Privacy notice

Table of Contents

As of November 2021

Saloodo! GmbH (hereinafter also referred to as “Saloodo!”, “we”) a company of the Deutsche Post DHL Group, attaches great importance to your privacy when processing personal data in our daily business processes.

We process personal data that is collected when you visit our website in accordance with the legal provisions. Our data protection policy is also based on the data protection guidelines applicable to the Deutsche Post DHL Group. Below we inform you about the processing of your personal data in the context of the use of our website www.saloodo.com (“website”).

I. General

1. Contact details of controller and data protection officer

Responsible for the operation of this website

Saloodo! GmbH

Siegburger Straße 191-193

50679 Cologne

Germany

Support@saloodo.com

Should you have any further questions regarding data protection in connection with our website or the services offered, please contact our data protection officer:

Deutsche Post AG

Corporate Data Protection

53250 Bonn

Germany

E-Mail: datenschutz@dpdhl.com

2. Personal Data

Personal data are any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. Right of data subjects

You enjoy the following data protection rights:

a) In accordance with Art. 15 GDPR, you can request information about your personal data processed by the particular controller.

b) You can request rectification in accordance with Art. 16 GDPR if your data are not (or are no longer) correct.

c) You can request the erasure of your personal data in accordance with Art. 17 GDPR.

d) In accordance with Art. 18 GDPR, you have the right to request a restriction on the processing of your personal data.

e) If the requirements of Art. 20 (1) GDPR are met, you have the right to receive your data in a structured, commonly used and machine-readable format.

f) You have the right to object in accordance with Art. 21 GDPR if the processing of your data is based on a legitimate interest.

g) If you have given your consent to a certain type of processing, you can withdraw this consent at any time with effect for the future by informing the relevant contact addresses.

h) If you believe that the processing of your personal data violates data protection legislation, you have the right to lodge a complaint with the competent data protection supervisory authority in accordance with Art. 77 (1) GDPR.

The competent Supervisory Authority for Saloodo! is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Telefon: 0211/38424-0

Fax: 0211/38424-999

E-Mail: poststelle@ldi.nrw.de

Please contact the address above if you wish to assert your data subject rights

Data processing when exercising your rights: In order to be able to process your request, as well as for identification purposes, we would like to point out that we will process your personal data on the basis of Article 6 para. 1 sentence 1 letter c) GDPR.

4. Duration of storage

Your personal data will be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, data may be stored on account of statutory or contractual retention periods. The data will also be blocked or deleted if a legally prescribed storage period expires unless there is a need for further storage of the data for contractual reasons. Please refer to the sections below for more information about retention periods associated with specific products and services.

5. Categories of recipients

We do not sell, transfer or pass on your data to third parties in any other way and will not do so in the future unless this is required by law, necessary for the purposes of the contract or you have consented to such transfer. External service providers who process data on behalf of us (e.g. customer service activities, IT services) offer adequate guarantees that suitable technical and organisational measures have been implemented in such a way that processing is carried out in compliance with the requirements of the EU General Data Protection Regulation. They are contractually obliged to maintain strict secrecy in accordance with Art. 28 GDPR. In these cases, we continue to be responsible for the protection of your personal data. External service providers only process personal data on documented instructions of the relevant controllers.

6. Transfer to third countries

Insofar as transfer to a third country is performed by the aforementioned controllers, this is only carried out on the basis of the DPDHL group data privacy policy, EU standard contract clauses or within the scope of the exceptions of the GDPR. For international shipments, your data will also be processed in a third country, i.e. in a country outside the European Union (EU) / European Economic Area (EEA), or they will be accessed from there. Specifically, this involves the recipient country of the particular shipment. This transfer of data is necessary for the fulfilment of the particular transport contract (e.g. delivery, customs clearance).

7. Group Data Privacy Policy

The DPDHL Group Data Privacy Policy governs the data processing standards applicable throughout the Group with a special focus on third-country transfers, i.e. transfers of personal data to countries outside the EU that do not have a recognised adequate level of data protection. If you would like to learn more about the Group Data Privacy Policy please click here.

