, administration, and responding to inquiries.

Contact

When you contact us (e.g., via the contact form, email, phone, or social media), we process the information provided by the person making the inquiry to the extent necessary to respond to the inquiry and to take any requested actions.

Responding to contact inquiries within the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre-)contractual inquiries, and otherwise based on our legitimate interests in responding to the inquiries.

  • Types of data processed: Master data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact requests and communication.

Newsletters and electronic notifications

We send newsletters, emails, and other electronic communications (hereinafter “newsletters”) only with the recipient’s consent or when permitted by law. If the content of a newsletter is specifically described during the sign-up process, that description is decisive for the user’s consent. In addition, our newsletters contain information about our services and our company.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name, for the purpose of addressing you personally in the newsletter, or additional information, provided that this is necessary for the purposes of the newsletter.

Double opt-in procedure: Subscription to our newsletter generally takes place via a so-called double opt-in procedure. This means that after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can subscribe using someone else’s email address. Newsletter subscriptions are logged to provide evidence of the subscription process in accordance with legal requirements. This includes storing the time of subscription and confirmation, as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the prior existence of consent is confirmed at the same time. In the event of obligations to permanently honor objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process is based on our legitimate interests for the purpose of verifying its proper execution. To the extent that we engage a service provider to send emails, this is based on our legitimate interests in an efficient and secure delivery system.

Notes on legal bases: The sending of newsletters is based on the recipients’ consent or, if consent is not required, on our legitimate interests in direct marketing, provided and to the extent that this is permitted by law, e.g., in the case of advertising to existing customers. To the extent that we commission a service provider to send emails, this is done based on our legitimate interests. The registration process is recorded on the basis of our legitimate interests to demonstrate that it was carried out in accordance with the law.

Content: Information about us, our services, promotions, and offers.

Analysis and performance measurement: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server—or, if we use a mailing service provider, from their server—when the newsletter is opened. As part of this retrieval, technical information—such as details about your browser and system—as well as your IP address and the time of retrieval are initially collected.

This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior, determined by their access locations (which can be identified using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be attributed to individual newsletter recipients. However, it is neither our intention nor, if used, that of the mailing service provider to monitor individual users. Rather, the analyses serve to help us identify our users’ reading habits and adapt our content to them or send different content according to our users’ interests.

The analysis of the newsletter and the measurement of its success are carried out, subject to the users’ express consent, on the basis of our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves both our business interests and meets users’ expectations.

Unfortunately, it is not possible to revoke consent for performance measurement separately; in this case, the entire newsletter subscription must be canceled or revoked.

  • Types of data processed: Master data (e.g., names, addresses), contact data (e.g., email addresses, phone numbers), metadata/communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, content interests, access times).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via email or mail).
  • Right to object (opt-out): You may unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter at the end of each newsletter, or you may use one of the contact options listed above, preferably email, for this purpose.

Marketing communications via email, mail, fax, or telephone

We process personal data for the purpose of sending promotional communications, which may be sent via various channels, such as email, telephone, mail, or fax, in accordance with legal requirements.

Recipients have the right to withdraw their consent at any time or to object to promotional communications at any time.

Following revocation or objection, we may store the data necessary to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the prior existence of consent is confirmed at the same time.

  • Types of data processed: Master data (e.g., names, addresses), contact information (e.g., email addresses, phone numbers).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via email or mail).

Social media presence

We maintain online presences on social media platforms and, in this context, process user data in order to communicate with users active on those platforms or to provide information about us.

Please note that this may involve the processing of user data outside the European Union. This may pose risks to users, as it could, for example, make it more difficult to enforce their rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on users’ behavior and the resulting interests. These usage profiles can in turn be used, for example, to display advertisements within and outside the networks that are presumed to correspond to users’ interests. For these purposes, cookies are typically stored on users’ computers, in which users’ usage behavior and interests are recorded. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (particularly if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the options for objection (opt-out), please refer to the privacy policies and information provided by the operators of the respective networks.

We also note that requests for information and the exercise of data subject rights are most effectively addressed directly with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.

Facebook: We are jointly responsible with Facebook Ireland Ltd. for the collection (but not the further processing) of data from visitors to our Facebook page (so-called “Fan Page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things you and others do and share” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights,” to page administrators so they can gain insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook (“Information on Page Insights,” https://www.facebook.com/legal/terms/page_controller_addendum), which specifically outlines the security measures Facebook must adhere to and in which Facebook has agreed to fulfill data subject rights (i.e., users can, for example, submit requests for information or deletion directly to Facebook). Users’ rights (in particular the rights to access, erasure, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Page Insights Information” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

  • Types of data processed: Master data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact requests and communication, tracking (e.g., interest-based/behavioral profiling, use of cookies), remarketing, audience measurement (e.g., access statistics, recognition of returning visitors).

 

Services used and service providers:

  • Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Opt-out option: Ad settings: https://www.facebook.com/settings?tab=ads.

Plugins, embedded functions, and content

We incorporate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, social media buttons, and posts (hereinafter collectively referred to as “content”).

This integration always requires that the third-party providers of this content process the user’s IP address, as they would be unable to send the content to the user’s browser without it. The IP address is therefore necessary for the display of this content or these functions. We strive to use only such content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags allow information, such as visitor traffic on the pages of this website, to be analyzed. The pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring websites, time of visit, and other details regarding the use of our online offering, as well as being linked to such information from other sources.

