§ 1 Information about the collection of personal data
(1) In the following we provide information about the collection of personal data when using our website. Personal data means any data that refers to you specifically, e. g. your name, address, email addresses and user behavior.
(2) The ‘Controller’ according to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Listan GmbH, Wilhelm-Bergner-Str. 11C, 21509 Glinde, Germany (see Imprint). You can contact our Data Protection Officer at
heyData GmbH
Schützenstraße 5
10117 Berlin
www.heydata.eu
datenschutz@heydata.eu
or by writing to our postal address with the addition “The Data Protection Officer.”
(3) When you make contact with us by email or use our contact form we will store the data you enter (your email address, your name and your telephone number) in order to reply to your query. The data you disclose to us in this connection is deleted as soon as it is no longer required, or after a statutory period of retention, as applicable.
(4) When it is necessary to use the services of contracted providers to provide specific features on our website or we wish to use your data for promotional purposes, we will inform you in detail below about the respective processes. We will also specify the fixed criteria for retention periods.
§ 2 Your rights
(1) You have the following rights with respect to our use of your personal data:
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. For this purpose you can contact the supervisory authority for our company location in Schleswig-Holstein. You will find the address on the internet using the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
§ 3 Personal data we collect when you visit our website
(1) When you view our website simply to obtain information, without registering or providing us with further information in any other way, we only collect the personal data your browser transfers to our server. When you view our website we collect the following items of data, which for us to display our website to you are technically necessary and ensure its stability and security (legal basis is Article 6 (1) point (f) of the GDPR):
These items of data are only stored for one week and then automatically deleted, with the exception of the IP address. This we save for a month, in order to investigate in retrospect in cases of a cyber-attack whether our internal systems were compromised.
(2) In addition to the data previously mentioned, when using our website cookies will be stored on your device, provided you consented to this. Cookies are small text files that are stored in a folder on your hard drive assigned by the browser you used and in which certain information is gathered (in this case as determined by us). With cookies it is not possible to execute a program or plant a virus on your device. They simply serve to make our website generally more user friendly and effective.
(3) The use of cookies:
a) When you use the website, cookies are stored in your computer system. Cookies are text files that are stored in the Internet browser or by the Internet browser in your computer system. When you access a website, a cookie may be stored in your operating system. This cookie contains a string of characters that enables the browser to be uniquely identified when the website is revisited.
b) There are different ways of distinguishing between cookies:
Firstly, a distinction is made between first and third party cookies, depending on where a cookie comes from: First-party cookies are cookies that are set and accessed by the operator of the website as the controller or by a processor commissioned by the operator. Third-party cookies are cookies that are set and accessed by controllers other than the website operator who are not acting as processors on behalf of the website operator.
In addition, a distinction can be made between transient and persistent cookies, depending on the validity period:
Transient cookies (session cookies) are cookies that are automatically deleted when you close your browser. Persistent cookies are cookies that remain stored on your terminal device for a certain period of time after you close the browser.nFurthermore, a distinction can be made between cookies that do not require consent and those that do:
Depending on their function and purpose, the use of certain cookies may require the consent of the user. In this respect, cookies can be differentiated according to whether the user’s consent is required for their use."
c) Your consent is given by means of a “cookie banner”:
When you access our website, we display a “cookie banner"". In our cookie banner, you can give your consent to the use of all cookies that require consent on this website by clicking on the “Accept all cookies” button. Without such consent, those cookies requiring consent will not be enabled. By clicking on the button “Accept only technically necessary cookies”, you can also completely reject the use of cookies that require your consent. This decision is stored in a cookie. Alternatively, you have the option of accessing our “cookie dashboard” by clicking on the “Information on the use of cookies” button. In the cookie dashboard, you can make an individual selection of cookies and customise them at a later date. We store your cookie settings in the form of a cookie on your terminal device in order to determine whether you have already made cookie settings when you return to the website.
Cookies required for the website to function cannot be disabled via the cookie management function of this website. However, you can generally disable these cookies in your browser at any time. Different browsers offer different ways to configure the cookie settings in the browser.
Further detailed information on this can be found, for example, by visiting: https://www.allaboutcookies.org/manage-cookies/. However, we would like to point out that some functions of the website may not work or may no longer work properly if you generally disable cookies in your browser."
§ 4 Additional functions and facilities of our website
(1) As well as the pure informational use of our website we offer various services that you can use if you are interested. As a rule you these require you to enter further personal data that we use to provide the respective service and for which the aforementioned principles of data protection apply.
(2) In some cases we use external service providers for processing your data. These suppliers are carefully selected and contracted by us, they are bound by our instructions and are regularly checked.
