Flutlicht GmbH
Allersberger Straße 185/G
90461 Nuremberg, Germany
Tel.: +49-(0)911 47495-0
Fax: +49-(0)911 47495-55
E-mail: info@flutlicht.biz
Managing Directors with authorization for representation:
Eva Föhlinger, Andrea Gantikow, Stefan Koch
Commercial register number: HRB 20388
Court of registration: Nuremberg District Court
VAT-ID No.: DE 231704898
Responsible for content according to § 10, paragraph 3 of the German Interstate Media Agreement (MDStV):
Eva Föhlinger, Andrea Gantikow, Stefan Koch
Data Protection Supervisor:
it.sec GmbH
– Datenschutzbeauftragter –
Einsteinstraße 55
D-89077 Ulm
Telefon: +49 731 20589 24
email: datenschutz@flutlicht.biz
Privacy Policy / Update: November 16th 2022
1. About us
We, Flutlicht GmbH, are responsible for the collection, processing and storage of your data. You can find details about us in our Imprint at any time.
The careful handling of your personal data has the highest priority for us. In processing, we comply with the statutory provisions, e.g. the General Data Protection Regulation (GDPR) and the associated national provisions.
This data protection declaration applies to all websites of our company that can be accessed under our domain (https://www.flutlicht.biz/en). If you switch to websites of other operators within the scope of our offer, their own data protection regulations apply, for the content of which the respective operators of these websites are responsible.
Since we would like to give you a comprehensive overview of the processing of personal data in our group of companies, you will find below an overview of all our services in the context of which we collect and process personal data.
If separate or additional conditions apply to individual services or we ask you for your consent, we will point this out to you separately before using the respective service (e.g. for the press distribution list).
We also take various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organizational measures to always protect your data.
2. Why we process your data
You can use our website without disclosing your identity. If you would like to register for one of our personalised services such as our press distribution list, subscribe to our newsletter or contact us, we will ask you for your name and other personal information. It is your free decision whether you enter this (extended) data. Data that we absolutely need from you to provide our services are marked as such.
Your personal data is collected and processed for the following purposes on the basis of the following legal bases:
- Contract initiation pursuant to Art. 6 (1) lit. a) and b) GDPR
- Contract execution in accordance with Art. 6 (1) lit. b) GDPR
- Customer management in accordance with Art. 6 (1) lit. b) and c), f) GDPR
- Communication and data exchange pursuant to Art. 6 (1) lit. a), b), c), f) GDPR
- External presentation and advertising pursuant to Art. 6 (1) lit. a), f) GDPR
- Implementation of declarations of consent pursuant to Art. 6 (1) lit. a) GDPR
- Ensuring the proper operation of a data processing system in accordance with
- 6 (1) lit. c) and f) GDPR
- Applicant selection procedures in the context of personnel and resource management based on Art. 6 (1) lit. a), b) GDPR in conjunction with § 26 BDSG
3. Which data we collect and process from you
We collect different categories of personal data from you. Personal data is all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data includes, for example, information such as your name, your address, your telephone number and your date of birth (if stated). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of individual websites of our offer or the number of users of a page – is not personal data. Data is collected directly and indirectly. In both cases, data will only be collected to the extent necessary; the data will only be processed for the purposes stated under point 2. It is your decision whether you want to transmit data to us that optimizes the use of our services for you, but is not necessary for this. Corresponding data fields are marked as ‘voluntary’.
The data collected immediately includes:
- First name, last name, address and e-mail address, e.g. for the purpose of inclusion in our newsletter & press distribution list, use of your customer account or for contacting you via our contact form.
- Candidate data, for carrying out our online application procedure
- Data that you actively and consciously transmit to us when using our services,
- Further data that you voluntarily submit to us, e.g. data fields filled in by you and marked as ‘voluntary’
In addition, data about you is collected indirectly when using our services:
- Technical connection data, e.g. the page called up on our website, your IP address, date and time of the call, terminal device used, browser configuration data.
- Data collected in the context of website tracking and newsletter tracking
Minors:
Our website is not directed at minors and we do not knowingly collect personal information from minors.
If persons under the age of 16 transmit personal data to us, this is only permitted if the parent/guardian himself has consented or has consented to the consent of the young person. In accordance with Art. 8 (2) GDPR, the contact details of the legal guardian must be provided in order to convince us of the consent or consent of the legal guardian. These data as well as the data of the minor will then be processed in accordance with this data protection declaration.
If we determine that a minor under the age of 16 has sent us personal data without the parental consent or consent of the minor, we will delete the data immediately.
4. Who has access to your data and to whom we transmit your data
a) Access
Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks.
If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.
We also use service providers to provide services and process your data (for hosting, maintaining and analyzing databases, securing our web servers or for website tracking, among other things). Insofar as these special provisions apply, we have carried them out for you in the following for the respective service. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.
b) Data exchange within the group of companies
Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and serves only internal administrative purposes. By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR.
c) Transfer to third countries and legal basis
The servers of some of the service providers we use are located in the US and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data are processed in a country that does not have a recognised high level of data protection such as the European Union, we use contractual regulations or other recognised instruments to ensure that your personal data are adequately protected. We expressly point this out to you again within the scope of the individual services.
If personal data is transferred to third countries, this is done on the basis of the EU standard contract pursuant to Art. 46 para. 2 lit. c GDPR or on the basis of your consent pursuant to Art. 49 para. 1 lit. a GDPR.
d) Transmission to law enforcement and criminal investigation authorities
In exceptional cases we transmit personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws.
5. Storage periods
We store personal data within the framework of legal regulations or your consent.
We use the following criteria to determine the concrete storage period:
We store the personal data until the purposes for which they were collected cease to apply (e.g. at the end of a contractual relationship or through the last activity, if no continuing obligation exists, or in the case of a revocation of your consent for the specific data processing).
Further data will only be stored if
- legal storage obligations (e.g. according to AO and HGB) exist;
- the data is still needed to assert and exercise legal claims or to defend against legal claims, e.g. due to technological and forensic requirements to defend against attacks on our web servers and their prosecution;
- the deletion would be contrary to the legitimate interest of the data subjects;
or
- another exception pursuant to Art. 17 (3) DSGVO applies.
6. Your Rights
You have a number of legal rights to which we would like to draw your attention below. Of course, our data protection officer is also available to answer any questions you may have about your personal data that we have collected and processed using the contact details given below.
a) Right to information and data transferability
You have a right of information about the personal data we process concerning you at any time.
If the data processing is based on your consent or according to Art. 6 (1) lit. b) GDPR on a contract, you can also demand in accordance with Art. 20 (1) GDPR to receive the personal data stored about you in a structured, current and machine-readable format. At your request, we will also forward the data directly to the recipient of your choice.
b) Right to rectification, restriction and deletion
Furthermore, in accordance with Articles 16 to 18 GDPR, you can request us to correct, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason to restrict further data processing, or if data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to deletion may be restricted by legal retention periods.
c) Rights of objection
If our data processing is based exclusively on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, you may object to this processing pursuant to Art. 21 (1) GDPR. Then we will stop processing your data unless we can prove grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 (2) GDPR.
d) Right of revocation
If you have allowed us to process your personal data by giving your consent, you have a right of revocation with effect for the future pursuant to Art. 7 (3) GDPR.
e) Right to appeal to the Supervisory Authority
You are free to complain to a supervisory authority if you believe that our processing of your personal data violates the European Data Protection Regulation or other national and international data protection laws.
The contact details of the supervisory authority responsible for us are as follows:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Phone: +49 981 53 1300
Email: poststelle@lda.bayern.de
f) Contact details
To exercise your rights, you can send us an informal message to the following contact details. Please also address the revocation of your consent to the following contact details, indicating which declaration of consent you would like to revoke:
Person in charge | Data protection officer |
Flutlicht GmbH
Allersberger Straße 185/G D-90461 Nürnberg Phone: +49 911 47495 0 Email: info@flutlicht.biz |
it.sec GmbH
– Datenschutzbeauftragter – Einsteinstraße 55 D-89077 Ulm Phone: +49 731 20589 24 |
7. Use of your website – Profiling, cookies and web tracking
a) Basic information on cookies and opt-out-opportunities
We use so-called cookies in some areas of our website, e.g. to recognize the preferences of visitors and to be able to design the website accordingly. This facilitates navigation and a high degree of user-friendliness of a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor’s hard drive. They allow information to be stored for a certain period of time and to identify the visitor’s computer. For better user guidance and individual service presentation, we use permanent cookies.
We also use so-called session cookies, which are automatically deleted when you close your browser. You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. This is done to verify the authorization of actions and the authentication of the requesting user of our services. The legal basis is Art. 6 (1) lit. c) in conjunction with Art. 32 and Art. 6 (1) lit. f) GDPR. Our legitimate interest is to secure our web server, for example to defend ourselves against attacks, and to ensure the functionality of our services.
Non-technically necessary cookies you can of course revoke at any time. Those Cookies are listed and explained in our Cookie Banner.
As part of our cookie information on our website, you have agreed to the following statement in this regard:
Our website uses tracking cookies and tracking software to ensure that we give you the best experience on our website. In addition to that, tobe able to offer certain social media features and to analyze the traffic to our website.
You will find further information on the cookies and web tracking methods used by us as well as the option of deactivating them for you in our privacy policy or via „change cookie settings“. Please give us your consent to the use of cookies. Please keep in mind that the cookies may only be placed after clicking on “OK”
If you completely exclude the use of cookies, you cannot use certain functions of our website – including the possibility of cookie-based opt-out from tracking. Please allow the opt-out cookies of those services for which you wish to prevent tracking.
