This Privacy Notice provides information about the type, scope and purpose of the processing of personal data (hereinafter abbreviated to “data”) in connection with our online services and the affiliated webpages, functions and content as well as external online services such as our social media profiles. (hereinafter jointly referred to as “online services”). Regarding the terms used, e. g. “personal data” or their “processing”, please refer to the definitions in art. 4 of the General Data Protection Regulation (GDPR).

Controller:

HairExPil AG
Bahnhofstr. 21
9450 Altstätten
Switzerland

FreeCall DE: 0800 6008840
FreeCall AT: 0800 400320
FreeCall CH: 0800 803345

e-mail: info@hairexpil.com

CEO: Sandra Heinzle 

commercial regist no.: CHE-268.459.186
VAT-ID.: CHE-268.459.186

Type of processed data:

  • Inventory data (e. g. names, addresses).
  • Contact information (e. g. email, phone numbers).
  • Payment information (e. g. bank data, payment history).
  • Usage data (e. g. visited webpages, interest in content, access times).
  • Meta/communication data (e. g. device information, IP addresses).

Processing of special categories of personal data (art. 9 para. 1 GDPR):

As a matter of principle, no special categories of personal data are processed, except these data are provided by the user for processing, e. g. entered in online forms.

Categories of data subjects affected by the processing:

  • Customers / Interested parties / Suppliers.
  • Visitors and users of the online services.

In the following, the data subjects will also be jointly referred to as "users".

Purpose of the processing:

  • Provision of contractually agreed services, customer service and customer care.
  • Replies to contact requests and communication with users.
  • Marketing, advertising and market research.

Version from: 28 April 2018

1. Applicable legal basis

In accordance with art. 13 GDPR, we hereby inform you about the legal basis of our data processing activities. If the legal basis is not mentioned in the Privacy Notice, the following applies: The legal basis for obtaining consent is art. 6 para. 1 (a) and art. 7 GDPR; the legal basis for the processing of data to provide our services and implement contractual measures as well as replying to requests is art. 6 para. 1 (b) GDPR; the legal basis for the processing of data to comply with our legal obligations is art. 6 para. 1 (c) GDPR; and the legal basis for the processing of data to protect our legitimate interests is art. 6 para. 1 (f) GDPR. If processing is necessary to protect the vital interests of the data subject or another natural person, art. 6 para. 1 (d) GDPR serves as legal basis.

2. Modifications and updates of the Privacy Notice

Please regularly obtain information about the content of our Privacy Notice. We will modify the Privacy Notice whenever this is required due to changes to our data processing methods. We will inform you if we need your cooperation (e. g. consent) to implement the modifications or if any other individual notification becomes necessary.

3. Safety measures

3.1.      In accordance with art. 32 GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk; the measures include in particular ensuring the ongoing confidentiality, integrity and availability of the data by controlling physical and digital access to the data and their use, input, disclosure, availability and separation. In addition, we have put procedures in place that ensure compliance with the rights of data subjects, the deletion of data and a reaction to hazards to data security. Furthermore, we take the protection of personal data into account as early as in the development and/or selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (art. 25 GDPR).

3.2.      The safety measures include in particular the encrypted transfer of data between your browser and our server.

4.  Cooperation with processors and third parties

4.1.      If we disclose or transfer or make available any data to other persons and companies (processors or third parties) during processing, this will only occur based on statutory permission (e. g. if a transfer of data to third parties such as payment service providers is required for the performance of a contract acc. to art. 6 para. 1 (b) GDPR), your consent, a legal obligation that requires it or our legitimate interests (e. g. if an agent, webhosting provider, etc. is used).

4.2.      If we commission third parties with the processing of data based on a so-called “contract data processing agreement”, this will occur on the basis of art. 28 GDPR.

