Privacy policy

We are flattered about your interest in our company. Data protection has a particularly high priority for the management of Picture Framing GmbH.  

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the country-specific data protection regulations applicable to the Picture Framing GmbH. By means of this data protection declaration, our company would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by this data protection declaration.

As the controller, the Picture Framing GmbH has implemented numerous technical and organizational measures to ensure the most seamless protection of personal data processed through this website. However, Internet-based data transmissions can always be vulnerable to security risks, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

This privacy policy provides detailed information about how we process your personal data. This applies to all offers of Picture Framing GmbH as well as the website you are visiting right now. If you use our online store, our Dynamic Video service or our Mozaik app, as well as the associated web app, supplementary conditions apply in addition to this privacy policy, which you will find at the end.

We also offer our customers the option to receive an AVV from us. If this is relevant for you, you are welcome to request it via chat on our website or via e-mail at datenschutz@mozaik-app.com.

We are also available to answer any questions you may have on the subject of data protection. Please feel free to contact us and our data protection officer here. Again, contact is possible via chat on our website or by e-mail at datenschutz@mozaik-app.com.

1. Definitions

The data protection declaration of Picture Framing GmbH is based on the terms used by the European Directive and Ordinance when issuing the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this Privacy Policy:

‍

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be directly or indirectly be identified by a paticular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‍

Data Subject

The data subject is any identified or identifiable natural person whose personal data is processed by the controller.

‍

Processing

Processing means any operation or set of operations which are performed upon personal data, whether or not by automatic means, such as collecting, recording, organizing, filing, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destructing.

‍

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

‍

Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

‍

Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

‍

Controller or person responsible for the processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

‍

Processor

Processor means a natural or legal person, public authority, agency or other that processes personal data on behalf of the Controller.

‍

Recipient

A recipient is a natural or legal person, public authority, agency or other to whom personal data is disclosed, whether they a third party or not. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.

‍

Third Party

Third party means a natural or legal person, public authority, agency or other, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

‍

Consent

Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

‍

2. Name and address of the controller

The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature, is:

‍

Picture Framing GmbH
Managing Directors: Neele de Vries and David Knöbl
Eichenstraße 15
87648 Aitrang

‍

3. Contacting the person in charge  

If you have any questions regarding the collection and use of your personal data, or if you wish to request information, correction, blocking or deletion of data, please contact us in writing:

‍

Picture Framing GmbH
Managing Director: Neele de Vries or David Knöbl
Eichenstraße 15
87648 Aitrang

Phone: +49 8343 7859994
E-mail: datenschutz@mozaik-app.com

‍

4. Data protection officer

We have appointed a data protection officer for our company. Any data subject may also contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

‍

cona consulting GmbH
Hirschdorfer Str. 27a
87493 Lauben
Germany

Phone: +49 831 52389797
E-mail: johannes.landerer@cona-consulting.com

‍

5. Description and scope of data processing

On the one hand, your data is collected by you providing it to us. On the other hand, data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data. This data is collected automatically as soon as you enter this website. We process the following types of data:

• Inventory data (e.g. names, addresses)
• Contact details (e.g. e-mail, telephone numbers)
• Content data (e.g. text inputs, photographs, videos, inputs for testing the software)
• Usage data (e.g. web pages visited, interest in content, access times)
• Meta/communication data (e.g. device information, IP addresses)

The data processing is carried out for the following purposes:

• Error-free provision of the website and the online offer, the respective functions and contents
• Responding to contact requests and communicating with users
• Safety measures
• User behavior analysis/reach measurement/marketing
• Operation and maintenance purposes

‍

6. Legal basis of the processing

If the legal basis is not stated in our privacy policy, the following applies: Art. 6 I lit. a GDPR serves as the legal basis for our company regarding processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract, the data subject is a party of, the processing is based on Art. 6 I lit. b GDPR. For example, with processing operations that are necessary for a delivery of goods or the provision of another service. The same applies to processing operations that are necessary for implementing pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. For example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Lastly, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the mentioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted because they were specifically mentioned by the European legislator. In this respect, it takes the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

‍

7. Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (order processors and/or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is required for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR), your consent, a legal obligation that provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.

‍

8. Storage period

Unless a more specific storage period was specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in which case the data will be deleted once these reasons no longer apply.

‍

9. Data transfer to third countries

Tools from companies based in the USA or other third countries that are not secure under data protection law are integrated into our website. If these tools are active, your personal data might be transferred to and processed in, these third countries. We would like to point out that no level of data protection comparable to the EU can be guaranteed in these countries. US companies for example are obliged to hand over personal data to security authorities without the data subject being able to take legal action against this. Therefore it cannot be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Data processed in a third country by us (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or data processed by the use of third-party services or disclosed or transfered to third parties, only will occurs if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met, i.e. the processing is carried out, for example on the basis of special guarantees or in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

‍

10. Hosting and content delivery networks (CDN)

This website and our offered services are hosted by external service providers (hosters). The personal data collected on this website or through our services are stored on the host's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website or app accesses and other data generated via our website or one of our services.

