1. Contact details of the data controller and the data protection officer
kinkaa GbR (also referred to in the following as “kinkaa”, “we” or “us”) offers you the opportunity to use various services free of charge via our website “kinkaa.co.uk” and our mobile applications (“apps”) “kinkaa Shopping”, “kinkaa Hotel” and “kinkaa Flights” (referred to in the following as “services” or “kinkaa websites“).
We are the data controller in the meaning of the General Data Protection Regulation (GDPR). Our contact details are as follows:
Telephone: +49 30 800 970 151
Our data protection officer can be contacted at:
- Data protection officer -
In the following we provide you with comprehensive information about the purpose for which and scope within which we process your personal data during the use of the kinkaa websites.
2. Collection and processing of personal data
You can generally use the kinkaa websites – for which no payment or registration is required – without providing personal data. In certain cases, we will collect the personal data listed in Section 3. This fundamentally only occurs where necessary for the provision of a functional website or app, or for our content and services. We furthermore process personal data in connection with the use of kinkaa where you provide this data voluntarily, e.g. in the context of registration, a competition, an enquiry sent to us, or because there is another legal basis for this (see Section 4).
3. Categories of data processed
As soon as you visit kinkaa.de or use one of the apps, our system automatically collects certain technical information. This can include:
- - Information about the browser type and version used
- - Operating system of the device from which the request originates
- - Mobile device ID
- - Date and time of access
- - Web analysis data / pseudonymised user profile (cookie ID, ad ID etc., see below for more information)
- - Websites from which the user got to our website
- - Websites accessed by the user from our website
Furthermore, we process the following personal data where a contractual relationship exists between you and us, or where you have communicated the data to us in another manner:
- Personal master data (name, address, date of birth)
- Communication data (telephone number, email address)
- Contract master data (contractual relationship, product or contract interest, order history)
- Login data with password
- Invoicing and payment data
- Comments, submissions etc.
4. Reason, content and purposes of processing: The kinkaa websites and services in general
We always process your data on the basis of one or more legal permissions or with your consent.
a. Submission of evaluations and comments
Personal data are collected by kinkaa when you as a customer submit your evaluation of a product, service, service provider or dealer (also referred to in the following as “online shop”), or participate in a survey. In this context, kinkaa collects the data specified in the respective form and the IP address assigned to the device used by you at the relevant point in time.
Information about you will only be published on the affected kinkaa websites where this is marked in the field of the form. In the case of opinions about online shops, these will additionally be shared with the customer or order number specified by you; this is an integral part of our evaluation and comment function, because only then can the online shop gain the opportunity to take notice of your comments or evaluations. We collect and process the data you provide in order to be able to publish your evaluation or comment as desired (Art. 6 Para. 1 lit. b GDPR). In particular, we also require your email address, in order to contact you in the event of complaints and give you the opportunity to respond (Art. 6 Para. 1 lit. c GDPR).
b. Shopping and direct booking function
Based on Art. 6 Para. 1 lit. b) GDPR, we additionally collect personal data when you as a customer submit a contractual offer for certain products listed on the kinkaa websites directly and without forwarding to the websites of the online shops offering these products (the “shopping function” and “direct booking function”). kinkaa collects these data in order to initiate the contract and the handling of your order or booking, and for invoicing the respective online shop for our own mediation service.
kinkaa transmits these personal data to the respective online shop, where this is required for the conclusion and handling of your contract. Where kinkaa and/or the online shop utilises the services of third parties as service providers for the performance and handling of the contract or the service booked, e.g. for the performance of the booking, the handling of payment or the shipping of goods (referred to in the following as “service providers”), the required data will only be shared with these third parties for purposes of the fulfilment and handling of your order. Within the framework of handling your order or booking, you will also receive emails at the email address you provided from the respective online shop (e.g. order or booking confirmation) and possibly also from service providers (e.g. payment confirmation or information on the shipping process).
c. Forms, comparison calculator and payment services for the shopping and direct booking function
Unless otherwise indicated, it is kinkaa itself that collects your data that you enter in the respective contact forms. Please note that data transmission via the internet may be unsecured, and that data may therefore be intercepted or even falsified by unauthorised parties.
