Name/Company: Logando Display & Media Solutions GmbH
Street, No.: Pötzschker Weg 10
Postal code, City, Country: 04179, Leipzig
Commercial Register/No.: 30046
Managing Director: Alexander Lotozki
Phone: 0341 946874-100
E-mail address: email@example.com
Data Protection Officer:
Name: Anika Garz
E-mail address: firstname.lastname@example.org
Types of Data Processed:
- Inventory data (e.g., names, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Contract data (e.g., subject matter, term, customer category).
- Payment data (e.g., bank details, payment history).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Art. 9 (1) GDPR):
- No special categories of data are processed.
Categories of Data Subjects:
- Customers / prospects / suppliers.
- Visitors and users of the online offer.
In the following, we also refer to data subjects as “users”.
Purpose of Processing:
- Provision of the online offer, its functions and contents
- Provision of contractual services, service and customer care.
- Answering contact requests and communicating with users
- Marketing, advertising and market research.
As of: 09/05/2018
1. Relevant Legal Bases
3. Security Measures
3.1. We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, and we take organisational measures to ensure a level of protection appropriate to the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as data access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the exercise of data subject rights, data deletion and response to data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings (Art. 25 GDPR).
3.2. One of the security measures is the encrypted transfer of data between your browser and our server.
4. Collaboration with Processors and Third Parties
4.1. If, in the context of our processing, we disclose data to other persons and companies (commissioned processors or third parties), transmit data to them, or otherwise grant access to the data, this will only be done on the basis of a legal permission (e.g. if the transmission of the data to third parties is required pursuant to Art. 6 (1) (b) GDPR to fulfill the contract, as with payment service providers), your consent, a legal obligation, or based on our legitimate interests (e.g. the use of agents, webhosters, etc.).
4.2. If we commission third parties to process data on the basis of a so-called “commissioned processing contract,” this is done on the basis of Art. 28 GDPR.
5. Transfers to Third Countries
If we process data in a third country (i.d. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre-) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 ff. GDPR. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognised level of data protection (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
6. Rights of Data Subjects
6.1. You have the right to ask for confirmation as to whether personal data is being processed, and the right to ask for information about this data and for further information and for a copy of the data pursuant to Art. 15 GDPR.
6.2. You have, Pursuant Art. 16 GDPR, the right to demand the completion of the data concerning you or the correction of incorrect data concerning you.
6.3. Pursuant to Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
6.4. You have the right to demand that the data relating to you, which you have provided to us, be provided to you in accordance with Art. 20 GDPR and to request the transmission of this data to other controllers.
6.5. Pursuant to Art. 77 GDPR, you have the right to file a complaint with the competent supervisory authority.
7. Right to Revocation of Consent
You have the right to revoke granted consent in accordance with Art. 7 (3) GDPR with effect for the future.
8. Right to Objection
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes.
9. Cookies and Right to Objection for Direct Marketing
A general objection against the use of the cookies used for the purpose of online marketing can be stated via a variety of services, especially in the case of tracking, via the US websitehttp://www.aboutads.info/choices/ or the EU websitehttp://www.youronlinechoices.com/. Furthermore, the prevention of storage of cookies can be achieved by means a corresponding browser setting. Please note that not all features of this online offer may be used in this case.
10. Deletion of Data
10.2. According to legal requirements, storage takes place in particular for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports , accounting documents, commercial and business letters, documents relevant to taxation, etc.).
11. Website & Online Shop
11.1. Pursuant to Art. 6 (1) (b) GDPR, we process stock data (e.g., names and addresses as well as contact data of users) and contract data (e.g., used services, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services. The entries marked as obligatory in online forms are required for the conclusion of the contract.
11.2. As part of the registration and re-registration as well as use of our online services, the IP address and the time of the respective user action will be saved. The storage is based on our legitimate interests, as well as protection of the user against misuse and other unauthorised use. Transfer of this data to third parties does not take place unless it is necessary for the prosecution of our claims or there is a legal obligation pursuant to Art. 6 (1) (c) GDPR.
11.3. We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order, for example, to show the user product references based on their previously used services.
11.4. The deletion takes place after expiry of legal warranty and comparable obligations; the necessity of keeping the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); Information in the customer account remains until its deletion.
12. Credit Check
12.1. If we enter into advance performance (e.g. when buying on invoice), we reserve the right, in order to safeguard legitimate interests, to obtain identity and credit information for the purpose of assessing the credit risk on the basis of mathematical-statistical procedures from specialised service companies (credit reference agencies).
12.2. As part of the credit check, we provide the following personal data of the customer (name, postal address, date of birth, details of the type of contract, bank details) to the following credit reporting agencies:
12.3. We process the information obtained by the credit reference agencies on the statistical probability of a default in the context of an appropriate discretionary decision on the establishment, implementation and termination of the contractual relationship. We reserve the right, in the case of a negative result of the credit check, to refuse payment on account or any other advance payment.
12.4. In accordance with Art. 22 GDPR, the decision as to whether we undertake advance performance is made solely on the basis of an automated decision in individual cases, which our software carries out on the basis of the information provided by the credit reference agency.
