Privacy
Data Protection Policy for Imetaal Staalbouw B.V.
I. Name and Address of the Person in Charge
The person in charge within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:
Imetaal Staalbouw B.V.
Handelsweg 2
7081 AE Gendringen
T +31 (0)88 55 51 300
F +31 (0)88 55 51 319
E info@imetaal.com
II. Name and Address of the Data Protection Officer
The data protection supervisory office of the person in charge of processing data is:
Nienhaus Information Systems in Rheinland UG
Represented by André Nienhaus
Bosmannshof 5
46485 Wesel
Tel: +49 (0) 281 / 206699-09
E-Mail: info@n-inf.de
Website: www.n-inf.de
III. General Information about Data Processing
1. Scope of personal data processing
As a basic principle, we process personal data only to the extent necessary to provide a functioning website with respect to our content and services. The processing of personal data takes place only with the consent of the user or in those cases in which obtaining prior consent is not possible due to technical reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Art. 6 para. 1 lit. a, EU General Data Protection Regulation (GDPR) serves as the legal basis to the extent we obtain the consent for processing the personal data of the person concerned. Art. 6 para. 1, sentence 1 lit. b GDPR serves as the legal basis for the processing of personal data required for performance of the contract if the party to the contract is the person concerned. This also applies to processing operations required to carry out pre-contractual actions. Art. 6 para. 1 lit. c GDPR serves as the legal basis to the extent processing of personal data is required to fulfill a legal obligation to which our company is subject. Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for processing if processing is necessary to protect the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the person whose data is being processed do not predominate.
3. Data deletion and storage period
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. However, data storage may extend beyond this period if such is stipulated under European, domestic, EU laws or other regulations to which the person in charge of processing the data is subject. Blocking or deletion of the data also takes place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
IV. Provision of the Website and Creation of Log Files
1. Description and scope of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the visiting computer.
The following data is collected at this time:
1. Browser type and version
2. The operating system used
3. Internet service provider of the user
4. The IP address
5. Date and time of access
6. Websites that transfer the system of the user to our website
7. Websites that are accessed by the user’s system through our website
The data is also stored in log files of our system. This does not include the IP addresses of the user or other data which allow the identification of the user. A storage of this data together with other data of the user does not take place.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. For this to occur, the user’s IP address must be stored for the duration of the session. Storage takes place with log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information related systems. An evaluation of the data for marketing purposes does not take place in this context. For these purposes, our legitimate interest also comprises the processing of the data according to Art. 6 para. 1 lit. f GDPR.
4. Data storage period
The data will be deleted as soon as it is no longer required for the purpose it was collected. This is the case after each session is completed if data is collected for providing the website. The data is also deleted after a maximum of seven days if the data is stored in log files. A storage period beyond this is also possible. In this case, the IP addresses of users are deleted or distorted so that they no longer can be traced to the visiting client.
5. Right to object and options for removal of data
The collection of data for the provision of the website and the storage of the data in log files is essential for proper operation of the website. Therefore, the user has no right to object to the collection of this data.
V. The Use of Cookies
1. Description and scope of the data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser, or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a character string that allows the browser to be clearly identified when the website is re-accessed. We use cookies to make our website more user-friendly. Some elements of our website require that the visiting browser be identified even after changing pages. This could be, for example, the access data for closed areas of our website that require log-in. We also use cookies on our site that allow an analysis of the user’s surfing habits. The data of the user collected in this way is pseudonymized as a technical precautionary measure. This makes an association of the data to the visiting user no longer possible. The data will not be stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6, para. 1 f. GDPR.
3. Purpose of the data processing
The purpose of using cookies for technical reasons is to simplify the use of websites for users. Without the use of cookies, all functions of the website cannot be offered. The data collected by cookies for nontechnical reasons is not used to create user profiles. The use of this type of cookies is also for the purpose of improving the quality and content of our website. This is how we learn how the website is used so we can continuously optimize our offer. For these purposes, our legitimate interest also comprises the processing of the personal data according to Art. 6 para. 1 lit. f GDPR.