When you enter data in contact forms, we will only use the data for the purpose of conducting the communication with you and/or to provide the service you request; this constitutes our legitimate interest. The processing takes place on the basis of Art. 6 Para. 1 lit. b) GDPR.
d. E-Mails and Newsletter
We use your e-mail address to send you our newsletter, if you subscribed and consented to the receipt of it potentially including advertisements. In this case we process your e-mail address to be able to deliver the newsletter as requested (Art 6 para. 1 lit. b GDPR). You may object to the use of your e-mail address for such purposes at any time in writing or via e-mail (firstname.lastname@example.org) effective for the future, without resulting in any costs other than the transmission costs according to basic tariffs.
For our newsletters, we also select the content partly based on your prior use of the kinkaa pages and your expressed interests in products and content, so that we can tailor the respective newsletter to you and your interests. For example, if you looked for sporting goods on the kinkaa pages in the past, we would rather present you sporting goods in our newsletter than other product groups. For this purpose, we also process data that we collected using our cookies (for these cookies, see paragraph 9 c. below), and link them to your e-mail address. The legal basis for this data processing and the display of content relevant to you is Art. 6 para. 1 lit. f GDPR, however you can object to the data processing at any time (see section 16 a).
e. IP addresses
On the internet, every device needs a clear address in order to transmit data, known as its IP address. It is a technical requirement for the IP address to be saved, at least temporarily, in order to facilitate the delivery of the internet page and app content to the device of the user.
aa) Log files
For security purposes, our servers save the IP address in what are known as log files for 14 days, e.g. in order to determine what happens if an attack (DoS) is made on kinkaa websites, or if illegal analysis of our databases occurs. This is based on Art. 6 Para. 1 lit. f GDPR.
bb) Geolocalisation etc.
Before any further or other processing, we abbreviate the IP addresses before each processing step and then process them in an anonymised state. Unabbreviated IP addresses are not saved or processed further.
The processing of the (thus abbreviated) IP addresses allows us to display content with regional relevance on all kinkaa websites that are accessed from within a certain region. This is known as geolocalisation, i.e. assigning an instance of website access to the location from which it is accessed, and takes place exclusively on the basis of anonymised IP addresses, and only to the geographical level of German federal states / regions. Based on the geographical information thus obtained, it is never possible to determine the specific location of a user.
5. Occasion, content and purposes of processing: My favourites and price alert
kinkaa also offers you the following functionalities:
a. My favourites
You can “save” kinkaa products and journey components (e.g. flights and hotels), and these are then available to you on your “My favourites”. You are identified as the owner of your “My favourites” list by cookies that are used. The “My favourites” list allows you to compare products with one another in terms of their characteristics, and to access the price alarm function. The “My favourites” list is additionally filled by kinkaa with any products for which you have not completed the purchase using the “shopping function” from kinkaa. Based on your “My favourites” list entries, you will receive product recommendations via email, for example if the prices of the products you have saved change.
The legal basis here is Art. 6 Para. 1 lit. b GDPR.
f. Price alert
You have the option of setting up a price alarm for products, e.g. if you wish to purchase them for a cheaper price. You then enter your respective target price using the price alarm function. When you use the price alarm, kinkaa saves your products and target prices together with your email address, so that we can inform you in the event of price changes. At the same time, the local storage of your browser saves a value (“true” or “false”), which helps us to decide whether to offer you utilisation suggestions for the price alarm (as a pop-up). You can find an overview of the saved price alarms in your customer account. The legal basis here for processing is also Art. 6 Para. 1 lit. b GDPR.
6. Location of processing
We ourselves do not transfer your personal data to countries outside the European Economic Area ("EEA"), except in cases where it is permitted under the GDPR. Whether third parties, with whom you have your own contractual relationship (such as with Facebook, if you have a Facebook account) transfer data to countries outside the EEA, is beyond our knowledge and influence.