5.  Transfer to third countries

If we process data in a third country (i. e. outside the European Union (EU) or the European Economic Area (EEA)) or data is processed due to the use of third-party services or disclosure and/or transfer of data to third parties, this only occurs to fulfil our contractual commitments, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to any legal or contractual permissions, we only process data or have data processed in a third country if the special preconditions of art. 44 et seq. GDPR apply. I. e. the processing is based on special guarantees such as the officially recognised assessment that the level of data protection corresponds to that of the EU (e. g. “Privacy Shield” in the US) or on compliance with officially recognised special contractual commitments (referred to as “standard contractual clauses”).

6.  Rights of the data subjects

6.1.      You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and information on these data as well as further information and a copy of the data in accordance with art. 15 GDPR.

6.2.      According to art. 16 GDPR, you have the right to request the completion or the rectification of inaccurate personal data concerning you.

6.3.      According to art. 17 GDPR, you have the right to erasure of personal data without undue delay. Alternatively, you have the right to obtain a restriction of processing of the data according to art. 18 GDPR.

6.4.      According to art. 20 GDPR, you have the right to receive the personal data concerning you which you have provided to us and to have them transmitted to other controllers.

6.5.      Furthermore, you have the right to lodge a complaint with the competent supervisory authority acc. to art. 77 GDPR.

7. Right of withdrawal

You have the right to withdraw your consent with effect for the future in accordance with art. 7 para. 3 GDPR.

8. Right to object

You have the right to object to the future processing of the personal data concerning you at any time according to art. 21 GDPR. The right to object refers in particular to the processing for direct marketing purposes.

9. Cookies and the right to object to direct marketing

We use temporary and permanent cookies, i. e. small files which are saved on the users’ devices (for an explanation of the term and function, please refer to the final section of this Privacy Notice). In part, the cookies are intended to ensure security or are required for the functionality of our online services (e. g. displaying of the website) or to save the user’s decision regarding the confirmation of the cookie banner. In addition, we or our technology partners use cookies for coverage measurement and marketing purposes. In this Privacy Notice, the users are informed accordingly.

A general objection to the use of cookies for online marketing purposes is possible with a number of services, in particular regarding tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the saving of cookies can be prevented by disabling cookies in the browser settings. Please note that in this case, it may no longer be possible to use all functions of this online service.

10. Erasure of data

10.1.    The data which are processed by us are erased or their processing is restricted in compliance with art. 17 and 18 GDPR. Unless expressly stated in this Privacy Notice, the data we have saved will be erased as soon as they are no longer required for their purpose and the erasure does not conflict with any legal obligation to preserve records. If the data are not erased since they are required for other purposes which are permitted by law, their processing will be restricted. I. e. the data are blocked and not processed for any other purposes. This applies e. g. to data which have to be preserved due to commercial law or tax law.

10.2.    Germany: According to statutory provisions, data are retained in particular for 6 years as per sec. 257 para. 1 HGB [German commercial code] (trading books, inventories, opening balance sheets, annual financial statements, business letters, accounting records, etc.) and for 10 years as per sec. 147 para. 1 AO [German fiscal code] (books, records, management reports, accounting records, commercial and business letters, documents which are relevant for taxation, etc.).

10.3.    Austria: According to statutory provisions, data are retained in particular for 7 years as per sec. 132 para. 1 BAO [Austrian federal fiscal code] (accounting documents, receipts/bills, accounts, receipts, business documents, list of income and expenditure, etc.), for 22 years in connection with property and for 10 years in connection with electronically provided services, telecommunication, broadcasting and television services which are provided to nonentrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) can be used.

11. Online shop

11.1.    We process inventory data (e. g. names and addresses as well as our users’ contact information), contractual data (e. g. services used, names of contact persons, payment information) to comply with our contractual commitments and to provide our services in accordance with art. 6 para. 1 (b) GDPR. The entries which are marked as mandatory in online forms are required to conclude the contract.

11.2.    Users have the option to create a user account which they can use in particular to view their orders. During the registration, the user is informed about the required mandatory information. The user accounts are not public and cannot be indexed by search engines. If users cancel their user account, the data which relate to the user account are deleted unless their retention is required based on commercial or tax law according to art. 6 para. 1 (c) GDPR. It is the responsibility of the users to save their data prior to the end of contract when they have cancelled their account. We have the right to irretrievably erase any of the user’s data which were saved during the contract term.