Please also note that deleting all cookies will also delete opt-out cookies. You may therefore have to reset them. Cookies are also browser-bound, i.e. they must be set separately for each browser you use on each device you use. You will find the necessary links in the description of the respective service below.
b) Google Analytics
This website uses Google Analytics, a web analysis service of Google LLC (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other countries party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website usage and Internet usage. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. One way to object to web analysis by Google Analytics is to set an opt-out cookie that instructs Google not to store or use your data for web analysis purposes. Please note that with this solution the web analysis will only not take place as long as the opt-out cookie is stored by the browser. If you would like to set the opt-out cookie now, please click https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable.
You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link. The current link is: http://tools.google.com/dlpage/gaoptout?hl=de.
Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland
In the case of access to the data from the USA (e.g. support): Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
The legal basis for the transfer is the EU standard contract 2010 in accordance with Art. 46 Paragraph 2 lit. c GDPR.
c)Google Tag Manager
Google Tag Manager is a product of Google that allows us to manage website tags of applications such as Google Analytics through a user interface. The Tag Manager is a cookie-less domain and does not collect personally identifiable information.
d) Google Maps
Our website uses the service Google Maps to show you locations of the responsible person and, if necessary, to enable route planning. When Google Maps is called up on this website, data (e.g. your IP address, the address entered as part of the route planning) is thus transmitted to Google.
We only use Google Maps with your consent, Art. 6 para. 1 p. 1 lit. a GDPR.
The Google Maps page is therefore integrated by means of local preview and is only activated when you click on the link displayed there. After that, your browser establishes a direct connection to Google. We have no influence on whether or how Google actually uses the data (purpose, storage, deletion, disclosure, transmission, profiling). We also have no effective control options in this respect. We do not store any data.
An agreement within the meaning of Art. 26 (1) GDPR exists.
Further information on data protection at Google can be found at: https://policies.google.com/privacy?hl=de&gl=de.
You can access the separate data protection provisions for Google Maps at: https://www.google.com/intl/de_de/help/terms_maps.html
Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland
In the case of access to the data from the USA (e.g. support): Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
The legal basis for the transfer is the EU standard contract 2010 in accordance with Art. 46 Paragraph 2 lit. c GDPR.
e) Youtube Video embedded via iFrame in advanced privacy mode
We use Youtube, a Google service, to show you video content. To protect your privacy, we have activated the extended data protection mode.
YouTube also uses cookies to collect information about visitors to its website. YouTube uses them, among other things, to collect video statistics, to prevent fraud and to improve user-friendliness. Calling a video usually also leads to a connection with the Google DoubleClick network. Starting the video could trigger further data processing, especially if you are already logged in to YouTube. We have no influence on that.
By pressing the start button on the video, you agree to the transmission of the data to Youtube LLC:
For more information about privacy at YouTube, please see their privacy policy (http://www.youtube.com/t/privacy_at_youtube).
Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland
In the case of access to the data from the USA (e.g. support): Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
The legal basis for the transfer is the EU standard contract 2010 in accordance with Art. 46 Paragraph 2 lit. c GDPR.
f) Social Media Buttons
Our website uses Social Media Buttons (Facebook, Twitter, Instagram, LinkedIn, Xing), to enable you to interact with third parties.
These social media buttons are not integrated as plug-ins via a so-called iFrame but are stored as links. By clicking the social media buttons, you will be redirected to the page of the respective provider. The relevant provider is then responsible for compliance with the data protection regulations and for the correctness, up-to-dateness and completeness of the information provided there for data processing within the meaning of Art. 4 No. 17 GDPR.
g) Social Media Plugins
We use social media plugins (Facebook) of Meta Platforms Inc, (“provider”) on our website.
If you are logged into the corresponding social network of the provider at the same time as visiting our website (at www.facebook.com) or use the social media plugins (e.g. pressing the ‘Like’ button), a direct connection is established between your browser and the pages of the provider, which may collect personal data (IP address) and other information that can be aggregated to a personal data (e.g. browser system configuration, movement and usage data) about you.
Since this transmission is direct, we do not obtain knowledge of the transmitted data and processing operations. The controller within the meaning of Art. 4 No. 7 GDPR for this data is solely the provider.
Therefore, the so-called 2-click model has been installed on our website, i.e. the social media plugins are first deactivated buttons online that do not establish contact with the servers of the providers. Only when you activate them and have thus really consented to enter into communication with the provider can the data actually be collected by the latter.
By pressing the deactivated button, you consent to the transmission of the data to the provider of the social network:
“2 clicks for more data protection: only when you click here will the button become active and you can send your recommendation to Facebook. Data is already transmitted to third parties when it is activated.”
Recipient: The provider who operates the respective social network as the responsible party
h) DoubleClick by Google
Doubleclick by Google uses cookies to serve ads relevant to you. Your browser is assigned a pseudonymous identification number to check which ads have been displayed in your browser and which ads have been called. The cookies do not contain any personal information. The use of DoubleClick cookies only allows Google and its partner websites to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted and stored by Google for analysis. A transfer of the data by Google to third parties only takes place due to legal regulations or within the scope of order processing. Google will not combine your data with other data collected by Google.
If you do not agree with this form of processing, you can prevent the storage of cookies by setting your browser accordingly. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available here <https://support.google.com/ads/answer/7395996?hl=de> Alternatively, you can disable Doubleclick cookies on this page < http://www.google.com/ads/preferences/html/opt-out.html>
Recipient of the data: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland
In the case of access to the data from the USA (e.g. support): Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
The legal basis for the transfer is the EU standard contract 2010 in accordance with Art. 46 Paragraph 2 lit. c GDPR.
i) LinkedIn Ads / LinkedIn Analytics
We use “LinkedIn Ads” on our website, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: “LinkedIn”). LinkedIn Ads stores and processes information about your user behavior on our website. For this purpose, LinkedIn Ads uses, among other things, cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and that enable an analysis of your use of our website.
We use LinkedIn Ads for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. The legal basis is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We point out that in this case you may not be able to use all features of our website in full. You can also prevent the collection of the aforementioned information by LinkedIn by setting an opt-out cookie on one of the websites linked below:
https://www.linkedin.com/mypreferences/g/guest-cookies
http://optout.aboutads.info/?c=2#!/
Wir weisen Sie darauf hin, dass diese Einstellung gelöscht wird, wenn Sie Ihre Cookies löschen. Sie können der Erfassung und Weiterleitung personenbezogenen Daten widersprechen oder die Verarbeitung dieser Daten verhindern, indem sie die Ausführung von Java-Script in Ihrem Browser deaktivieren. Zudem können Sie die Ausführung von Java-Script Code insgesamt dadurch verhindern, indem Sie einen Java-Script-Blocker installieren. Wir weisen darauf hin, dass Sie in diesem Fall möglicherweise nicht alle Funktionen unseres Internetauftritts vollumfänglich nutzen können.
Weitere Informationen des Drittanbieters zum Datenschutz können Sie der nachfolgenden Webseite entnehmen: https://www.linkedin.com/legal/privacy-policy
Empfänger der Daten: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland
Im Falle der Zugriffsmöglichkeiten auf die Daten aus den USA (z.B. Support): LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085 USA
Rechtsgrundlage für die Übermittlung sind die EU-Standardvertragsklauseln gemäß Art. 46 Abs. 2 lit. c GDPR.
We would like to point out that this setting is deleted when you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java Script in your browser. In addition, you can prevent the execution of Java-Script code altogether by installing a Java-Script blocker. We would like to point out that in this case you may not be able to use all functions of our website to their full extent.
Further information from the third-party provider on data protection can be found on the following website: https://www.linkedin.com/legal/privacy-policy
Recipient of the data: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
j) Matomo Web Tracking (ehemals Piwik)
We use the website analysis software Matomo to optimize and statistically evaluate visitor access to our website.
Matomo uses so-called cookies, small text files that are stored locally on your terminal device and allow us to analyze the use of our website. We ensure that the calling IP address is anonymized immediately after its influence into a hash value and even before storage, so that no inference to you is possible. The processing of the data obtained in this way takes place exclusively on our own servers in Germany. The data is not accessed by third parties.
In principle, you can prevent the storage of cookies by setting your web browser accordingly; in this case, however, the full functionality of our website may not be available to you.
Alternatively, you can also object to the storage and analysis of the data collected by Matomo at any time. In this case, a so-called opt-out cookie ensures that Matomo does not collect any session data.
<iframe frameborder=”no” width=”500px” height=”250px” src=”https://www.IHRE-DOMAIN.de/index.php?module=CoreAdminHome&action=optOut&language=de”></iframe>
In addition, as part of our website analysis, we of course respect your ‘Do not Track’ preference as you have set it in your browser.
Overview of cookies used by Matomo: https://matomo.org/faq/general/faq_146/
General information on data protection at Matomo: https://matomo.org/docs/privacy/
8. Supplementary information and provisions on individual services
a) Newsletter and media distribution list
At your expressed request, we will include you in our newsletter and media distribution list for the topics you have chosen as well as information on our company. Please note that delivery can only take place once you have expressly confirmed your subscription request again in the context of our double opt-in procedure.
The personal data collected within the scope of the newsletter and media distribution list registration will be used exclusively for sending and personalising the information (e.g. to address you by your name). You can revoke your consent to the storage of personal data that you have given us for inclusion in the newsletter and media distribution list at any time with effect for the future. For the purpose of revoking your consent, each e-mail contains an appropriate link; alternatively, you are welcome to contact us directly so that we can implement your revocation. Details of the consent given to us were communicated to you in the Double-Opt-In-Mail.
Newsletter-/Media distribution list usage analysis
Our press distribution list e-mails contain tracking pixels. A pixel-code is an invisible graphic in HTML e-mails with the purpose of enabling a log file recording and a recording of the links activated from the newsletter with subsequent analysis when the e-mail is opened. This enables us to evaluate the success of our newsletter campaigns by means of statistical evaluations and to optimise our mails in order to present you, for example, topics and offers that are better suited to your interests.
The personal data collected in this way will be processed directly by us.
