Privacy & Cookie Policy as per the GDPR
I. Name and address of controller
The controller as defined by the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Staytoo Living Holding GmbH
Sachsendamm 4/5
10829 Berlin
Germany
Tel.: +49 (0) 30 1208662 0
E-Mail: privacy@staytoo.com
Website: www.staytoo.de
II. Contact details of the data protection officer
The data protection officer of the controller is:
DataCo Ltd.
Dachauer Street 65
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.de
III. General information on data processing
1. Scope of personal data processing
We process personal data of our users only insofar as this is necessary for the provision of a functional website and our content and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for actual reasons and the processing of the data is required by legal regulations.
2. Legal basis for processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) p. 1 lit. a DSGVO serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) sentence 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) sentence 1 lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) sentence 1 lit. f DSGVO serves as the legal basis for the processing.
3. Erasure of data and period stored
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
IV. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. the right of access (Art. 15 GDPR)
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
If this is the case, you have a right of access to this data and to the following information:
- Processing purposes
- Categories of personal data
- Recipients or categories of recipients
- Planned storage duration or the criteria for determining this duration
- the existence of the rights of rectification, cancellation or restriction or opposition
- Right of complaint to the competent supervisory authority
- If applicable, origin of the data (if collected from a third party)
- If applicable, existence of automated decision-making including profiling with meaningful information about the logic involved, the scope and the effects to be expected
- If applicable, transfer of personal data to a third country or international organization
2. right to rectification (Art. 16 GDPR)
If your personal data is incorrect or incomplete, you have the right to request that the personal data be corrected or supplemented without delay.
3. right to restriction of processing (Art. 18 DSGVO)
If one of the following conditions is met, you have the right to request restriction of the processing of your personal data:
- You dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data.
- In the context of unlawful processing, refuse to erase the personal data and instead request the restriction of the use of the personal data.
- We no longer need your personal data for the purposes of processing, but you need your personal data for the assertion, exercise or defense of your legal claims or
- after you have objected to the processing, for the duration of the examination as to whether our legitimate grounds override your grounds.
4. right to erasure (“right to be forgotten”) (Art. 17 GDPR)
If one of the following reasons applies, you have the right to request immediate deletion of your personal data:
- Your data is no longer necessary for the processing purposes for which it was originally collected.
- you withdraw your consent and there is no other legal basis for the processing.
- You object to the processing and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 (2) DSGVO.
- Your personal data is processed unlawfully.
- The deletion is necessary for compliance with a legal obligation under Union law or the law of the member state to which we are subject.
- The personal data was collected in relation to information society services offered pursuant to Article 8 (1) DSGVO.
Please note that the above reasons do not apply insofar as the processing is necessary:
- To exercise the right to freedom of expression and information;
- To fulfill a legal obligation or to perform a task that is in the public interest and to which we are subject.
- For reasons of public interest in the area of public health.
- For archival purposes in the public interest, scientific or historical research purposes, or statistical purposes.
- for the assertion, exercise or defense of legal claims.
5. right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, common and machine-readable format or to request the transfer to another controller.
6. right to object to certain data processing (Art. 21 DSGVO)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) sentence 1 lit. e or f DSGVO. This also applies to profiling based on these provisions.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
7. right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. A list of the supervisory authorities with local jurisdiction in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link:
V. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
The following data is collected:
- Information about the browser type and version used
- The operating system of the user
- The IP address of the user
- Date and time of access
- Websites from which the user’s system accesses our website
- Web pages that are called up by the user’s system via our website
This data is stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
2. purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f DSGVO.
3. legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f DSGVO.
4. duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. possibility of opposition
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. The user can object to this. Whether the objection is successful is to be determined in the context of a balancing of interests.
IV. Cookies use
1. description and scope of data processing
When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your terminal device. When you call up our website and at any time later, you have the choice of whether you generally permit the setting of cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the entity that sets the cookie. Below we describe what kind of cookies we use:
We use technically necessary cookies, which are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible.