4. Storage period, right to object and options for removal of data
Cookies are stored on the computer of the user and transmitted to our website from there. Therefore, users also have full control over the use of cookies. By changing the settings in the internet browser, you can disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be carried out automatically. If cookies are disabled for our website, it may not be possible to fully use all the functions of the website.
The transmission of Flash cookies cannot be prevented by the settings of the browser, but by changing the setting of the Flash player.
VI. E-Mail-Contact
1. Description and scope of the data processing
E-Mail addresses are available on our website for users to request contact.
In this case, the user’s personal data transmitted by E-Mail will be stored.
There is no transfer of data to third parties in this connection. The data is used exclusively for the processing of the conversation.
2. Legal basis for data processing
The legal basis for the processing of the data transmitted when sending an E-Mail is Article 6 para. 1 lit. f GDPR. If the objective of the E-Mail is to conclude a contract, then the legal basis for processing is also Art. 6 para. 1 lit. b GDPR.
3. Purpose of the data processing
The processing of personal data is used solely to process the contact. The required legitimate interest in the processing of the data also applies to a contact via E-Mail.
4. Data storage period
The data will be deleted as soon as it is no longer required for the purpose it was collected. This is the case for the personal data from the E-Mail after the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have finally been clarified.
5. Right to object and options for removal of data
At any time, the user has the option to revoke his consent to the processing of his/her personal data. If the user contacts us by E-Mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The revocation of the consent and the objection of storage is possible verbally, in writing or by E-Mail.
All personal data stored during the contact will be deleted in this case.
VII. Web Analysis by Google Analytics
1. Scope of personal data processing
We use Google Analytics on our website to analyze the surfing behavior of our users. The software places a cookie on the computer of the users (for cookies see above). If individual pages of our website are accessed, the following data is stored:
1. Two bytes of the IP address of the visiting system of the user
2. The website visited
3. The website from which the user was referred to the visited website (referrer)
4. The sub-pages that are accessed from the visiting website
5. The length of stay on the website
6. The frequency the website was visited
Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement, which guarantees compliance with the European Data Protection Law. We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be truncated by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly. Users may also prevent the collection by Google of the cookie-generated and online-related data and the processing of such data by Google by downloading and installing the browser plugin available at the following link. More information about how Google uses data, settings and right to object options can be found on the websites of Google “How Google uses data when you use websites or apps of our partners,” “Data use for advertising purposes,” “Manage information that Google uses to show you advertisements.” Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.
2. Legal basis for the processing of personal data
The legal basis for the processing of the users’ personal data is Art. 6, para. 1 lit. f GDPR.
3. Purpose of the data processing
The processing of users’ personal data enables us to analyze the surfing behavior of our users. By analyzing the obtained data, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.
For these purposes, our legitimate interest also comprises the processing of the data according to Art. 6 para. 1 lit. f GDPR. The anonymization of the IP address adequately considers the interest of users and the protection of their personal data.
4. Data storage period
Session and campaigns are terminated after a certain period of time. By default, sessions are terminated after 30 minutes of no activity and campaigns after six months. The time limit for campaigns can be a maximum of two years. More information about Terms of Use and Privacy can be found at https://www.google.com/analytics/terms/de.html and at https://policies.google.com/.
5. Right to object and options for removal of data
Cookies are stored on the computer of the user and transmitted to our website from there. Therefore, users also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be carried out automatically. If cookies are disabled for our website, it may not be possible to fully use all the functions of the website.
Users may also prevent the collection of the cookie-generated and website-related data (including IP address) from Google and the processing of such data by Google by downloading and installing this browser add-on.
Opt-out cookies prevent the future collection of user data when visiting this website. To prevent Universal Analytics from collecting data from multiple devices, users must execute opt-out on all their systems.
