Data Protection

I. General Data Processing Information

Type of Personal Data being processed:
• General data (i.e. name, postal address)
• Contact data (i.e. e-mail address, telephone number)
• Content data (i.e. text entries, photographs, videos)
• Usage data (i.e. websites visited, subject matter interest, access times)
• Meta-/Communication data (i.e. computer information, IP address)

Categories of Data Subjects:
Visitors and Users of the online offerings (hereafter referred to as “User”).

Data Processing Purposes:
• Providing an online offering, its functions and content.
• Answering contact inquiries and managing communication with Users.
• Implementation and assurance regarding security measures.
• Measurement of marketing reach.
• Execution of donation processes.

Definitions:
“Personal Data” is used to describe all information about an identified or identifiable natural person (hereafter referred to as “Data Subject”). A natural person is considered identifiable if a direct or indirect link to an identity exists such as name, identification number, location, online identifier (i.e. cookie) or to one or more identifiable characteristics that demonstrate the physical, physiological, genetic, economic, cultural or social identity of this natural person.

“Data Processing” refers to any executed operation or set of operations that is performed with or without the assistance of automated procedures in relation with Personal Data. The term is far reaching and includes practically every use of data.

“Controller” refers to the natural or legal person, authority, public authority, or other body which, alone or jointly with other bodies, can determine the use and method of the Processing of Personal Data.

Legal Basis for Data Processing
In accordance with Art. 13 General Data Protection Regulation (hereinafter referred as “GDPR”), we hereby provide you with all relevant information about the legal basis concerning our Data Processing. As far as the legal basis is not specified in this privacy policy, the following applies: The legal basis for the lawful Data Processing of Personal Data is the consent of the Data Subjects pursuant to Art. 6 para. 1 sentence 1 lit. a and Art. 7 GDPR, the performance of the contract and pre-contractual data processing at the request of the data subject pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, compliance with legal obligations pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and in order to pursue our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. In order to protect the vital interests of the Data Subject or of another natural person, the legal basis is Art. 6 para. 1 sentence 1 lit. d GDPR.

Data Processor and Third Parties
We provide Personal Data to other parties and companies (Data Processors or third parties) in the course of Data Processing, if

• this is legally permissible and, pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the performance of contracts (e.g. if a transfer of Personal Data to third parties, such as payment service providers, is necessary for performance of the contract)
• you have expressly given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR
• there is a legal obligation for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR
• there is a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR (e.g. in the use of agents, web host service providers, etc.). In case we engage third parties in the processing of Personal Data on the basis of a so-called “Data Processing Agreement”, Art. 28 GDPR applies.

International Data Transfer in Third Countries
We only process data in third countries (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or disclose or transfer data to third parties on the basis of a contractual relationship, if it is required regarding our (pre-) contractual obligation, if you have given your consent for the international data transfer, if we are legally obliged or if it is necessary for the purposes of our legitimate interests. Subject to legal or contractual permissions, we process or store the Personal Data in a third country only if the requirements of Art. 44 et seq. GDPR are met. This means that the Data Processing is carried out, for example, on the basis of appropriate safeguards, such as the official standard contractual regulations adopted by the Commission regarding an appropriate level of the EU data protection (so-called “standard contractual clauses”).

Rights of the Data Subject
You have the right to request a confirmation as to whether or not certain data is or was processed and to receive information about this data including other information and copies of the data as stated in Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to obtain rectification of inaccurate Personal Data and to have incomplete Personal Data completed.
Pursuant to Art. 17 GDPR, you have the right to obtain from us the erasure of that Personal Data or alternatively you have the right to obtain from us restriction of Data Processing will be restricted in accordance with Art. 18 GDPR.
You have the right to receive the Personal Data that you provided to us and have the right to transmit or have transmitted this Personal Data to another Controller in accordance with Art. 20 GDPR.
Furthermore, you have the right to lodge a complaint with the responsible supervisory authorities in accordance with Art. 77 GDPR.
Based on Art. 7 para. 3 GDPR, you have the right to withdraw any given consent at any time.
Based on Art. 21 GDPR, you are entitled to object Data Processing at any time. This objection can also be based on Data Processing regarding Personal Data for direct marketing purposes.