(3) In addition we may forward your personal data to third parties when promotions, competitions, contract conclusions or similar services are offered by us jointly with partners. You will obtain further information about this where you enter your personal data or below the description of the offer.
(4) When our service providers or partners are based in a country outside the European Economic Area (EEA) we will inform you of the implications of this circumstance in the description of our offer.
§ 5 Competitions
When we offer entry to a competition then we collect the personal data of participants, but purely for the purposes of conducting the competition. In this case the following information is obtained: last name, first name, date of birth, postal address, email address, IP address, telephone number. These items of data are necessary for age verification, communications, fraud detection and possibly the posting of a prize. This information is not given to third parties, unless when necessary for the purposes of informing a forwarding company to deliver a prize. After the competition is over the data is deleted, unless there is a mandatory period of retention.
§ 6 Newsletter
(1) You can give your consent by requesting our newsletter, with which we inform you about our latest and interesting offers. In the consent form it explains this is a promotion of goods and services.
(2) For registrations to our newsletter we use what is known as the double opt-in procedure. This means that after you apply online, we send an email to the email address you entered, within which we ask you to confirm your desire to receive newsletters. If we do not receive a confirmation within [24 hours], the information in your application is blocked and after a month is automatically deleted. Furthermore, we store the IP addresses used and the dates and times of registration and confirmation. The purpose of this is to provide evidence of your registration and, should it prove necessary, the ability to investigate possible abuses of your personal information.
(3) The only entry that is compulsory for receiving newsletters is your email address. The entry of further so designated fields is voluntary, but which enable us to address you in person. After your confirmation, we store your email address for the purposes of sending you newsletters. Legal basis is Article 6 (1) point (a) of the GDPR.
(4) Your consent for receiving newsletters may be revoked at any time and the newsletter unsubscribed. Revocation can be achieved by a click on a link included in the email of every newsletter or by writing to us declaring your wish to unsubscribe using any of contact options in the Imprint.
(5) In addition, you can also give your consent for us to evaluate your user behavior when sending the newsletter. In order to achieve this analysis the email contains what are known as web beacons or pixel tags, which loads an image file consisting of a single pixel that is stored on our website. We combine the data specified in § 3 with the web beacon, your email address and an ID uniquely allocated to you. The links contained in the newsletter also refer to this ID. Using this information we compile a user profile, which enables us to tailor our offers to your individual interests. We also record when you read our newsletter, which links inside it you click on and deduce from this what interests you. We combine this information with your activity while using our website. You may object to this tracking at any time, by contacting us. This information is stored for as long as you are subscribed for the newsletter. After you unsubscribe we store the information statically and anonymously. Such tracking is not possible if you have configured your email client to not show images by default. In that case the newsletter is not entirely displayed and you will perhaps not be able use all of its functions. When you manually override this setting and permit images to be shown, the tracking described above will proceed.
(6) We use the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany, to process orders for the dispatch of our newsletter.
§ 7 Refusal or withdrawal of your permission for processing your data
(1) If you have given your permission for us to process your data, you can withdraw it at any time. Such a withdrawal influences whether processing of your personal data is permissible once you have notified us.
(2) If we justify the processing of your personal data by weighing interests, you can refuse processing. This is particularly the case when processing is not required to fulfil a contract with you, which we outline along with a description of the function. When exercising such a refusal, we ask you to provide reasons why you do not wish us to process your personal data as we normally do. If your refusal is justified, we will review the current situation and either cease or adjust our data processing, or will provide you with compelling and legitimate grounds for our continuing to do so.
(3) You can of course object to processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of any objections you have to advertising by writing an email to: v.wodianka@schlutius-privacy.de
§ 8 Use of Google Analytics
(1) This website, provided you give your consent, uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses what are known as “cookies”, which are text files that are saved on your device and permit analysis of your use of the website. The information generated by the cookie about your use of this website is normally transferred to and saved on a Google server in the USA. If this website uses IP anonymization, your IP address is truncated in advance by Google within the Member States of the European Union or other signatories of the European Economic Area. Only in exceptional cases is a full IP address transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate use of the website, to summarize reports about website activity and to provide other services associated with the usage of the website and the internet for the website operator.
(2) The IP address transferred by the browser as a part of Google Analytics is not combined with other data by Google.
(3) You can prevent cookies being saved with the appropriate setting in your browser software; however, please note that in this case you may not be able to use all the functions of this website. Furthermore, you can prevent Google collecting and processing the data related to your use of the website recorded by the cookie (incl. your IP address), by downloading and installing a browser plugin that is available using the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This forces IP addresses to be abbreviated before they are processed, preventing any personal attribution. Insofar as any data could be attributed to a person, such personal data is excluded and deleted immediately.