VIII. Google Marketing and Remarketing
1. Scope of personal data processing
We use the Google Inc. Marketing and Remarketing Services (“Google Marketing Services”), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google is certified under the Privacy Shield Agreement, which guarantees compliance with the European Data Protection Law. The Google Marketing Services allow us to target the use advertisements for and on our website so that adds are only displayed that potentially match the interests of the users. For example, if a user sees ads for products he’s been interested in on other websites, this is referred to as remarketing. For these purposes, when you access our website or other websites on which Google Marketing Services are active, a code will be executed by Google and so-called (re) marketing tags (invisible graphics or code, also called “Web Beacons”) are incorporated into the website. With their help, the user’s device stores an individual cookie, i.e. a small file (instead of cookies, comparable technologies can also be used). Cookies can be placed by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.co. This file records which websites the user visited, for what content he is interested and what offers he has clicked, as well as technical information about the browser and operating system, referring websites, visit time and other information on the use of the online offer. The IP address of the users is also recorded, whereby as part of Google Analytics we inform that the IP address is truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area and only in exceptional cases is the IP transmitted to a Google server in the US and truncated there. The IP address will not be merged with data of the user as part of other offers from Google. The above information may also be linked by Google to such information from other sources. If the user then visits other websites, ads tailored to him or her can be displayed according to his or her interests. The data of the users are pseudonymized as part of the Google marketing services. This means that Google does not store and process the name or E-Mail address of the users but processes the relevant cookie-related data within pseudonymous user profiles. That means, from the perspective of Google, the ads are not managed and displayed for a specifically identified person, but for the owner of the cookie, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google’s servers in the United States. Some of the Google marketing services we use, include the online advertising program “Google AdWords.” In the case of Google AdWords, every AdWords customer receives a different “conversion cookie.” Therefore, cookies cannot be tracked through AdWords customer websites. The information collected through the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers will see the total number of users who clicked on their ad and who were then redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. We can integrate third-party ads based on Google’s “DoubleClick” marketing service. DoubleClick uses cookies that enable Google and its affiliate websites to place ads based on users visiting this site or other sites on the Internet. We can integrate third-party ads based on Google’s “AdSense” marketing service. AdSense uses cookies that enable Google and its affiliate websites to place ads based on users visiting this site or other sites on the Internet. We can also use the service “Google Optimizer.” As part of “A/B-Testings,” Google Optimizer allows us to understand how various changes (for example, changes in the input fields, the design, etc.) affect the website. Cookies are stored on users’ devices for these test purposes. Only pseudonymous data of the users is processed. In addition, we may use the “Google Tag Manager” to integrate and manage the Google Analytics and Marketing Services on our website. For more information about Google’s data usage for marketing purposes, please visit the Site Map, Google’s Data Protection Policy is available here.
2. Legal basis for the processing of personal data
The legal basis for the processing of the users’ personal data is Art. 6, para. 1 lit. f GDPR.
3. Purpose of the data processing
The Google Marketing Services allow us to target the use advertisements for us and on our website so that ads are only displayed that potentially match the interests of the users.
For these purposes, our legitimate interest also comprises the processing of the data according to Art. 6 para. 1 lit. f GDPR.
4. Data storage period
According to their own information, the log data collected by Google is anonymized by deleting a part of the IP address and the cookie information after 9 and 18 months respectively. Further information can be found by users here.
5. Right to object and options for removal of data
Cookies are stored on the computer of the user and transmitted to our website from there. Therefore, users also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be carried out automatically. If cookies are disabled for our website, it may not be possible to fully use all the functions of the website.
If users want to object to interest-based advertising through Google Marketing Services, they can do this via The Google settings and Opt-Out Options.
IX. Google Maps
1. Description and scope of the data processing
On our website, we use Google Maps (API) from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. By using this service, users, for example, will see our location or that of our affiliates and receive directions to help them find the location.
As soon as you visit the sub-pages in which the map of Google Maps is integrated, information about the use of our website (such as the IP address) is transmitted to Google’s servers in the USA and stored there. This is done regardless of whether Google provides a user account on which users are logged in, or whether no user account exists. When users log in to Google, their data is correlated directly with their account. If users do not want to correlate with their profile on Google, they must log out before activating the button. Google stores the data (even for non-logged in users) as usage profiles and evaluates them.
2. Legal basis for the processing of personal data
The legal basis for the processing of the users’ personal data is Art. 6, para. 1 lit. f GDPR.
3. Purpose of the data processing
Our purpose is to integrate a dynamic map into our online presence. Therefore, our legitimate interest also comprises the processing of the data according to Art. 6 para. 1 lit. f GDPR.