Contact

For more information regarding the Data Processing and for the execution of your rights regarding Data Processing, please contact us at:

YOU Stiftung – Bildung für Kinder in Not
Grafenberger Allee 87
40237 Düsseldorf
Germany

E-mail: kontakt@you-stiftung.de

II. Controller

YOU Stiftung – Bildung für Kinder in Not
Grafenberger Allee 87
40237 Düsseldorf
Tel.: +49 (0)211 61 11 33
Fax: +49 (0)211 61 21 32
E-mail: kontakt@you-stiftung.de
www.you-stiftung.de

is Controller pursuant to GDPR and other national data protection legislations and responsible for this data privacy policy.

III. Scope of Data Processing of Personal Data

On the one hand, we process Personal Data of the User as far as this is required for the provision of website functionality, content and performance. On the other hand, we process Personal Data of the User to share information about our activities and to ask for donations.

We process general data (i.e. name, postal address, User contact details) and data required for the contractual relationship (i.e. contact person, payment information) in order to perform our legal obligation and in order to manage the donation process in accordance with Art. 6 para. 1 sentence 1 lit. b. GDPR.

We process general data (i.e. names and addresses and contact details of Users) in order to provide Users with information about our activities in one-off information packages or newsletters. This Data Processing is based on the express consent of the Users in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR. It is possible to unsubscribe from this information offer at any time, for example by using the link at the end of each newsletter. You may also request unsubscribing by e-mail, fax or by mail.

Scope of Data Processing of Personal Data
The Personal Data of the Data Subject are deleted or blocked as soon as the purpose for storing the data expires. At this point, Personal Data that is processed will be erased or the processing is restricted in accordance with Art. 17 and 18 GDPR. As long as it is not stipulated in this privacy policy in detail, the data stored by us is deleted as soon as the purpose has expired and assuming that the deletion does not violate any legal storage requirements. If the Personal Data is not deleted because of other or legally purposes, the Data Processing will be restricted. This means, the access to this Personal Data will be limited and the Personal Data will not be processed for other purposes. For example, this applies to Personal Data processed for business or tax purposes, where longer storage periods are legally required. According to § 147 German Fiscal Code, the legal storage period is ten years.

Hosting
We are using of the following hosting services: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services which we provide for purpose of operating this online offering.

In this case, we or the provider of the hosting services (in the role of a processor) process general data, contact data, content data, contract data, usage data, meta and communication data of Users on the basis of our legitimate interests in a more efficient and safer handling of this online offering according to Art. 6 para. 1 sentence 1 lit. f GDPR and Art. 28 GDPR. We have concluded the relevant data processing agreements with our processors.

Collection of Access Data and Logfiles

When accessing our website, the information on your browser used on your device is sent automatically  to the server of our website. We or our provider of the hosting services collect data about each server access on which this service is located (i.e. server logfiles) based on our legitimate interests under Art. 6 para. 1 sentence 1 lit. f. GDPR. The access data include the name of the accessed website, data, dates and times of retrievals, transferred data volume, notifications about successful retrieval, browser types and versions, user operating systems, referrer URLs (the previously visited website), IP addresses and the requesting provider. Due to security reasons (e.g. for investigation regarding fraudulent transactions) logfile information is stored for a maximum of 7 days and is erased thereafter. Data where further storage is required because of investigation purposes is not deleted until the relevant case has been clarified.

We process the above-mentioned data for the following purposes:
• Ensuring a continuous connection of the website.
• Ensuring a comfortable use of the website.
• Evaluation of system safety and stability.
• For further administrative purposes.