If you do not agree to this, you can unsubscribe from the newsletter and media distribution list at any time via the link provided in the respective e-mail or by sending us a message.
b) Contact form and feedback form
Data that you transmit to us via our contact form will be processed for the purpose of communication and data exchange, i.e. to respond to your specific request. These data are stored as long as their processing is necessary for these purposes or until the expiry of any subsequent retention periods.
c) Application procedure
We offer you the opportunity to apply to us electronically. Your electronic application data will be received by the relevant personnel department and only forwarded to the department responsible for the respective position or to the persons in charge of processing. All parties involved treat your application documents
After completion of the applicant selection process, we will store your application documents for 3 months and then delete or destroy any copies unless we have concluded an employment contract with you. Should we wish to include your application documents in our applicant pool, we will contact you. In the notification you can actively consent to the further storage of your documents.
Please note that applications that you send us by e-mail will be sent to us unencrypted. We therefore recommend the use of our secure upload portal or e-mail encryption.
d) Monotype Fonts
Our website uses the ‘Monotype Fonts’ service from Monotype to present our site in an optimal design, also with regard to fonts. When you visit our site, Monotype will download the fonts you need to display them into your browser. Connection data such as your IP address, information about the browser used, the page calling up and, if applicable, other technical data are transmitted to Monotype. This service is governed by fonts.com’s privacy policy (https://www.monotype.com/legal/privacy-policy).
Recipient of the data: Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA
We shall be glad to help with any queries about data protection.
Please contact: datenschutz@flutlicht.biz.
9. Company Presences (‘Fanpages’) in Social Networks
Social network | Facebook
We point out that Facebook is just another of several options for contacting us or receiving information from us. Alternatively, the information offered via our Facebook account can also be found on our website at www.flutlicht.biz. |
Responsible person with whom the fanpage is operated together (‘platform operator’) | Facebook Inc.
Menlo Park
Responsible for data processing for people living within the European Union: Facebook Ireland Ltd. |
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the jointly responsible persons who fulfilled which obligation under the GDPR | The agreement pursuant to Art. 26 (1) GDPR can be found at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum The platform operator provides the essential contents of this agreement to the data subjects. |
Contact for privacy policy | The contact for privacy policy can be taken from our privacy policy linked here or the privacy policy officer of the platform operator can be contacted under the following web form: https://www.facebook.com/help/contact/540977946302970 |
Categories of data subjects | Registered in the social network as well as unregistered visitors to our fanpage.
We inform the data subjects that they use Facebook and its functions on their own responsibility. This is especially true for the use of interactive features (e.g., sharing, rating). |
Categories of personal data | Data that we process from registered visitors to our fanpage:
User ID under which you have registered, released profile data (e.g. name details, occupation, addresses, contact data, if needed also special categories of personal data such as religious affiliation, health data, etc.), data that is generated during content sharing, message exchange and communication, data that is required in the course of contract processing at the request of registered visitors; otherwise we only process pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
Data that we process from non-registered visitors to our fanpage:
Pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
|
Data that the platform operator processes about registered and unregistered visitors to our fanpage can be found in the following link:
https://www.facebook.com/privacy/explanation The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
|
Data Source | We receive the data directly from the data subjects or from the platform operator. |
Where the platform operator obtains the data of the data subjects can be found under the following link: https://www.facebook.com/privacy/explanation
We have no influence or effective control over whether the data acquisition by the platform operator is permissible. |
|
Legal basis for data processing | We process the data on based on the following legal bases:
– Art. 6 (1) a) GDPR: Consent of the data subjects – Art. 6 (1) b) GDPR, if applicable: Execution of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject – Art. 6 (1) f) GDPR: Justified interest o Simplification of communication and data exchange by supplementing the existing communication channels, such as the Internet presence, press releases, print products and events, with the fanpage. o Sales promotion of our products and services or the demand as well as the recruitment of junior staff by transparent appearance and regular contributions to our agency life and work as well as communication and PR topics, according to our service portfolio. o Optimization of our fanpage. We process special categories of personal data, if at all, only based on the following legal bases: – Art. 9 (2) a) GDPR: Consent of the data subject – Art. 9 (2) e) GDPR: The data subject has made the personal data public manifestly. |
The legal basis on which the platform operator bases data processing can be found in the following link:
https://www.facebook.com/about/privacy/legal_bases If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator will obtain the consent of the data subjects in advance. In particular, the platform operator is obliged to inform the data subjects for what purposes and on what legal basis entries in the so-called Local Storage are generated by the first visit to a fanpage, even for non-registered visitors, and whether personal data of non-registered visitors (e.g. IP address or other data that condenses into personal data) is also used to create profiles. We have no influence or effective control over whether the data processing by the platform operator is permissible. |
|
Purposes of data processing | The data will be processed for the following purposes:
– Public image and advertising – Communication and data exchange – Event management |
Information on the purposes for which the platform operator processes the data can be found under the following link: https://www.facebook.com/privacy/explanation
We have no influence on the purposes for which the platform operator actually uses the data. In addition, we have no effective means of control in this matter. |
|
Storage duration | In terms of Art. 26 (1) GDPR the platform operator is obligated to store and delete data in accordance with the agreement.
Information on this can be found under the following link: https://www.facebook.com/privacy/explanation We have no influence on how the platform operator determines the ruled deletion periods and how the data is deleted. In addition, we have no effective means of control in this matter. |
Recipient categories
|
The data processed by us can only be accessed by our employees who maintain our fanpage and need the data for the above-mentioned purposes. If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors. |
The following link lists the recipient categories to which the platform operator discloses the data or enables registered visitors to disclose their data, as well as information on internal data exchange within the group:
https://www.facebook.com/privacy/explanation We have no influence on the disclosure of the data to the individual recipients (and categories) by the platform operator. In addition, we have no effective means of control in this matter. |
|
Data transfers to third-party countries
|
If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors worldwide.
In the context of the operation of our fan page, the data is also processed by Facebook Inc. The associated data transfer to the USA as a third country is currently taking place due to technical necessity of the data partially accessed in the USA without an adequate level of data protection. Please note that due to the decision of the European Court of Justice on the invalidity of the privacy shield, the data transfer to the USA may possibly be carried out without an adequate level of data protection and we are therefore currently working on a solution. If you nevertheless call up our fan page, we would like to point out explicitly that your basic rights under Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union (CFR) are not adequately taken into account in the USA. |
The platform operator will transfer, store and otherwise process the data in the United States, Ireland and any other country in which the platform operator operates, regardless of the residence of the data subjetcts.
The associated data transfers to third-party countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR: https://www.facebook.com/privacy/explanation We have no influence on the data transfers made by the platform operator to third-party countries. In addition, we have no effective means of control in this matter. |
|
Involved logic and scope of a profiling or an automated individual decision based on the collected data | If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator is obligated to inform about this in accordance with the agreement in terms of Art. 26 (1) GDPR. In particular, the platform operator is obligated to inform the data subjects of the purposes and legal basis if a session cookie and three cookies with a lifetime from four months to two years are stored on our fan page after calling up a subpage.
Information for this can be found under the following links: https://www.facebook.com/privacy/explanation https://www.facebook.com/policies/cookies/ The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
Rights of data subjects | The jointly responsible persons must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator based on the agreement pursuant to Art. 26 (1) GDPR:
https://www.facebook.com/privacy/explanation Data subjects have a right to access, rectify or delete personal data concerning them or a right to limit data processing by the data controller if certain conditions are met pursuant to Art. 15 to Art. 18 GDPR. Data subjects also have the right to revoke their consent to the processing of their personal data at any time with effect for the future (Art. 7 (3) GDPR). Furthermore, they can object to the further processing of their data, which is based exclusively on the legitimate interest of the data controller in accordance with Art. 6 (1) f) GDPR (Art. 21 (1) GDPR), provided that their particular personal situation indicates interests worthy of protection in the exclusion of data processing and that there are no longer any compelling grounds worthy of protection for the data controller for further data processing. If personal data is processed for the purpose of direct marketing, data subjects have the right to object to this processing at any time with effect for the future (Art. 21 (2) GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) a), Art. 9 (1) a) GDPR or pursuant to Art. 6 (1) b) GDPR on a contract with the data subject and is carried out using automated procedures, the data subjects may, pursuant to Art. 20 (1) GDPR, request that the personal data stored about them be retained in a structured, common and machine-readable format or that they be transmitted to a third party selected by the data subject. In general, data subjects have the right not to be subject to an automated individual decision pursuant to Art. 22 (1) GDPR. To the extent that such an automated individual decision is permissible under Art. 22 (2) a) to c) GDPR, data subjects are granted the following rights under Art. 22 (3) GDPR: the right to present one’s own position, the right to object to the intervention of a person on the part of the person responsible, the right to contest the automated individual decision (right of appeal). Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/. Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they are in the opinion that the processing of their personal data violates the Basic Data Protection Regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is: Data Protection Commission 21 Fitzwilliam Square, Dublin 2 Web address: https://www.dataprotection.ie/docs/Contact-us/b/11.htm Web address: http://gdprandyou.ie/contact-us/ |
Social network | Pinterest
We point out that Pinterest is just another of several options for contacting us or receiving information from us. Alternatively, the information offered via our Pinterest account can also be found on our website at www.flutlicht.biz. |
Responsible person with whom the fanpage is operated together (‘platform operator’) | Pinterest Inc. 651 Brannan Street San Francisco CA 94103 USAResponsible for data processing for people living within the European UnionPinterest Europe Ltd. Palmerston House, 2nd Floor Fenian Street Dublin 2, Ireland |
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the jointly responsible persons who fulfilled which obligation under the GDPR | The agreement pursuant to Art. 26 (1) GDPR can be found at the following link:
Derzeit noch kein Link verfügbar! The platform operator provides the essential contents of this agreement to the data subjects. |
Contact for privacy policy | The contact for privacy policy can be taken from our privacy policy linked here or the privacy policy officer of the platform operator can be contacted under the following web form: https://policy.pinterest.com/de/privacy-policy |
Categories of data subjects | Registered in the social network as well as unregistered visitors to our fanpage.