The following data is stored and transmitted by the technically necessary cookies:
- Language settings
- Entered search terms
- Frequency of page views
- Use of website functions
We use cookies on our website that are not technically necessary. Technically unnecessary cookies are text files that are not solely used for the functionality of the website, but also collect other data.
By setting technically unnecessary cookies, the following data is processed:
- IP address
- Internet user location
- Date and time of the call of the web page
- Customization of advertisements to the user
- Tracking of the surfing behavior
- Linking the website visit with other social media platforms
2. purpose of data processing
The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. For the following applications we need the technically necessary cookies:
- Adoption of language settings
- Remember search terms
- Functionality of the website
The use of technically unnecessary cookies is done for the purpose of improving the quality of our website, its content and thus our reach and profitability. By setting these cookies, we learn how the website is used and can thus constantly optimize our offer. In particular, these cookies serve us for the following purposes:
The use of analysis cookies is for the purpose of improving the quality of our website and its content.
3. legal basis for data processing
The provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) are relevant for the storage of information in the end user’s terminal equipment and/or access to information already stored in the end user’s terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is carried out on the basis of Section 25 (2) No. 2 TTDSG. This storage of and access to the information in your terminal equipment serves to facilitate your use of our website and to be able to offer you our services as you have requested. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted after the session ends (e.g. logging out or closing the browser) or after the expiry of a specified duration. Information about different storage periods for cookies can be found in the following sections of this privacy policy.
Insofar as cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. The basis for the storage and access to information in this case is § 25 para. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a), Art. 7 DSGVO. You can revoke your consent at any time with effect for the future or subsequently grant it again by configuring your settings for cookies accordingly. Alternatively, you can prevent the storage of cookies by making appropriate settings in your browser software. Please note that the browser settings you make only affect the browser you are using. If personal data is processed following the storage of and access to the information on your terminal equipment, the provisions of the DSGVO are relevant. Information on this can be found in the following sections of this privacy policy.
VII. Newsletter
1. description and scope of data processing
On our website, there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.
- Email address
- First name
No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
2. purpose of data processing
The collection of the user’s email address is used to deliver the newsletter.
The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.
3. legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent.
4. duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the email address of the user is stored as long as the subscription to the newsletter is active.
The other personal data collected during the registration process is usually deleted after a period of seven days.
5. possibility of revocation
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.
This also enables the revocation of consent to the storage of personal data collected during the registration process.
VIII. Email contact
1. description and scope of data processing
On our website, it is possible to contact us via the email address provided. In this case, the personal data of the user transmitted with the email will be stored.
The data will be used exclusively for the processing of the conversation.
2. purpose of data processing
In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.
3. legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. Our legitimate interest is to optimally answer your inquiry that you send by e-mail.
If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.
4. duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. possibility of opposition
If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
If your personal data is processed on the basis of legitimate interest pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to privacy@staytoo.de.
All personal data stored in the course of contacting us will be deleted in this case.
IX. Contact form
1. description and scope of data processing
Our website contains a contact form that can be used for electronic contact. If a user makes use of this option, the data entered the input mask will be transmitted to us and stored.
At the time of sending the message, the following data will be stored:
- Email address
- Name
- First name
- IP address of the calling computer
- Date and time of contact
2. purpose of data processing
The processing of personal data from the input mask of the contact form or via the provided e-mail address serves us solely to process the contact.
The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
3. legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is to optimally answer your inquiry that you send to us via contact form. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.
4. duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. possibility of opposition
If the user contacts us via the input mask in the contact form, he can object to the storage of his personal data at any time.
If your personal data is processed on the basis of legitimate interest pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to privacy@staytoo.de.
All personal data stored in the course of contacting us will be deleted in this case.
X. Company websites
Use of corporate presences in social networks
Instagram:
Instagram, Part of Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland
On our company page, we provide information and offer Instagram users the opportunity to communicate. If you perform an action on our Instagram company page (e.g. comments, posts, likes, etc.), it is possible that you make personal data (e.g. clear name or photo of your user profile) public. However, since we usually or to a large extent have no influence on the processing of your personal data by Instagram, which is jointly responsible for the Staytoo Living Holding GmbH – company presence, we cannot make any binding statements regarding the purpose and scope of the processing of your data.
