In this following data protection statement, we will offer you clarification concerning the nature, scope and purpose of the processing of personal data (hereinafter referred to as "Data") within our online offer and the associated websites, functions and contents, as well as external online presences, such as our social media profile. (hereinafter jointly referred to as the "Online Offer"). With regard to the terminology used, such as "processing" or "responsible body", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
BootHUB Potsdam GmbH & Co. KG
Dr. Ingo Holz, Thorsten Krauß, Ingo Weiss
Types of data processed:
- Inventory data (e.g., names, addresses)
- Contact information (e.g., e-mail, phone numbers)
- Content data (e.g., text entries, photographs, videos)
- Usage data (for example, visited websites, interest in content, access times)
- Meta/communication data (for example, device information, IP addresses)
Categories of affected persons
Visitors and users of the Online Offer (we hereinafter collectively refer to the affected persons as "Users").
Purpose of the processing
- Provision of the Online Offer, its features and contents
- Responding to requests for contact and communication with users
- Security measures
- Range measurement/Marketing
“Personal Data" is all information relating to an identified or identifiable natural person (hereinafter referred to as the “Affected Person"); a natural person is considered to be identifiable, where such can be identified, directly or indirectly, in particular by means of the assignment to an identifier such as a name, an identification number, location data, or to an online ID (e.g. Cookie) or to one or more specific characteristics, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
"Processing" means any process carried out with or without the help of automated procedures or any such operation sequence in connection with personal data. The term is wide-ranging in scope and covers virtually every instance of the handling of data.
The "Responsible Body” is taken to mean the natural or legal person, public authority, agency or other body, which/who solely or jointly with others makes decisions on the purposes and means of the processing of personal data.
The relevant statutory bases
In accordance with the provisions of Art. 13 GDPR, we will provide you with information pertaining to the legal bases of our data processing. Insofar as the legal basis is not named in the data protection declaration, the following shall apply: The legal basis for the obtaining of declarations of consent is Art. 6 (1) a) and Art. 7 GDPR, the legal basis for the processing for the fulfilment of our services, the implementation of contractual measures and for responding to enquiries is Art. 6 (1) b) GDPR, the legal basis for the processing for fulfilling our legal obligations is Art. 6 (1) c) GDPR and the legal basis for the processing to protect our legitimate interests is Art. 6 (1) f) GDPR. In the event that vital interests of the Affected Person or those of any other natural person render the processing of personal data necessary, Art. 6 (1) d) GDPR shall serve as the legal basis.
Co-operation with order processors and third parties
Insofar as we reveal data vis-a-vis any other person or company (order processors or third parties) within the context of the processing, transmit this to such or otherwise grant them access to the data, this will only be undertaken on the basis of a legal permission (for example, if a transmission of data to third parties, such as to payment service providers is required for the fulfilment of the contract in accordance with Art. 6 (1) b) GDPR), if you have given your consent, if a legal obligation provides for this or if such is based on our legitimate interests (e.g. on the use of agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is will be carried out on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e., outside of the European Union (EU) or the European Economic Area (EEA)) or if this takes place within the framework of the use of the services of a third party or disclosure or transfer of data to such third parties, this will only take place in order to fulfil our (pre-)contractual obligations, on the basis of your consent or based on a legal obligation or our legitimate interests. Statutory or contractual permissions reserved, we will only have the data processed in a third country to the extent that the special requirements of Art. 44 ff GDPR are present. In other words, the processing will be carried out, for example, on the basis of special guarantees, such as the officially recognised determination of an EU-compliant level of data protection (for example, for the United States, by means of the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called “Standard Contractual Clauses").
The rights of the affected persons
You have the right to demand confirmation as to whether pertinent data is being processed and to request information about this data, and additional information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art.16 GDPR, you have the right to demand the completion of the data affecting you or the correction of inaccurate data affecting you.
In accordance with the provisions of Art. 17 GDPR, you have the right to demand that data affecting you be deleted immediately, or, alternatively, in accordance with the provisions of the Art. 18 GDPR, that the processing of the data be restricted.
In accordance with the provisions of the Art. 20 GDPR, you have the right to obtain the data affecting you, with which you have provided us, and to demand the transfer of such to another responsible body.
In accordance with Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.
Right of Revocation
In accordance with Art. 7 (3) GDPR, you have the right to revoke any issued declarations of consent with effect for the future.
Right of Objection
In accordance with Art. 21 GDPR, you can object to the future processing of the data at any time. The objection may, in particular, be raised with regard to the processing for purposes of direct marketing.