The host is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b. GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f. GDPR).

Our hosts will only process your data to the extent necessary to fulfill their service obligations and follow our instructions regarding this data.

We use the following hosts:

• 1&1 Internet SE, Eigendorferstr. 57, 86410 Montabaur, Germany
• Strato AG, Pascalstraße 10, 10587 Berlin, Germany
• Contabo GmbH, Aschauer Straße 31a, 81549 Munich, Germany
• marbis GmbH, Griesbachstraße 10, 76185 Karlsruhe, Germany
• Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany
• Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany
• IBM Corporation, 1 New Orchard Road Armonk, New York 10504-1722 United States (Server location: Nuremberg/Frankfurt a. Main, Germany
• Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399 USA (Server location: Frankfurt a. Main, Germany)
• Kinsta Inc, 8605 Santa Monica Blvd #92581, West Hollywood, CA 90069, USA (Server location: Frankfurt a. Main, Germany)

To ensure data protection-compliant processing, we have concluded an order processing agreement with our hosts.

‍

11. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us, as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, your transmitted data cannot be read by third parties.

‍

12. Cookies

Our website uses cookies. ''Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, ("session cookies" or "transient cookies") are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie may store the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users visit after several days. Likewise, the interests of users can be stored in a cookie, which is then used for range measurement or marketing purposes. In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies) or to optimize the website are stored on the basis of Art. 6 (1) lit. f. GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to store cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a. GDPR); consent can be revoked at any time.

If you do not want cookies to be stored on your computer, you can disable the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this website and/or our online offer.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that in this case not all functions of this website and/or our online offer can be used.

If cookies are used by third-party companies or for analysing purposes, we will inform you separately within the framework of this data protection declaration and, if necessary, request your consent.

‍

Cookiebot

The web service of the company Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter: cookiebot) is reloaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to cookiebot. The legal basis for the data processing is Art. 6 para. 1 lit. f. GDPR. We have a legitimate interest in the error-free functioning of our website.

You can prevent the collection as well as the processing of your data by cookiebot by disabling the execution of script code in your browser or by installing a script blocker in your browser.

For more information on the handling of the transmitted data, please refer to the privacy policy of cookiebot: https://www.cookiebot.com/de/privacy-policy/  

‍

13. Server log files

We, or our hosting providers, collect data on the basis of our legitimate interests within the realms of Art. 6 para. 1 lit. f. GDPR. We collect data about every access to the server on which our services are located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files have to be collected for this purpose. Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

‍

14. Newsletter subscription

We only send you newsletters, e-mails and other electronic notifications with promotional information (hereinafter referred to as "newsletter") with your consent or legal permission. If the contents of a newsletter are specifically described in the registration, they are decisive for the consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to provide a name, for the purpose of personal address in the newsletter.

Registration for our newsletter takes place in a so-called double opt-in process, i.e. after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are recorded, in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are recorded.

The dispatch of the newsletter and the associated performance measurement is based on the recipients content pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 No. 3 UWG or on the basis of the legal permission pursuant to § 7 para. 3 UWG.

The documentation of the registration process is based on our legitimate interests pursuant to Art. 6 (1) lit. f. GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves our business interests, but also meets the users expectations, furthermore allowing us to prove consent.

You can cancel receiving our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove formerly given consent. This data processing is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list (so-called "block list") for this purpose alone.

The newsletter is sent by means of the dispatch service provider "MailChimp", a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the their privacy policy here: https://mailchimp.com/legal/privacy/. The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR and a contract processing agreement pursuant to Art. 28 para. 3 p. 1 GDPR.

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletters or to use them for statistical purposes. However, the dispatch service provider does not use our newsletter recipients data to write to them or to pass the data on to third parties.

‍

15. Contact form

If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b. GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if that has been requested.

The data you enter into the contact form will remain with us until you request its deletion, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

‍

16. Contact by e-mail, telephone, fax, audio conference, video conference and chat function

If you contact us by e-mail, chat function, telephone or fax, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. The data may be stored in a customer relationship management system ("CRM system") or an comparable inquiry organization.

The processing of this data is based on Art. 6 (1) lit. b. GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if that has been requested.

The data you send to us via contact requests will remain with us until you request its deletion, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

‍

Audio and video conferencing, automated chatbot

To communicate with our customers, we use online conferencing tools and an automated chatbot, among other tools. The tools we use in detail are listed below. If you communicate with us via video or audio conference or chatbot via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools thereby collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "context information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required to handle online communication. This particularly includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, it is also stored on the servers of the tool providers. Such content particularly includes cloud recordings, chat/ instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of the service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 p. 1 lit. b. GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR). As far as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.

The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request its deletion, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, stored by the conference tool operators, for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used:

We use the following conferencing tools:

‍

Google Meet

We use Google Meet, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on data processing, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.