11.3.    In case of registration and subsequent log-ins as well as the use of our online services, we save the IP address and the time of the user action. The saving of data is based on our own and also the users’ legitimate interests in the protection against misuse and other unauthorised use. These data are generally not transmitted to any third party except it is required for the pursuit of our claims or there is a legal obligation acc. to art. 6 para. 1 (c) GDPR.

11.4.    We process usage data (e. g. visited pages of our website, interest in our products) and content data (e. g. entries in the contact form or user profile) for marketing purposes within a user profile to display e. g. product information for the user based on previously used services.

11.5.    The data shall be erased after the expiration of statutory warranty obligations and similar; the necessity of data retention shall be verified every three years. If statutory archiving obligations apply, the data are erased after these obligations expire (end of retention requirement acc. to commercial (6 years) and tax law (10 years)); information in the customer account shall be retained until its cancellation.

12. Contact

12.1.    If you contact us (via contact form or email), the user information shall be processed for the purpose of handling the contact request in accordance with art. 6 para. 1 (b) GDPR.

12.2.    User information can be saved in our customer relationship management system (“CRM system”) or a comparable request organisation system.

12.3.    We will delete the requests if they are no longer required. We will check the necessity every two years. Requests by customers who have a customer account will be saved permanently; regarding their erasure, please refer to the information concerning the customer account. If statutory archiving obligations apply, the data shall be erased when these obligations expire (end of retention requirement acc. to commercial (6 years) or tax law (10 years)).

13. Comments and contributions

13.1.    If users leave comments or other contributions, their IP addresses will be saved for 7 days based on our legitimate interests as defined by art. 6 para. 1 (f) GDPR.

13.2.    This is for our safety in case someone leaves unlawful content in comments and contributions (insults, illegal political propaganda, etc.). In this case, we may be prosecuted for the comment or contribution ourselves and are therefore interested in the identity of the author.

14. Collection of access data and log files

14.1.    We will collect data on each access to the server where the service is hosted (referred to as server log files) based on our legitimate interests as defined by art. 6 para. 1 (f) GDPR. Access data include the name of the visited web page, file, date and time of access, the transferred volume of data, notification of successful access, browser type including version, the user’s operating system, referrer URL (previously visited web page), IP address and the requesting provider.

14.2.    Log file information shall be saved for a maximum of seven days for security reasons (e. g. clarification of acts of misuse or fraud) and shall be deleted afterwards. Data which have to be retained for longer periods for the purpose of providing proof are exempted from erasure until the incident has definitely been clarified.

15. Online presence in social media

15.1.    We have online presence in social networks and platforms to communicate with customers, interested parties and users who are active there and to be able to inform them about our services. Regarding the use of these networks and platforms, the relevant operator’s terms and conditions as well as their data processing regulations apply.

15.2.    Unless otherwise indicated in our Privacy Notice, we shall process the data of users if they communicate with us via social networks and platforms, e. g. write contributions in our online presence or send us messages.

16. Cookies & coverage measurement

16.1.    Cookies are information which is transmitted to the users' web browsers by our web server or the web servers of third parties and is stored there for later access. Cookies may be small files or other types of stored information.

16.2.    We use “session cookies” which are only stored for the duration of the current visit to our online presence (e. g. to save your log-in status or the shopping cart function, i. e. to make the use of our online service possible). In a session cookie, a randomly generated unique identification number is stored which is referred to as session ID. In addition, a cookie contains information on its origin and storage period. These cookies are not able to store any other data. Session cookies will be deleted as soon as you have finished using our online services and e. g. log off or close the browser.

16.3.    The users shall be informed in the present Privacy Notice about the use of cookies within the scope of pseudonymous coverage measurement.

16.4.    If users do not wish to have cookies stored on their computer, they are asked to disable the relevant option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The disabling of cookies may lead to restrictions regarding the functionality of the online services.