Cookies and right of objection to direct marketing
“Cookies" are small files that are stored on computers of the Users. Within the cookies, various items of information can be stored. A cookie's main purpose is to store information pertaining to a User (or the device on which the cookie is stored) during or even after his/her visit within an Online Offer. Temporary cookies, or "session cookies" or "transient cookies” are taken to mean cookies, which are deleted once a User leaves the Online Offer and closes his/her browser. Such a cookie might store, for example, the contents of a shopping basket in an online shop or a login status. “Permanent” or "persistent" cookies are cookies, which remain stored after the browser has been closed. This allows, for example, a login status to be stored when a User revisits the Online Offer after several days. The interests of Users can also be stored in such a cookie, which are then used for range measurement or marketing purposes. Cookies provided by suppliers other than the Responsible Body operating the Online Offer are provided as “third party cookies” (otherwise, if it is only their cookies these are referred to as "First Party Cookies").
We can deploy temporary and permanent cookies and explain this within the context of our data protection statement.
If Users would prefer cookies not to be stored on their computer, they are asked to disable the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional limitations of this Online Offer.
Deletion of data
In accordance with the Art. 17 and 18 GDPR, the data processed by us will be deleted or the processing of such will be restricted. Unless expressly stated in this data protection statement, the data by us will be deleted as soon as it is no longer required for its intended purpose and the deletion is not opposed by any statutory retention obligations. If the data is not deleted because it is required for other, and legally permissible, purposes, the processing of such will be limited. In other words, the data will be locked and it will not be possible to process it for other purposes. This applies, for example, for data that has to be retained for reasons of commercial or tax law.
In accordance with statutory requirements in Germany, this is retained in particular for 6 years as per § 257 (1) BGB (German Civil Code) (trading books, inventories, opening balances, annual financial statements, business letters, receipts, etc.), and for 10 years as per § 147 (1) AO (Tax Code) (books, records, situation reports, receipts, trade and business letters, tax-related documents, etc.).
In accordance with the statutory requirements in Austria, this is retained in particular for 7 years as per § 132 (1) BAO (Federal Tax Code) (accounting records, receipts/invoices, accounts, business papers, statement of income and expenditure, etc.), for 22 years in connection with land and for 10 years in the case of documents relating to electronically delivered services, telecommunications, radio and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is made use of.
In addition, we process
- Contractual data (e.g., the subject of the contract, the term, customer category).
- Payment information (e.g., bank details, payment history)
pertaining to our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
The hosting services we make use of serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space, and database services, security services and technical maintenance services, which we deploy for the purposes of the operation of this Online Offer.
In this, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data and meta and communication data from customers, prospective customers and visitors to this Online Offer on the basis of our legitimate interests in the efficient and secure provision of this Online Offer in accordance with Art. 6 (1) f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract)
Collection of access data and log files
On the basis of our legitimate interests within the meaning of Art. 6 (1) f) GDPR, we, or our hosting provider, collect information pertaining to each access to the server on which this service is found (so-called server log files). Access data includes the name of the retrieved web page and file, the date and time of the retrieval, the amount of data transferred, notification of successful retrieval, web browser with version, the User’s operating system, the referrer URL (the previously visited page), IP address, and the requesting provider.
For security reasons (e.g. for the elucidation of misuse or fraud), log file information is stored for a maximum period of 7 days and then deleted. Data, whose further retention is required for evidential purposes, is excluded from deletion up to the final clarification of the respective incident.
Provision of contractual services
We process inventory data (e.g., users’ names, addresses and contact information), contractual data (for example, services made use of, names of contact persons, payment information) in order to fulfil our contractual obligations and services in accordance with Art. 6 (1) b) GDPR. The fields marked as mandatory on online forms are required for the conclusion of the contract.
In the context of the use of our online services, we store the IP address and the time of access of the respective User action. The storage is carried out on the basis of our legitimate interests, and of the User, in protecting ourselves against misuse and other unauthorised use. This data is fundamentally not passed to third parties, unless such is necessary to pursue our claims or a legal obligation exists to this end in accordance with Art. 6 (1)c) GDPR.
We process usage data (e.g., the web pages visited on our (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to show the User product information based on the services s/he has previously made use of.
The data will be deleted after the expiration of statutory safeguarding and similar obligations and the necessity of the retention of the data will be reviewed every three years; in the case of the statutory archiving obligations, the data will be deleted following the expiry of such. Information in any customer account will remain in place until its deletion.
When contacting us (e.g., via the contact form, e-mail, telephone or social media), the User’s information is processed in order to deal with the contact request and the processing thereof in accordance with Art. 6 (1) b) GDPR. The information provided by the user may be stored in a Customer Relationship Management System ("CRM System") or similar enquiry system.
We will delete the enquiries if they are no longer required. We check the necessity of this every two years; in addition, the statutory archiving obligations apply.