We have concluded an order processing agreement with the Google Meet provider and fully implement the strict requirements of the German data protection authorities when using Google Meet.

The legal basis for the data processing is Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in making it as uncomplicated as possible to arrange appointments with interested parties and customers. If consent has been requested, Art. 6 para. 1 lit. a. GDPR is the legal basis for data processing; consent can be revoked at any time.

‍

Calendly

You can schedule appointments with us on our website. We use the tool "Calendly" for booking appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter "Calendly").

For the purpose of booking an appointment, enter the requested data and the desired date in the mask provided. The data entered will be used for the planning, execution and, if necessary, follow-up of the appointment.

The legal basis for the data processing is Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in making it as uncomplicated as possible to arrange appointments with interested parties and customers. If consent has been requested, Art. 6 para. 1 lit. a. GDPR is the legal basis for data processing; consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa.  

We have concluded an order processing contract with Calendly. This is a contract required by data protection law, which ensures that Calendly only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

‍

VYTE

We use the Vyte tool for scheduling and making appointments. Vyte is a service of 33 Av. du Maine, 75015 Paris, France.  

The legal basis for the data processing is Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in making it as uncomplicated as possible to arrange appointments with interested parties and customers. If consent has been requested, Art. 6 para. 1 lit. a. GDPR is the legal basis for data processing; consent can be revoked at any time.

For details, see Vyte's privacy policy: https://blog.vyte.in/privacy-policy/

‍

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as Hubspot CRM).

Among other things, Hubspot CRM enables us to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to record, sort, and analyze customer interactions via email, social media, or telephone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.

The use of Hubspot CRM is based on Art. 6 (1) lit. f. GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

For details, see Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy.  

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.  

We have concluded an order processing contract with Hubspot CRM. This is a contract required by data protection law, which ensures that Hubspot CRM only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

‍

Vitas

We use the telephone assistant from Vitas. The provider is VITAS GmbH, Zollhof 7, 90443 Nuremberg.

Vitas' telephone assistant allows us to answer your telephone inquiries in an automated manner by automatically requesting initial information or forwarding it internally to ensure a quick turnaround.  

The use of Vita's telephone assistant is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in providing the most efficient customer service possible and answering customer inquiries by telephone. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

For details, see Vitas' privacy policy: https://www.vitas.ai/datenschutz

‍

Microsoft Teams

We use the Microsoft Teams tool to conduct conference calls, online meetings, video conferences and/or webinars. Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399, USA. When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the data you provide before or during the participation in an online conference.

The legal basis for data processing is Art. 6 (1) lit. f. GDPR. The website operator has a legitimate interest in conducting online conferences with interested parties and customers as effortlessly as possible. If consent has been requested, Art. 6 para. 1 lit. a. GDPR is the legal basis for data processing; consent can be revoked at any time.

For details, see Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement  

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.  

We have concluded an order processing contract with Microsoft, required by data protection law, which ensures that Microsoft only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

‍

Zoom

We use the Zoom tool to conduct conference calls, online meetings, video conferences and/or webinars. Zoom is a service provided by Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA. When using Zoom, different types of data are processed. The processing also depends on how many and which details the participants of online conferences provide.

The legal basis for data processing is Art. 6 (1) lit. f. GDPR. The website operator has a legitimate interest in conducting online conferences with interested parties and customers as effortlessly as possible. If consent has been requested, Art. 6 para. 1 lit. a. GDPR is the legal basis for data processing; consent can be revoked at any time.

For details, see Zoom's privacy policy: https://explore.zoom.us/de/privacy/  

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.  

We have concluded an order processing contract with Zoom. This is a contract required by data protection law, which ensures that Zoom only processes the personal data of our website's visitors according to our instructions and in compliance with the GDPR.

‍

Whereby

We use the tool Whereby to conduct conference calls, online meetings, video conferences and/or webinars. Whereby is a service provided by Whereby AS, Gate 1 107, 6700 Måløy, Norway. When using Whereby, different types of data are processed. The processing also depends on how much and what information the participants of online conferences provide.

The legal basis for data processing is Art. 6 (1) lit. f. GDPR. The website operator has a legitimate interest in conducting online conferences with interested parties and customers as effortlessly as possible. If consent has been requested, Art. 6 para. 1 lit. a. GDPR is the legal basis for data processing; consent can be revoked at any time.

For details, see Whereby's privacy policy: https://whereby.com/information/tos/privacy-policy/.

We have concluded an order processing contract with Whereby. This is a contract required by data protection law, which ensures that Whereby only processes the personal data of our website's visitors according to our instructions and in compliance with the GDPR.

‍

17. Registration on this website

You can register on this website to use additional functions on the site. We only use the entered data for purposes of use regarding the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.

For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you.