We inform the data subjects that they use Pinterest and its functions on their own responsibility. This is especially true for the use of interactive features (e.g., sharing, rating). |
Categories of personal data | Data that we process from registered visitors to our fanpage:
User ID under which you have registered, released profile data (e.g. name details, occupation, addresses, contact data, if needed also special categories of personal data such as religious affiliation, health data, etc.), data that is generated during content sharing, message exchange and communication, data that is required in the course of contract processing at the request of registered visitors; otherwise we only process pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
Data that we process from non-registered visitors to our fanpage:
Pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
|
Data that the platform operator processes about registered and unregistered visitors to our fanpage can be found in the following link: | |
Data Source | We receive the data directly from the data subjects or from the platform operator. |
Where the platform operator obtains the data of the data subjects can be found under the following link: https://policy.pinterest.com/de/privacy-policy
We have no influence or effective control over whether the data acquisition by the platform operator is permissible. |
|
Legal basis for data processing | We process the data on based on the following legal bases:
– Art. 6 (1) a) GDPR: Consent of the data subjects – Art. 6 (1) b) GDPR, if applicable: Execution of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject – Art. 6 (1) f) GDPR: Justified interest o Simplification of communication and data exchange by supplementing the existing communication channels, such as the Internet presence, press releases, print products and events, with the fanpage. o Sales promotion of our products and services or the demand as well as the recruitment of junior staff by transparent appearance and regular contributions to our agency life and work as well as communication and PR topics, according to our service portfolio. o Optimization of our fanpage. We process special categories of personal data, if at all, only based on the following legal bases: – Art. 9 (2) a) GDPR: Consent of the data subject – Art. 9 (2) e) GDPR: The data subject has made the personal data public manifestly. |
The legal basis on which the platform operator bases data processing can be found in the following link:
https://policy.pinterest.com/de/privacy-policy If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator will obtain the consent of the data subjects in advance. In particular, the platform operator is obliged to inform the data subjects for what purposes and on what legal basis entries in the so-called Local Storage are generated by the first visit to a fanpage, even for non-registered visitors, and whether personal data of non-registered visitors (e.g. IP address or other data that condenses into personal data) is also used to create profiles. We have no influence or effective control over whether the data processing by the platform operator is permissible. |
|
Purposes of data processing | The data will be processed for the following purposes:
– Public image and advertising – Communication and data exchange – Event management |
Information on the purposes for which the platform operator processes the data can be found under the following link: https://policy.pinterest.com/de/privacy-policy
We have no influence on the purposes for which the platform operator actually uses the data. In addition, we have no effective means of control in this matter. |
|
Storage duration | In terms of Art. 26 (1) GDPR the platform operator is obligated to store and delete data in accordance with the agreement.
Information on this can be found under the following link: https://policy.pinterest.com/de/privacy-policy We have no influence on how the platform operator determines the ruled deletion periods and how the data is deleted. In addition, we have no effective means of control in this matter. |
Recipient categories
|
The data processed by us can only be accessed by our employees who maintain our fanpage and need the data for the above-mentioned purposes. If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors. |
The following link lists the recipient categories to which the platform operator discloses the data or enables registered visitors to disclose their data, as well as information on internal data exchange within the group:
https://policy.pinterest.com/de/privacy-policy We have no influence on the disclosure of the data to the individual recipients (and categories) by the platform operator. In addition, we have no effective means of control in this matter. |
|
Data transfers to third-party countries
|
If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors worldwide.
In the context of the operation of our fan page, the data is also processed by Pinterest Inc. The associated data transfer to the USA as a third country is currently taking place due to technical necessity of the data partially accessed in the USA without an adequate level of data protection. Please note that due to the decision of the European Court of Justice on the invalidity of the privacy shield, the data transfer to the USA may possibly be carried out without an adequate level of data protection and we are therefore currently working on a solution. If you nevertheless call up our fan page, we would like to point out explicitly that your basic rights under Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union (CFR) are not adequately taken into account in the USA. Additional measures to ensure greater protection of personal data and privacy, and effective legal protection for data/privacy subjects are currently in preparation. |
The platform operator will transfer, store and otherwise process the data in the United States, Ireland and any other country in which the platform operator operates, regardless of the residence of the data subjects.
The associated data transfers to third-party countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR: https://policy.pinterest.com/de/privacy-policy We have no influence on the data transfers made by the platform operator to third-party countries. In addition, we have no effective means of control in this matter. |
|
Involved logic and scope of a profiling or an automated individual decision based on the collected data | If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator is obligated to inform about this in accordance with the agreement in terms of Art. 26 (1) GDPR. In particular, the platform operator is obligated to inform the data subjects of the purposes and legal basis if a session cookie and three cookies with a lifetime from four months to two years are stored on our fan page after calling up a subpage.
Information for this can be found under the following link: https://policy.pinterest.com/de/privacy-policy The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
Rights of data subjects | The jointly responsible persons must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator based on the agreement pursuant to Art. 26 (1) GDPR:
https://policy.pinterest.com/de/privacy-policy Data subjects have a right to access, rectify or delete personal data concerning them or a right to limit data processing by the data controller if certain conditions are met pursuant to Art. 15 to Art. 18 GDPR. Data subjects also have the right to revoke their consent to the processing of their personal data at any time with effect for the future (Art. 7 (3) GDPR). Furthermore, they can object to the further processing of their data, which is based exclusively on the legitimate interest of the data controller in accordance with Art. 6 (1) f) GDPR (Art. 21 (1) GDPR), provided that their particular personal situation indicates interests worthy of protection in the exclusion of data processing and that there are no longer any compelling grounds worthy of protection for the data controller for further data processing. If personal data is processed for the purpose of direct marketing, data subjects have the right to object to this processing at any time with effect for the future (Art. 21 (2) GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) a), Art. 9 (1) a) GDPR or pursuant to Art. 6 (1) b) GDPR on a contract with the data subject and is carried out using automated procedures, the data subjects may, pursuant to Art. 20 (1) GDPR, request that the personal data stored about them be retained in a structured, common and machine-readable format or that they be transmitted to a third party selected by the data subject. In general, data subjects have the right not to be subject to an automated individual decision pursuant to Art. 22 (1) GDPR. To the extent that such an automated individual decision is permissible under Art. 22 (2) a) to c) DGPR, data subjects are granted the following rights under Art. 22 (3) GDPR: the right to present one’s own position, the right to object to the intervention of a person on the part of the person responsible, the right to contest the automated individual decision (right of appeal). Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/. Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they are in the opinion that the processing of their personal data violates the Basic Data Protection Regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is: Data Protection Commission 21 Fitzwilliam Square, Dublin 2 Web address: https://www.dataprotection.ie/docs/Contact-us/b/11.htm Web address: http://gdprandyou.ie/contact-us/ |
Social network | Instagram
We point out that Instagram is just another of several options for contacting us or receiving information from us. Alternatively, the information offered via our Instagram account can also be found on our website at www.flutlicht.biz. |
Responsible person with whom the fanpage is operated together (‘platform operator’) | Facebook Inc.
Menlo Park Responsible for data processing for people living within the European Union: Facebook Ireland Ltd. |
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the jointly responsible persons who fulfilled which obligation under the GDPR | The agreement pursuant to Art. 26 (1) GDPR can be found at the following link:
Derzeit noch nicht verfügbar. The platform operator provides the essential contents of this agreement to the data subjects. |
Contact for privacy policy | The contact for privacy policy can be taken from our privacy policy linked here or the privacy policy officer of the platform operator can be contacted under the following web form: https://www.facebook.com/help/contact/540977946302970 |
Categories of data subjects | Registered in the social network as well as unregistered visitors to our fanpage.
We inform the data subjects that they use Instagram and its functions on their own responsibility. This is especially true for the use of interactive features (e.g., sharing, rating). |
Categories of personal data | Data that we process from registered visitors to our fanpage:
User ID under which you have registered, released profile data (e.g. name details, occupation, addresses, contact data, if needed also special categories of personal data such as religious affiliation, health data, etc.), data that is generated during content sharing, message exchange and communication, data that is required in the course of contract processing at the request of registered visitors; otherwise we only process pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
Data that we process from non-registered visitors to our fanpage:
Pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
|
Data that the platform operator processes about registered and unregistered visitors to our fanpage can be found in the following links:
https://www.facebook.com/privacy/explanation https://help.instagram.com/519522125107875 The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
|
Data Source | We receive the data directly from the data subjects or from the platform operator. |
Where the platform operator obtains the data of the data subjects can be found under the following links:
https://www.facebook.com/privacy/explanation https://help.instagram.com/519522125107875 We have no influence or effective control over whether the data acquisition by the platform operator is permissible. |
|
Legal basis for data processing | We process the data on based on the following legal bases:
– Art. 6 (1) a) GDPR: Consent of the data subjects – Art. 6 (1) b) GDPR, if applicable: Execution of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject – Art. 6 (1) f) GDPR: Justified interest o Simplification of communication and data exchange by supplementing the existing communication channels, such as the Internet presence, press releases, print products and events, with the fanpage. o Sales promotion of our products and services or the demand as well as the recruitment of junior staff by transparent appearance and regular contributions to our agency life and work as well as communication and PR topics, according to our service portfolio. o Optimization of our fanpage. We process special categories of personal data, if at all, only based on the following legal bases: – Art. 9 (2) a) GDPR: Consent of the data subject – Art. 9 (2) e) GDPR: The data subject has made the personal data public manifestly. |
The legal basis on which the platform operator bases data processing can be found in the following links:
https://www.facebook.com/about/privacy/legal_bases https://help.instagram.com/519522125107875 If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator will obtain the consent of the data subjects in advance. In particular, the platform operator is obliged to inform the data subjects for what purposes and on what legal basis entries in the so-called Local Storage are generated by the first visit to a fanpage, even for non-registered visitors, and whether personal data of non-registered visitors (e.g. IP address or other data that condenses into personal data) is also used to create profiles. We have no influence or effective control over whether the data processing by the platform operator is permissible. |
|
Purposes of data processing | The data will be processed for the following purposes:
– Public image and advertising – Communication and data exchange – Event management |
Information on the purposes for which the platform operator processes the data can be found under the following link:
https://www.facebook.com/privacy/explanation https://help.instagram.com/519522125107875 We have no influence on the purposes for which the platform operator actually uses the data. In addition, we have no effective means of control in this matter. |
|
Storage duration | In terms of Art. 26 (1) GDPR the platform operator is obligated to store and delete data in accordance with the agreement.