Notes on Legal Bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). In this context, we would also like to draw your attention to the information regarding the use of cookies in this privacy policy.

Facebook Plugins and Content: We are jointly responsible with Facebook Ireland Ltd. for the collection or receipt (but not the further processing) of “Event Data” that Facebook collects via the Facebook social plugins (and content embedding features) running on our website or receives as part of a transfer for the following purposes: a) Displaying content and advertising information that corresponds to users’ presumed interests; b) Delivering commercial and transaction-related messages (e.g., contacting users via Facebook Messenger); c) Improving ad delivery and personalizing features and content (e.g., improving the identification of which content or advertising information is presumed to correspond to users’ interests). We have entered into a special agreement with Facebook (“Addendum for Controllers,” https://www.facebook.com/legal/controller_addendum), which specifically regulates the security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill data subject rights (i.e., users can, for example, direct requests for information or deletion directly to Facebook). Note: When Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain information about individual users and are anonymous to us), this processing does not take place under joint responsibility but is based on a data processing agreement (“Data Processing Terms ,” https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and, with regard to processing in the U.S., on the basis of standard contractual clauses (“Facebook-EU Data Transfer Addendum,” https://www.facebook.com/legal/EU_data_transfer_addendum). Users’ rights (in particular the rights to access, erasure, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

Eingesetzte Dienste und Diensteanbieter:

Planning, Organization, and Tools

We use services, platforms, and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organizing, managing, planning, and delivering our services. When selecting third-party providers and their services, we comply with legal requirements.

In this context, personal data may be processed and stored on the third-party providers’ servers. This may involve various types of data that we process in accordance with this Privacy Policy. Such data may include, in particular, users’ master data and contact information, as well as data regarding transactions, contracts, other processes, and their contents.

If users are referred to third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, to optimize services, or for marketing purposes. We therefore ask that you review the privacy policies of the respective third-party providers.

Notes on Legal Bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of third-party providers has been agreed upon in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). In this context, we would also like to draw your attention to the information regarding the use of cookies in this privacy policy.

Types of data processed: Master data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
Data subjects: Communication partners, users (e.g., website visitors, users of online services).

 

Deletion of Data

The data we process is deleted in accordance with legal requirements as soon as the consent authorizing its processing is revoked or other legal grounds for processing no longer apply (e.g., if the purpose for which the data was processed no longer exists or the data is no longer necessary for that purpose).

If the data is not deleted because it is required for other legally permissible purposes, its processing is limited to those purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary to assert, exercise, or defend legal claims, or to protect the rights of another natural or legal person.

Further information regarding the deletion of personal data may also be provided in the individual privacy notices within this Privacy Policy.

Changes and Updates to the Privacy Policy

We ask that you review the content of our Privacy Policy on a regular basis. We will update the Privacy Policy as soon as changes to our data processing practices make it necessary to do so. We will notify you as soon as the changes require action on your part (e.g., consent) or any other individual notification.

If we provide addresses and contact information for companies and organizations in this Privacy Policy, please note that these addresses may change over time, and we ask that you verify the information before contacting them.

Rights of data subjects

As a person affected, you have various rights:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.

  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right of access: You have the right to request confirmation as to whether your personal data is being processed, as well as access to that data, further information, and a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request that data concerning you be completed or that inaccurate data concerning you be corrected.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased without delay or, alternatively, to request that the processing of such data be restricted in accordance with legal requirements.
  • Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, in accordance with legal requirements, or to request that it be transmitted to another controller.

Definitions of Terms

This section provides an overview of the terms used in this Privacy Policy.  The explanations below are intended primarily to aid understanding. The terms are listed in alphabetical order.

  • Interest-Based and Behavioral Marketing: Interest-based and/or behavioral marketing refers to the practice of predicting users’ potential interests in ads and other content as accurately as possible. This is done based on information about their past behavior (e.g., visiting and spending time on specific websites, purchasing behavior, or interactions with other users), which is stored in a so-called profile. Cookies are generally used for these purposes.
  • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiling: “Profilingrefers to any form of automated processing of personal data that involves using such data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include information regarding age, gender, location data and movement data, interaction with websites and their content, purchasing behavior, and social interactions with other people) or to predict them (e.g., interests in specific content or products, click behavior on a website, or location). Cookies and web beacons are frequently used for profiling purposes.
  • Audience measurement: Audience measurement (also known as web analytics) is used to analyze visitor traffic to an online platform and can include an analysis of visitors’ behavior or interests regarding specific information, such as website content. With the help of reach analysis, website owners can, for example, determine at what times visitors access their website and what content interests them. This allows them, for example, to better tailor the website’s content to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are frequently used to identify returning visitors and thus obtain more accurate analyses of the use of an online offering.
  • Remarketing: The terms “remarketing” or “retargeting” refer to the practice of tracking which products a user has viewed on a website—for example, for advertising purposes—in order to remind the user of those products on other websites, such as through advertisements.
  • Location data: Location data is generated when a mobile device (or another device capable of determining its location) connects to a cellular network, a Wi-Fi network, or similar technical means and location-determination functions. Location data is used to indicate the specific geographic location of the device on Earth. Location data can be used, for example, to display map features or other location-based information.
  • Tracking: The term “tracking” refers to the ability to track users’ behavior across multiple online services. Typically, information about behavior and interests related to the online services used is stored in cookies or on the servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to match their interests.
  • Controller: The term “controller” refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any interaction with data, including collection, analysis, storage, transmission, or deletion.