Some of our contractual partners also process data in countries outside the EEA. In order to ensure the protection of your personal rights also in the context of these data transfers, we use the standard contractual clauses of the EU Commission in structuring the contractual relationships with the recipients in third countries in accordance with Art. 46 para. 2 lit. c GDPR.
For the US, the European Commission decided on 12th July 2016, that under the regulations of the EU-U.S. Privacy Shields an appropriate level of data protection exists (adequacy decision, Art. 45 GDPR). Further information - including the certification of the service providers we use - is available at https://www.privacyshield.gov. We only use US service providers who are certified under the EU-US Privacy Shield.
7. Origin of data
In certain cases, we also receive data because you have consented to them being transmitted to us.
As you know, apps are regularly made available to download by third-party providers (e.g. iTunes, Google etc.). If under the applicable terms and conditions of use of such a provider kinkaa GbR becomes your contractual partner for the purchase of the app, we process the data that the third-party provider makes available, in whatever scope is necessary for the fulfilment of contract, so that you can download the app to your mobile device.
8. Disclosure of your data to third parties
We will only disclose your personal data to third parties where this is necessary in order to fulfil our legal obligations to you, and where this is visibly done by or together with another provider (e.g. in the case of cooperation agreements), where we are otherwise legally entitled or obliged to disclose the data, or where you have provided us with corresponding consent.
In certain cases, we also use external service providers or affiliated companies, which we have contracted to process data for us, and which are bound by instructions. Such service providers are contractually bound by us as data processors in accordance with the strict provisions of the GDPR, and are not permitted to use your data for any further purposes. Data processors used by us perform in particular the following services: data centre, newsletter distribution and web/app analysis.
This disclosure of data to data processors takes place on the basis of Art. 28 Para. 1 GDPR, or alternatively on the basis of our legitimate interest in the economic and technical benefits associated with the use of specialised data processors, Art. 6 Para. 1 lit. f GDPR.
Where we are legally obliged to do so, or where this is permitted under data protection law, we disclose personal data to public authorities, e.g. to police or the state prosecutor’s office (Art. 6 Para. 1 lit. c GDPR). The disclosure of this data takes place on the basis of our legitimate interest in combating abuse, the prosecution of crimes, and in safeguarding, asserting and enforcing claims, which are not considered to be outweighed by your rights and interests in the protection of your personal data, Art. 6 Para. 1 lit. f GDPR.
9. Cookies and other technologies
In order to ensure the full functionality of the kinkaa websites, kinkaa and the third parties named below save to your device files that serve amongst other things for collecting information regarding the use of a website or app, as well as additional data such as the IP address of the accessing computer and information about the software used (see above).
This typically involves the use of what are known as cookies. Cookies are small files that your browser saves on your device in a folder created for this purpose. These allow it to be determined, for example, whether you have ever visited a website before. If you have decided to stay logged into your customer account despite leaving the kinkaa websites, cookies can also be used to save your login data e.g. for the customer account, so that you do not need to enter these data every time you access the site.
Many cookies contain what is known as a cookie ID. A cookie ID is a unique code identifying the cookie. It consists of a sequence of characters that allow websites and servers to be mapped to the specific internet browser in which the cookie has been saved. This enables the websites visited to differentiate the individual browser of the data subject from other internet browsers that contain different cookies. This data is not collated with other data sources.
You can prevent us from using cookies at any time by adjusting the corresponding setting in your internet browser, and thus permanently opt out. Furthermore, you can delete existing cookies at any time using your internet browser or other software programs. This is possible in all conventional internet browsers. If you deactivate cookies in the internet browser you use, you may not be able to make full use of all the functions of our website. In addition, you have the opportunity to object to analysis cookies and services (i.e. you can opt out; see Sections 10 and 11).
When using apps, a functionally comparable technology is used instead of cookies.
b. Web storage (session storage and local storage)
Web storage provides two data objects, the session storage and the local storage. The entries in session storage are removed automatically after the browser or app is closed. You can delete the entries in local storage (“Recently viewed”) at any time by deleting the history in your browser.