Google is certified as per the Privacy Shield agreement and thereby guarantee compliance with European data protection legislation (https://www.privacyshield.gov/participant? id=a2zt000000001L5AAI&status=Active).
Google will use this information in our order with a view to assessing the use of our Online Offer by the Users, to compile reports on the activities within this Online Offer and to provide us with further services related to the use of this Online Offer and the Internet. In this, pseudonymous user profiles of the Users can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the User’s IP address is abbreviated by Google within the member states of the European Union or in other contracting states to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and be abbreviated there.
The IP address transmitted by the User’s browser is not associated with any other data held by Google. Users may prevent the storage of cookies by means of making a corresponding setting in their browser software; Users can also prevent the recording of the information generated by the cookie and pertaining to their use of the Online Offer at Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.
For more information on the use of data by Google, settings and means of objection can be found on the following Google websites: www.google.com/intl/de/policies/privacy/partners ("data used by Google when you use of our partners' websites or apps), www.google.com/policies/technologies/ads ("data use for advertising purposes"), www.google.de/settings/ads ("managing information that Google uses to show you advertising").
Google Re/Marketing Services
On the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our Online Offer within the meaning of Art. 6 (1) f) GDPR, we make use the marketing and remarketing services (in short, “Google Marketing Services) provided by Google Marketing Services LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, Inc. ("Google").
Google is certified as per the Privacy Shield agreement and thereby guarantee compliance with European data protection legislation (https://www.privacyshield.gov/participant? id=a2zt000000001L5AAI&status=Active).
The Google Marketing Services allow us to display targeted advertisements for and on our website, in order to only present Users with advertisements which are potentially in line with their interests. Where, for example, a User is shown advertisements for products in which s/he has shown an interest on other websites, this is called "Remarketing". For these purposes, upon retrieval of our and other websites on which Google Marketing Services are active, a code from Google is directly executed by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are incorporated into the website. With their help, an individual cookie, i.e. a small file is stored on the User's device (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com In this file, it will be noted which websites
the User has visited, what content s/he is interested in and what offers s/he has clicked on, further technical information about the browser and operating system used, referring websites, visit time and further information pertaining to the use of the Online Offer. The User's IP address is also recorded, whereby in the context of Google Analytics, we wish to inform you that the IP address is abbreviated within member states of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases will it be sent to a Google server in the USA and abbreviated there. Google will not associate the IP address with the User's data within other services. On the part of Google, the aforementioned information may also be connected with such information from other sources. If the User subsequently visits other websites, s/he may be shown advertisements in accordance with his/her interests.
The User's data will be pseudonymously processed within the context of Google Marketing Services. This means, for example, that Google does not store and process the User's name or e-mail address, but rather cookie-related data within pseudonymous user profiles. That is, from the point of view of Google, the advertisements are not managed and displayed for a specifically identified person, but for cookie owners, regardless of who this cookie owner is. This does not apply if a User has expressly allowed Google to process data without this pseudonymisation. The information collected by Google Marketing Services pertaining to the User is transmitted to Google and stored on Google's servers in the USA.
The Google Marketing Services used by us include, among other things, the "Google AdWords” online advertising program. In the case of Google AdWords, each Adwords customer receives a different "conversion cookie". Cookies can therefore not be tracked by AdWords customers via the websites. The information collected with the help of the cookie serves the creation of conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers are made aware of the total number of users who have clicked on their advertisement and have been forwarded to a website equipped with a conversion tracking tag. They do not, however, receive any information which would render the user personally identifiable.
We are also able to use "Google Tag Manager" in order manage the Google analysis and marketing services and to incorporate such into our website.
Facebook-Pixel, Custom Audiences and Facebook Conversion
On the basis of our legitimate interests in the analysis, optimisation and economic operation of our Online Offer, within our Online Offer and for these purposes, the so-called "Facebook Pixel" provided by the Facebook social network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") is deployed.
Facebook is certified as per the Privacy Shield and it thereby guarantees compliance with European.privacyshield.gov/participant? id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook Pixel, it is possible on the one hand for Facebook to determine the visitors to our Online Offer as a target group for the presentation of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook Pixel to only display only the Facebook-Ads connected by us to those Facebook users who have also shown an interest in our Online Offer or evidence the specific characteristics (e.g., interests in certain topics or products, determined on the basis of the visited web pages), which we send to Facebook (so-called "Custom audiences"). With the help of the Facebook Pixel, we also seek to ensure that our Facebook Ads are in accordance with the potential interest of Users and that they do not have a harassing effect. With the help of the Facebook Pixel, we are also able to gain an understanding of the effectiveness of the Facebook Ads for statistical and market research purposes, whereby we can see whether Users were directed to our website after clicking on a Facebook Ad (so-called "conversion").