Cookies
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the User’s computer system.internetinternet. If a User accesses a website, a cookie can be placed on the operating system of the User. This cookie data contains a distinctive sequence of characters that allows the identification of the browser following a subsequent website access. Most of the integrated cookies used by us or by third parties on our website are so called “session cookies”. They will be automatically deleted at the end of your visit. Other cookies will remain placed on your device until you delete them. These cookies allow us to recognize your browser on your next website visit.
We use cookies to ensure that our website is more user-friendly. Some elements of our website require that the browser can still be identified after a change of the website.
The legal basis for the Data Processing of Personal Data by using cookies is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest regarding Data Processing is the functionality of our online offering .
The Personal Data obtained via technically necessary cookies are not used to create User profiles.
Cookies are stored on the User’s computer and transmitted to us. Therefore, the User also has full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the use of cookies. Cookies that are already stored in the internet browser can be deleted at any time. This may also be carried out automatically using appropriate settings. If cookies for our website are deactivated by your internet browser, it is possible that some functions regarding the website will be unavailable or not usable.
When setting up your browser you may choose to be informed when cookies are used. Cookies may be allowed on an individual basis or only in certain cases, cookies may generally be disallowed or automatically deleted upon the exit of your browser. If cookies are deactivated, the functionality of this website may be limited.

Contact
You can contact us via the e-mail address provided on our website. In this case, the e-mail contains certain Personal Data. The legal basis for the processing of data that is transmitted via e-mail is Art. 6 para. 1 sentence 1 lit. a GDPR, because you give your consent on a voluntary basis by contacting us. If the purpose of the e-mail contact is the conclusion of a contract or the making of a donation, the additional legal basis for Data Processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

The Personal Data stored for the purpose of your request is deleted as soon as the purpose for which it was processed no longer exists. A conversation is deemed terminated at the time it is obvious that the matter in question has been conclusively clarified.

If the User contacts us via e-mail, he is entitled to object to the storage of his Personal Data at any time. In such  case the conversation cannot be continued. All Personal Data stored in the course of the contact will be erased in this case.

Online Presence in Social Media

We maintain online presences within social networks and platforms in order to communicate with interested parties and Users to inform them about us and our projects. When accessing the respective networks and platforms, the terms and conditions and Data Processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process Personal Data of Users, such as name or User name and other Personal Data released or transmitted on the User profiles, insofar as they communicate with us within the social networks and platforms, e.g. comment or post on our online presences or send us messages.

Protection of Minors

Our website is not directed to minors and we do not knowingly collect Personal Data from minors. In case a User under the age of sixteen transmits Personal Data, then this is only permitted if the parent or legal guardian has consented or has agreed to the consent of the minor. According to Art. 8 para. 2 GDPR, the contact details of the parent or legal guardian have to be provided to us in this case in order to verifythe validity of the consent. This Personal Data, as well as the Personal Data of the minor, will be processed according to this privacy policy.

If we become aware that a minor under the age of sixteen has transmitted Personal Data without the consent of the legal guardian himself or herself or without the consent of the minor, we will delete the data immediately.

Data Security
We undertake a variety of security measures under Art. 32 GDPR (technical and organizational measures) to project your Personal Data.

Due to security reasons and to ensure safe transmission of confidential information such as requests you send us in our us as website operators, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line in your browser changes from “http://” to “https://” and from the appearance of the lock icon in your browser line.

If the SSL/TLS encryption is activated, the data you send us cannot be read by third parties. If you contact us via e-mail, we hereby point out that the confidentiality of the sent information cannot be guaranteed. The content of the e-mails may be viewed by third parties under certain circumstances. We recommend to send confidential information by postal mail.

Data Transmission upon Contract Conclusion or Donations

We only transfer Personal Data to third parties if this is necessary within the framework of the contract/donation processing, for example to credit institutions commissioned with the handling of payments. Any further transfer of data will not take place or only if you have expressly agreed to the transfer. However, YOU Stiftung uses various service providers who may be given access to the Personal Data (IT service providers/providers who you contact in the name of YOU Stiftung regarding donations). These service providers are processors for YOU Stiftung. They may only process the data on behalf and documented instructions of YOU Stiftung.

The legal basis for this Data Processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which allows Data Processing if it is necessary for the performance of a contract or for meeting pre-contractual requirements.