Information on this can be found under the following link: https://www.facebook.com/privacy/explanation https://help.instagram.com/519522125107875 We have no influence on how the platform operator determines the ruled deletion periods and how the data is deleted. In addition, we have no effective means of control in this matter. |
Recipient categories
|
The data processed by us can only be accessed by our employees who maintain our fanpage and need the data for the above-mentioned purposes. If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors. |
The following link lists the recipient categories to which the platform operator discloses the data or enables registered visitors to disclose their data, as well as information on internal data exchange within the group:
https://www.facebook.com/privacy/explanation https://help.instagram.com/519522125107875 We have no influence on the disclosure of the data to the individual recipients (and categories) by the platform operator. In addition, we have no effective means of control in this matter. |
|
Data transfers to third-party countries
|
If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors worldwide.
In the context of the operation of our fan page, the data is also processed by Facebook Inc. The associated data transfer to the USA as a third country is currently taking place due to technical necessity of the data partially accessed in the USA without an adequate level of data protection. Please note that due to the decision of the European Court of Justice on the invalidity of the privacy shield, the data transfer to the USA may possibly be carried out without an adequate level of data protection and we are therefore currently working on a solution. If you nevertheless call up our fan page, we would like to point out explicitly that your basic rights under Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union (CFR) are not adequately taken into account in the USA. Additional measures to ensure greater protection of personal data and privacy, and effective legal protection for data/privacy subjects are currently in preparation. |
The platform operator will transfer, store and otherwise process the data in the United States, Ireland and any other country in which the platform operator operates, regardless of the residence of the data subjects.
The associated data transfers to third-party countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR: https://www.facebook.com/privacy/explanation https://help.instagram.com/519522125107875 We have no influence on the data transfers made by the platform operator to third-party countries. In addition, we have no effective means of control in this matter. |
|
Involved logic and scope of a profiling or an automated individual decision based on the collected data | If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator is obligated to inform about this in accordance with the agreement in terms of Art. 26 (1) GDPR. In particular, the platform operator is obligated to inform the data subjects of the purposes and legal basis if a session cookie and three cookies with a lifetime from four months to two years are stored on our fan page after calling up a subpage.
Information for this can be found under the following links: https://www.facebook.com/privacy/explanation https://www.facebook.com/policies/cookies/ https://help.instagram.com/519522125107875 The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
Rights of data subjects | The jointly responsible persons must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator based on the agreement pursuant to Art. 26 (1) GDPR:
https://www.facebook.com/help/contact/540977946302970 Data subjects have a right to access, rectify or delete personal data concerning them or a right to limit data processing by the data controller if certain conditions are met pursuant to Art. 15 to Art. 18 GDPR. Data subjects also have the right to revoke their consent to the processing of their personal data at any time with effect for the future (Art. 7 (3) GDPR). Furthermore, they can object to the further processing of their data, which is based exclusively on the legitimate interest of the data controller in accordance with Art. 6 (1) f) GDPR (Art. 21 (1) GDPR), provided that their particular personal situation indicates interests worthy of protection in the exclusion of data processing and that there are no longer any compelling grounds worthy of protection for the data controller for further data processing. If personal data is processed for the purpose of direct marketing, data subjects have the right to object to this processing at any time with effect for the future (Art. 21 (2) GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) a), Art. 9 (1) a) GDPR or pursuant to Art. 6 (1) b) GDPR on a contract with the data subject and is carried out using automated procedures, the data subjects may, pursuant to Art. 20 (1) GDPR, request that the personal data stored about them be retained in a structured, common and machine-readable format or that they be transmitted to a third party selected by the data subject. In general, data subjects have the right not to be subject to an automated individual decision pursuant to Art. 22 (1) GDPR. To the extent that such an automated individual decision is permissible under Art. 22 (2) a) to c) GDPR, data subjects are granted the following rights under Art. 22 (3) GDPR: the right to present one’s own position, the right to object to the intervention of a person on the part of the person responsible, the right to contest the automated individual decision (right of appeal). Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/. Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they are in the opinion that the processing of their personal data violates the Basic Data Protection Regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is: Data Protection Commission 21 Fitzwilliam Square, Dublin 2 Webadresse: https://www.dataprotection.ie/docs/Contact-us/b/11.htm Webadresse: http://gdprandyou.ie/contact-us/ |
Social network | Twitter
We point out that Twitter is just another of several options for contacting us or receiving information from us. Alternatively, the information offered via our Facebook account can also be found on our website at www.flutlicht.biz. |
Responsible person with whom the fanpage is operated together (‘platform operator’) | Twitter Inc. 1355 Market Street #900San FranciscoCA 94103USAResponsible for data processing for people living within the European Union:Twitter International CompanyOne Cumberland PlaceFenian StreetDublin 2 D02 AX07 Irland |
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the jointly responsible persons who fulfilled which obligation under the GDPR | The agreement pursuant to Art. 26 (1) GDPR can be found at the following link:
Link derzeit noch nicht verfügbar The platform operator provides the essential contents of this agreement to the data subjects. |
Contact for privacy policy | The contact for privacy policy can be taken from our privacy policy linked here. |
the privacy policy officer of the platform operator can be contacted under the following web form: https://support.twitter.com/forms/privacy https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.aspor at the following addresses:Twitter International Company Attn: Data Protection Officer One Cumberland Place, Fenian Street Dublin 2, D02 AX07 IRLANDTwitter, Inc. Attn: Privacy Policy Inquiry 1355 Market Street, Suite 900 San Francisco, CA 94103Furthermore, data subjects have the possibility to request further information: https://support.twitter.com/articles/20170320# |
|
Categories of data subjects | Im Sozialen Netzwerk registrierte als auch nicht registrierte Besucher unserer Fanpage
We inform the data subjects that they use the short message service Twitter and its functions on their own responsibility. This is especially true for the use of interactive features (e.g., sharing, rating). |
Categories of personal data | Data that we process from registered visitors to our fanpage:
User ID or user name under which the data subjects have registered, released profile data (name, e-mail address, telephone number), data that is generated when sharing content, re-tweeting the tweets, writing tweets that refer to the Twitter account of the data subjects, exchanging messages and communication, data that is required as part of contract processing at the request of the registered visitors, other data and content freely published and distributed by the data subjects on Twitter or via their Twitter account; Otherwise, only certain, non-personal or pseudonymous data is visible to us, such as data about the tweet activity (e.g. the number of profile or link clicks through a particular tweet). The non-personal or pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. IP address, name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
Data that we process from non-registered visitors to our fanpage:
Only certain non-personal or pseudonymized data is visible to as, such as data about tweet activit (e.g. number of profile or link clicks through a particular tweet). The non-personal or pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. IP address, name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
|
Data that we process from our website visitors:
By including the Twitter button (pure link) or the tweets on our website, the IP addresses of our website visitors are not transmitted to the platform operator. |
|
Data processed by the platform operator about the registered and unregistered visitors to our fanpage:
Voluntarily entered data such as user ID or user name under which the visitors have registered, released profile data (name, e-mail address, telephone number), contacts in their address book if the data subjects upload or synchronise it, where applicable payment information. The platform operator also evaluates the content shared by registered visitors based on what topics they are interested in, stores and processes confidential messages that they send directly to other users, and can determine their location based on GPS data, wireless network information or their IP address to provide advertising or other content. Furthermore, the platform operator also receives information for instance when visitors view content, even if they have not created a Twitter account. This so-called “log data” can include the IP address, browser type, operating system, information about the previously visited website and pages, their location, their mobile provider, the terminal they are using (including device ID and application ID), the search terms they are using and cookie information. Twitter buttons or widgets embedded in websites and the use of cookies also enable the platform operator to record the visits of registered visitors to these websites and assign them to their Twitter profile. This data can be used to offer content or advertising tailored to them. Further information on the data processed by the platform operator can be found in the following link: https://twitter.com/de/privacy The platform operator may use various analysis tools for evaluation purposes, such as Twitter- and Google-Analytics. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
|
Data Source | We receive the data directly from the data subjects or from the platform operator. |
Where the platform operator obtains the data of the data subjects can be found under the following link: https://twitter.com/de/privacy
We have no influence or effective control over whether the data acquisition by the platform operator is permissible. |
|
Legal basis for data processing | We process the data on based on the following legal bases:
– Art. 6 (1) a) GDPR: Consent of the data subjects – Art. 6 (1) b) GDPR, if applicable: Execution of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject – Art. 6 (1) f) GDPR: Justified interest o Simplification of communication and data exchange by supplementing the existing communication channels, such as the Internet presence, press releases, print products and events, with the fanpage. o Sales promotion of our products and services or the demand as well as the recruitment of junior staff by transparent appearance and regular contributions to our agency life and work as well as communication and PR topics, according to our service portfolio. o Optimization of our fanpage. We process special categories of personal data, if at all, only based on the following legal bases: – Art. 9 (2) a) GDPR: Consent of the data subject – Art. 9 (2) e) GDPR: The data subject has made the personal data public manifestly. |
The legal basis on which the platform operator bases data processing can be found in the following link:
https://twitter.com/de/privacy We have no influence or effective control over whether the data processing by the platform operator is permissible. |
|
Purposes of data processing | The data will be processed for the following purposes:
– Public image and advertising – Communication and data exchange – Event management |
Information on the purposes for which the platform operator processes the data can be found under the following link: https://twitter.com/de/privacy
We have no influence on the purposes for which the platform operator actually uses the data. In addition, we have no effective means of control in this matter. |
|
Storage duration | In terms of Art. 26 (1) GDPR the platform operator is obligated to store and delete data in accordance with the agreement.