8. Data security

We undertake all necessary technical and organisational security measures to protect your personal data from misuse or loss. For example, your data are stored in a secure operating environment that is not accessible to the public. In certain cases, your personal data are encrypted during transmission using Secure Socket Layer (SSL) technology. This means that an approved encryption method is used for communication between your computer and our servers, provided your browser supports SSL.

Should you wish to communicate by e-mail with us, please bear in mind that the confidentiality of the information transmitted cannot be guaranteed. The contents of the e-mail messages can be read by third parties. We therefore recommend that confidential information addressed to them be sent by post.

9. Changes to the privacy policy

The content of this privacy policy is reviewed on a regular basis. The controllers reserve the right to modify the privacy policy at any time with or without prior notice. Please make sure to check for any changes on a regular basis.

II. Data processing when you visit our website

1. Visiting our website

Saloodo! ensures that the data of visitors to this website are protected. When you visit this website, the web servers temporarily store data for security reasons that may permit identification. The following data are collected:

  •  hostname of the accessing computer
  •  website from which you accessed this website
  •  a list of the sites you visited within the scope of our overall Internet presence
  •  the date and duration of your visit, notification of whether the visit was successful
  •  volume of data transferred
  •  information about the identification data of the browser type and operating system used by you

Other personal data such as your name, address, telephone number or e-mail address are not collected unless you provide these data of your own accord, e.g. when completing an online contact form, in the course of registration, a customer survey, a competition, contract processing or relating to an enquiry.

Temporary storage of this data is necessary during your visit to the website in order to allow the website to be delivered to you. Further storage in log files is performed to ensure the functionality of the website and the security of our IT systems. These purposes are also covered by a legitimate interest in data processing. This measure is undertaken on the basis of Article 6 para. 1 sentence 1 letter f) GDPR.

The data are deleted as soon as they are no longer needed to achieve the purpose for which they were collected. For the provision of the website, this is the case when the session terminates. The log files (access logs) are kept for administrators to access directly and exclusively for a period of 24 hours. After that, they are only available indirectly through a restore from backup tapes and are permanently deleted after 30 days.

2. Registration on our platform

a. Registration

In order to be able to use our services, you have to log in to our website as a carrier or shipper. This requires a registration. If you want to register as a shipper or carrier, you have to provide the below-mentioned personal data:

· E-Mail address

· Password

· Phone number

· Name

· Company name

· Country

· VAT-ID

· Additionally for carrier to upload (see also: https://www.saloodo.com/faq/what-documents-do-i-need-to-upload-to-finalize-the-registration-process/)

o EU License

o Insurance policy

o Letterhead with bank details

o Business registration

After submitting your data you will receive an e-mail from us. To complete your registration, you have to confirm the confirmation link. Within the scope of the registration and confirmation your IP address and the time of registration or confirmation will also be saved in order to verify your registration.

Carrier Account

A registration for a carrier account is required in order to provide you with the functions and tools of your platform and to enable you to submit a transport offer. Furthermore, registration is required for concluding transport contract and for communication in connection with the services offered on the platform (e.g. notification of arrival times).

Shipper Account

A registration for a shipper account is required in order to provide you with the functions and tools of your platform and to enable you to obtain transport offers from us and our subcontractors. In addition, you can commission transport services or obtain information about other services offered on our platform. You can also communicate with us and our subcontractors via the platform.

Furthermore, you have the possibility to manage your account after registration.

The legal basis for the processing of personal data is Article 6 para. 1 sentence 1 letter b) GDPR. Your registration data will be kept until you decide to delete your account, unless a longer storage period is required by law.

b. Data processing for contract performance

As part of the services provided, in particular transport and logistics services, personal data are processed on the basis of contracts concluded with you or the senders. These data are used, for example, to execute a (transport) contract, to administer customer data, to process payments and, where necessary, to perform credit checks. Certain shipping data are provided to the authorities of the country of transit or destination – depending on relevant legal requirements – for the purpose of customs clearance and taxation or for security checks. Such data generally include the name and address of the sender, the name and address of the recipient, a description of the goods, the quantity, weight and value of the consignment.