Data Collection via Donation Forms
The donation forms used in our online offering are provided by the service provider FundraisingBox. Details regarding FundraisingBox can be found below in Section IV titled “FundraisingBox”.

Encrypted Payment Transactions on this Website
If it is necessary to provide to us with your payment data (e.g. account number for direct debit authorisation) after the conclusion of a fee-based contract, this Personal Data is required for the processing of the payment.

The payment processes via the usual  payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock icon in your browser line.

In the case of encrypted communication, your payment data that you transfer to us is not available to third parties.

IV. Integration of Third Party Services and Content

In our online offering we integrate content or service offerings such as videos or fonts of third parties in order to use their content and services (hereafter referred to as “content”) based on our legitimate interests (i.e. interests in the analysis, optimization and economic operation of our online offering as defined in Art. 6 para. 1 sentence 1 lit. f. GDPR).

FundraisingBox
We use the application called FundraisingBox for our online donation forms. The supplier of FundraisingBox is Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, Germany. Using FundraisingBox, a charitable organization can process all the donation and contact data including the complete communication history in a concise, clear and safe manner. FundraisingBox manages payment transactions in a secure and certified environment. The Personal Data related to donation transactions (i.e. payment data and names) is always SSL encrypted and stored in European certified data centers. The payment data is sent via an encrypted connection directly to the payment service provider. Your Personal Data is not passed on to third parties. Every donation amount is transferred directly to the relevant donation bank account and is not routed via a FundraisingBox bank account.

You can find up-to-date information about the security procedure used at: https://www.fundraisingbox.com/it-sicherheit.

Further information about data protection at FundraisingBox can be found at: https://www.fundraisingbox.com/datenschutz/.

Contract Conclusion and Contract Data Processing
We have concluded a Data Processing Agreement with Wikando GmbH for using the services of FundraisingBox and we fully comply with the strict requirements of the German data protection authority.

In case you use the payment services PayPal, Sofortüberweisung and Klarna provided by FundraisingBox, please note that the respective providers’ data privacy policies apply and further information are listed below.

PayPal Payment Method
We have integrated components of PayPal on our website. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxemburg, Luxemburg. PayPal is an online payment service provider. Payments are made using so called PayPal accounts that represent virtual private or business accounts. Furthermore, PayPal also offers the possibility to process virtual payments by credit card if a User does not have a PayPal account. A PayPal account is managed via an e-mail address, therefore there is no classic bank account number. PayPal allows to initiate online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services.

If the Data Subject choses the payment option PayPal during the donation process on our website, Personal Data of the Data Subject is automatically transferred to PayPal, using especially integrated PayPal cookies.. By choosing this payment option, the Data Subject consents to the transfer of Personal Data required for the payment transaction.

The Personal Data that are transferred to PayPal usually include first and last name, postal address, e-mail address, IP address, telephone number, mobile phone number or any other Personal Data that are necessary for the payment process. Personal Data that are necessary for the processing of the donation are those related to the respective donation process. The transfer of the Personal Data has the purpose of  payment processing and fraud prevention. The Controller will transmit Personal Data to PayPal in particular if there is a legitimate interest in the transmission. Personal Data exchanged between PayPal and the Controller may be transferred by PayPal to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may share the Personal Data with affiliated companies and service providers or subcontractors to the extent necessary for the performance of the contractual obligations or where the data are to be processed under contract.

The Data Subject can withdraw his or her consent to PayPal’s Data Processing of Personal Data at any time. Withdrawal does not affect the Personal Data that mandatorily have to be processed, used or transferred for the (contractual) processing of payments.

PayPal’s applicable data protection regulations can be found at www.paypal.com/de/webapps/mpp/ua/privacy-full.

The transfer of your Personal Data to PayPal is based on Art. 6 para. 1 sentence 1 lit. b GDPR (processing for the performance of a contract).

Sofortüberweisung Payment Method

We have integrated the payment method Sofortüberweisung on our website. The provider of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany. Sofortüberweisung is a payment service that enables cashless payment for products and services on the Internet. Sofortüberweisung represents a technical procedure where the online merchant immediately receives a payment confirmation. This enables a merchant to deliver goods, services or enable downloads to the customer immediately after ordering.