The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b. GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

‍

18. Social media

We use social plug-ins on our website and in our other services on the basis of Art. 6 (1) p. 1 lit. f. GDPR. These enable interaction with social networks or other external platforms directly via our website or other services. The underlying promotional purpose is to be considered a legitimate interest within the realms of the GDPR. The responsibility for a data protection-compliant operation is to be ensured by their respective providers. The integration of these plug-ins takes place using the so-called two-click method in order to protect you to our best ability. The interaction as well as the information collected via this application are always subject to the set privacy settings for the respective social network.

Social plug-ins may continue to collect web traffic data for the services from which they originate, even if users do not use those services.

It is recommended to log out of the respective services to ensure that the processed data is not reconnected to the user's profile through this application.

‍

Facebook Plugins (Like & Share Button)

Plugins of the social network Facebook are integrated on this website. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, the data collected is also transferred to the USA and other third countries, according to Facebook.

You can recognize the Facebook plugins by the Facebook logo or the "Like" button on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE.  

When you visit this website, a direct connection between your browser and the Facebook server is established via the plugin. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website on your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.  

If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account.

The use of Facebook plugins is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

We and Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland are jointly responsible (Art. 26 GDPR) for the personal data, collected on our website with the help of the described tool and forwarded to Facebook. The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.  

According to this agreement, we are responsible for providing privacy information regarding Facebook, when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transfer's to the USA are based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum,https://de-de.facebook.com/help/566994660333381 and here https://www.facebook.com/policy.php.  

‍

Twitter Plugin

Functions of the Twitter service are integrated on this website. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the transmitted data's content or its use by Twitter. For more information, please refer to Twitter's privacy policy at: https://twitter.com/de/privacy.  

The use of the Twitter plugin is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

Data transfer's to the USA are based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.  

You can change your privacy settings on Twitter in your account settings at https://twitter.com/account/settings.  

‍

Instagram Plugin

Functions of the Instagram service are integrated on this website. These functions are offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the transmitted data's content or its use by Instagram.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and here https://de-de.facebook.com/help/566994660333381.  

For more information, please see Instagram's privacy policy: https://instagram.com/about/legal/privacy/.  

‍

LinkedIn Plugin

This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time you access a page of this website that contains functions of LinkedIn, a connection to servers of LinkedIn is established. LinkedIn is informed that you have visited this website with your IP address. If you click the "Recommend Button" of LinkedIn and are logged into your LinkedIn account, it is possible for LinkedIn to assign your visit to this website to you and your user account. We would like to point out that we as the provider of the pages have no knowledge of the transmitted data's content and its use by LinkedIn.

The use of the LinkedIn plugin is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de  

For more information, please see LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

‍

Xing Plugin

Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Each time one of our pages containing XING functions is called up, a connection to XING servers is established. As far as we are aware, no personal data is stored. In particular, no IP addresses are stored or usage behavior evaluated.

The use of the XING plugin is based on Art. 6 (1) lit. f. GDPR. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media.

For further information on data protection and the XING Share button, please refer to XING's privacy policy at: https://www.xing.com/app/share?op=data_protection.

‍

Pinterest Plugin

On our site, we use social plugins of the social network Pinterest, which is operated by Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103-490, USA ("Pinterest").

When you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the visited websites that contain Pinterest functions, type and settings of the browser, date and time of the request, your usage of Pinterest as well as cookies.

The use of the Pinterest plugin is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in the widest possible visibility in social media.

For more information on the purpose, scope and further processing and on the use of the data by Pinterest, as well as on your rights in this regard and on options for protecting your privacy, please refer to the Pinterest privacy policy: https://about.pinterest.com/de/privacy-policy.  

‍

19. Analysis tools and advertising

‍

Segment

This website uses the software of Segment, a service of Segment.io Inc, 100 California St Suite 700, San Francisco, CA 94111, USA (hereinafter "Segment").

Segment helps us manage the data collected by the third-party providers using the tools described below and stores data in pseudonymous usage profiles. These usage profiles are used to analyze visitor behavior and are evaluated to improve our offer. Cookies may be used for this purpose, which enable recognition when our website is visited again. The pseudonymized usage profiles are not combined with personal data about the bearer of the pseudonym without a separate, explicit consent.

The legal basis for the use of Segment is Art. 6 para. 1 lit. f. GDPR. Our legitimate interest lies in the evaluation of the use of our website.

To object to cookie-based processing of Segment usage, you can suppress the storage of the cookie via your browser settings.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For more information, please refer to Segment.io's privacy policy and data protection guidelines: https://segment.com/docs/legal/privacy/.  

‍

Mixpanel

This website uses the software of Mixpanel, provider is Mixpanel Inc, One Front Street, 28th Floor, San Francisco, CA 94111, USA.  

Mixpanel is a company for business analytic services. We use Mixpanel's software to track user interactions on our web and mobile applications.

The legal basis for the use of Segment is Art. 6 para. 1 lit. f. GDPR. Our legitimate interest lies in the evaluation of the use of our website.