12.5. If we obtain an explicit consent from you, the legal basis for the credit information and the transmission of the customer’s data to the credit agency is consent in accordance with Art. 6 (1) (a), 7 GDPR. If no consent is obtained, our legitimate interest in ensuring the reliability of payment of the claim has a legal basis in accordance with Art. 6 (1) (f) GDPR.
13.1. When contacting us (e.g., via contact form, e-mail, telephone or), the information provided by the user to handle the contact request and its processing is processed pursuant to Art. 6 (1) (b) GDPR.
13.2. User information may be stored in a customer relationship management system (“CRM System”) or comparable request organiser.
13.3. We use the e-mail program “Outlook”” Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, based on our legitimate interests (efficient and fast processing of user requests). Microsoft Corporation is also certified under the Privacy Shield Agreement, which provides an additional guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).
13.4. We use the merchandise management system “Reflex” of the vendor Gevitas GmbH, Esslinger STr. 51, 70736 Fellbach, Germany, based on our legitimate interests (efficient and fast processing of user requests).
13.5. We delete the requests if they are no longer required. We check the necessity every two years; we permanently store inquiries from customers who have a customer account, and refer to the the details of the customer account on deletion. In the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
14. Antispam Bee Anti-spam Check
Our online offer uses the service “Antispam Bee” offered by pluginkollektiv. The use is based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR. With the help of this service, comments of real people are distinguished from spam comments. For this purpose, the IP addresses of the commentators are compared with a public spam database. If a comment has been classified as spam, the data will be stored beyond that time. This information includes the name entered, the e-mail address, the IP address, the comment content, the referrer, details of the browser used, the computer system and the time of the entry.
Users are welcome to use pseudonyms, or to refrain from entering the name or e-mail address. You can completely prevent the transfer of data by not using our commenting system. That would be a pity, but unfortunately we see no other alternatives that work equally effectively.
15. Collection of Access Data and Log Files
15.1. On the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR, we collect data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
15.2. Log file information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 9 days and then deleted. IP addresses are rendered unrecognisable after a maximum of 7 days. Data whose further storage is required for evidential purposes is exempted from deletion until final clarification of the incident.
16. Online Presence in Social Media
16.1. We maintain an online presence within social networks and platforms in order to communicate with customers, prospectives and active users and to inform them about our services. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
17. Cookies & Reach Measurement
17.1. Cookies are information transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
17.2. We use “session cookies”, which are stored on our website only for the duration of one day (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offer). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies cannot save any other data.
17.4. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
18. Google Analytics
18.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
18.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.
18.4. We use Google Analytics to display advertisements displayed within Google and its affiliate advertising services only to those users who have shown an interest in our online offer or who have certain characteristics (e.g. interests in specific topics or products determined on the basis of visits to websites) which we submit to Google (so-called “Remarketing” or “Google Analytics Audiences”). By using Remarketing Audiences, we also want to ensure that our ads are in line with the potential interest of users and are not annoying.
18.5. We only use Google Analytics with activated IP anonymisation. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
18.6. The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:. https://tools.google.com/dlpage/gaoptout?hl=de
18.7. Further information on data usage by Google, settings and objection options can be found on the websites of Google: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google in your use of websites or apps of our partners”) https://policies.google.com/technologies/ads (“Use of data for advertising purposes”), https://adssettings.google.com/authenticated (“Managing information that Google uses to show you advertising”).
19. Google (Re)marketing services
19.1. Based on our legitimate interests (i.g. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR), we use the marketing and remarketing services (“Google-Marketing-Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
19.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
19.3. Google Marketing Services allows us to better target advertisements for and on our website so that we only present ads to users which potentially match their interests. For example, if a user sees advertisements for products they have been interested in on other websites, this is called “remarketing.” For these purposes, when visiting our website and other websites that have Google Marketing Services activated, Google will immediately execute Google code and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are incorporated into the website. With their help, an individual cookie, i.e. a small file (instead of cookies, comparable technologies can also be used) will be stored on the user’s device. The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web pages the user visited, what content they are interested in, what offers they have clicked on, as well as technical information about the browser and operating system, referring web pages, visit time and other information on the use of the online offer. The IP address of the users is also recorded, whereby in the context of Google Analytics we point out that the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area and only in exceptional cases is to a Google server in the US and shortened there. The IP address will not be merged with user data within other offers from Google. The above information may also be linked by Google with such information from other sources. If the user then visits other websites, ads can be displayed to the user according to their interests.
19.4. In the context of the Google Marketing Services, user data is processed in pseudonymous form. For example, Google does not store and process users’ names or e-mail addresses, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. That is, from the perspective of Google, the ads are not managed and displayed for a specifically identified person, but for the cookie owner regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google’s servers in the United States.
19.5. Among the Google Marketing Services we use is the online advertising program “Google AdWords.” With Google AdWords, each advertiser receives a different “conversion cookie.” Cookies cannot be tracked through AdWords advertisers’ websites. The information gathered through the cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. AdWords advertisers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.