If the Data Subject selects “Sofortüberweisung” as a payment option during the donation process, Personal Data of the Data Subject is automatically transferred to Sofortüberweisung. By selecting this payment option, the Data Subject consents to the transfer of Personal Data required for payment processing.

In the case of donation processing via Sofortüberweisung, the Data Subject transmits the PIN and the TAN to Sofort GmbH. Sofortüberweisung then carries out a transfer to YOU Stiftung after technical verification of the account balance and retrieval of further data to check the account coverage. The processing of the financial transaction is then automatically communicated to YOU Stiftung.

The Personal Data processed by Sofortüberweisung are first name, surname, address, e-mail address, IP address, telephone number, mobile phone number or other data necessary for the processing of the payment. The purpose of the data transfer is to process payments and prevent fraud. The Controller will transfer other Personal Data, if there is a legitimate interest in Data Processing. The Personal Data exchanged between Sofortüberweisung and the Controller may be transferred by Sofortüberweisung to credit reference agencies. The purpose of this transfer is to check identity and creditworthiness.

Sofortüberweisung may transfer the Personal Data to affiliated companies and service providers or subcontractors to the extent necessary for the performance of contractual obligations or where the data are to be processed on the basis of a Data Processing Agreement.

The Data Subject can withdraw his or her consent to the processing of Personal Data at any time to Sofortüberweisung. Withdrawal does not affect Personal Data that mandatorily have to be processed, used or transmitted for the (contractual) processing of payments.

The applicable privacy policy of Sofortüberweisung can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.

The transmission of your Personal Data to Sofort GmbH is based on Art. 6 para. 1 sentence 1 lit. b DSGVO (processing for the fulfilment of a contract).

Klarna Payment Method

We have integrated of the payment method Klarna in our website. The service provider of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden. Klarna is an online payment service provider that allows to pay or donate via invoice or using a flexible installment payment plan. Klarna offers other services including buyer protection, identity checks and creditworthiness checks.

Klarna offers several payment options including installment payment plans. If you choose Klarna as your payment method (Klarna-Checkout-Solution) then Personal Data will be transferred to Klarna. Details can be found at Klarna’s privacy policy: https://www.klarna.com/de/datenschutz/.

Klarna uses cookies to optimize the Klarna-Checkout-Solution. The optimization of the Checkout-Solution is a legitimate interest in accordance with Art. 6 Abs. 1 S. 1 lit. f GDPR. Cookies consist of small amounts of text data that are stored on your browser and do not have negative impact on your device. Cookies will be stored on your device until you delete them. Details about how Klarna uses cookies can be found using the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf

The Personal Data processed by Klarna usually includes first and last name, birth date, gender, postal address, email address, IP address, telephone number, mobile phone number and any other data that is required to carry out the payment transactions via invoice or installment plans. In order to perform the contract/donation, other Personal Data related may be necessary.In particular bank details, credit card numbers, expiration dates, CVC codes, article amounts, article numbers, product and service data, prices, tax duties, information about purchasing history or information about the Data Subject’s financial position may be requested.

The transfer of Personal Data is used to complete an identity check, to process the payment transaction and to prevent fraud. The Controller of the Data Processing of Personal Data will send to Klarna Personal Data in case a legitimate interest for the Data Processing exists. The data that is transferred between the Controller and Klarna will be shared with credit agencies. The purpose of this transfer is to check identity and creditworthiness.

Klarna transfers Personal Data to affiliated companies (Klarna Group) and service providers or subcontractors in case this data is necessary to perform contractual obligations or the data is processed as part of the contract.

Klarna collects and uses Personal Data and information about the previous payment behavior of Data Subject as well as probability values of future payment behavior (“scoring”) in order to decide about the conclusion, execution and termination of a contractual relationship.. The calculation of the scoring is based on an economically recognized mathematical and statical model.

TheData Subject has the right to withdraw the consent to the use of Personal Data by Klarna at any time. This withdrawal of consent does not apply to Personal Data that is required for processing, using or transferring of data within the payment transaction.