The session storage saves information in order to recognise your browser or device immediately, and thus provide you with easier access to our services. You can prevent the use of web storage by changing the corresponding setting in your browser, which may restrict the functionality of the kinkaa websites.
The processing of data in web storage takes place on the basis of Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the purposes of processing described above.
c. kinkaa cookies
Cookies created by kinkaa allow the collection of information regarding browser type/version, resolution, previous/new display variant, URL clickstream (order of the pages of our website that you have visited previously), time of visit(s) to the websites, the reference in the kinkaa database for the products/services noted in your “My favourites”, and the cookie number, but not personal details such as name, address or email address. We use these cookies for purposes of advertising, market research and where required for the needs-oriented design of our services. The cookies of kinkaa are valid for a maximum of two years, unless you delete them sooner. The processing of data is justified in this case by Art. 6 Para. 1 lit. f) GDPR, however you may object to this processing with effect for the future by clicking here. The subsequently set opt-out cookie and your objection remain valid as long as you do not delete your browser cookies.
10. Web/app analysis services
In order to continuously improve our content and adapt it to the interests of our users, and to display online advertising, we use a number of services that collect data on our website and in the app, and which analyse these data for us. Where these service providers are not themselves the data controller in the meaning of data protection legislation, they are always bound by instructions when processing the pseudonymised user data on the basis of a data processing agreement. The legal basis for this processing is always Art. 6 Para. 1 lit. f GDPR.
Not all access to the kinkaa pages is carried out via a web browser. In cases where users access using a mobile device, disabling cookies or changing web browser settings may not be possible.
In the following, you can find details of the analysis services we use:
We make use of the usage evaluation and analysis technology Adjust, produced by adjust GmbH, Saarbrücker Str. 36, 10405 Berlin. The Adjust service has been audited and certified under the ePrivacyseal (European Seal for your Privacy) (see http://www.eprivacy.eu/vergebene-siegel/). Adjust collects installation and event data, and makes it available in the form of anonymised evaluations and graphics regarding the number of visits, number of pages accessed or apps opened per user etc. We use this information exclusively for purposes of our own market research, and for the optimisation and needs-oriented design of the website and app. For such an analysis, Adjust uses your anonymised IDFA or Android ID and your anonymised IP and MAC address. It is not possible to identify you personally. You can prevent any corresponding analysis in future at https://www.adjust.com/opt-out/.
b. Ad Up
Our websites use integrated tracking from Ad Up, a technology and service provider from Axel Springer Teaser Ad GmbH (Axel-Springer-Straße 65, 10969 Berlin). By collecting anonymised and/or pseudonymised data, Ad Up can then allow advertising related to your interests to be shown on websites for a certain time.
We have integrated components from the company affilinet on this website. Affilinet is a German affiliate network that provides affiliate marketing.
Affiliate marketing is an internet-based form of sales that allows the commercial operators of websites, known as merchants or advertisers, to show advertisements on the websites of third parties, i.e. of sales parties, also known as affiliates or partners, and which are typically paid for on a per-click or per-sale commission basis. The merchant provides advertisement material via the affiliate network, i.e. an advertising banner or other suitable means of online advertising, which is subsequently integrated by affiliates into their own websites or advertised using other channels, e.g. keyword advertising or email marketing.
The operating company of Affilinet is affilinet GmbH, Sapporobogen 6-8, 80637 Munich, Germany.
Affilinet saves a cookie on the information technology system of the data subject. What cookies are has already been explained above. The tracking cookie from Affilinet does not save any personal data. Only the identification number of the affiliate, i.e. of the partner determining potential customers, as well as the reference number of the visitor to a website and the advertisements clicked are saved. The purpose of saving this data is the handling of commission payments between a merchant and the affiliate, which are handled via the affiliate network, i.e. Affilinet.
For the extraction of usage-based advertising, we use AppNexus, a service provider for advertising and operator of a mediation platform (AppNexus, 28 W. 23rd Street, New York, New York, 10010, USA). AppNexus collects and saves Information about your activities, which allows the analysis of usage behaviour. These profiles are used to display targeted, interest-oriented advertising. If you do not want this, you can deactivate the usage-based advertising here https://www.appnexus.com/en/company/platform-privacy-policy-de.