Information on this can be found under the following link: https://twitter.com/de/privacy We have no influence on how the platform operator determines the ruled deletion periods and how the data is deleted. In addition, we have no effective means of control in this matter. |
Recipient categories
|
The data processed by us can only be accessed by our employees who maintain our fanpage and need the data for the above-mentioned purposes. If the data subjects post their data publicly on our fan page, publish it freely on Twitter and distribute it, this data is included in our offer on our fan page and can be accessed by our followers, other registered and possibly also non-registered visitors. |
The following link lists the recipient categories to which the platform operator discloses the data or enables registered visitors to disclose their data, as well as information on internal data exchange within the group:
https://twitter.com/de/privacy We have no influence on the disclosure of the data to the individual recipients (and categories) by the platform operator. In addition, we have no effective means of control in this matter. |
|
Data transfers to third-party countries
|
If the data subjects post their data publicly on our fan page, publish it freely on Twitter and distribute it, this data is included in our offer on our fan page and can be accessed by our followers, other registered and possibly also non-registered visitors worldwide. In the context of the operation of our fanpage, the data is also processed by Twitter Inc.
In the context of the operation of our fan page, the data is also processed by Twitter Inc. The associated data transfer to the USA as a third country is currently taking place due to technical necessity of the data partially accessed in the USA without an adequate level of data protection. Please note that due to the decision of the European Court of Justice on the invalidity of the privacy shield, the data transfer to the USA may possibly be carried out without an adequate level of data protection and we are therefore currently working on a solution. If you nevertheless call up our fan page, we would like to point out explicitly that your basic rights under Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union (CFR) are not adequately taken into account in the USA. |
The platform operator will transfer, store and otherwise process the data in the United States, Ireland and any other country in which the platform operator operates, regardless of the residence of the data subjects.
The associated data transfers to third-party countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR: https://twitter.com/de/privacy We have no influence on the data transfers made by the platform operator to third-party countries. In addition, we have no effective means of control in this matter. |
|
Involved logic and scope of a profiling or an automated individual decision based on the collected data | If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator is obligated to inform about this in accordance with the agreement in terms of Art. 26 (1) GDPR. Information for this can be found under the following link: https://twitter.com/de/privacy
The platform operator may use various analysis tools for evaluation purposes, such as Twitter- and Google-Analytics. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
Rights of data subjects | The jointly responsible persons must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator:
Data subjects have a right to access, rectify or delete personal data concerning them or a right to limit data processing by the data controller if certain conditions are met pursuant to Art. 15 to Art. 18 GDPR. Data subjects also have the right to revoke their consent to the processing of their personal data at any time with effect for the future (Art. 7 (3) GDPR). Furthermore, they can object to the further processing of their data, which is based exclusively on the legitimate interest of the data controller in accordance with Art. 6 (1) f) GDPR (Art. 21 (1) GDPR), provided that their particular personal situation indicates interests worthy of protection in the exclusion of data processing and that there are no longer any compelling grounds worthy of protection for the data controller for further data processing. If personal data is processed for the purpose of direct marketing, data subjects have the right to object to this processing at any time with effect for the future (Art. 21 (2) GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) a), Art. 9 (1) a) GDPR or pursuant to Art. 6 (1) b) GDPR on a contract with the data subject and is carried out using automated procedures, the data subjects may, pursuant to Art. 20 (1) GDPR, request that the personal data stored about them be retained in a structured, common and machine-readable format or that they be transmitted to a third party selected by the data subject. In general, data subjects have the right not to be subject to an automated individual decision pursuant to Art. 22 (1) GDPR. To the extent that such an automated individual decision is permissible under Art. 22 (2) a) to c) GDPR, data subjects are granted the following rights under Art. 22 (3) GDPR: the right to present one’s own position, the right to object to the intervention of a person on the part of the person responsible, the right to contest the automated individual decision (right of appeal). è Data subjects have the possibility to restrict the processing of their data in the general settings of their Twitter account as well as under “Privacy and security”. In addition, in the case of mobile devices (smartphones, tablet computers) they can restrict the platform operator’s access to contact and calendar data, photos, location data, etc. in the settings available there. However, this depends on the operating system used. è Data subjects can learn about the possibility of viewing their own data stored by the platform operator here: https://support.twitter.com/articles/20172711# è Information on the existing personalization and data protection settings can be found here (with further references): https://twitter.com/personalization è As Twitter Inc. is a non-European provider with a European branch only in Ireland, it is not bound by German data protection regulations according to its own interpretation. This concerns, for example, the rights to information, blocking or deletion of data or the possibility to object to the use of usage data for advertising purposes. è Based on the agreements regarding the EU-US Privacy Shield, Twitter Inc. must grant the data subjects various rights, which they can then assert directly against Twitter Inc.: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp è Further information can be found in the following link: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp è Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/. Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they are in the opinion that the processing of their personal data violates the Basic Data Protection Regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is: Data Protection Commission 21 Fitzwilliam Square, Dublin 2 Webadresse: https://www.dataprotection.ie/docs/Contact-us/b/11.htm Webadresse: http://gdprandyou.ie/contact-us/ |
Youtube
Social network | YouTube
We point out that YouTube is just another of several options for contacting us or receiving information from us. Alternatively, the information offered via our YouTube account can also be found on our website at www.flutlicht.biz. |
Responsible person with whom the fanpage is operated together (‘platform operator’) | Google LLC 1600 Amphitheatre PkwyMountain ViewCA, 94043 USAResponsible for data processing for people living within the European Union:Google Ireland Ltd.Gordon House, Barrow Street, Dublin 4 Irland |
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the jointly responsible persons who fulfilled which obligation under the GDPR | The agreement pursuant to Art. 26 (1) GDPR can be found at the following link:
Link not available yet! The platform operator provides the essential contents of this agreement to the data subjects.
|
Contact for privacy policy | The contact for privacy policy can be taken from our privacy policy linked here or the privacy policy officer of the platform operator can be contacted under the following web form: https://support.google.com/policies/troubleshooter/7575787?hl=de |
Categories of data subjects | Registered in the social network as well as unregistered visitors to our fanpage.
We inform the data subjects that they use YouTube and its functions on their own responsibility. This is especially true for the use of interactive features (e.g., sharing, rating). |
Categories of personal data | User ID under which you have registered, released profile data (e.g. name details, occupation, addresses, contact data, if needed also special categories of personal data such as religious affiliation, health data, etc.), data that is generated during content sharing, message exchange and communication, data that is required in the course of contract processing at the request of registered visitors; otherwise we only process pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language).
The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
Data that we process from non-registered visitors to our fanpage:
Pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
|
Data that the platform operator processes about registered and unregistered visitors to our fanpage can be found in the following link:
https://policies.google.com/privacy/update?hl=de&gl=de The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
|
Data Source | We receive the data directly from the data subjects or from the platform operator. |
Where the platform operator obtains the data of the data subjects can be found under the following link: https://policies.google.com/privacy/update?hl=de&gl=de
We have no influence or effective control over whether the data acquisition by the platform operator is permissible. |
|
Legal basis for data processing | We process the data on based on the following legal bases:
– Art. 6 (1) a) GDPR: Consent of the data subjects – Art. 6 (1) b) GDPR, if applicable: Execution of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject – Art. 6 (1) f) GDPR: Justified interest o Simplification of communication and data exchange by supplementing the existing communication channels, such as the Internet presence, press releases, print products and events, with the fanpage. o Sales promotion of our products and services or the demand as well as the recruitment of junior staff by transparent appearance and regular contributions to our agency life and work as well as communication and PR topics, according to our service portfolio. o Optimization of our fanpage. We process special categories of personal data, if at all, only based on the following legal bases: – Art. 9 (2) a) GDPR: Consent of the data subject – Art. 9 (2) e) GDPR: The data subject has made the personal data public manifestly. |
The legal basis on which the platform operator bases data processing can be found in the following link:
https://policies.google.com/privacy/update?hl=de&gl=de If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator will obtain the consent of the data subjects in advance. In particular, the platform operator is obliged to inform the data subjects for what purposes and on what legal basis entries in the so-called Local Storage are generated by the first visit to a fanpage, even for non-registered visitors, and whether personal data of non-registered visitors (e.g. IP address or other data that condenses into personal data) is also used to create profiles. We have no influence or effective control over whether the data processing by the platform operator is permissible. |
|
Purposes of data processing | data will be processed for the following purposes:
– Public image and advertising – Communication and data exchange – Event management |
Information on the purposes for which the platform operator processes the data can be found under the following link: https://policies.google.com/privacy/update?hl=de&gl=de
We have no influence on the purposes for which the platform operator actually uses the data. In addition, we have no effective means of control in this matter. |
|
Storage duration | In terms of Art. 26 (1) GDPR the platform operator is obligated to store and delete data in accordance with the agreement.