In order to fulfil a (transport) contract, personal data of the sender and (alternative) recipient (e.g. name, address of the sender and (alternative) recipient, e-mail address, telephone number, shipment information, delivery documentation, such as signature, GPS data and time of the delivery event, bank data, identification data) are processed.

As a general rule, the legal basis is Article 6 para. 1 sentence 1 letter b) GDPR, since processing is carried out for the performance of a contract in which you are (indirectly) involved and for proof of the correct delivery of the service. Furthermore, data processing is carried out in order to meet legal obligations in accordance with Article 6 para. 1 sentence 1 letter c) GDPR in connection with contract performance.

c. Data processing for security, quality assurance and process optimisation

We process the data collected in the course of implementing the contract for (data) security purposes (e.g. to detect criminal offences or misuse), to produce statistics and for quality assurance, process optimisation and planning reliability to the extent permitted by law. We have a legitimate interest for this processing in ensuring the smooth operation and continuous improvement of the particular products and services. In our opinion, there is no overriding interest worthy of protection, since the intensity of the processing operations is extremely low, e.g. through the use pseudonyms. The legal basis for this data processing is Article 6 para. 1 sentence 1 letter f) GDPR.

d. Transaction data 

e. Data Processing for sales purposes

If you register as a customer, your address data (e.g. name, address) will be processed to inform you about offers, news, products and services of Saloodo! The legal basis for the aforementioned processing is Article 6 para. 1 sentence 1 letter f) GDPR. The legitimate interest of us lies in particular in providing optimum and customer-specific service. You have the right to object to this processing at any time. To exercise your right, simply contact us by sending an e-mail to support@saloodo.com.

If you register for our newsletter, we will use your e-mail address for the above mentioned purposes. The legal basis for this data processing is your consent in accordance with Article 6 para. 1 sentence 1 letter a) GDPR.

You may stop receiving information and news by e-mail at any time by clicking on the relevant link at the bottom of the e-mail. You can also withdraw consent at any time with effect for the future using the contact address above.

If you unsubscribe from e-mail communications or withdraw your consent, the corresponding data will be removed or blocked from the mailing list and will no longer be processed for these purposes.

We perform a measurement of success as part of the e-mail distribution process. For example, a record is made of whether an e-mail has been opened and whether links in the e-mail have been clicked on. The analyses serve to identify the reading habits of users and to adapt content to them or to send different content according to users’ interests. The legal basis for this data processing is Article 6 para. 1 sentence 1 letter f) GDPR. This data processing for our own direct marketing purposes is carried out within the scope of the legitimate interest of us.

f. Payment Services

We use third-party payment services, depending on the payment method you choose. Since the payment is related to the contractual relationship with you, the legal basis for all payment methods is Article 6 para. 1 sentence 1 letter b) GDPR. Please take note of the privacy notes of the payment services. Additional information can be found in the terms & conditions (https://www.saloodo.com/terms-conditions/)

3. Jobs and Career at Saloodo!

This describes the processing of personal data when using the Deutsche Post DHL Group career site websites including the mobile applications (our “Apps”)

a. Who is responsible for this career site?

The responsible party within the meaning of the GDPR is:

Deutsche Post AG

Charles-de-Gaulle Str. 20

53113 Bonn

If you have any questions regarding the processing of your personal data on this careers site, you can contact the data protection officer of Deutsche Post AG either by post at the address given or by e-mail at career@saloodo.com or datenschutz@dpdhl.com.

b. Data subject rights

Every data subject has the following rights:

  • Right to information (Art. 15 DSGVO)
  • Right to correction of incorrect data (Art. 16 DSGVO)
  • Right to erasure or a right to be “forgotten” (Art. 17 DSGVO)
  • Right to restrict the processing of personal data (Art. 18 GDPR)
  • Right to data portability (Art. 20 DSGVO).