For more information on data collection and processing by Mixpanel, please see the Privacy Policy: https://mixpanel.com/legal/privacy-policy/

‍

Google Tag Manager

We use the Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, store cookies or perform any independent analyses. It only serves to manage and play out the tools integrated through it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6 (1) lit. f. GDPR. The website operator has a legitimate interest in a fast and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

‍

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, duration of visits, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this analysis tool is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) a. GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.  

We have activated the IP anonymization function on this website. That means that your IP address is shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area, before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.  

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.  

We have concluded an order processing agreement with Google and we fully implement the strict requirements of the German data protection authorities when using Google Analytics.

‍

Google Analytics E-commerce Tracking

This website uses the "e-commerce tracking" function of Google Analytics. With the help of e-commerce tracking, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarized by Google under a transaction ID, which is assigned to the respective user or his device.

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

‍

IONOS WebAnalytics

This website uses the analysis services of IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D - 56410 Montabaur. Visitor numbers and behavior (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. from which page the visitor comes), visitor locations and technical data (browser and operating system versions) can be analyzed as part of the analyses with IONOS. For this purpose, IONOS particularly stores the following data:

• Referrer (previously visited website)
• Requested web page or file
• Browser type and version
• Operating system used
• Device type used
• Time of access
• IP address in anonymized form (used only to determine the location of access)

According to IONOS, the data collection is completely anonymized, so that it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in the statistical analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

For more information on data collection and processing by IONOS WebAnalytics, please refer to the IONOS privacy statement at the following link:

https://www.ionos.de/terms-gtc/index.php?id=6  

We have concluded an order processing contract with IONOS. This contract is intended to ensure data protection-compliant handling of your personal data by IONOS.

‍

Google Ads

The website operator uses Google Ads, which is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks.

The use of Google Ads is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in marketing its service products as effectively as possible.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and here https://privacy.google.com/businesses/controllerterms/mccs/.  

‍

Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, the collected data is also transferred to the USA and other third countries, acccording to Facebook.

This allows the behavior of page visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

For us as the operator of this website the collected data is anonymous and we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible. Facebook can use the data for its own advertising purposes, according to the Facebook data usage policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of Facebook Pixel is based on Art. 6 (1) lit. f. GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a. GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and here https://de-de.facebook.com/help/566994660333381.  

You can find more information about protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.  

You can also disable the remarketing feature ''Custom Audiences'' in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.  

‍

LinkedIn Insight Tag

This website uses the Insight Tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag, we obtain information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g., career level, company size, country, location, industry, and job title) and thus better tailor our site to the respective target groups. Furthermore, we can use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be done across devices (e.g., PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted off-site advertising to visitors to our website, whereby no identification of the advertising addressee takes place, according to LinkedIn.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of the website visitors on its servers in the USA and use them in the context of its own advertising measures. For details, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.  

The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a. GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and here https://www.linkedin.com/legal/l/eu-sccs.  

You can object to the analysis of the usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.  

LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To avoid a link between data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

We have concluded an order processing agreement with LinkedIn.

‍

Analysis and optimization service Hotjar

We use Hotjar, an analysis software of Hotjar Ltd, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta ("Hotjar"). With the help of the information obtained thanks to Hotjar, we can analyze and improve the use of our online offer.

For this purpose alone, data of the users of our online offer are stored and evaluated. We use Hotjar to analyze our online offer, not the individual users. Therefore the users' data is pseudonymized and processed within the European Union on the basis of the order processing agreement offered by Hotjar. User input, e.g. in forms or button presses, is not processed, i.e. neither stored by Hotjar nor transmitted to Hotjar (unless this input is recognizably intended for users for evaluation purposes, such as in feedback forms).

For the before purposes, Hotjar stores cookies with a pseudonymous identification number on users' devices and evaluates them. The cookies that Hotjar uses have different "lifetimes"; some remain valid for up to 365 days, and some only remain valid for the current visit.

The processed data of the users in particular include:

• Devices and metadata: IP address of the terminal device (it is collected and stored in anonymized format form), resolution of the screen/displays of the terminal device screen, type of terminal device (individual terminal device identifiers), operating system, and browser type, referring URL and domain;
• geographic location (country only);
• Usage data and log data: Date and time when the online offer was accessed, preferred language, user interactions such as mouse events (movements, position and clicks), keystrokes, web pages accessed and interactions with their content and functions.
• Content data: Input in the context of surveys and feedback forms. If we ask users for consent (e.g. in the context of a cookie consent), the legal basis is Art. 6 para. 1 lit. a. GDPR. Otherwise, the users' personal data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR).

Users can prevent the collection of data by Hotjar by using their browser's Do-Not-Track settings or by clicking this link and following the instructions there: https://www.hotjar.com/legal/compliance/opt-out.

Hotjar Privacy Policy: https://www.hotjar.com/legal/policies/privacy.

Cookie Policy: https://www.hotjar.com/legal/policies/cookie-information.