(5) We use Google Analytics in order to analyze the usage of our website and improve it regularly. The statistics we obtain help us to improve our offer and make it more interesting for you as user. Legal basis for the use of Google Analytics is Article 6 (1) point (f) of the GDPR. Use of this tool may involve transfers of personal data to the U.S. or other third countries. To ensure an adequate degree of protection in this case, we have agreed to the validity of EU standard contractual clauses with Intuition Machines, Inc., which provide the legal basis for these kinds of transfers.
(6) Third-party provider details: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms and conditions of use: http://www.google.com/analytics/terms/us.html
Privacy and terms: https://policies.google.com/?hl=en
Privacy policy https://policies.google.com/privacy?hl=en.
(7) This website uses Google Analytics to analyze visitor traffic across devices via a user ID. You can deactivate analysis of your usage across devices in your Google-customer account under “My Data” / “Personal Data”.
§ 9 Chat function
When you make contact with us with the website’s chat function, this is achieved using the live chat software of the company Userlike UG (limited liability) based in Cologne. When you start to use this feature on the website, a connection is established with the servers of Userlike UG. In so doing Userlike will store your IP address and – provided you have consented to this – save cookies on your device in order to make a personal conversation with you possible in the form of a real time chat on the website. You can prevent the saving of cookies by withdrawal of your consent or with the respective settings in your browser software; in that case it is possible that the full scope of the chat feature and other functions of this website may no longer be available to you. The following data is collected, processed and stored:
The data collected will not be used to personally identify the visitor to this website and not combined with personal data on the bearer of a pseudonym. The data will also be stored by Userlike UG. We delete the data we keep after six weeks. Further information about how Userlike UG conforms to the data protection regulations can be learned by viewing the privacy notice of Userlike UG at https://www.userlike.com/en/terms#privacy-policy.
§ 10 Social media
1. Integration of YouTube videos
(1) We have, provided you granted your consent, embedded YouTube videos into our website that are stored on https://www.YouTube.com and can be played directly on our webpages. These videos are all embedded using “Extended Data Protection Mode”, which means no data about you is transmitted to YouTube unless you play the videos. Only then will the data described in § 3 be transmitted. We have no influence over this data transfer.
(2) By your viewing YouTube will be informed that the corresponding page of our website was visited. The data mentioned in § 3 is then transmitted. This will occur regardless of whether you are logged in to a YouTube user account or if you have no user account. If you are logged into Google, your data will be directly assigned to your account. If you don’t want the information assigned directly to your profile with YouTube, you will have to log out before activating the play button. YouTube stores your data as a usage profile and uses it for advertising, market research, and user-friendly configuration of its website. Such evaluation serves (as well as for users who are not logged in) the purpose of providing customized needs-based advertising and in order to inform other users in the social network of your activities on our website. You have the right to deny permission for such a user profile to be formed, but in order to assert this right you must contact YouTube.
(3) Further information on the purpose and scope of data collection and its processing by YouTube can be found in its data protection declaration. There you will also receive further information on your rights and setting options for protecting your privacy: https://policies.google.com/privacy?hl=en. Use of this tool may involve transfers of personal data to the U.S. or other third countries. To ensure an adequate degree of protection in this case, we have agreed to the validity of EU standard contractual clauses with Intuition Machines, Inc., which provide the legal basis for these kinds of transfers.
2.) Facebook fan page
We run our official Facebook fan page at www.facebook.com/Xilence. The technical provider for it is Facebook Inc., located at 1601 S. California Avenue, Palo Alto, CA 94304, USA. Facebook utilizes a tool called “Page Insights” to provide information regarding, amongst other things, reach and interaction rates of the fan page. Find detailed information about the functionality of “Page Insights” here.
Based on a verdict by the European Court of Justice from June 5th 2018 (Az. C-210/16) we share responsibility for the contents on our fan page with Facebook. According to article 26 GDPR this leads to an agreement between Facebook and ourselves, a so called “Joint Controllership”. Find detailed information about this agreement here.
Legal basis for the handling and processing of personal data by the “Page Insights” tool is article 6, paragraph 1, lit. f of GDPR. The responsible supervisory authority for user complaints about our Facebook fan page is, in compliance with the abovementioned agreement, the Irish Data Protection Commission.
§ 11 Online advertising
1. Use of Google AdWords Conversion
(1) We use the services of Google Adwords, provided you grant your consent, to bring attention to our attractive offers with ads (known as Google Adwords) on external websites. We can determine from data about our ad campaigns the success of individual advertising measures. We do this in the interests of showing you ads that are of interest to you, to make our website more interesting for you and to achieve a fair reckoning of advertising costs.