4. Data storage period
According to their own information, the log data collected by Google is anonymized by deleting a part of the IP address and the cookie information after 9 and 18 months respectively. Further information can be found by users here.
5. Right to object and options for removal of data
If users do not agree to the transfer of their data to Google in connection with the use of Google Maps, the web service of Google Maps can be completely deactivated if the users switch off the use of JavaScript in the browser. Then Google Maps and the map display on this website cannot be used.
X. Google Fonts
1. Description and scope of the data processing
Our web site uses so-called web fonts provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”) for consistent font presentation. When you access a website, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
Google is certified under the Privacy Shield Agreement, which guarantees compliance with the European Data Protection Law.
For this purpose, the browser you use must establish a connection with the Google servers. As a result, Google recognizes that our website has been accessed via your IP address.
2. Legal basis for the processing of personal data
The legal basis for the processing of the users’ personal data is Art. 6, para. 1 lit. f GDPR.
3. Purpose of the data processing
The use of Google Web Fonts is in the interest of the consistent and appealing presentation of our online services. For these purposes, our legitimate interest also comprises the processing of the data according to Art. 6 para. 1 lit. f GDPR.
4. Data storage period
According to their own information, the log data collected by Google is anonymized by deleting a part of the IP address and the cookie information after 9 and 18 months respectively. Further information can be found by users here.
5. Right to object and options for removal of data
If users do not agree to the transfer of their data to Google in connection with the use of Google fonts, the web service of Google can be completely deactivated if the users deactivate the use of cookies in the browser application. Then Google fonts cannot be used.
For more information about Google Web Fonts, visit https://developers.google.com/fonts/faq and Google’s data protection policy: https://www.google.com/policies/privacy/.
XI. Google+
1. Description and scope of the data processing
On our website we use the “+1” button on the Google Plus social network operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (Google). The button is indicated by the symbol “+1” on a white or colored background.
If the customer presses the “+1” button, the customer’s browser establishes a direct connection to Google’s servers. The content of the “+1” button is transmitted by Google directly to the customer’s browser and incorporated by the latter into the website. We have no influence on the amount of data that Google collects with this button.
Google is certified under the Privacy Shield Agreement, which guarantees compliance with the European Data Protection Law.
2. Legal basis for the processing of personal data
The legal basis for the processing of the users’ personal data is Art. 6, para. 1 lit. f GDPR.
3. Purpose of the data processing
Google+ is used to facilitate communication with the visitor. For these purposes, our legitimate interest also comprises the processing of the data according to Art. 6 para. 1 lit. f GDPR.
4. Data storage period
According to their own information, the log data collected by Google is anonymized by deleting a part of the IP address and the cookie information after 9 and 18 months respectively.
5. Right to object and options for removal of data
If users do not agree to the transfer of their data to Google in connection with the use of Google+, it is possible to log out at Google+ before using our site.
For more information about Google Web Fonts, visit https://developers.google.com/fonts/faq and Google’s data protection policy: https://www.google.com/policies/privacy/.
XII. Twitter
1. Description and scope of the data processing
On our website we use functions of the Twitter service. These functions are provided by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Through the use of Twitter and the “Retweet” function the websites you visit are linked to your Twitter account and disclosed to other users. Data is also transmitted to Twitter at this time.
We would like to point out that we as providers of our website are not informed regarding the content of the transmitted data and its use by Twitter. For more information please refer to the Data Protection Policy of Twitter at:
Google is certified under the Privacy Shield Agreement, which guarantees compliance with the European Data Protection Law.
2. Legal basis for the processing of personal data
The legal basis for the processing of the users’ personal data is Art. 6, para. 1 lit. f GDPR.
3. Purpose of the data processing
Google+ is used to facilitate communication with the visitor. For these purposes, our legitimate interest also comprises the processing of the data according to Art. 6 para. 1 lit. f GDPR.
4. Data storage period
The data storage period is unknown to us.
5. Right to object and options for removal of data
If users do not agree to the transfer of their data to Google in connection with the use of Google+, it is possible to log out at Twitter before using our site.
