§ 1 Information on the Collection of Personal Data
(1) In the following, we will inform you on the collection and processing of personal data when using our websites, and the rights granted to you according to the EU General Data Protection Regulation, hereinafter referred to as GDPR.
(2) The term "personal data" defines all data that may be personally related to/identified with you, e.g. your name, address, e-mail-addresses, user behaviour.
(3) The responsible authority pursuant to EU General Data Protection Regulation, Article 4, Section 7, is esmo AG, Managing Director/CEO Mr. Andreas Widhammer, Brueckenstrasse 1, 83022 Rosenheim, Germany, firstname.lastname@example.org.
(4) You may contact the data protection officer at email@example.com or our postal address – esmo AG, Brueckenstrasse 1, 83022 Rosenheim, Germany – by adding the annotation "Attention of Data Protection Officer".
§ 2 Your Rights
You shall be granted the following statutory rights against us with regards to personal data related to you:
- right of access (to information on data processed by us) (pursuant to GDPR Article 15)
- right to rectification (i.e. the correction of incorrect data) (pursuant to GDPR Article 16)
- right to erasure (demand that in certain cases your data will be deleted immediately) (pursuant to GDPR Article 17)
- right to restriction of processing (demand that your data will not be processed in the future or only processed to a limited extent) (pursuant to GDPR Article 18)
- right to withdraw/revoke, with future effect, a consent once given
- right to lodge a complaint with a supervisory authority – responsible for Bavaria:
Bayerisches Landesamt für Datenschutzaufsicht
(= Bavarian State Supervisory Authority for Data Protection)
§ 3 Collection of Personal Data for Inquiries
In case you contact us by e-mail or via one of our contact forms, data processing will take place on the basis of your consent. You may revoke this consent at any time.
Any data transmitted by you (your e-mail address, your name, if applicable, and your telephone number) will be stored by us in order to answer your questions. We will delete all personal data arising within this framework after data storage is no longer required, or restrict the processing of such data in case of prevalent legal retention policies.
§ 4 Collection of Personal Data when Visiting our Websites
(1) When you visit/use our websites, we will only collect the personal data that your browser transmits to our server. We will process the following data, which is technically required in order to display our websites, and to ensure their stability and security (pursuant to GDPR Article 6(1), Subsection f):
- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- contents of the requirement (specific/particular page)
- access status/HTTP status code
- respective amounts of transmitted data
- referrer URL
- operating system and operating system interface
- browser software language and version
(2) In addition to the aforementioned data, cookies will be stored on your computer when using our websites. Cookies are small text files, which are stored on your hard drive, allocated to the browser you use, providing certain information to the entity setting the cookie (in present case, us). Cookies can neither run programs nor transmit viruses to your computer. They serve the mere purpose of making internet offers more user-friendly and effective in general.
a) Our websites use the following types of cookies, the scope and operation of which will be explained in the following:
– transient cookies, please refer to b)
– persistent cookies, please refer to c)
b) Transient cookies are automatically deleted when you close the browser. This, in particular, includes session cookies. Session cookies store a so-called session ID, by means of which various requests from your browser may be assigned to the shared session. This will allow your computer to be recognized once you return to our websites. Session cookies will be deleted as soon as you log out or close the browser.
c) Persistent cookies will be automatically deleted after a specified period of time, which may differ, depending on the particular cookie. However, you may delete the cookies in the security settings of your browser at any time.
d) You may configure your browser settings as you wish, and – for instance – refuse to accept third-party cookies or any cookies at all. Please consider though that this measure may prevent you from using all features of our websites.
e) Any Flash cookies used will not be detected by your browser but by your Flash plug-in. We furthermore use HTML5 Storage Objects, which will be stored on your device. These objects store the required data, regardless of the browser you use, and do not have any pre-specified, automatic expiration date. Unless you wish to process Flash cookies, you will have to install a corresponding add-on. You may prevent the use of HTML5 Storage Objects by using private mode in your browser setting. Moreover, we recommend that you manually delete your cookies as well as you browser history on a regular basis.