16.5.    You have the right to object to the use of cookies for coverage measurement and marketing purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and also the US web page  (http://www.aboutads.info/choicesor the European website  (http://www.youronlinechoices.com/uk/your-ad-choices/).

17. Google Analytics

17.1.    Based on our legitimate interests (i. e. interest in analytics, optimisation and the economical operation of our online services in accordance with art. 6 para. 1 (f) GDPR), we use Google Analytics, a web analytics service by Google LLC (“Google”). Google uses cookies. Information which is generated by the cookie on the usage of the online services by users is generally transferred to Google servers in the USA where it is saved.

17.2.    Google is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

17.3.    Google shall use this information on our behalf to analyse the usage of our online services by the users, compile reports on the activities within these online services and to provide further services to us which are connected to the usage of these online services and internet usage. In this connection, pseudonymous usage profiles of users may be created.

17.4.    We use Google Analytics to show ads which are provided by Google web services and their partners only to those users who have shown interest in our online services or have certain characteristics (e. g. interest in certain topics or products which is determined based on visited web pages) which we transmit to Google (referred to as “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our ads correspond to the potential interest of the users and do not constitute an annoyance.

17.5.    We use Google Analytics only with activated IP anonymisation. This means that the user’s IP address is abbreviated by Google within European Union member states or other states which are part of the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

17.6.    The IP address which is transmitted by the user’s browser will not be combined with other data from Google. Users have the option to prevent the saving of cookies by a corresponding setting of the browser software; in addition, users can prevent the transmission of the data which are generated by the cookie and refer to the usage of the online services to Google and the processing of these data by Google by downloading and installing the browser plug-in which is available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

17.7.    Further information on the data usage by Google, setting and objection options is available on the Google web pages: https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google if you use the websites or apps of our partners”), https://policies.google.com/technologies/ads (“Data usage for marketing purposes”), https://adssettings.google.com/authenticated (“Manage the information that Google uses to display ads”).

18. Google re-/marketing services

18.1.    Based on our legitimate interests (i. e. interest in the analytics, optimisation and economical operation of our online services in accordance with art. 6 para. 1 (f) GDPR), we use the marketing and remarketing services (in short “Google Marketing Services”) by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

18.2.    Google is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

18.3.    The Google marketing services allow us to display ads for and on our website in a more targeted manner to present only ads to users which potentially correspond to their interests. If e. g. ads are displayed for products in which a user has shown interest on other webpages, this is called “remarketing”. For this purpose, a Google code is executed directly by Google when our web pages and other web pages on which Google Marketing Services are active are accessed and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are embedded. With the help of these tags, an individual cookie, i. e. a small file, is saved on the user’s device (instead of cookies other comparable technologies may also be used). Cookies can be set by various domains including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. The web pages visited by the user, the content they are interested in, the offers they clicked on as well as technical information on browser and operating system, referring web sites, duration of the visit and other information regarding the usage of the online services are stored in this file. In addition, the user’s IP address is recorded. In this regard, we inform you within the scope of Google Analytics that the IP address is abbreviated in EU member states or other states in the European Economic Area and is only transmitted as a whole to a Google server in the USA and abbreviated there in exceptional cases. The IP address will not be matched with data of the user within other services provided by Google. Google may connect the above information to corresponding information from other sources. If the user subsequently visits other web pages, ads which are adjusted to their interests can be displayed.

18.4.    The data of the users will be processed pseudonymously within the scope of Google Marketing Services. This means that Google saves and processes e. g. not the user’s name or email address but the relevant data based on cookies in pseudonymous user profiles. This means that from Google’s point of view, the ads are not managed and displayed for an actually identified person but for cookie owners independent of the identity of the cookie owner. This does not apply if a user has expressly allowed Google to process data without pseudonymisation. The information which Google Marketing Services has collected on the user are transmitted to Google and saved on Google servers in the USA.

18.5.    Google Marketing Services we use include the online advertising program “Google AdWords” and others. In case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information which was obtained with the help of the cookie is used to create conversion statistics for AdWords customers who opted for conversion tracking. AdWords customers receive information on the total number of users who clicked on their advertisement and were referred to a page with a conversion tracking tag. They do, however, not receive any information which can be used to identify the user personally.