‍

20. Other plugins and tools

‍

YouTube with enhanced privacy

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video or not - establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells YouTube's server which of our pages you visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). That way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and to prevent fraud attempts.

If necessary, further data processing operations may be triggered after the start of a YouTube video, which we have no control over.

YouTube is used for an appealing presentation of our online offers. This represents a legitimate interest within the realms of Art. 6 para. 1 lit. f. GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.  

‍

Vimeo without tracking (Do-Not-Track)

This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This let's the Vimeo server know which of our pages you visited. Vimeo additionally obtains your IP address. However, we have set Vimeo so that it will not track your user activity and will not set cookies.

The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the realms of Art. 6 para. 1 lit. f. GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo on "legitimate business interests". Details can be found here: https://vimeo.com/privacy.  

For more information on the handling of user data, please see Vimeo's privacy policy at: https://vimeo.com/privacy.  

‍

Google Fonts

This site uses so-called web fonts for the uniform display of fonts, which are provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. When access a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google's servers. This enables Google to know that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on his website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

If your browser does not support web fonts, a default font is used by your computer.

For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and Google's privacy policy: https://www.google.com/policies/privacy/. Opt-out: https://adssettings.google.com/authenticated  

‍

Adobe Fonts

This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

Once you call up this website, your browser directly loads the required fonts from Adobe so that they can be displayed correctly on your terminal device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when the fonts are provided.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on his website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.  

For more information about Adobe Fonts, visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.  

Adobe's privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html  

‍

Font Awesome

This site uses Font Awesome for a uniform display of fonts and symbols. Provider is Fonticons, Inc, 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When access a page, your browser loads the required fonts into its browser cache in order to display texts, fonts and symbols correctly. For this purpose, the browser you are using must connect to Font Awesome's servers. This enables Font Awesome to know that your IP address has been used to access this website. The use of Font Awesome is based on Art. 6 para. 1 lit. f. GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a. GDPR; the consent can be revoked at any time.

If your browser does not support Font Awesome, a default font is used by your computer.

For more information about Font Awesome, please see Font Awesome's privacy policy at: https://fontawesome.com/privacy.  

‍

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the realms of Art. 6 para. 1 lit. f. GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.  

You can find more information on the handling of user data in Google's privacy policy: https://www.google.com/policies/privacy/.  

‍

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) was made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis automatically starts as soon as the website visitor opens the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f. GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a. GDPR; the consent can be revoked at any time.

For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links: https://www.google.com/policies/privacy/ and https://policies.google.com/terms?hl=de. Opt-out: https://adssettings.google.com/authenticated.  

‍

21. Routine deletion and blocking of personal data

The person responsible only processes and stores the data subject's personal data for the amount of time necessary, to achieve the purpose of storage or as stated by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

‍

22. Rights of the data subject

According to applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request, clearly identifying yourself, to the address mentioned under "Contact the responsible person". Below you will find an overview of your rights:

‍

Right to confirmation

Every data subject has been granted the right by the European Directive and Regulation, to obtain confirmation from the data controller as to whether personal data concerning him or her are being processed, or not.  

‍

Right to information

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation, to obtain information about the personal data stored about him or her and a copy of that information free of charge at any time from the controller. Furthermore, the European Directive and Regulation has granted the data subject access to the following information:

• the processing purposes
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
• if possible, the planned storage duration of the personal data or, if not possible, the criteria for determining this duration
• the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing the personal data by the controller, or a right to object to such processing
• the existence of a right of appeal to a supervisory authority
• if the personal data are not collected from the data subject: All available information about the origin of the data
• the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved, the scope and intended effects of such processing for the data subject

Furthermore, the data subject shall have the right to obtain information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

‍

Right to rectification

Any person affected by the processing of personal data has been granted the right to request the immediate rectification of inaccurate personal data concerning him or her by the European Directive and Regulation. Furthermore, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing.

‍

Right to erasure (right to be forgotten)

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation, to demand  the immediate erasure of their personal data, if one of the following reasons applies and insofar as the processing is not necessary:

• The personal data was collected or processed for purposes it is no longer necessary for.
• The data subject revokes the consent on which the processing was based pursuant to Art. 6(1) a. GDPR or Art. 9(2) a. GDPR and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
• The personal data was unlawfully processed.
• The deletion of the personal data is necessary for complying with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data was collected in relation to offered information society services pursuant to Art. 8 (1) GDPR.

If the personal data has been made public by the Picture Framing GmbH and our company as the responsible party is obliged to delete the personal data pursuant to Art. 17 Para. 1 GDPR, Picture Framing GmbH shall implement reasonable measures, taking into account the available technology and the cost of implementation, in order to inform other data controllers, that process the personal data published, that the data subject has requested for them to erase all links to the personal data or copies or replications of the personal data, unless the processing is necessary.  