You may object to the processing of personal data for advertising purposes, including an analysis of customer inside data for advertising purposes, at any time without giving reasons.

In addition, data subjects have a general right to object (cf. Art. 21 (1) DSGVO). In this case, the objection to data processing must be substantiated. If the data processing is based on consent, your consent can be revoked at any time without giving reasons with effect for the future.

To exercise your data subject rights in relation to this career site, please submit a corresponding request in the “Personal Information” section. For requests beyond this, please contact datenschutz@deutschepost.de. In addition, you have the right to lodge a complaint with the data protection supervisory authority responsible for you.

c. Processing of personal data by Deutsche Post AG

In the following, we would like to give you an overview of how we ensure the protection of your personal data when you access our website and what types of personal data we process, for what purposes and to what extent.

1. processing of data when accessing our website – log files

When accessing our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and the like. In addition, the IP address is transmitted and used to provide the service you requested. This information is technically necessary in order to correctly deliver website content requested by you and is mandatory when using the Internet

According to our IT security concept, the accruing log file data is stored for a period of 120 days in order to detect and analyze any attacks against our website. The legal basis for data processing is Art. 6 para. 1 p. 1 f) DSGVO.

2. Individually tailored job recommendations

On our website, you have the option of receiving job recommendations individually tailored to you. For this purpose, we use the information you provide on the website or via the chatbot (preferred place of work, work experience, skills and job description) to show you suitable jobs. If you upload a resume, we automatically read the above information from it and use it to display suitable job offers. We store your details in pseudonymous form with the aid of a cookie for a period of 12 months in order to be able to display suitable job offers to you on the basis of your details when you access the website at a later date. It is therefore not possible for us to identify a specific person. The legal basis for setting the cookie is the consent given in accordance with Art. 6 (1) p. 1 lit. a DSGVO. The legal basis for the further processing of the data to display suitable jobs is Art. 6 para. 1 p. 1 lit. f DSGVO.

3. creation of a profile

When requesting information for the individually tailored job recommendations, you have the option of providing personal information (name, e-mail address) on a voluntary basis. If you provide us with these, we will store your data in personalized form for 12 months in order to display our individually tailored job recommendations to you in personalized form and, in particular, to be able to address you personally for this purpose. The legal basis is your consent in accordance with Art. 6 (1) p. 1 lit. a DSGVO.

4. Registration for the Job Alert

To register for our Job Alert, we use the so-called double-opt-in procedure. This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the e-mail address you have entered, in which we ask you to confirm that you wish to receive the Job Alert. If you do not confirm this within 4 hours, your registration will be automatically deleted. If you confirm your wish to receive the Job Alert, we will store your e-mail address for 12 months or until you unsubscribe from the Job Alert. The storage serves the purpose of being able to send you suitable job offers based on your search information. Furthermore, we store your IP addresses and the times of your registration each time you register and confirm, in order to prevent misuse of your personal data and to be able to provide proof of correct sending. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 letter a DSGVO.

Mandatory information for sending the Job Alert is the e-mail address, as well as the desired area and your career level, in order to be able to send appropriate job recommendations based on this. You can revoke your consent by clicking on the link provided in every Job Alert email.

5. Information to ensure data security

We take technical and organizational security precautions on our pages to protect the personal data stored with us from access by third parties, loss or misuse and to enable secure data transfer.We must point out that, due to the structure of the Internet, unauthorized access to data by third parties may occur. It is therefore also your responsibility to protect your data against misuse by encrypting it or in any other way. Without appropriate protective measures, unencrypted data in particular, even if transmitted by e-mail, can be read by third parties.

4. Use of web tracking

Saloodo! uses tracking software to determine how many users visit our website and how often. This software is not used to collect individual personal data or individual IP addresses. The data are used exclusively in anonymous and summary form for statistical purposes and in order to develop the website further.