The processing of the data by Facebook is carried out within the framework of Facebook's data usage policy. Accordingly, general notes on the presentation of Facebook Ads can be found in Facebook's data usage policy : www.facebook.com/policy.php. Specific information and details on Facebook Pixel and its functionality can be found in Facebook's Help section: www.facebook.com/business/help/651294705016616.
You can object to the recording by the Facebook Pixel and the use of your data for the displaying of Facebook Ads. In order to specify which types of advertisements can be shown to you within Facebook, you can access the website set up by Facebook and follow the information there pertaining to the settings for usage-based advertising: www.facebook.com/settings. The settings are made platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Online presences in social media
We maintain online presences within social networks and platforms with a view to communicating with the customers, prospective customers and Users who are active there and to be able to inform them about our services. Upon retrieval of the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators are applicable.
Unless otherwise specified in our data protection statement, we will process Users data if they communicate with us within the social networks and platforms, e.g. by creating posts on our online presences or sending us messages.
Integration of services and content of third parties
On the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our Online Offer within the meaning of Art. 6 (1) f) GDPR), within our Online Offer we make use of content or service offerings from third-party providers in order to integrate their contents and services, such as videos or fonts (hereinafter uniformly referred to as "Content(s)").
This always assumes that the third-party provider of this Content is aware of the User's IP address as without the IP address, they would be unable to send the Content to the browser. The IP address is thus required for the presentation of such content. We strive to only use such content, where the respective provider only uses the IP address for the delivery of the content. Third-party developers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical and marketing purposes. By means of the "pixel tags", information, such as visitor traffic on the pages of this website is evaluated. The pseudonymous information may also be stored in cookies on the User's device and may contain, among other things, technical information concerning the browser and operating system used, referring websites, visit time and further information concerning the use of our Online Offer, and may also be connected with such information from other sources.
We integrate the maps from "Google Maps" provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data Protection Statement: www.google.com/policies/privacy/, Opt- Out: adssettings.google.com/authenticated.
We integrate the fonts ("Google Fonts”) provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data Protection Statement: www.google.com/policies/privacy/, Opt-Out: adssettings.google.com/authenticated.
We integrate the function to detect bots, e.g. in the case of entries in online forms ("ReCaptcha") provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data Protection Statement: www.google.com/policies/privacy/, Opt-Out: adssettings.google.com/authenticated.
Use of Facebook Social Plugins
On the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our Online Offer within the meaning of Art. 6 (1) f) GDPR), we make use of social plugins ("Plugins") provided by the facebook.com social network, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The Plug-ins are able to present interaction elements or Content (e.g., videos, graphics or text posts) and are identifiable by a Facebook logo (white "f" on a blue tile, the terms "Like” ("Gefällt mir") or a "thumbs-up" sign) or are identified by means of the addition "Facebook Social Plugin". The list and the appearance of the Facebook Social Plugins can be viewed here: developers.facebook.com/docs/plugins/.
Facebook is certified as per the Privacy Shield and thereby guarantees compliance with European.privacyshield.gov/participant? id=a2zt0000000GnywAAC&status=Active).
When a User retrieves a page from this Online Offer, which contains such a Plugin, their browser establishes a direct connection with the Facebook servers. The content of the Plugin is transmitted by Facebook directly to the User's browser and is incorporated into the Online Offer by the same. In this way, the processed data can be used to create usage profiles for the Users. We therefore have no influence on the scope of data collected by Facebook with the help of this Plugin and we inform Users according to our state of knowledge.
Through the integration of the Plugin, Facebook receives information to the effect that a User has accessed the corresponding page of the Online Offer. If the User is logged into Facebook, Facebook can assign the visit his Facebook account. If Users interact with the Plugins, for example by clicking the "Like" button or sharing a comment, the corresponding information is transmitted directly to Facebook, where it is then stored. If a User is not a member of Facebook, it is still possible that Facebook will become aware of his/her IP address and store it According to Facebook, only anonymised IP addresses are stored in Germany.
If a User is a Facebook member yet does not want Facebook to collect data concerning him/her via this Online Offer data and then linking such with his/her member data, s/he must log out of Facebook before using our Online Offer and delete its cookies. Other settings for, and objections to, the use of data for advertising purposes are possible within the Facebook profile settings: www.facebook.com/settings; or via the U.S. website www.aboutads.info/choices/ Or the EU website www.youronlinechoices.com. The settings are made platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
THINK ABOUT CONTACT
Would you like any additional information or would you be interested in taking a visit to the THINK CAMPUS or the science location of Potsdam?
Then we look forward to hearing from you.