Information on this can be found under the following link: https://policies.google.com/privacy/update?hl=de&gl=de We have no influence on how the platform operator determines the ruled deletion periods and how the data is deleted. In addition, we have no effective means of control in this matter. |
Recipient categories
|
The data processed by us can only be accessed by our employees who maintain our fanpage and need the data for the above-mentioned purposes. If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors. |
The following link lists the recipient categories to which the platform operator discloses the data or enables registered visitors to disclose their data, as well as information on internal data exchange within the group:
https://policies.google.com/privacy/update?hl=de&gl=de We have no influence on the disclosure of the data to the individual recipients (and categories) by the platform operator. In addition, we have no effective means of control in this matter. |
|
Data transfers to third-party countries
|
If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors worldwide.
In the context of the operation of our fanpage, the data is also processed by Facebook Inc. The associated data transfer to the USA as a third-party country without an adequate level of data protection is secured by the EU-US Privacy Shield certification of Google LLC: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. |
The legal basis for the transfer of the Data are the Model Clauses pursuant to Art. 46 para. 2 lit. c GDPR in conjunction with the decision of the EU Commission of 5 February 2010 (2010/87/EU). Additional measures to ensure a higher level of protection of personal data and effective legal protection for data subjects are currently in preparation.
We have no influence on the data transfers made by the platform operator to third-party countries. In addition, we have no effective means of control in this matter. |
|
Involved logic and scope of a profiling or an automated individual decision based on the collected data | If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator is obligated to inform about this in accordance with the agreement in terms of Art. 26 (1) GDPR. In particular, the platform operator is obligated to inform the data subjects of the purposes and legal basis if a session cookie and three cookies with a lifetime from four months to two years are stored on our fan page after calling up a subpage.
Information for this can be found under the following link: https://policies.google.com/privacy/update?hl=de&gl=de The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
Rights of data subjects | The jointly responsible persons must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator based on the agreement pursuant to Art. 26 (1) GDPR:
Data subjects have a right to access, rectify or delete personal data concerning them or a right to limit data processing by the data controller if certain conditions are met pursuant to Art. 15 to Art. 18 GDPR. Data subjects also have the right to revoke their consent to the processing of their personal data at any time with effect for the future (Art. 7 (3) GDPR). Furthermore, they can object to the further processing of their data, which is based exclusively on the legitimate interest of the data controller in accordance with Art. 6 (1) f) GDPR (Art. 21 (1) GDPR), provided that their particular personal situation indicates interests worthy of protection in the exclusion of data processing and that there are no longer any compelling grounds worthy of protection for the data controller for further data processing. If personal data is processed for the purpose of direct marketing, data subjects have the right to object to this processing at any time with effect for the future (Art. 21 (2) GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) a), Art. 9 (1) a) GDPR or pursuant to Art. 6 (1) b) GDPR on a contract with the data subject and is carried out using automated procedures, the data subjects may, pursuant to Art. 20 (1) GDPR, request that the personal data stored about them be retained in a structured, common and machine-readable format or that they be transmitted to a third party selected by the data subject. In general, data subjects have the right not to be subject to an automated individual decision pursuant to Art. 22 (1) GDPR. To the extent that such an automated individual decision is permissible under Art. 22 (2) a) to c) GDPR, data subjects are granted the following rights under Art. 22 (3) GDPR: the right to present one’s own position, the right to object to the intervention of a person on the part of the person responsible, the right to contest the automated individual decision (right of appeal). Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/. Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they are in the opinion that the processing of their personal data violates the Basic Data Protection Regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is: Data Protection Commission 21 Fitzwilliam Square, Dublin 2 Webadresse: https://www.dataprotection.ie/docs/Contact-us/b/11.htm Webadresse: http://gdprandyou.ie/contact-us/ |
Social network | LinkedIn:
We point out that LinkedIn is just another of several options for contacting us or receiving information from us. Alternatively, the information offered via our LinkedIn account can also be found on our website at www.flutlicht.biz. |
Responsible person with whom the fanpage is operated together (‘platform operator’) | LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085 USA
Responsible for data processing of people living in the European Union (EU) and in the European Economic Area (EEA) as well as in Switzerland: LinkedIn Ireland Unlimited Company Wilton Place Dublin 2 Ireland |
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the jointly responsible persons who fulfilled which obligation under the GDPR | The platform operator provides the essential contents of this agreement to the data subjects. Link noch nicht verfügbar
|
Contact for privacy policy
|
The contact for privacy policy can be taken from our privacy policy linked here. |
The privacy policy officer of the platform operator can be contacted under the following web form https://www.linkedin.com/help/linkedin/ask/TSO-DPO or at the following address:
Jonathan Adams LinkedIn Corporation Legal Department – Privacy 1000 W. Maude Ave. |
|
Categories of data subjects | Registered in the social network as well as unregistered visitors to our fanpage.
We inform the data subjects that they use facebook and its functions on their own responsibility. This is especially true for the use of interactive features (e.g., sharing, rating). |
Categories of personal data | Data that we process from registered visitors to our fan page:
User ID or user name under which the data subjects have registered, released profile data (name, e-mail address, telephone number), ProFinder profile data, education, professional experience, salary expectations, photo, location data, knowledge and confirmations of knowledge, professional achievements (e.g. granting of patents, professional recognition, projects), possibly also special categories of personal data such as religious affiliation, health data, etc., Data that are generated during content sharing, message exchange and communication, data that is required as part of contract initiation and processing at the request of registered visitors, other data and content freely published, made available, distributed, posted or uploaded by the data subjects at LinkedIn or via their LinkedIn account. Otherwise, we only process pseudonymized data such as statistics and insights on how our fanpage, the articles, pages, videos and other content provided through it is interacted with (page activities, page views, “Like” information, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
Data that we process from non-registered visitors to our fanpage:
Pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
|
Data that we process from our website visitors:
By including the LinkedIn button (pure link) on our website, no IP addresses of our website visitors are transferred to the platform operator. |
|
Data that the platform operator processes about registered and unregistered visitors to our fanpage can be found in the following link:
https://www.linkedin.com/legal/privacy-policy The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
|
Data Source | We receive the data directly from the data subjects or from the platform operator. |
Where the platform operator obtains the data of the data subjects can be found under the following link: https://www.linkedin.com/legal/privacy-policy
We have no influence or effective control over whether the data acquisition by the platform operator is permissible. |
|
Legal basis for data processing | We process the data on based on the following legal bases:
– Art. 6 (1) a) GDPR: Consent of the data subjects – Art. 6 (1) b) GDPR, if applicable: Execution of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject – Art. 6 (1) f) GDPR: Justified interest o Simplification of communication and data exchange by supplementing the existing communication channels, such as the Internet presence, press releases, print products and events, with the fanpage. o Sales promotion of our products and services or the demand as well as the recruitment of junior staff by transparent appearance and regular contributions to our agency life and work as well as communication and PR topics, according to our service portfolio. o Optimization of our fanpage. We process special categories of personal data, if at all, only based on the following legal bases: – Art. 9 (2) a) GDPR: Consent of the data subject – Art. 9 (2) e) GDPR: The data subject has made the personal data public manifestly. |
The legal basis on which the platform operator bases data processing can be found in the following link:
https://www.linkedin.com/legal/privacy-policy We have no influence or effective control over whether the data processing by the platform operator is permissible. |
|
Purposes of data processing | The data will be processed for the following purposes:
– Public image and advertising – Communication and data exchange – Event management |
Information on the purposes for which the platform operator processes the data can be found under the following link: https://www.linkedin.com/legal/privacy-policy
We have no influence on the purposes for which the platform operator actually uses the data. In addition, we have no effective means of control in this matter. |
|
Storage duration | In terms of Art. 26 (1) GDPR the platform operator is obligated to store and delete data in accordance with the agreement.
Information on this can be found under the following link: https://www.linkedin.com/legal/privacy-policy We have no influence on how the platform operator determines the ruled deletion periods and how the data is deleted. In addition, we have no effective means of control in this matter. |
Recipient categories
|
The data processed by us can only be accessed by our employees who maintain our fanpage and need the data for the above-mentioned purposes. If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors. |
The following link lists the recipient categories to which the platform operator discloses the data or enables registered visitors to disclose their data, as well as information on internal data exchange within the group:
https://www.linkedin.com/legal/privacy-policy We have no influence on the disclosure of the data to the individual recipients (and categories) by the platform operator. In addition, we have no effective means of control in this matter. |
|
Data transfers to third-party countries
|
If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors worldwide.
In the context of the operation of our fan page, the data is also processed by LinkedIn Corporation. The associated data transfer to the USA as a third country is currently taking place due to technical necessity of the data partially accessed in the USA without an adequate level of data protection. Please note that due to the decision of the European Court of Justice on the invalidity of the privacy shield, the data transfer to the USA may possibly be carried out without an adequate level of data protection and we are therefore currently working on a solution. If you nevertheless call up our fan page, we would like to point out explicitly that your basic rights under Art. 7, 8 and 47 of the Charter of Fundamental Rights of the European Union (CFR) are not adequately taken into account in the USA. Additional measures to ensure greater protection of personal data and privacy, and effective legal protection for data/privacy subjects are currently in preparation. |
The platform operator will transfer, store and otherwise process the data in the United States, Ireland and any other country in which the platform operator operates, regardless of the residence of the data subjects.
The associated data transfers to third-party countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR: https://www.linkedin.com/legal/privacy-policy We have no influence on the data transfers made by the platform operator to third-party countries. In addition, we have no effective means of control in this matter. |
|
Involved logic and scope of a profiling or an automated individual decision based on the collected data | If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator is obligated to inform about this in accordance with the agreement in terms of Art. 26 (1) GDPR. In particular, the platform operator is obligated to inform the data subjects of the purposes and legal basis if a session cookie and three cookies with a lifetime from four months to two years are stored on our fan page after calling up a subpage.