5. Use of Cookies

“Cookies” are small files that allow specific information relating to you to be stored on your device while you visit this website. Cookies help to determine the frequency of use and the number of users who visit this website and to make our services to you as convenient and efficient as possible.

We uses “session cookies” in accordance with Article 6 para. 1 sentence 1 letter f) GDPR in order to optimise this website and ensure convenient and unimpeded use. These cookies are only stored for the duration of your visit to this website. They are automatically deleted when you close your browser.

Secondly, “persistent cookies” are used to record information about visitors who regularly access this website. The reason for using these cookies is to be able to offer you optimum user guidance as well as to “recognise” you and to be able to present you with as varied a website and new content as possible during recurrent use.

When you access this website, a cookie banner will inform you that by using our website you consent to the use of cookies. The legal basis for the processing of personal data using cookies for analytical purposes is Article 6 para. 1 sentence 1 letter a) GDPR provided the user has given their consent. You of course have the possibility to deactivate the storage of cookies.

No individual profiling is performed on the basis of usage behavior. The contents of a persistent cookie are limited to an identification number. Your name, e-mail address, IP address etc. are not stored.

Cookie Settings

When clicked one trust preference center will be opened; same behavior of the cookie setting link in the footer

 

6. Social Media Links

Our website contains simple links to the following social media networks:

· Facebook (operated by: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)

· Twitter (operated by: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

· LinkedIn (operated by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

· Youtube (operated by: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

· Instagram, a Facebook product (operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)

· Pinterest (Operated by Pinterest Inc., 505 Brannan, San Francisco, California, USA)

In these cases, a transfer of data to the social media operators mentioned only takes place if the corresponding icon (e.g. the “f” of Facebook) is clicked. If you click on one of these icons, a page of the corresponding social media operator opens in a popup window. There, you can publish information about our products according to the regulations of the social media operator.

Furthermore, on some of the sites offered by us freely accessible content from the third-party provider Youtube is displayed. We do not transmit personal information to these third parties to display the content. YouTube has its own cookie and privacy policies which we do not control. Please inform yourself about the data collected by third-party providers from the respective provider.

 

7. Contact

You can contact us by e-mail, by phone, by social media or by post. The personal data provided by you (e.g. first and last name, e-mail address, telephone number, address, remarks, customer number) are processed exclusively for the technical administration of our website and for providing you the requested services or information.

The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b) GDPR and Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest here arises from the aim of answering your enquiries and thus maintaining and promoting your satisfaction as a customer or user of our website. Our legitimate interest consists of in particular ensuring a smooth process flow, processing customer requests, direct marketing of its own products and services and continuously improving them.

Provided that no statutory or contractual retention periods need to be observed, your request will be stored for a maximum of two years with the relevant controller as proof of proper processing and for the purpose of further optimising services.

Chat

We offer you a chat function. If you ask a question in the chat, one of our employees will answer your request. The following data are processed as part of the chat function:

· Name

· Role

· Language

· Country

· Email address

· Phone number

Depending on the conversation, further personal data of you may be collected. Furthermore, we save the history of the chats. This will save you from possible providing extensive explanations on the history of your inquiry as well as for constant quality control of our chat offer. If you do not wish to do so, you are welcome to let us know this by using the contact details listed above. Saved live chats will then be deleted by us immediately. We only store the chat history as long as it is necessary to process your request – and delete it automatically after one month at the latest. If you use the live chat outside of your service hours or if our employees are currently chatting with other customers, the live chat runs in the so-called offline mode (similar to a contact form). In this case we collect your first and last name as well as your e-mail address in order to address you politely with your name and to be able to answer your question by e-mail. It is also possible that you can send us a screenshot of your current browser window if required. In both cases (live chat and offline mode), the legal basis for recording is Art. 6 para. 1 sentence 1 lit b) GDPR – therefore we process your data for the purpose of fulfilling the contract or pre-contractual measures – i.e. to answer your query.