We use our corporate presence in social networks for communication and information exchange with (potential) customers. In particular, we use the corporate presence for:
Pure presence
In this context, publications about the company’s presence may include the following content:
- Information about products
- Information about services
- Sweepstakes
- Advertising
- Customer contact
Every user is free to publish personal data through activities.
Insofar as we process your personal data in order to evaluate your online behavior, offer you sweepstakes or conduct lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 para. 1 p. 1 lit. a, Art. 7 DSGVO. The legal basis for processing personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 p. 1 lit. f DSGVO. Thereby, our legitimate interest is to answer your request optimally or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
The data generated by the company website is not stored in our own systems.
For the processing of your personal data in third countries, we have provided appropriate safeguards in the form of standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO. A copy of the standard data protection clauses can be requested from us.
You can object to or revoke the processing of your personal data that we collect in the course of your use of our Instagram company presence at any time, as well as assert your data subject rights mentioned under IV. of this privacy policy. To do so, send us an informal email to privacy@staytoo.com. You can find more information about the processing of your personal data by Instagram and the corresponding objection options here:
Instagram: https://help.instagram.com/519522125107875
YouTube:
YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, United States
On our company page, we provide information and offer YouTube users the opportunity to communicate. If you carry out an action on our YouTube corporate site (e.g. comments, posts, likes, etc.), it may be that you thereby make personal data (e.g. plain name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by the YouTube company co-responsible for the Staytoo Living Holding GmbH – corporate presence, we cannot make any binding statements regarding the purpose and scope of the processing of your data.
We use our corporate presence in social networks for communication and information exchange with (potential) customers. In particular, we use the corporate presence for:
Pure presence In this context, publications about the company’s presence may include the following content:
- Information about products
- Information about services
- Sweepstakes
- Advertising
- Customer contact
Every user is free to publish personal data through activities.
Insofar as we process your personal data in order to evaluate your online behavior, offer you sweepstakes or conduct lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 para. 1 p. 1 lit. a, Art. 7 DSGVO. The legal basis for processing personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 p. 1 lit. f DSGVO. Thereby, our legitimate interest is to answer your request optimally or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
The data generated by the company website is not stored in our own systems.
For the processing of your personal data in third countries, we have provided appropriate safeguards in the form of standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO. A copy of the standard data protection clauses can be requested from us.
You can object to or revoke the processing of your personal data that we collect in the course of your use of our YouTube corporate presence at any time, as well as assert your data subject rights as stated under IV. of this privacy policy. To do so, send us an informal email to privacy@staytoo.com. \n For more information on the processing of your personal data by YouTube and the corresponding objection options, please click here:
XI. Use of company presences in job-oriented networks
1. scope of data processing
We use the possibility of company appearances in profession-oriented networks. We maintain a company presence on the following job-oriented networks:
LinkedIn:
LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland
On our site we provide information and offer users the opportunity to communicate.
The company website is used for job applications, information/PR and active sourcing.
We do not have any information on the processing of your personal data by the companies jointly responsible for the corporate presence. For more information, please refer to the privacy policy of:
If you carry out an action on our company website (e.g. comments, posts, likes, etc.), it is possible that you make personal data (e.g. clear name or photo of your user profile) public.
2. legal basis for data processing
The legal basis for the processing of personal data for the purpose of communication with customers and interested parties is Art. 6 para. 1 p.1 lit. f DSGVO. Our legitimate interest is to answer your request optimally or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
3. purpose of data processing
Our company website serves to inform users about our services. In doing so, every user is free to publish personal data through activities.
4. duration of storage
We store your activities and personal data published via our corporate website until you revoke your consent. In addition, we comply with the statutory retention periods.
5. possibility of opposition
You can object at any time to the processing of your personal data that we collect in the course of your use of our company website and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal email to the email address stated in this data protection declaration.