Information for this can be found under the following links: https://www.linkedin.com/legal/privacy-policy https://www.linkedin.com/legal/cookie-policy The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
Rights of data subjects | The jointly responsible persons must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator based on the agreement pursuant to Art. 26 (1) GDPR:
Data subjects have a right to access, rectify or delete personal data concerning them or a right to limit data processing by the data controller if certain conditions are met pursuant to Art. 15 to Art. 18 GDPR. Data subjects also have the right to revoke their consent to the processing of their personal data at any time with effect for the future (Art. 7 (3) GDPR). Furthermore, they can object to the further processing of their data, which is based exclusively on the legitimate interest of the data controller in accordance with Art. 6 (1) f) GDPR (Art. 21 (1) GDPR), provided that their particular personal situation indicates interests worthy of protection in the exclusion of data processing and that there are no longer any compelling grounds worthy of protection for the data controller for further data processing. If personal data is processed for the purpose of direct marketing, data subjects have the right to object to this processing at any time with effect for the future (Art. 21 (2) GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) a), Art. 9 (1) a) GDPR or pursuant to Art. 6 (1) b) GDPR on a contract with the data subject and is carried out using automated procedures, the data subjects may, pursuant to Art. 20 (1) GDPR, request that the personal data stored about them be retained in a structured, common and machine-readable format or that they be transmitted to a third party selected by the data subject. In general, data subjects have the right not to be subject to an automated individual decision pursuant to Art. 22 (1) GDPR. To the extent that such an automated individual decision is permissible under Art. 22 (2) a) to c) GDPR, data subjects are granted the following rights under Art. 22 (3) GDPR: the right to present one’s own position, the right to object to the intervention of a person on the part of the person responsible, the right to contest the automated individual decision (right of appeal). è Information on the existing personalization and data protection settings can be found here (with further references): https://privacy.linkedin.com/de-de/faq è Further information about this social network and other social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/. Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they are in the opinion that the processing of their personal data violates the Basic Data Protection Regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is: Data Protection Commission 21 Fitzwilliam Square, Dublin 2 Web address: https://www.dataprotection.ie/docs/Contact-us/b/11.htm Web address: http://gdprandyou.ie/contact-us/ |
Social network | Xing:
We point out that Xing is just another of several options for contacting us or receiving information from us. Alternatively, the information offered via our Xing account can also be found on our website at www.flutlicht.biz. |
Responsible person with whom the fanpage is operated together (‘platform operator’) | XING SE
Dammtorstraße 30 20354 Hamburg Deutschland |
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the jointly responsible persons who fulfilled which obligation under the GDPR | The platform operator provides the essential contents of this agreement to the data subjects: Link derzeit noch nicht verfügbar
|
Contact for privacy policy | The contact for privacy policy can be taken from our privacy policy linked here. |
The privacy policy officer of the platform operator can be contacted under the following web form: https://www.xing.com/settings/privacy/data/disclosure or at the following address:
Xing SE Dammtorstraße 30 20354 Hamburg Deutschland Tel.: +49 40 419 131-0 Fax: +49 40 419 131-11 E-Mail: info@xing.com |
|
Categories of data subjects | Registered in the social network as well as unregistered visitors to our fanpage.
We inform the data subjects that they use facebook and its functions on their own responsibility. This is especially true for the use of interactive features (e.g., sharing, rating). |
Categories of personal data | Data that we process from registered visitors to our fan page:
User ID or user name under which the data subjects have registered, released profile data (name, e-mail address, telephone number), ProFinder profile data, education, work experience, salary expectations, photo, location data, knowledge and confirmations of knowledge, professional achievements (e.g. granting of patents, professional recognition, projects), possibly also special categories of personal data such as religious affiliation, health data, etc., Data that is generated during content sharing, message exchange and communication, data that is required as part of contract initiation and processing at the request of registered visitors, other data and content freely published, made available, disseminated, posted or uploaded by the data subjects on Xing or via their Xing account. Otherwise, we only process pseudonymised data such as statistics and insights on how our fan page, the articles, pages, videos and other content provided via it is interacted with (page activities, page views, “Like” information, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
Data that we process from non-registered visitors to our fanpage:
Pseudonymised data such as statistics and insights on how our fanpage, the articles, pages, videos and other provided content is interacted with (page activities, page views, informatione on “Likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language). The pseudonymised data cannot be merged by us with the corresponding attribution feature (e.g. name details). Thus it is not possible for us to identify individual visitors, who thus remain anonymous to us. |
|
Data that we process from our website visitors:
By including the Xing button (pure link) on our website, no IP addresses of our website visitors are transferred to the platform operator. |
|
Data that the platform operator processes about registered and unregistered visitors to our fanpage can be found in the following link:
https://privacy.xing.com/de/datenschutzerklaerung The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
|
Data Source | We receive the data directly from the data subjects or from the platform operator. |
Where the platform operator obtains the data of the data subjects can be found under the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence or effective control over whether the data acquisition by the platform operator is permissible. |
|
Legal basis for data processing | We process the data on based on the following legal bases:
– Art. 6 (1) a) GDPR: Consent of the data subjects – Art. 6 (1) b) GDPR, if applicable: Execution of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject – Art. 6 (1) f) GDPR: Justified interest o Simplification of communication and data exchange by supplementing the existing communication channels, such as the Internet presence, press releases, print products and events, with the fanpage. o Sales promotion of our products and services or the demand as well as the recruitment of junior staff by transparent appearance and regular contributions to our agency life and work as well as communication and PR topics, according to our service portfolio. o Optimization of our fanpage. We process special categories of personal data, if at all, only based on the following legal bases: – Art. 9 (2) a) GDPR: Consent of the data subject – Art. 9 (2) e) GDPR: The data subject has made the personal data public manifestly. |
The legal basis on which the platform operator bases data processing can be found in the following link:
https://privacy.xing.com/de/datenschutzerklaerung We have no influence or effective control over whether the data processing by the platform operator is permissible. |
|
Purposes of data processing | The data will be processed for the following purposes:
– Public image and advertising – Communication and data exchange – Event management |
Information on the purposes for which the platform operator processes the data can be found under the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence on the purposes for which the platform operator actually uses the data. In addition, we have no effective means of control in this matter. |
|
Storage duration | In terms of Art. 26 (1) GDPR the platform operator is obligated to store and delete data in accordance with the agreement.
Information on this can be found under the following link: https://privacy.xing.com/de/datenschutzerklaerung We have no influence on how the platform operator determines the ruled deletion periods and how the data is deleted. In addition, we have no effective means of control in this matter. |
Recipient categories
|
The data processed by us can only be accessed by our employees who maintain our fanpage and need the data for the above-mentioned purposes. If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors. |
The following link lists the recipient categories to which the platform operator discloses the data or enables registered visitors to disclose their data, as well as information on internal data exchange within the group: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence on the disclosure of the data to the individual recipients (and categories) by the platform operator. In addition, we have no effective means of control in this matter. |
|
Data transfers to third-party countries
|
If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also unregistered visitors worldwide. |
Involved logic and scope of a profiling or an automated individual decision based on the collected data | If the data subjects are tracked by collecting their data, whether through the use of cookies or comparable techniques or by storing the IP address, the platform operator is obligated to inform about this in accordance with the agreement in terms of Art. 26 (1) GDPR. Information for this can be found under the following link:
https://privacy.xing.com/de/datenschutzerklaerung The platform operator may use various analysis tools for evaluation purposes. We have no influence on the use of such tools by the platform operator and have not been informed about such potential use. Should tools of this kind be used by the platform operator for our fanpage, we have neither commissioned nor approved this nor supported it in any other way. Also, the data obtained during the analysis will not be made available to us. In addition, we have no possibility to prevent or stop the use of such tools on our fanpage and no other effective means of control. |
Rights of data subjects | The jointly responsible persons must grant the data subjects various rights with regard to the processing of their data, which they can assert directly against the platform operator based on the agreement pursuant to Art. 26 (1) GDPR:
Data subjects have a right to access, rectify or delete personal data concerning them or a right to limit data processing by the data controller if certain conditions are met pursuant to Art. 15 to Art. 18 GDPR. Data subjects also have the right to revoke their consent to the processing of their personal data at any time with effect for the future (Art. 7 (3) GDPR). Furthermore, they can object to the further processing of their data, which is based exclusively on the legitimate interest of the data controller in accordance with Art. 6 (1) f) GDPR (Art. 21 (1) GDPR), provided that their particular personal situation indicates interests worthy of protection in the exclusion of data processing and that there are no longer any compelling grounds worthy of protection for the data controller for further data processing. If personal data is processed for the purpose of direct marketing, data subjects have the right to object to this processing at any time with effect for the future (Art. 21 (2) GDPR). If the data processing is based on the consent of the data subject pursuant to Art. 6 (1) a), Art. 9 (1) a) GDPR or pursuant to Art. 6 (1) b) GDPR on a contract with the data subject and is carried out using automated procedures, the data subjects may, pursuant to Art. 20 (1) GDPR, request that the personal data stored about them be retained in a structured, common and machine-readable format or that they be transmitted to a third party selected by the data subject. In general, data subjects have the right not to be subject to an automated individual decision pursuant to Art. 22 (1) GDPR. To the extent that such an automated individual decision is permissible under Art. 22 (2) a) to c) GDPR, data subjects are granted the following rights under Art. 22 (3) GDPR: the right to present one’s own position, the right to object to the intervention of a person on the part of the person responsible, the right to contest the automated individual decision (right of appeal). Furthermore, data subjects have the right to lodge a complaint with a supervisory authority if they are in the opinion that the processing of their personal data violates the Basic Data Protection Regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is: The Hamburg Commissioner for Privacy Policy and Freedom of Information Ludwig-Erhard-Str 22, 7. OG 20459 Hamburg Tel.: 040 / 428 54 – 4040 Fax: 040 / 428 54 – 4000 E-Mail: mailbox@datenschutz.hamburg.de |