19.8. We may use the service “Google Optimizer”. Google Optimizer allows us to understand during so-called “A/B testings” the effects various changes to a website have (e.g. changes in the input fields, the design, etc.). For these purposes, cookies are stored on users’ devices. Only pseudonymous user data is processed.
19.9. In addition, we may use the “Google Tag Manager” to integrate and manage the Google Analytics and Marketing Services on our website.
19.11. If you wish to opt-out of interest-based advertising through Google Marketing Services, you can take advantage of Google’s setting and opt-out options: https://adssettings.google.com/authenticated.
20. Facebook, Custom Audiences and Facebook Marketing Services
20.1. Due to our legitimate interests in analysis, optimisation and economic operation of our online offer and for these purposes our website integrates the so-called “Facebook Pixel” of the social network Facebook, by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 , USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”).
20.2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
20.3. With the help of the Facebook Pixel, it is on the one hand possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook Pixel to display the Facebook ads we have been sent only to those Facebook users who have shown an interest in our online offer or who have certain features (e.g. interests in specific topics or products determined on the basis of visits to websites) which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook Pixel we can also understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
20.4. We use the “Custom Audiences from File” method of the social network Facebook, Inc. In this case, the e-mail addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used only to identify recipients of our Facebook ads. We want to make sure that the ads are only displayed to users who are interested in our information and services.
20.5. The processing of the data by Facebook occurs in the context of Facebook’s data usage policy. General notes on the presentation of Facebook ads can be found in the data usage policy of Facebook: https://www.facebook.com/policy.php. Special information and details about the Facebook pPxel and how it works can be found in the Help section of Facebook: https://www.facebook.com/business/help/651294705016616.
20.6. You may object to collection the Facebook Pixel and use of your data to display Facebook ads. To set which types of ads you see within Facebook, you can go to the page set up by Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
21. Facebook social plugins
21.1. Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR) we use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plugins can represent interaction elements or content (e.g. videos, graphics or text contributions) and can be recognised by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Gefällt mir” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
21.2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
21.3. When a user retrieves a feature of this online offer that includes such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by it into the online offer. In the process, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore inform the users according to our knowledge.
21.4. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If the user interacts with the plugins, e.g. presses the Like button or leaves a comment, the information is transmitted from their device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.
21.6. If a user is a Facebook member and does not want Facebook to collect data about them via this online offer and link it to their member data stored on Facebook, the user must log out of Facebook and delete the cookies before using our online offer. Other settings and objections regarding the use of data for promotional purposes can be found within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/, The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
22.1. In the following, we inform you about the contents of our newsletter, registration, dispatch and statistical evaluation procedures, as well as your right to objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.
22.2. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipient or a legal authorisation. Insofar as the contents of a newsletter are concretely described in the context of the registration for the newsletter, they are authoritative for the consent of the users. Our newsletters also contain information about our products, offers, promotions and our company.
22.3. Double opt-in and logging: Registration for our newsletter takes place via a so-called double opt-in procedure. This means you will receive an e-mail after logging in to ask for confirmation of your registration. This confirmation is necessary so that nobody can log in with external e-mail addresses. The registration for the newsletter will be logged in order to document the registration process according to the legal requirements. This includes the storage of the login and the confirmation time as well as the IP address. Likewise, changes to your data stored with the dispatch service provider will be logged.
22.5. Furthermore, the dispatch service provider may, according to its own information, transmit this data in pseudonymous form, i.e without assignment to a user, to optimise or improve their own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletters or for statistical purposes, to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to address them on its own nor does it pass the data on to third parties.
22.6. Registration data: To subscribe to the newsletter, it is sufficient to enter your e-mail address.
22.7. Success measurement – The newsletters contain a so-called “web beacon,” i.e. a pixel-sized file that is retrieved by our server when the newsletter is opened or by the dispatch service provider’s server. This retrieval will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on technical data, or the audience and their reading habits, based on their retrieval locations (which can be determined using the IP address) or access times. Statistical evaluations also include determining if the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our goal nor the goal of the dispatch service provider to observe individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
22.8. The dispatch of the newsletter and the related success measurement is based on the consent of the recipient pursuant to Art. 6 (1) (a) GDPR, Art. 7 GDPR in conjunction with § 7 (2) no. 3 UWG or on the basis of statutory authorisation pursuant to § 7 (3) UWG.
22.9. The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 (1) (f) GDPR and serves as proof of consent to the receipt of the newsletter.
22.10. Cancellation/revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. If the users has only subscribed to the newsletter and terminated this registration, their personal data will be deleted.
23. Integration of Services and Contents of Third Parties
23.1. Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR), we make use of content or services offered by third-party providers in order to integrate their content and services such as videos or fonts (collectively referred to as “content”). This always presupposes that the third-party providers of this content see the IP address of the users since they could not send the content to the user’s browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavour to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring websites, visit time, and other information regarding the use of our online offer.
23.2. The following presentation provides an overview of third-party providers as well as their contents, as well as links to their privacy policies, which contain further notes on the processing of data and, in some cases already mentioned here, options to object (so-called opt-out):