You can find more information about exercising your rights here: LinkedIn:https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
XII. Hosting
The website is hosted on servers of a service provider contracted by us.
Our service provider is:
Host Europe GmbH, Hansestraße 111, 51149 Cologne, Germany The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Date and time of the server request
- IP address
This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. Our legitimate interest for processing this data is to present our website error-free and to optimize its functions.
The location of the Website’s server is geographically within the European Union (EU) or the European Economic Area (EEA).
XIII. Geotargeting
We use the IP address and other information provided by the user (in particular zip code in the context of registration or ordering) for regional targeting (so-called “geotargeting”).
Regional targeting is used, for example, to automatically show you regional offers or advertising that are often more relevant to users. The legal basis for the use of the IP address and, if applicable, other information provided by the user (in particular zip code) is Art. 6 (1) lit. f DSGVO, based on our interest in ensuring more precise targeting and thus providing offers and advertising with higher relevance for users.
In the process, part of the IP address and the additional information provided by the user (in particular zip code) are merely read out and not stored separately.
You can prevent geotargeting by, for example, using a VPN or proxy server that prevents precise localization. In addition, depending on the browser used, you can also deactivate location localization in the corresponding browser settings (insofar as the respective browser supports this).
We use geotargeting on our website for the following purposes:
- Internal analyses
XIV. Plugins used
We use plugins for various purposes. The plugins used are listed below:
Service | Provider | Third country transfer | Purpose of data processing | Legal basis of data processing | Information on data protection and appropriate safeguards for third country transfers |
YouTube | Google Ireland Limited | Ireland (USA) | Video embedding | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://policies.google.com/privacy?gl=DE&hl=de https://business.safety.google/gdpr/ |
Google Analytics | Google Ireland Limited | Ireland (USA) | Tracking | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://policies.google.com/privacy?gl=DE&hl=de https://business.safety.google/gdpr/ |
Googler Tag Manager | Google Ireland Ltd. | Ireland (USA) | Tag configuration and integration of Google services | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://policies.google.com/privacy?gl=DE&hl=de https://business.safety.google/gdpr/ |
Outbrain | Outbrain Inc. | USA | Conversion Tracking | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://www.outbrain.com/legal/privacy#privacy-policy |
Facebook Retargeting | Meta Platforms Ireland Ltd. | Ireland (USA) | Tracking | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://www.facebook.com/about/privacy https://www.facebook.com/legal/EU_data_transfer_addendum/update |
Google AdWords | Google Ireland Ltd. | Ireland (USA) | Marketing | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://policies.google.com/privacy?gl=DE&hl=de https://business.safety.google/gdpr/ |
Google Ads Remarketing Google AdSense | Google Ireland Ltd. | Ireland (USA) | Marketing / Tracking | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://policies.google.com/privacy?gl=DE&hl=de https://business.safety.google/gdpr/ |
Google Marketing Platform | Google Ireland Ltd. | Ireland (USA) | Marketing / Tracking | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://policies.google.com/privacy?gl=DE&hl=de https://business.safety.google/gdpr/ |
Immobilienscout24 | Immobilien Scout GmbH | Germany | Marketing | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://www.immobilienscout24.de/agb/datenschutz.html |
Taboola | Taboola Inc. | USA | Tracking | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://www.taboola.com/de/policies/datenschutzerklaerung |
Google Maps | Google Ireland Ltd. | Ireland (USA) | Map service | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://policies.google.com/privacy?gl=DE&hl=de https://business.safety.google/gdpr/ |
Mailchimp | The Rocket Science Group | USA | Email marketing, newsletter deployment, customer communication | Art. 6 Abs. 1 S.1 lit. a DSGVO | https://mailchimp.com/en-gb/legal/cookies/#Why_do_we_use_cookies_and_other_tracking_technologies%3F https://mailchimp.com/en/legal/cookies/ |
WPML | OnTheGoSystems Limited | Hong Kong | Multilingual website presence | Art. 6 Abs.1 S.1 lit. f DSGVO | https://wpml.org/de/documentation-3/privacy-policy-and-gdpr-compliance/ |
1. duration of storage
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.