We have integrated components of AWIN on this website. AWIN is a German affiliate network that provides affiliate marketing. Affiliate marketing is an internet-based form of sales that allows the commercial operators of websites, known as merchants or advertisers, to show advertisements on the websites of third parties, i.e. of sales parties, also known as affiliates or partners, and which are typically paid for on a per-click or per-sale commission basis. The merchant provides an advertisement via the affiliate network, i.e. an advertising banner or other suitable means of online advertising, which is subsequently integrated by affiliates into their own websites or advertised using other channels, e.g. keyword advertising or email marketing.
The operating company of AWIN is AWIN AG, Stralauer Allee 2, 10245 Berlin, Germany.
AWIN saves a cookie on the information technology system of the data subject. What cookies are has already been explained above. The tracking cookie from AWIN does not save any personal data. Only the identification number of the affiliate, i.e. of the partner determining potential customers, as well as the reference number of the visitor to a website and the advertisements clicked are saved. The purpose of saving this data is the handling of commission payments between a merchant and the affiliate, which are handled via the affiliate network, i.e. AWIN.
f. Google AdSense
We have integrated Google AdSense on this website. Google AdSense is an online service that allows the mediation of advertising on third-party websites. Google AdSense is based on an algorithm that selects advertisements for third-party websites based on the content of the respective third-party website. Google AdSense permits interest-oriented targeting of internet users, which is implemented by generating individual user profiles. The operating company of the Google AdSense component is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of the Google AdSense component is the integration of advertisements into our website. Google AdSense saves a cookie to the information technology system of the data subject. What cookies are has already been explained above. Saving the cookie allows Alphabet Inc. to analyse the use of our website. Each time one of the individual pages of this website, which we operate and on which a Google AdSense component has been integrated, is retrieved, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google AdSense component to send data to Alphabet Inc. for purposes of online advertising and the invoicing of commissions. Within the framework of this technical process, Alphabet Inc. receives knowledge of personal data, such as the IP address of the data subject, which is used by Alphabet Inc. amongst other things to understand the origin of the visitor and the clicks, and subsequently to facilitate commission invoicing. The data subject can prevent cookies from being used by our website at any time, as already described above, by adjusting the corresponding setting in the internet browser used, and thus permanently opt out. Such a setting in the internet browser would also prevent Alphabet Inc. from saving a cookie on the information technology system of the data subject. Furthermore, you can delete any cookie saved by Alphabet Inc. at any time using your internet browser or other software programs. Google AdSense additionally uses what are known as tracking pixels. A tracking pixel is a miniature graphic that is embedded in websites in order to allow log file recording and log file analysis, which allows statistical analysis to be performed. Using the embedded tracking pixel, Alphabet Inc. can recognise when a website was opened by a data subject, and what links the data subject clicked. Tracking pixels are used amongst other things to analyse the visitor traffic of a website. Google AdSense sends personal data and information to Alphabet Inc. in the USA, which includes the IP address and is required for the recording and invoicing of the advertisements displayed. These personal data are saved and processed in the USA. Alphabet Inc. never discloses the personal data collected using this technical process to third parties.
Google AdSense is explained in greater detail under this link https://www.google.de/intl/de/adsense/start/. More information and options for the deactivation of this advertising placement can be found at http://www.google.com/settings/u/0/ads/anonymous?hl=de (link “Ads setting”, then “Deactivate”).