The applicable data protection regulations and privacy policy of Klarna can be found at: cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.

The transfer of your Personal Data to Klarna is based on Art. 6 para. 1 sentence 1 lit. b GDPR (Data Processing necessary for the performance a contract).

Youtube
We use videos from the YouTube platform of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on our website.

The embedding of videos takes place using the extended data protection modus so that initially no User data is processed. Only once the video is started and played PersonalData (i.e. device identification, IP address) is sent to Google. As this data transfer is carried out directly, we are not informed about the data transferred or its Data Processing. According to Art. 4 no. 7 GDPR, the Controller for this data is solely the related provider of the video platform. Further information is available at https://www.google.de/intl/de/policies/privacy/.

With the starting of a video, you give your consent to the transfer of your Personal Data to Google Inc. as the provider of the video platform. An opt-out function is offered at https://adssettings.google.com/authenticated.

Google Web Fonts

We use font types (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Our website uses so called web fonts that are provided by Google. When our website is accessed, your browser loads the necessary web fonts from your browser cache to enable the correct display of texts and fonts.

In this case your browser has to connect to the Google server. Google requires your IP address to load our website. The use of Google web fonts is necessary for the complete and correct display of our online offering. This is a legitimate interest as defined in Art. 6 para. 1 sentence 1 lit. f GDPR.

If your browser does not support web fonts, a font type supported by your computer will be used.

More information about Google web fonts is available under: https://developers.google.com/fonts/faq and the privacy policy of Google can be found at: https://www.google.com/policies/privacy/.

The Google Opt-Out function is available at: https://adssettings.google.com/authenticated.

Further information about Personal Data used by Google, settings and consent withdrawal options is available on the Google website: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using website or apps of our partners”), http://www.google.com/policies/technologies/ads (“Data use for marketing purposes”), and http://www.google.de/settings/ads (“Information administration that Google uses to show your ads”).

Google-Re/Marketing-Services/Google Adwords Conversion Tracking

Based on our legitimate interests (i.e. interests in the analyzation, optimization, and economic operation of our online offering as defined under Art. 6 para. 1 sentence 1 lit. f) GDPR), we use marketing and remarketing services of Google (“Google marketing services”).

Google marketing services enable to present advertisements on our website that are focused on displaying only information that is potentially of interest to our Users. Remarketing means that a User will be shown ads for products that the User showed interest in on other websites. This means that in case a User visits our website or other websites that use Google marketing services, a Google based code will be activated and so called Google remarketing tags (unseen graphics or code also known as “web beacons”) will be tied into the websites. With this, an individual cookie (or similar technologies) will be stored on the User’s device.

The cookies can be set by different domains including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. The cookie will register which websites the User accesses and what content the User is interested in as well as what offers the User has clicked on, technical information about the User’s browser and processing system, referred websites, visit times and other data related to the use of the online offering. The User’s IP address will also be stored.

The User’s IP address will not be used for other Google offerings. The aforementioned information can also be combined by Google with information from other sources. If a User visits another website, content of interest can be shown to the User .

User data is utilized by Google marketing services using a pseudonym. Therefore, Google does not store or utilize User names or email addresses but uses the relevant cookie data as part of anonymous User profiles. This means that as far as Google is concerned, ads are not used or shown for a Data Subject but for a cookie owner, regardless of who thecookie owner is. This does not apply if a User has allowed Google to utilize data without a pseudonym. The information collected by Google marketing services are shared with Google and stored on the Google servers in the US.

Among the Google marketing services that we use there is also the online marketing tool called “Google AdWords.” As part of Google Adwords we use so called “conversion tracking.” Google Adwords installs a cookie (more information about cookies can be found in the Cookie section of this document) on your computer if you accessed our website using a Google advert. These cookies are active for 30 days and are not used for personal identification. If a User visits certain pages on the websites of Adwords customers and the cookie has not yet expired, then Google and the customer can see that the User has clicked on the advert and was redirected to this page.