2. transfer to third countries
When using the plugins marked with third country transfer or USA, personal data may be transferred to servers in third countries outside the EU, such as the USA. The legal basis for this transfer is consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. The United States of America does not provide an adequate level of data protection based on a decision of the European Union. The essential risk of the transfer lies in the obligation of the plug-in providers to make user data accessible to American authorities under certain circumstances. An order processing agreement with standard contractual clauses is currently in place with all providers in order to make the third-country transfer as data-protection-friendly and secure as possible. Adjustments to the ECJ ruling of 16.07.2020 (Schrems II, ref. C-311/18) including additional security measures are currently being sought by us. A copy of the standard data protection clauses can be requested by sending us an informal email.
3. possibility of revocation
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can prevent the collection as well as the processing of your personal data by the respective providers by preventing the storage of third-party cookies on your computer, using the “Do Not Track” function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
XV. Integration of plugins via external service providers
1. description and scope of data processing
We integrate certain plug-ins on our website via external service providers in the form of content delivery networks. When you access our website, a connection is established to the servers of the providers we use to retrieve content and store it in the cache of the user’s browser. Personal data may be stored and analyzed in server log files as a result, especially device and browser information (in particular, the IP address and operating system). We use the following services:
Shore
2. purpose of data processing
The use of the functions of these services serves the delivery and acceleration of online applications and content.
3. legal basis for data processing
The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website.
4. duration of storage
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.
5. possibility of opposition
You can object at any time to the processing of your personal data that we collect in the course of your use of our company website and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal email to the email address stated in this data protection declaration.
You can find more information on how to exercise your rights here: https://www.shore.com/de/datenschutz/
XVI. Use of hCaptcha
1. Description and scope of data processing
We use “HCaptcha” from the provider Intuition Machines, Inc, 1065 SW 8th St #704, Miami FL 33130 to determine that you as our users are human beings. In some cases, analysis data may be collected through the use of cookies, web beacons and other tracking technologies. The following categories of information are collected:
Information that is automatically collected as a result of an Integrator’s or Customer’s use of the Sites or the Services (“Analytics Information”), such as IP addresses, browser type, Internet service provider, platform type, device type, operating system, date and timestamp of access, and other similar information. Other information collected from end users on the Service is necessary to determine whether they are human, such as mouse movements, scroll position, keystroke events, touch events and similar information.
Some analytics information is collected on behalf of HCaptcha by third parties engaged for this purpose. Some analytics information is collected through a variety of tracking technologies, including cookies.
Further information can be found at https://www.hcaptcha.com/privacy
In order to ensure compliance with data protection requirements and the greatest possible data security, we have concluded an order processing agreement with Intuition Machines and have thus committed the provider of HCaptcha appropriately to the principles of data protection and data security. Intuition Machines is also part of the EU-U.S. Data Privacy Framework. This ensures an appropriate level of data protection for data transfers to the USA.
2. Purpose of data processing
The purpose of data processing is to determine whether the user is a human being and at the same time to prevent misuse in this process.
3. Legal basis for data processing
The legal basis for the processing of users’ personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information will generally be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g., for tax and accounting purposes.
Information collected via technical means such as cookies, website counters and other analytics tools will be discarded as soon as possible, but may be retained for a limited period of up to one year after the cookie expires. This is typically done in anonymized and aggregated form, unless potential abuse is detected. In this case, the information is retained to help prevent future abuse.
5. Right of revocation, objection and removal
If the processing is based on your consent, you have the right to withdraw this consent at any time in the manner specified in the service or by contacting support at support@hcaptcha.com.
You can prevent the collection and processing of your personal data by HCaptcha by preventing the storage of third-party cookies on your computer, using the “Do Not Track” function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
Further information on objection and removal options in relation to HCaptcha can be found at
https://www.hcaptcha.com/privacy
XVII. Changes to our privacy policy
We reserve the right to make changes to this privacy policy at any time. The privacy policy is updated regularly and all changes are automatically published on our website.
This privacy policy was created with the support of DataGuard.