g. Google AdWords
We have integrated Google AdWords on this website. Google AdWords is an online advertising service that allows advertisers to place advertisements both in the search results of Google and in Google’s advertising network. Google AdWords allows an advertiser to predefine certain keywords, by means of which an advertisement is displayed in the search results of Google exclusively when the user of the search engine accesses search results related to the keyword. In the Google advertising network, the advertisements are distributed to thematically relevant websites using an automated algorithm and following the predefined keywords. The operating company of the services of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of Google AdWords is to advertise our website by displaying interest-related advertising on the websites of third-party companies and in the search results of the Google search engine, as well as displaying third-party advertising on our website. If a data subject comes to our website via a Google advertisement, Google saves what is known as a conversion cookie to the information technology system of the data subject. What cookies are has already been explained above. A conversion cookie becomes invalid after thirty days, and is not used to identify the data subject. Until the conversion cookie expires, it is used to determine whether certain sub-pages, for example the shopping basket of an online shop system, are accessed on our website. The conversion cookie allows both us and Google to track whether a data subject that comes to our website via an AdWords advertisement generates sales, i.e. whether a purchase has been completed or aborted. The data and information collected using the conversion cookie are used by Google to prepare visitor statistics for our website. These in turn are used by us in order to determine the total number of users that are sent to us via AdWords advertisements, and thus to determine the success or failure of the respective AdWords advertisement, and to optimise our AdWords advertisements for the future. Neither our company nor any other advertising customers from Google AdWords receive information from Google that could allow the data subject to be identified. The conversion cookie saves personal information, for example the websites visited by the data subject. For each subsequent visit to our websites, personal data are sent to Google in the USA, including the IP address of the internet connection used by the data subject. These personal data are saved by Google in the USA. Google may disclose the personal data collected using this technical process to third parties. The data subject can prevent cookies from being used by our website at any time, as already described above, by adjusting the corresponding setting in the internet browser used, and thus permanently opt out. Such a setting in the internet browser would also prevent Google from saving a conversion cookie on the information technology system of the data subject. Furthermore, you can delete any cookie saved by Google AdWords at any time using your internet browser or other software programs.
The data subject also has the option at any time of opting out of Google using interest-related advertising. To do this, the data subject must use each of their internet browsers to access the link https://www.google.de/settings/ads and then change the desired settings.
You can also deactivate or opt out of Google advertisements https://privacy.google.com/?hl=en#google-experience wholly or in part. You may also object to this processing of data with effect for the future by clicking here. The subsequently set opt-out cookie and your objection remain valid as long as you do not delete your browser cookies.
h. Google Analytics
We have integrated Google Analytics (with anonymisation function). Google Analytics is a web analysis service. Web analysis is the recording, collection and evaluation of data regarding the behaviour of visitors to websites. A web analysis service collects data, amongst other things, about which website a data subject came to a website from (known as the referrer), which sub-pages of the website are accessed, or how often and for how long a sub-page was viewed. A web analysis is predominantly used for optimisation of a website and for the cost/benefit analysis of online advertising. The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For the web analysis via Google Analytics we use the suffix "_gat._anonymizeIp". This suffix means that the IP address of the internet connection used by the data subject is abbreviated and anonymised by Google if the access to our websites originates in a member state of the European Union or from another signatory state to the Treaty on the European Economic Area. The purpose of the Google Analytics component is the analysis of visitor traffic on our website. Google uses the data and information obtained, amongst other things, in order to analyse the use of our website, in order to compile online reports for us identifying the activities on our websites, and in order to provide additional services relating to the use of our website. Google Analytics saves a cookie to the information technology system of the data subject. What cookies are has already been explained above. Saving the cookie allows Google to analyse the use of our website. Each time one of the individual pages of this website, which we operate and on which a Google Analytics component has been integrated, is retrieved, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to send data to Google for purposes of online analysis. Within the framework of this technical process, Google receives knowledge of personal data, such as the IP address of the data subject, which is used by Google amongst other things to understand the origin of the visitor and the clicks, and subsequently to facilitate commission invoicing. The cookie allows personal information to be saved, such as the access time, the location from which the access originated, and the frequency of visits to our website by the data subject. For each visit to our websites, these personal data are sent to Google in the USA, including the IP address of the internet connection used by the data subject. These personal data are saved by Google in the USA. Google may disclose the personal data collected using this technical process to third parties. The data subject can prevent cookies from being used by our website at any time, as already described above, by adjusting the corresponding setting in the internet browser used, and thus permanently opt out. Such a setting in the internet browser would also prevent Google from saving a cookie on the information technology system of the data subject. Furthermore, you can delete any cookie saved by Google Analytics at any time using your internet browser or other software programs.