‍

Right to restriction of processing

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation, to demand the restriction of processing from the responsible person if one of the following conditions is met:

• The accuracy of the personal data is contested by the person responsible for a time period that enables the data controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject objects to the erasure of the personal data and instead requests the restriction of its use.
• The data controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
• The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not clear yet whether the legitimate grounds of the data controller override those of the data subject.

‍

Right to data portability

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation, to receive the personal data they provided to the person responsible, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data have been provided, given that the processing is based on consent pursuant to Article 6(1) a. of the GDPR or Article 9(2) a. of the GDPR or on a contract pursuant to Article 6(1) b. of the GDPR and the processing is carried out by automated means and the processing is unnecessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the person resposible.

Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one data controller to another data controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

‍

Right to object

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation to object to the processing of personal data concerning him or her carried out on the basis of Article 6(1) e. or f. of the GDPR, at any time on grounds relating to his or her particular situation. This also applies to profiling based on these provisions.

The Picture Framing GmbH shall no longer process the personal data in the event of the objection, unless we can prove to have compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is required for the assertion, exercise or defense of legal claims.

If the Picture Framing GmbH processes personal data for the purpose of direct advertising, the data subject shall have the right to object to the processing of their personal data for such marketing at any time. This also applies to profiling, as far as it is related to such direct advertising. If the data subject objects to the processing for direct advertising purposes by the Picture Framing GmbH, the Picture Framing GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of their personal data, carried out by the Picture Framing GmbH for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the General Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest.

The legality of the data processing carried out until the revocation remains unaffected by the revocation.

‍

Automated decisions in individual cases including profiling

Any data subject affected by the processing of personal data shall have the right, granted by the European Directive and the Regulation, to not be subjected to a decision based solely on automated processing, including profiling, which creates legal effects concerning him or her or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or for the performance of, a contract between the data subject and the data controller, or (2) is permitted by Union or Member State law, the controller is subject to, that contains suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the data controller, or (2) is made with the data subject's explicit consent, the PCK IT Solutions GmbH shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, which at least include the right to obtain the data subject's involvement on the part of the controller, to express his or her point of view and to contest the decision.

‍

Right to revoke consent under data protection law

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation to withdraw consent to the processing of personal data at any time.

‍

Right to complain to a supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

The supervisory authority responsible for Picture Framing GmbH is:

‍

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27
91522 Ansbach

‍

23. Data protection during applications and the application process

We offer the opportunity to apply to us (e.g. by e-mail, by post or via online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with the applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) as far as it is necessary in order to decide on the establishment of an employment relationship. The legal basis for this is Section 26 BDSG-new according to German law (initiation of an employment relationship), Art. 6 (1) lit. b. DSGVO (general contract initiation) and - if you have given your consent - Art. 6 (1) lit. a. GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to people who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG-new and Art. 6 (1) lit. b. GDPR for the purpose of conducting the employment relationship.

If we are unable to make you a job offer, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 Para. 1 lit. f. GDPR) for up to 6 months starting from the end of the application process (rejection or withdrawal of the application). Subsequently, the data will be deleted and the physical application documents destroyed. This storage particularly serves as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies.

A longer storage can also take place if you have given consent (Art. 6 para. 1 lit. a. GDPR) or if legal storage obligations oppose the deletion.

If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool exclusively takes place on the basis of your expressed consent (Art. 6 para. 1 lit. a. GDPR). The provision of consent is voluntary and is not related to the current application process. The data subject may revoke his/her consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

‍

Privacy policy online store - eCommerce

If you use our online store, the following applies in addition to our privacy policy:

‍

1. Processing of payment data

In addition to the data mentioned in our privacy policy, we process your payment data (e.g. name, payment amount, account details, credit card number) in order to provide you with the functions of our online store.

‍

2. Data transfer to third parties (upon conclusion of the contract)

We only transmit personal data to third parties if it is necessary in the context of the contract, such as to the companies entrusted with delivering of goods or the credit institution entrusted with payment processing. A further transmission of the data does not take place or only takes place if you have explicitly agreed to the transmission. Your data will not be passed on to third parties without your explicit consent.

The basis for data processing is Art. 6 para. 1 lit. b. GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

‍

3. Payment services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data is processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contract and data protection provisions of the respective providers apply. The payment service providers are used on the basis of Art. 6 para. 1 lit. b. GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f. GDPR). As far as your consent is requested for certain actions, Art. 6 para. 1 lit. a. GDPR is the legal basis for that data processing; consents for the future can be revoked at any time.

We use the following payment services / payment service providers within the scope of this website:

‍

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.  

For details, see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.  

‍

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe").

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy and here  https://stripe.com/de/guides/general-data-protection-regulation.  

You can read details about this in Stripe's privacy policy at the following link: https://stripe.com/de/privacy.  