Additional information is available at https://twitter.com/login?redirect_after_login=%2Faccount%2Fsettings%2F%3Fagent%3D250100010019
XIII. LinkedIn
1. Description and scope of the data processing
On our website we use plugins of the social network LinkedIn of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, (hereinafter “LinkedIn”). The LinkedIn plugins are identified by the LinkedIn logo or the “Share Button” (“Recommend”) on this website. When you visit this website, a direct connection between your browser and the LinkedIn server is established via the plugin. LinkedIn then receives the information that you have visited this website with your IP address. If you click the LinkedIn “Share” button while logged in to your LinkedIn account, you can link the contents of this website to your LinkedIn profile. This allows LinkedIn to associate the visit to this website with your user account.
2. Legal basis for the processing of personal data
The legal basis for the processing of the users’ personal data is Art. 6, para. 1 lit. f GDPR.
3. Purpose of the data processing
The use of LinkedIn is to facilitate communication with the visitor and to improve our public image. For these purposes, our legitimate interest also comprises the processing of the data according to Art. 6 para. 1 lit. f GDPR.
4. Data storage period
The data storage period is unknown to us.
5. Right to object and options for removal of data
If you are a LinkedIn member and do not want LinkedIn to link the data collected through our website to your LinkedIn membership information, you must log out of LinkedIn before visiting our website. Information on the collection and use of the data by the platform or plugins can be found in the data protection policy information: https://www.linkedin.com/legal/privacy-policy?_l=de_DE.
XIV. Facebook Social Plugins
1. Scope of personal data processing
We use social plugins (“plugins”) of the social network Facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plugins can represent interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “Thumbs up” sign) or are marked with the addition “Facebook Social Plugin.” The list and appearance of Facebook social plugins can be viewed here. The plugins will not be activated until you click on the corresponding button. The plugins are inactive if these are grayed out. You have the option to activate the plugins one-time or permanently. Facebook is certified under the Privacy Shield Agreement, which guarantees compliance with the European Data Protection Law. If a user selects a feature from this online offer that includes such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and then integrated in the online offer. At this time, user profiles can be created from the processed data. We have no influence on the amount of data that Facebook collects with the help of this plugin and therefore can only inform the users according to our knowledge. By linking the plugins, Facebook receives the information that a user has accessed the respective page of the online offer. If the user is logged in to Facebook, Facebook can associate the visit to his Facebook account. If users interact with the plugins, for example, press the “Like” button or leave a comment, the information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn their IP address and then store it. According to Facebook, only an anonymous IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting users’ privacy, can be found in Facebook’s Data Protection Policy Information.
2. Legal basis for the processing of personal data
The legal basis for the processing of the users’ personal data is Art. 6, para. 1 lit. f GDPR.
3. Purpose of the data processing
The Facebook Social Plugins show us the interests of the visitors and allows us to target these interests for display on our website and present users only information that potentially correspond to their interests. For these purposes, our legitimate interest also comprises the processing of the data according to Art. 6 para. 1 lit. f GDPR.
4. Data storage period
According to their own information Facebook stores the date and time of the visit, the specific Internet address on which the social plugin is located, and other technical data such as the IP address, the browser type, and the operating system for a period of 90 days in order to further optimize the services of Facebook. At the end of the 90 days, the data is anonymized so that it can no longer be associated with users.
5. Right to object and options for removal of data
If a user is a Facebook member and does not want Facebook to collect data about him through this online offer and associate it with his membership data stored on Facebook, he must log out of Facebook and delete its cookies before using our online offer. Other settings and objections to the use of data for advertising purposes are possible within the Facebook Profile Settings or via the US American Website or the EU Website. The settings are platform-independent, which means they are applied to all devices, such as desktop computers or mobile devices.