 

8. Google Maps

This website uses Google Maps (API), belonging to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive (country) maps in order to visually provide geographical information. You can use this service to see our location and make it easier for you to find us. When you access sub-pages that incorporate a Google Maps map, information about your use of our website (such as your IP address) is transmitted to and stored by Google on servers. This may also include a transfer and storage of data on servers in the United States. This is the case regardless of whether Google provides a user account that you are logged in to or whether no user account exists. When you are logged in to Google, your data will be directly mapped to your account. If you want to avoid this mapping to your profile at Google, you need to log out before activating the button.

Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such evaluation is carried out in particular pursuant to Article 6 para. 1 sentence 1 letter f) GDPR on the basis of Google’s legitimate interests in the insertion of personalised advertising, market research and/or demand-oriented design of its website.

For the location search, only the search address entered by the user is transferred. There is no link or storage between the search entry and the user.

If you do not agree to the future transmission of your data to Google in terms of the use of Google Maps, it is also possible to completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website cannot be used.

Data processing is performed on the basis of Article 6 para. 1 sentence 1 letter f) GDPR. We has a legitimate interest in visualising our online offers and easy findability of the locations we have indicated on the website.

Link to Google’s privacy policy

 

9. Google Tag Manager

We use Google Tag Manager, a web service provided by Google to manage website tags. The Google Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect personally identifiable information. The tool triggers other tags, which may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. You can read more about Tag Manager in the Google Tag Manager information.

 

10. Whatsapp

We will send you WhatsApp messages if you have consented to receive them or have accepted our privacy policy. Message and data rates may apply. If you do not wish to receive Whatsapp messages from us, please contact us

Note that by using WhatsApp you are also agreeing to WhatsApp’s specific Privacy and Terms, found at https://www.whatsapp.com/legal.

Privacy Policy

Facebook Fanpage Saloodo!

1. Introduction

We are pleased to welcome you to our Facebook fan page, thank you for your interest in our company, products and services. In the following document, we would like to inform you about certain issues related to data protection laws that apply when you visit our fan page.

· Our fan page was provided to us by Facebook in accordance with valid terms of use. Facebook is solely responsible for the technical operation of the fan page.

· We are solely responsible for the content that we post on the page.

· Your visit and your interaction on our fan page are tracked by Facebook. This information will be provided to us in anonymized form (as page insights). If you have a Facebook account, Facebook will process your data in accordance with Facebook’s own terms of use. If you are not a member of Facebook, your interactions on our fan page will be anonymously tracked and will also be provided to us in the form of statistical analysis (page insights). Both Facebook and we are jointly responsible for processing personal data in events related to page insights (insight data).

· Pursuant to the agreement between Facebook and us (a page insights addendum), every joint controller shall fulfill its information obligations on its own.

· You may exercise your rights as the data subject (see Item 4) by contacting the officer responsible for insights data. Should we receive an inquiry that falls into Facebook’s area of responsibility, we shall forward it to Facebook for further processing.

· We have no say in Facebook’s processing of the data. Furthermore, we possess no information regarding the degree, purposes and length of time that Facebook will store the data and possibly evaluate, link and transmit the information to third parties. If you would like to contact us directly, i.e. without the participation of Facebook, please use the contact details on our website.

· You will find additional information regarding data processing for which Facebook is solely responsible in Facebook’s data policy and cookie policy.

 

2. Who is responsible for data processing?

Saloodo! GmbH Siegburger Str. 191-193, 50679 Cologne, Germany, is responsible for the information it posts and also for its processing.