‍

RevenueCat

The provider of this payment service for in-app purchases is RevenueCat Inc, 633 Taraval St. Suite 101, San Francisco, CA 94116, USA.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, please refer to RevenueCat's privacy policy: https://www.revenuecat.com/privacy/

‍

4. Encrypted payment transactions

If there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorization) after the conclusion of a chargeable contract this data is required for payment processing.

Payment transactions via the common payment methods (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can identify an encrypted connection by the change of the address line of your browser from "http://" to "https://" and by the lock symbol in your browser line.

Encrypted communication ensures that your transmitted payment data cannot be read by third parties.

‍

Privacy policy Dynamic Video

When you use Dynamic Video, the following applies in addition to our Privacy Policy:

‍

1. Processing of contract and payment data

Additionally to the mentioned data in our privacy policy on our website, we process

• Contract data (e.g. subject matter of the contract, term, customer category) and
• Payment data (e.g. bank details, payment history)

to provide you with our online trial version and Dynamic Video services in addition to the purposes stated in our Privacy Policy.

‍

Privacy policy Mozaik

If you use Mozaik, the following applies in addition to our Privacy Policy:

‍

1. Processing purpose

Additionally to the data mentioned in our privacy policy, we process

• Contract data (e.g., subject matter of the contract, term, customer category) and
• Payment data (e.g., bank details, payment history)

to provide you with our Mozaik app in addition to the purposes stated in our Privacy Policy.  

We also process your personal data connected to the Mozaik app for beta testing purposes. Beta testing allows you to access this app or parts of it to test a specific feature or the entire app. We may automatically collect data about crashes and statistics related to your use of the beta test version in a personally identifiable form.

‍

2. Data transfer to third countries

Among other things, tools from companies based in the USA or other third countries that are not secure under data protection law are integrated in our app. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to the EU level can be guaranteed in these countries. US companies for example are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

If you do not want personal data to be transferred to third countries, you can deactivate the tools of companies based in the USA or other third countries that are not secure under a data protection law depending on your subscription in the settings of the Mozaik app.

‍

3. Integration of services and contents of third parties

We use content or service offers from third party providers within our Mozaik app based on our legitimate interests according to Art. 6 para. 1 lit. f. GDPR, in order to integrate their content and services, such as videos or fonts, and to improve your user experience on the app.

‍

Google Play Beta Testing  

Google Play Beta Testing is a beta testing service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on data processing, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.  

‍

TestFlight  

TestFlight is a beta testing service provided by Apple Inc, 1, Apple Park Way Cupertino, California, 95014-0642 United States. For details on data processing, please refer to Apple's privacy policy: https://www.apple.com/legal/internet-services/itunes/testflight/sren/terms.html

‍

Firebase Notifications

Firebase Notifications is a messaging service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Firebase Notifications can be integrated with Firebase Analytics to create analytics-based audiences and to access conversion and delivery statistics. For details on data processing, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.  

‍

GetSocial

GetSocial is a tool to maximize user acquisition, retention and loyalty by Keywords Studios Netherlands B.V., Anna van Hannoverstraat 4, 2595 BJ The Hague, Netherlands. For details on data processing, please refer to GetSocial's privacy policy: https://www.getsocial.im/legal/#privacy-policy

‍

Push notifications

Our App may send you push notifications to achieve the purposes stated in this Privacy Policy.

In most cases, you can opt out of receiving push notifications by going to your device settings, such as mobile message alerts, and changing those settings for a specific app, or all apps on that device.

You should to be aware that disabling push notifications may negatively affect the features and usefulness of our app.

‍

4. Integration of platform services

The purpose of these services is to host and operate main components of the application so it can be offered from a unified platform. Such platforms provide the provider with a whole range of toolswhich involve the processing of personal data. For example, analysis and commenting functions, user and database management, e-commerce and payment processing.

Some of these services operate with geographically dispersed servers, making it difficult to determine where personal data is stored.

‍

Apple App Store (Apple Inc.)

Our Mozaik app is distributed on Apple's App Store. This is a mobile application distribution platform provided by Apple Inc. Inc, 1, Apple Park Way Cupertino, California, 95014-0642 United States. By distributing our App through this channel, Apple collects basic usage statistics and provides reporting features that allow us to view usage statistics and measure the performance data of our App. A lot of this information is processed on an opt-in basis. You can opt-out of this analytics feature directly through your device settings, where you can find more information on managing analytics settings. For details on data processing, please refer to the Apple Inc. privacy policy: https://www.apple.com/legal/privacy/  

‍

Google Play Store  

Our Mozaik app is distributed on the Google Play Store, a mobile app distribution platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. By distributing our app through this channel, Google collects and shares usage and diagnostic information with us. A lot of this information is processed on an opt-in basis. You can disable this analytics feature directly through your device settings, where you can find more information on managing analytics settings. For details on data processing, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.

‍

5. Non-tracking requests

Our app does not support ''Do Not Track'' requests through web browsers.  

For information on whether integrated third-party services support the no-tracking protocol, please refer to the privacy policy of the respective service.