The data subject also has the option of opting out of, and thus preventing, the collection and processing by Google of data generated by Google Analytics in relation to the use of this website. To do this, the data subject needs to download and install a browser add-on from the link http://tools.google.com/dlpage/gaoptout?hl=en.
You may also object to this processing of data with effect for the future by clicking here. The subsequently set opt-out cookie and your objection remain valid as long as you do not delete your browser cookies.
11. Social networks
We have integrated components of Facebook on this website. Facebook is a social network. A social network is a place for social meetings on the internet, an online community which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for exchanging opinions and experiences, or enable the internet community to provide personal or business-related information. Facebook allows social network users to create private profiles, upload photos and socialise by making friend requests, amongst other things. Facebook’s operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a data subject lives outside of the United States or Canada, the controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Each time one of the individual pages of this website – which we operate and on which a Facebook component (Facebook button) has been integrated – is accessed, the internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a display of the corresponding Facebook component of Facebook. An overview of all Facebook plug-ins can be found at: https://developers.facebook.com/docs/plugins/?locale=de_DE. During the course of this technical procedure, Facebook gains knowledge of what specific subpage of our website was visited by the data subject.
Every time a data subject accesses our website and is simultaneously logged into Facebook, Facebook detects which specific subpage of our website was visited by the data subject for the entire duration of each respective stay on our website. This information is collected by the Facebook component and associated with the data subject’s respective Facebook account. If the data subject clicks on one of the Facebook buttons integrated on our website, e.g. the “Like” button, or if the data subject posts a comment, Facebook then assigns this data and information to the personal Facebook user account of the data subject and stores the personal data. The Facebook component sends Facebook information that the data subject has visited our website, provided that the data subject is logged into Facebook at the time the website is accessed; this occurs regardless of whether the data subject clicks the Facebook component or not. If the data subject does not wish for this information to be transmitted to Facebook, then they may prevent this transmission by logging out of their Facebook account before accessing our website.
12. Other services
Other services used by us include:
aa. Facebook Connect
bb. Google Maps
13. Retention period
We only store personal data as long as we are legally entitled to do so and as long as the purpose for processing data is still valid. They will then be erased after a short period of time.
14. Contact data and your rights as the data subject
If you have any questions or suggestions regarding data protection or how to exercise your rights as the data subject, please contact our data protection officer (immediately) at any time:
- Data protection -
a. Revocation of consent/Objection to the processing of data
You may revoke your consent previously given at any point in time, with effect for the future, by contacting the address provided above. With effect for the future, you may object to your email address being used for the purpose of sending out the newsletter at any time by contacting us either electronically or in writing at email@example.com or Ritterstraße 11 in 10969 Berlin, without incurring any costs other than the transmission costs in accordance with the basic tariff. You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of a legitimate or public interest. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process personal data unless we can prove compelling and legitimate reasons for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. If we process the personal data for direct marketing purposes, you have the right to object at any time to the processing of the personal data for the purpose of such advertising by contacting us at the aforementioned contact address; this also applies to profiling, insofar as it is associated with such direct marketing. In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes, or for statistical purposes, unless such processing is necessary for the performance of a task carried out for reasons of public interest.
b. Art. 15 GDPR – right of access for the data subject
You have the right to request confirmation from us as to whether personal data relating to you is processed and, if so, what data this entails as well as the specific circumstances surrounding the processing of data.
c. Art. 16 GDPR – right to rectification:
You have the right to request that we immediately rectify any incorrect personal data concerning you. For the purpose of processing data, you also have the right to request that incomplete personal data concerning you be completed immediately, including by means of a supplementary declaration.
d. Art. 17 GDPR – right to erasure:
You have the right to request that we immediately erase personal data concerning you if and to the extent the legal requirements to this regard are met.
e. Art. 18 GDPR – right to the restriction of processing:
You have the right to restrict the processing of data if and to the extent the legal requirements are met.
Existence of automated decision-making
We refrain from automatic decision-making including profiling according to Art. 22 GDPR.
Issued on: 24 May 2018