XV. Facebook-, Custom Audiences and Facebook-Marketing-Services
1. Scope of the data processing
We use the “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). Facebook is certified under the Privacy Shield Agreement, which guarantees compliance with the European Data Protection Law. Facebook pixel allows Facebook to identify those who visit our online offer as a target group in order to display corresponding advertisements (so-called “Facebook ads”). The Facebook pixel is integrated when selecting our website directly through Facebook and can store on the device of the user, a so-called cookie or small file. If users subsequently log in to Facebook or visit Facebook in the logged-in state, the visit to our online offer is recorded in the profile. The data collected about users are anonymous to us, and therefore do not provide us with any conclusions as to the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we should transmit data to Facebook for comparison purposes, it will be encrypted locally in the browser and then sent to Facebook via a secure https connection. This is done solely for the purpose of making a comparison with the data that is equally encrypted through Facebook. The processing of the data by Facebook is part of Facebook’s data usage policy. Corresponding general instructions for the presentation of Facebook Ads can be found in the Data Use Policy of Facebook . Special information and details about the Facebook Pixel and how it works can be found in the Help Section of Facebook.
2. Legal basis for the data processing
The legal basis for the processing of the users’ personal data is Art. 6, para. 1 lit. f GDPR.
3. Purpose of the data processing
We use the Facebook Pixel to display our Facebook ads only to those Facebook users who have shown an interest in our online offer or those who exhibit characteristics (for example, interests in specific topics or products based on the websites the user has viewed). We then transmit these users to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes, by seeing if users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
4. Data storage period
According to their own information Facebook stores the date and time of your visit, the specific Internet address on which the social plugin is located, and other technical data such as the IP address, the browser type, and the operating system for a period of 90 days in order to further optimize the services of Facebook. At the end of the 90 days, the data is anonymized so that it can no longer be associated with you.
5. Options for revoking the collection of data and its removal
Users may object to data collection by the Facebook Pixel and use of the data to display Facebook ads. To adjust the types of ads displayed within Facebook, users can go to the page set up by Facebook and follow the instructions on the Usage-Based Ads Settings. The settings are platform-independent, which means they are applied to all devices, such as desktop computers or mobile devices. Users may also object to the use of cookies for tracking and advertising purposes via the deactivation page of the Network Advertising Initiative and also the US American Website or the European Website.
XVI. Rights of the Person Concerned
If personal data of users is processed, these users are considered to be concerned persons within the meaning of GDPR and have the following rights visa-vie the person in charge of collecting the data. The following list includes all their rights, not only the rights arising from the use of our services:
1. Right to information
Users can request a confirmation from the person in charge of processing data, as to whether or not personal data concerning themselves is being processed by us.
If such processing exists, users may request the following information from the person in charge of processing data:
1. The purposes for which the personal data is processed
2. The categories of personal data that are processed
3. The recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed
4. The planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage
5. The existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the person in charge of processing data or a right to object to the processing itself
6. The existence of a right of appeal to a supervisory authority
7. All available information on the source of the data if the personal data is not collected from the person concerned
8. The existence of automated decision-making including profiling according to Art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the person concerned
Users have the right to request information on whether the personal data concerning themselves is transferred to a third country or to an international organization. Users may demand to be informed of appropriate guarantees according to Art. 46 GDPR in connection with the transfer.
2. Right to rectification
Users have a right to rectification and/or completion visa-vie the person in charge of processing data, if the processed personal data concerning themselves is incorrect or incomplete. The person in charge must make the corrections immediately.
3. Right to restrict processing
Under the following conditions users may demand to restrict the processing of personal data relating to themselves:
1. If users dispute the accuracy of their personal data for a period of time that allows the person in charge of processing data to verify the accuracy of the personal data
2. The processing is unlawful, and users refuse to delete the personal data but instead request the restriction of the use of the personal data
3. The person in charge of processing data no longer requires the personal data for the purposes of processing, but users require this data to assert, exercise or defend legal claims
4. If users have objected to the processing of data according to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person in charge of processing data outweigh the rights of the user.
If the processing of personal data concerning users has been restricted such data – apart from its storage – may only be used, with the consent of or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of significant public interest of the European Union or a Member State.
If restriction to process data has been inhibited under the above conditions, users will be notified by the person in charge of processing data before the restriction is lifted.
4. Right to delete
a) Obligation to delete
Users may request the person in charge of processing data to delete their personal data immediately, and the person in charge of processing data must immediately delete the data if one of the following reasons apply:
1. Personal data concerning users is no longer required for the purposes it was collected or otherwise processed.
2. Users revoke their consent to the processing of their data, which was based on Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR, and there is no other legal basis for processing.