You can reach our data protection officer at

Deutsche Post AG

Corporate Data Protection

53250 Bonn

Germany

E-Mail: datenschutz@dpdhl.com

Facebook Ireland Ltd, 4 Grand Canal Harbour, Dublin 2, Ireland, and Deutsche Post AG are jointly responsible for processing the personal data in events for page insights (Insights data). Collective processing is based on an agreement between the joint controllers pursuant to Article 26 GDPR, which you can view at: Information on Page Insights

 

3. Which data do we process, and how and why do we process your data?

3.1 Data processing of page insights for statistical purposes
For our fan page, Facebook provides us with page insights. Page insights are anonymous statistics that are generated as a result of certain events and are tracked by Facebook when a fan page visitor such as you interacts on our fan page. We can use the page insights, which contain no personal data, to see which content is particularly accessed by which group of individuals. We can also use these data to optimize our fan page itself. This represents a legitimate interest for processing (processing of personal data in events for page insights). The legal basis for data processing related to page insight is Article 6 para. 1 sentence 1 letter f) GDPR. You can adjust your Facebook ad preference settings in your Facebook account.

3.2 Data processing resulting from contacting us and from other communications

We ourselves do not collect personal data when you get in touch with us by using a contact form or Messenger, among other options. This data is processed exclusively for the purpose of responding to the inquiry, for establishing contact, for the associated technical administration and, unless other statutory or contractual retention periods apply, will be used for a maximum of two years to prove correct and proper processing and for further optimization of services.

Our legitimate interest is to properly address your matter as quickly as possible. The legal basis for the processing is Article 6 para. 1 sentence 1 letter f) GDPR. If the contact is initiated for contract inception or conclusion, Article 6 para. 1 sentence 1 letter b) GDPR will serve as the legal basis. If you provide us with personal data on our fan page (e.g., as part of comments), this process shall be conducted on the basis of your consent in accordance with Article 6 para. 1 sentence 1 letter a) GDPR. You may revoke your consent at any time with effect for the future. If you would like to exchange personal data with us, we recommend that you contact our customer service.

Data is also collected for the purpose of holding and processing competitions. The respective details, such as which data is processed for which purpose, can be found in the data protection notices and terms and conditions of the respective competition.

3.3 Data processing for direct marketing purposes

We process personal data in order to inform you about our offers, innovations, products and services. Personal data are processed for direct marketing purposes within the context of our legitimate interests. The legal basis for this data processing is Article 6 para. 1 sentence 1 letter f) GDPR. You have the right at all times to object to the processing for direct marketing purposes (see Item 4). Once your objection has been expressed, your personal data shall no longer be processed for these purposes.

 

4. What rights do users have?

Under the GDPR, data subjects shall have the following rights:

· Under Article 15 GDPR, they have the right to receive information regarding the personal data that are processed by the respective controller

· They may request a rectification under Article 16 GDPR, provided that their data are not or are no longer correct.

· Under Article 17 GDPR, the data subjects may demand that their personal data be erased.

· Under Article 18 GDPR, they have the right to demand a restriction on the processing of their personal data.

· If the conditions of Article 20 (1) GDPR have been met, the data subjects have the right to receive their data in a structured, commonly used and machine-readable format.

· Under Article 77 (1) GDPR, they have the right to lodge a complaint with the responsible data-protection authority.

· Under Article 21 (2) GDPR, you may at any time object to the processing of your personal data for direct marketing purposes.

· Under Article 21 GDPR, the data subjects have the right to object, provided that their data are processed on the basis of a legitimate interest in terms of Article 6 (1)(f) GDPR (see Items 3.1 and 3.2) and provided that they can cite grounds relating to their own particular situation. You can lodge an objection with us by stating your contact details, the specific processing to which you are objecting, the grounds for objection arising from your particular situation and the name of the fan page.

or in the case of an objection to the processing of page insights for statistical purposes (see Item 3.1) with Facebook. Should we receive an inquiry that falls into Facebook’s area of responsibility, we shall forward it to Facebook for further processing.

If you wish to exercise data subject rights against Facebook, please contact Facebook Ireland Ltd., 4 Grand Canal Harbour, Dublin 2, Ireland. You may exercise these rights online by using the contact form provided on the Facebook site.

If you would like to exercise your rights as a data subject in dealings with us, please use the contact data included in Item 2.