(2) Google delivers these ads with what are known as “ad servers”. We also use ad server cookies from which we determine certain parameters of success, such as the placement of ads or clicks by the user. If you come to our website from a Google ad, Google Adwords will save a cookie on your device. These cookies usually lose their validity after 30 days and are not intended to identify you personally. Stored inside this cookie are analysis data such as a unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (indication that the user no longer wants to be targeted).
(3) These cookies enable Google to treat your browser views as a session. If a user visits certain pages of the website of an AdWords customer and the cookie stored on his computer has not yet expired, Google and the customer can tell that the user clicked on the ad and was redirected to the page. A different cookie is assigned for every AdWords customer. Cookies cannot be tracked by the websites of AdWords customers. We ourselves do not collect or process any personal data using these advertising measures. We only receive statistical analyses made available by Google. With these analyses we are able to determine which of our advertising measures are especially effective. We do not receive any further data about the use of advertisements and, in particular, we are unable to identify users on the basis of this data.
(4) Due to the nature of the marketing tool, your browser automatically establishes a direct connection with Google’s server. We have no influence over the scope and further use of data collected from Google’s use of this tool and therefore the following information reflects our current knowledge: By the integration of AdWords Conversion, Google receives the information that you have visited that part of our website or clicked on one of our ads. If you are registered for a Google service, Google is able to attribute the visit to your account. If you are not registered with Google or are not logged in, it remains possible for the provider to discover and store your IP address.
(5) You can inhibit participation in this tracking process in several ways: a) by changing the settings in your browser software, in particular, suppression of third-party cookies will mean you no longer receive ads from third-party vendors; b) by deactivating the cookies for conversion tracking by configuring your browser in such a way that cookies from the domain “googleadservices.com” are blocked (see https://adssettings.google.com), however, such blocking is lost if you delete all cookies; c) by deactivating the vendor’s interest-themed ads that are part of the DAA self-regulation campaign “Web Choices” (see http://optout.aboutads.info/?c=2&lang=EN) , however, this option is lost if you delete all cookies; d) by permanent deactivation plugin for browsers Firefox, Internet Explorer and Google Chrome available at https://support.google.com/ads/answer/7395996?hl=en. Please note that if you do this you may not be able to use all features of this website to their full extent.
(6) The legal basis for processing your data is Article 6 (1) point (f) of the GDPR. You can find additional information about Google’s data protection policies here: https://policies.google.com/privacy?hl=en and https://services.google.com/sitestats/en.html. Alternatively, visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Use of this tool may involve transfers of personal data to the U.S. or other third countries. To ensure an adequate degree of protection in this case, we have agreed to the validity of EU standard contractual clauses with Intuition Machines, Inc., which provide the legal basis for these kinds of transfers.
§ 12 Google Fonts
Our website uses Google Fonts (formerly Google Web Fonts), a package of fonts provided by Google, for the uniform display of fonts. When you visit the website, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly. This external call causes data to be transmitted to Google. In addition, Google will be notified that our website has been accessed through your IP address. The use of Google Fonts is in the interest of a uniform and appealing presentation of fonts on our website. The legal basis for the use of Google Fonts is art. 6 para. 1 s. 1 lit. GDPR.
If your browser does not support Google Fonts, a default font will be used.
For more information about Google Fonts, see https://fonts.google.com/ and the https://policies.google.com/privacy in Google's Privacy Policy. Use of this tool may involve transfers of personal data to the U.S. or other third countries. To ensure an adequate degree of protection in this case, we have agreed to the validity of EU standard contractual clauses with Intuition Machines, Inc., which provide the legal basis for these kinds of transfers.
§ 13 Use of hCaptcha
We use the tool ‘hCaptcha’ provided by Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, U.S. on our website. The tool checks whether entries on our website are made by a human or fraudulently through automated machine processing, and is consequently particularly used in relation to forms. The tool uses the following data to ensure that an action is performed by a human and not an automated bot: IP address of the used device, identification data for the used browser and operating system type, date and duration of the visit and user behaviour, e.g. mouse movements or other searches. This process is solely used to protect our website against spam, DDoS attacks and similar automated malicious access.
We use the tool ‘hCaptcha’ on the legal basis of Art. 6(1)(1) lit. f GDPR, namely our legitimate interest in a technically faultless website and its cost-effective design and optimisation.
Use of this tool may involve transfers of personal data to the U.S. or other third countries. To ensure an adequate degree of protection in this case, we have agreed to the validity of EU standard contractual clauses with Intuition Machines, Inc., which provide the legal basis for these kinds of transfers.
You can find more information on how the tool ‘hCaptcha’ uses your data in the Intuition Machines, Inc. privacy policy at https://www.hcaptcha.com/privacy