§ 5 Use of Google Analytics
(1) Our websites use Google Analytics, a web analysis service provided by Google, Inc. ("Google"). Google Analytics uses so-called "cookies": cookies are text files stored on your computer which allow an analysis of your use of the respective websites. In general, the information generated by the cookie, will be transmitted to a Google server, located in the United States of America, and stored there. In case you opt to activate the IP anonymization in our websites, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, your full IP address will be sent to and shortened by Google servers in the USA. Google will use this information, by order of the website owner, to evaluate your use of the websites, to compile reports about website activities for website operators, and to render other services associated with website activities and internet usage to website providers.
(2) The IP address provided by your browser as part of Google Analytics shall not be merged with other Google data.
(3) You may refuse/prevent the installation of cookies by changing the setting of your browser software. We would like to point out to you though that you may not be able to use all the functions of these websites in their entirety any more in that case. You may also prevent the collection of the data generated by the cookie and related to your use of the websites (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
(4) Our websites use Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses will be shortened/truncated prior to further processing, for which reason any association with your person/personal data can be excluded. Insofar as any personal data collected will be assigned to or associated with a personal reference, the latter will be immediately excluded, and the personal data will be deleted immediately.
(5) The legal basis for the use of Google Analytics shall be our legitimate interest pursuant to GDPR Article 6, Section 1, Subsection 1(f). Within this framework we will utilize Google Analytics to analyze and regularly improve the use of our websites. With the statistics generated by Google Analytics, we will be able to improve our internet offer and make it more interesting and appealing for you as a user. For exceptional cases, in which personal information is transferred to the USA, Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework
(7) Our websites furthermore use Google Analytics for cross-device analyses of visitor traffic conducted via a user ID.
§ 6 Integration of YouTube Videos
(1) We have included YouTube videos in our online offering, which are stored on http://www.YouTube.com, and are directly playable from our website. These are all included in the "extended privacy mode", i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos, the data mentioned in subsequent paragraph 2 will be transmitted. We have no influence on this data transfer whatsoever.
(4) The legal basis for the use of YouTube shall be our legitimate interest pursuant to GDPR Article 6, Section 1, Subsection 1(f). Within this framework we will utilize YouTube to make our internet offer more informative and appealing for you as a user.
§ 7 Use of Google AdWords Conversion
(1) GDPR Article 6, Section 1, Subsection 1(f) shall constitute the legal basis for the processing of your data. Within this framework we will utilize the offer of Google AdWords to draw attention to our attractive offers with the help of advertising media (so-called Google AdWords) on external websites. In relation to the data of the advertising campaigns, we will be able to determine this way how successful individual advertising measures are/have been. We aim at presenting you advertisements that are of interest to you, to make our websites more interesting and appealing for you as a user, and to achieve an adequate and fair calculation of advertising costs.
(2) These advertising media are supplied by Google via so-called "Ad Servers". For this purpose we use ad server cookies, which measure certain performance metrics such as ad pop-ups or user clicks. If you access our websites via a Google ad, Google AdWords will store a cookie on your PC. These cookies usually lose their validity, i.e. expire, after 30 days, and are not intended to identify you personally. As a rule, the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant to post-view conversions), and opt-out information (indicating that the user does not wish to be addressed again) are stored as this particular cookie's analytical values.
(3) These cookies allow Google to recognize your internet browser at a later time. If a user visits certain pages of an AdWords customer's website, and the cookie stored on the user's computer has not expired, Google and the customer will be able to detect that the user clicked on the ad, and was then redirected to that page. Each AdWords customer will be assigned a different cookie. For this reason, cookies cannot be tracked via the websites of AdWords customers. We ourselves do not collect and process any personal data within the framework of the aforementioned advertising measures. We only receive statistical evaluations provided by Google. On the basis of these evaluations, we will be able to identify which of the advertising measures used are particularly effective. We do not receive any further and more extensive data from the use of advertising media – we are not able to identify users on the basis of this information in particular.