18.6.    Based on the Google Marketing Service “DoubleClick”, we are able to embed the ads of third parties. DoubleClick uses cookies which help Google and their partner websites to place ads based on the visits of users on this website or other websites on the internet.

18.7.    Based on the Google Marketing Service “AdSense”, we are able to embed ads by third parties. AdSense uses cookies which help Google and their partner websites to place ads based on the visits of users to this website or other websites on the internet.

18.8.    In addition, we can use the “Google Optimizer” service. Google Optimizer allows us to understand in so-called “A/B testings” which effects various changes to a website have (e. g. changes to input fields, design, etc.). For the purpose of these testings, cookies will be saved on user devices. Only pseudonymous data of the users will be processed.

18.9.    Furthermore, we can use the “Google Tag Manager” service to embed and manage the Google analysis and marketing services on our website.

18.10.  For further information on data use for marketing purposes by Google, please refer to the overview page: https://policies.google.com/technologies/ads, Google’s Privacy Notice can be viewed at  https://policies.google.com/privacy.

18.11.  If you would like to object to the interest-related advertising by Google Marketing Services, you can use the setting and opt out options provided by Google: https://adssettings.google.com/authenticated.

19. Facebook, Custom Audiences and Facebook Marketing Services

19.1.    We use the so-called “Facebook Pixel” by the social network Facebook which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") within the scope of our online services based on our legitimate interests in the analysis, optimisation and economical operation of our online services and for these purposes.

19.2.    Facebook is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

19.3.    With the help of the Facebook Pixel, Facebook is able to identify visitors of our online services as a target group for the displaying of ads (so-called “Facebook Ads”). We therefore use the Facebook Pixel to show Facebook Ads which are provided by us only to those Facebook users who have shown interest in our online services or have certain characteristics (e. g. interest in certain topics or products which is determined based on visited web pages) which we transmit to Facebook (referred to as “Custom Audiences”). With the help of Facebook Pixels, we would also like to ensure that our Facebook Ads correspond to the potential interest of the users and do not constitute an annoyance. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes since we can see whether a user was transferred to our website after clicking on a Facebook ad (so-called “conversion”).

19.4.    Facebook processes data based on their data use policy. General information on the presentation of Facebook ads can therefore be found in their data use policy: https://www.facebook.com/policy.php. For dedicated information and details on the Facebook Pixel and its function, please refer to the Facebook help area: https://www.facebook.com/business/help/651294705016616.

19.5.    You can object to the data collection by the Facebook Pixel and to the use of your data for the displaying of Facebook ads. To adjust your settings regarding the type of advertising you would like to see on Facebook, you can access the corresponding page provided by Facebook and follow the notes on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are independent of the platform, i. e. they are applied to all devices such as desktop computers or mobile devices.

19.6.    In addition, you have the right to object to the use of cookies for coverage measurement and marketing purposes via the opt out page by the network advertising initiative (http://optout.networkadvertising.org/) and also the US web page  (http://www.aboutads.info/choicesor the European web page  (http://www.youronlinechoices.com/uk/your-ad-choices/).

20. Facebook Social Plugins

20.1.    Based on our legitimate interests (i. e. interest in the analysis, optimisation and economical operation of our online service in accordance with art. 6 para. 1 (f) GDPR), we use Social Plugins (“Plugins”) by the social network facebook.com which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The Plugins are interactive elements or content (e. g. videos, graphics or texts) and can be identified by one of the Facebook logos (white “f” on blue tile, the term “Like” or a “Thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

20.2.    Facebook is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

20.3.    If a user accesses a function of this online service which contains such a Plugin, their device establishes a direct connection to Facebook servers. Facebook directly transfers the Plugin contents to the user’s device which then embeds it in the online service. In the process, usage profiles of users can be created based on processed data. We do not have any influence on the amount of data which Facebook collects with the help of this Plugin and therefore inform the users according to our state of knowledge.