To every Adwords customer is assigned a different cookie. Therefore, cookies cannot be tracked via Adwords customer websites. Using information obtained by conversion-cookies, conversion statistics can be created for Adwords customers that use the conversion-tracking tool. Adwords customers are provided with the total User number that clicked on their advert and who were transferred to a conversion tracking tag using website. However, Adwords customers do not receive any information that make it possible to identify the Users.

The storage of conversion cookies is allowed based on Art. 6 para. 1 sentence 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of User behavior to optimize the web offering and related advertising.
If you do not wish to participate in the tracking process, you can deactivate the relevant cookies using the browser settings so that the automatic use of cookies is blocked.

Cookies for conversion tracking can be deactivated by setting your browser so that cookies from the domain www.googleadservices.com are blocked.

Google’s data privacy information concerning conversion tracking is available at https://services.google.com/sitestats/de.html. More information about Google AdWords and Google conversion tracking is available in the privacy policy at: https://www.google.de/policies/privacy/.

Facebook Social Plugins Usage

Based on our legitimate interests (i.e. interests in the analyzation, optimization, and economic operation of our online offering as defined under Art. 6 para. 1 sentence 1 lit. GDPR), we use social plugins (“plugins”) of the network facebook.com which belongs to Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These plugins can be interactive elements or content (i.e. videos, graphics, or texts) and are recognizable by the Facebook logo (a white F on a blue tile, the term “like,” or a “thumbs up” symbol) or by the addition of the label “Facebook social plugin.” For a list and visual on the Facebook social plugins please use: https://developers.facebook.com/docs/plugins/.

In case a User activates a function of this online offering that uses such a plug in, the User’s device establishes a direct connection to the Facebook servers. The content of the plugins will be sent directly by Facebook to the device of the User and will be integrated into the online offering. By doing this, the processed Personal Data can be used to set up a User profile. Therefore, we cannot control the Personal Data that Facebook processes and informs Users about the usage these plugins according to our knowledge.

By using the plugins, Facebook receives the information that a User of our website accessed. If the User is logged into Facebook, then Facebook can connect the visit of the website with  Facebook accounts. If Users interact with the plugins, by for example pressing the “Like” button or by leaving a comment, then this information is sent directly by the User’s device to Facebook and will be saved. If the User is not a member of Facebook, it is still possible for Facebook to identify and store the User’s IP address. According to Facebook, it only maintains an anonymous IP address list in Germany.

The use and extent of data collection as well as the Data Processing and use of the Personal Data by Facebook and the related rights and setting possibilities to protect the User’s privacy can be found at: https://www.facebook.com/about/privacy/.

If a User is a member of Facebook and does not wish Facebook to collect Personal Data via this online offering and connect this Personal Data with the User’s saved membership data, then the User has to log out of our online offering at Facebook and delete the related cookies. Further settings and consent withdrawal concerning the use of data for marketing purposes are available under : https://www.facebook.com/settings?tab=ads or at the American webpage: http://www.aboutads.info/choices/ or the UE webpage: http://www.youronlinechoices.com/. The settings are independent of the platform used so they will be used by all devices including desk computers and mobile devices.

Twitter

As part of our online offering, we may integrate functions and content from Twitter offered via Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. In Twitter there are included pictures, videos or texts, and buttons which Users can use to like relevant content. Users can also subscribe to content creators or our offerings. If Users are members of the Twitter platform, then Twitter can allocate the above-mentioned content and functions to User profiles.

Twitter Privacy policy: https://twitter.com/de/privacy.

Twitter Opt-Out: https://twitter.com/personalization.

Instagram
As part of our online offering we may integrate functions and content from Instagram offered via Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Included in Instagram there are pictures, videos or texts and buttons which Users can use to like relevant content. Users can also subscribe to content creators or our offerings. If Users are members of the Instagram platform, then Instagram can allocate the above-mentioned content and functions to User profiles.

The privacy policy of Instagram is available at: http://instagram.com/about/legal/privacy/.

V. Privacy Policy Changes

We retain the right to update or change our privacy policy if new technology requires it. If fundamental changes are made to this privacy policy, we will disclose this on our website.