(4) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no control over the extent and the further use of the data, which are raised by the employment of this tool by Google. For this reason, we provide you with information according to and basing on our state of knowledge: By the incorporation of AdWords Conversion Google will receive the information that you have visited a particular section/site of our internet appearance, or clicked on one of our ads. In case you are registered with a service provided by Google, Google may associate your visit with your account. Even if you are not registered with Google, or have not logged in, there is a possibility that the provider may detect and store your IP address.
(5) You may prevent a participation in this tracking process in several ways:
a) by adjusting your browser software accordingly – in particular, the suppression of third-party cookies will prevent you from receiving any third-party ads;
b) by disabling the cookies for conversion tracking and setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.com/settings/ads – however, this setting be deleted when you delete your cookies;
c) by deactivating interest-based advertisements of the providers which are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices – however, this setting be deleted when you delete your cookies;
d) by permanent deactivation in your browsers Firefox, Internet Explorer, or Google Chrome via the link http://www.google.com/settings/ads/plugin. We would like to point out to you that in this case you may not be able to use all the features of these internet offers in their entirety though.
(6) For more detailed information on Google data privacy, please refer to https://policies.google.com/privacy?hl=en and https://services.google.com/sitestats/en.html. Alternatively, you may also visit the website of Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework
§ 8 Service of Matelso GmbH
Our websites use a service of Matelso GmbH, Stuttgart, Germany. The legal basis for the processing of your data shall be our legitimate interest pursuant to GDPR Article 6, Section 1, Subsection 1(f).
In case you call a Matelso telephone number we commissioned, details/information on the call will be transmitted to a web analysis service (e.g. Google Analytics) we use. Matelso furthermore reads the cookies set by our analysis service, or other parameters of the websites you are currently visiting, for instance referrer, document path, and remote user agent data. This information will be processed in accordance with our instructions by Matelso, and stored on servers in the EU. For further information/details, please refer to https://www.matelso.com/en/matelso-call-tracking-gdpr/. You may refuse/prevent the installation of cookies by changing the setting of your browser software. We would like to point out to you though that you may not be able to use all the functions of these websites in their entirety any more in that case.
§ 9 Newsletter2Go
On present website you may subscribe to our newsletter. For this we require your e-mail address. The personal data collected in connection with your newsletter registration will only be stored for the duration of your newsletter subscription.
The newsletter will be mailed by Newsletter2Go GmbH, Nuernberger Strasse 8, 10787 Berlin, Germany.
Newsletter2Go is a service by means of which, among other things, the dispatch of newsletters can be organized and analyzed. The data entered by you, in order to subscribe to our newsletter, will be stored on the servers of Newsletter2Go in Germany.
Unless you wish Newsletter2Go to analyze your data, please unsubscribe. For this purpose, we provide a corresponding link in all our newsletter messages. Furthermore, you have the possibility to unsubscribe directly on present website.
Data Analysis by Newsletter2Go
With the assistance of Newsletter2Go we are able to analyze our newsletter campaigns. This way, we can see whether a newsletter message has been opened and which links have been clicked. So we can also determine which links in particular were clicked most frequently.
Furthermore, we can see whether certain previously defined actions were carried out after opening/clicking (conversion rate).
Newsletter2Go also allows us to cluster newsletter recipients into different categories: newsletter recipients may be subdivided according to their age, gender, or place of residence, for example, in order to better adapt the contents of our newsletters to the respective target groups.
For detailed information on the functionalities of Newsletter2Go, please refer to the following link: https://www.newsletter2go.de/features/newsletter-software/.
§ 10 Mouseflow
Our websites use Mouseflow, a web analysis tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, in order to track and record randomly selected, individual visits (only with anonymized IP addresses). As a result, a protocol of mouse movements, mouse clicks, and keystroke activities will be created, with the intention of randomly reproducing individual visits to these websites as so-called session replays, and evaluating them by means of so-called heatmaps, in order to derive potential improvements for our websites. The cookie generated by Mouseflow will be deleted after a period of ninety (90) days. The data collected by Mouseflow is non-personal and will not be disclosed to third parties – this data will be retained for a period of three (3) months. All data collected will be stored and processed within the EU. In case you do not wish Mouseflow to collect your data, you may object to this on any website using Mouseflow by clicking on the following opt-out link: https://mouseflow.de/opt-out/