20.4.    When the Plugin is embedded, Facebook is notified that a user has accessed the corresponding page of the online service. If the user is logged on to Facebook, Facebook is able to allocate the visit to their Facebook account. If users interact with these Plugins, for example by pressing the “Like” button or leaving a comment, their device transfers this information directly to Facebook where it is stored. If a user is not a Facebook member, it is still possible for Facebook to find out and save their IP address. According to Facebook, only an anonymised IP address is saved in Germany.

20.5.    For more information on the purpose and the extent of data collection and their further processing and use by Facebook and on your related rights and privacy protection settings, please refer to the Facebook data protection information: https://www.facebook.com/about/privacy/.

20.6.    If a user is a member of Facebook and does not want Facebook to collect data on them via our online services and connect them to their member data which are saved on Facebook, they have to log off Facebook and delete their cookies prior to using our online services. Further settings and objections to the use of data for marketing purposes are possible in the Facebook profile settings: https://www.facebook.com/settings?tab=ads  or via the US page http://www.aboutads.info/choices/  or the EU page http://www.youronlinechoices.com/. The settings are independent of the platform, i. e. they are applied to all devices such as desktop computers or mobile devices.

21. Newsletter

21.1.    In the following, we will inform you about the content of our newsletter as well as the registration, sending and statistical analysis procedure and your rights to object. By subscribing to our newsletter, you agree to receive the newsletter and to the described procedure.

21.2.    Newsletter content: We send newsletters, emails and other electronical notifications which include advertising information (in the following referred to as “newsletter”) only with the consent of the recipients or with statutory permission. If the content of a newsletter is precisely described during registration, this content is the basis for the users’ consent. Otherwise, our newsletters contain information about our products, services, promotions and our company.

21.3.    Double opt in and logging: Registration for our newsletter is based on a so-called double opt in procedure. This means that after registration, you will receive an email in which you are asked to confirm your registration. This confirmation is required to ensure that nobody can register using other people’s email addresses. Registrations for the newsletter will be recorded to be able to provide proof of the registration process according to the legal requirements. This includes the saving of the registration and confirmation time as well as the IP address. In addition, changes to your data which are saved with the marketing service are recorded.

21.4.    Marketing service: The newsletters are sent by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, in the following referred to as “marketing service”. The data protection regulations of the marketing service can be viewed at: https://www.cleverreach.com/de/datenschutz/.

21.5.    In addition, the marketing service may, according to their own information, use these data in pseudonymous form, i. e. without assignment to a user, for the optimisation or improvement of their own services, e. g. for the technical optimisation of the way the newsletters are sent and displayed or for statistical purposes to determine from which countries the recipients are. The marketing service, however, does not use the data of the recipients of our newsletter to contact them and does not disclose them to third parties.

21.6.    Registration data: To register for the newsletter, you only have to provide your email address. We ask you to optionally enter a name so that we can address you personally in the newsletter.

21.7.    Success measurement – The newsletters included a so-called “web beacon”, i. e. a pixel-sized file which is retrieved from the server of the marketing service when the newsletter is opened. During this retrieval, mainly technical information such as information on your browser and system as well as your IP address and the time of retrieval is recorded. This information is used for the technical improvement of services using the technical data or the target groups and their reading behaviour based on the place of retrieval (which can be identified with the help of the IP address) or the access times. The statistical survey also includes verification regarding whether the newsletters are opened, when they are opened, and which links are clicked. This information can be assigned to the individual newsletter recipients for technical reasons. It is however, neither our nor the marketing service's aim to monitor individual users. The analyses are much more intended to identify our users’ reading habits and to adjust our content accordingly or to send different content depending on the interests of our users.

21.8.    Germany: The sending of the newsletter and the success measurement are subject to the recipients’ consent in accordance with art. 6 para. 1 (a), art. 7 GDPR in conjunction with sec. 7 para. 2 no. 3 UWG [German Act against Unfair Competition] and/or based on statutory permission acc. to sec. 7 para. 3 UWG.