3. Users object to the processing of their data according Art. 21 para. 1 GDPR and there are no overriding legitimate grounds to continue processing, or they object according to Art. 21 para. 2 GDPR.
4. Personal data concerning users has been processed unlawfully.
5. The deletion of the users’ personal data is necessary for compliance with a legal obligation under European Union law or the law of the Member States, to which the person in charge of processing data is subject.
6. Personal data concerning users was collected with respect to information society services offered according to Art. 8 para. 1 GDPR.
b) Information to third parties
If the person in charge of processing data has publicized personal data concerning the users but is now obliged to delete this data in accordance with Art. 17 para. 1 of the GDPR, he shall take appropriate measures considering the available technology and the cost of implementation, to inform those who process your personal data, that your request to delete any links to such personal data or copies or replications of such personal data has been received.
c) Exceptions
The right to delete does not apply if processing is required:
1. To exercise the right to freedom of expression and information
2. To fulfill a legal obligation required by the law of the European Union or of the Member States to which the person in charge of processing data is subject, or to perform a task of public interest or in the exercise of official authority conferred on the person in charge of processing data
3. For reasons of public interest in the field of public health and in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para 3 GDPR
4. For archiving purposes of public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 para. 1 GDPR, to the extent that the law referred to in sub-paragraph (a) is likely to prevent or seriously impede the achievement of the objectives of processing the data
5. To assert, exercise or defend legal claims
5. Right to information
If users have the right to rectify, delete or restrict the processing of data visa-vie the person in charge of processing such data, the latter is obliged to notify all recipients who have received personal data relating to users, which has been corrected or deleted or processing restricted, unless this proves to be impossible or involves a disproportionate level of cost.
Users have the right to be informed by the person in charge of processing data about these recipients of data.
6. Right to data portability
Users have the right to receive personal data provided to the person in charge of processing data in a structured, common and machine-readable format. In addition, users have the right to transfer this data to another person without being hindered by the person who was provided the personal data, if:
1. Processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 lit. b GDPR
2. Processing takes place using automated procedures.
In exercising this right, users also have the right to request that personal data relating to themselves be transmitted directly from one person in charge of processing data to another, if technically feasible. In doing so, freedoms and rights of other persons may not be impaired. The right to data portability does not apply to the processing of personal data required for the performance of a task in the public interest or in the exercise of official authority delegated to the person in charge of processing the data.
7. Right of objection
Users have the right, for reasons of their own special circumstances, to object at any time to the processing of personal data relating to themselves in accordance with Article 6 para. 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions.
The person in charge of processing data will no longer process personal data concerning users unless he can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the users, or the processing is intended to assert, exercise or defend legal claims. If the personal data relating to the users is processed in order to operate direct mail, users have the right to object at any time to the processing of the personal data concerning themselves for the purpose of such advertising; this also applies to profiling to the extent it is associated with such direct mail. If users object to the processing of data for direct mail purposes, the personal data of the person concerned will no longer be processed for these purposes. Users have the option in connection with the use of information society services – regardless of Directive 2002/58/EC – to exercise their right by means of automated processes in which technical specifications are used.
8. Right to revoke the data protection declaration of consent
Users have the right to revoke their data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing of data carried out on the basis of consent up until revocation.
9. Automated decision on an individual basis including profiling
Users have the right not to be subject to a decision based solely on automated processing, including profiling, if the decision has a legal effect on them or, in a similar manner, significantly affects them. This does not apply if the decision:
1. Is necessary for the conclusion or performance of a contract between the user and the person in charge of processing data
2. Is permitted on the basis of the European Union or Member State legislation to which the person in charge of processing data is subject and if such legislation contains appropriate measures to safeguard user rights, freedoms and legitimate interests
3. Is made with the express consent of the user
However, these decisions may not be based on special categories of personal data according to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as the legitimate interests of the users.
With regard to the cases referred to in (1) and (3), the person in charge of processing data shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the users including at least the right to intervene, to express an opinion and to contest the decision made by the person in charge of processing data.
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, users shall have the right to complain to a supervisory authority, in particular in the Member State of their residence, place of work or place of alleged infringement, if they consider that the processing of their personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 of the GDPR.