21.9.    Austria: The sending of the newsletter and the success measurement are subject to the recipients’ consent in accordance with art. 6 para. 1 (a), art. 7 GDPR in conjunction with sec. 107 para. 2 TKG [Austrian Telecommunication Act] and/or based on statutory permission acc. to sec. 107 para. 2 and 3 TKG.

21.10.  The logging of the registration procedure is based on our legitimate interests in accordance with art. 6 para. 1 (f) GDPR and serves to verify the consent to the reception of the newsletter.

21.11.  Cancelling the subscription/Withdrawing your consent – You can unsubscribe from our newsletter at any time, i. e. withdraw your consent to receiving it. A link to cancel your subscription to the newsletter can be found at the end of each newsletter. If the users only subscribed to the newsletter and this registration is cancelled, their personal data will be erased.

22. Use of third party services and content

22.1.    As part of our online services, we use content or services which are provided by third parties to embed their content and services such as videos or fonts (hereinafter uniformly referred to as “content”) based on our legitimate interests (i. e. interest in the analysis, optimisation and economical operation of our online services in accordance with art. 6 para. 1 (f) GDPR). To do this, the external providers of this content need to use the user’s IP address since they would otherwise not be able to send the content to the user’s browser. The IP address is therefore required to display the content. We attempt to use only content the provider of which uses the IP address exclusively for the delivery of the content. In addition, third parties may use so-called pixel tags (invisible graphics, also referred to as “Web Beacons”) for statistical or marketing purposes. Using the “pixel tags”, information such as visitor traffic on the pages of this website can be analysed. The pseudonymous information can also be saved as cookies on the user’s device; among other data, they may contain technical information on the browser and operating system, referring web pages, access time and other information on the use of our online services and it can be linked to such information from other sources.

22.2.    The following list provides an overview of third-party providers and their content including links to their Privacy Notices which contain further information on the processing of data and options to object (referred to as opt out), some of which have already been mentioned here:

  • If our customers use third party payment services (e. g. PayPal or Sofortüberweisung), the terms and conditions and Privacy Notice of the relevant third-party provider apply which can be viewed at the corresponding webpages or transaction applications.
  •  External fonts by Google, LLC., https://www.google.com/fonts (“Google Fonts”). Google Fonts are embedded by a server call at Google (usually in the USA). Privacy Notice: https://policies.google.com/privacy, opt out: https://adssettings.google.com/authenticated.
  • Maps provided by the “Google Maps” service of the third party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Notice: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
  • Videos provided by the “YouTube” platform of the third party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Notice: https://policies.google.com/privacy, opt out: https://adssettings.google.com/authenticated.
  • Functions provided by the Google+ service are embedded in our online services. These functions are provided by the third party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged in to your Google+ account, you can connect the content of our pages with your Google+ profile by clicking the Google+ button. If you do so, Google will be able to assign the visit of our pages to your user account. Please note that we as the provider of the pages do not get access to the content of the transmitted data and its use by Google+. Privacy Notice: https://policies.google.com/privacy, opt out: https://adssettings.google.com/authenticated.
  • Functions provided by the Instagram service are embedded in our online services. These functions are provided and integrated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can connect the content of our pages with your Instagram profile by clicking the Instagram button. If you do so, Instagram will be able to assign the visit of our pages to your user account. Please note that as the provider of the pages we do not get access to the content of the transmitted data and its use by Instagram. Privacy Notice: http://instagram.com/about/legal/privacy/
  • Functions provided by the service or the platform Twitter (in the following referred to as “Twitter”) may be embedded in our online services. Twitter is provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. These functions include the representation of our contributions in Twitter as part of our online services, the link to our Twitter profile and the possibility to interact with the contributions and functions of Twitter as well as to measure whether users use the ads which we place on Twitter to access our online services (referred to as conversion measurement). Twitter is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Notice: https://twitter.com/de/privacy, opt out: https://twitter.com/personalization.
  • External code of the “jQuery” JavaScript framework, provided by the third party jQuery Foundation, https://jquery.org.