LEGAL NOTICE AND DATA PROTECTION

LEGAL NOTICE

Alnapharm AG & Co. KG
Poppenbütteler Bogen
22399 Hamburg

Telephone: +49 (0) 40 600 88 31-0
Fax: +49 (0) 40 600 88 31-50
Email: info@alnapharm.com

Represented by:
Management: Alna-Holding AG
Register court: Hamburg District Court
Register number: HRB 117672
Chairman: Ali Nahavandi

Responsible for the content (pursuant to Section 55 (2) RStV):
Alna-Holding AG
Poppenbütteler Bogen 68
22399 Hamburg

Images & image rights:

Adobe Stock
© Halfpoint (#285225374, #210657709)
© Giorgio Pulcini (#247947317)
© SciePro (#273810792, #273810734, #89951943)
© pikselstock (#361338102)
© fizkes (#289886278)

DISCLAIMER – LEGAL INFORMATION

§ 1 CONTENT WARNING

The free and open-access content of this website was created with the utmost care. However, the provider of this website assumes no liability for the accuracy and up-to-dateness of the provided free and open-access journalistic guides and news. Articles by named authors give the opinion of the author and not always the opinion of the provider. Simply accessing the free and open-access content does not give rise to a contractual relationship between the user and the provider, insofar as the provider has no intention to enter into a legally binding relationship.

§ 2 EXTERNAL LINKS

This website contains links to third party websites (“external links”). Liability for these websites lies with their respective operators. When first creating the external links, the provider checked the third-party content for any legal violations. At that time, none were apparent. The provider has no influence over the current and future design or content of the linked sites. The creation of external links does not mean that the provider endorses the content of the reference or link. Constant monitoring of the external links cannot be reasonably expected of the provider without specific evidence of legal violations. However, if legal violations become known, such external links will be deleted immediately.

§ 3 COPYRIGHT AND ANCILLARY COPYRIGHT

The content published on this website is subject to German copyright and ancillary copyright. Any utilization not permitted by German copyright and ancillary copyright requires the prior written agreement of the provider or respective rights holder. This applies in particular to the duplication, editing, translation, saving, processing and/or reproduction of content in databases or other electronic media and systems. Third-party content and rights are indicated as such. The unauthorized duplication or reproduction of individual items or entire pages is not permitted and is punishable by law. Copies and downloads may only be produced for personal, private, and non-commercial use.

The representation of this website in foreign frames is only permissible with written consent.

§ 4 SPECIAL TERMS OF USE

If special terms for individual uses of this website deviate from the above paragraphs, this shall be expressly referred to in the appropriate place. In this case, the special terms of use apply in each individual case.

DATA PROTECTION

INTRODUCTION

With the following privacy statement, we would like to explain to you about the types of personal data (hereafter referred to as “data” for short) we will process, for what purposes, and to what extent. The privacy statement applies to all processing of personal data by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and external online presence, such as our social media profiles (hereafter referred to collectively as “online content”).

The used terms are not gender-specific.

Last update: January 20, 2021

CONTROLLER

Alna-Holding AG
Poppenbütteler Bogen 68
22399 Hamburg

Email address: info@alnapharm.com
Legal notice: www.alnovat.com/impressumdatenschutz

OVERVIEW OF THE PROCESSING

The following overview summarizes the types of processed data and the purposes for their processing, and refers to the data subjects.

TYPES OF PROCESSED DATA

User data (e.g. names, addresses).
Content data (e.g. entries in online forms).
Contact details (e.g. emails, telephone numbers).
Meta/communication data (e.g. device information, IP addresses).
Usage data (e.g. visited web pages, interest in content, access times).
Contract data (e.g. object of agreement, term, customer category).
Payment data (e.g. bank details, invoices, payment history).

CATEGORIES OF DATA SUBJECTS

Employees (e.g. salaried employees, job candidates, former employees).
Business and contractual partners.
Stakeholders.
Communication partners.
Customers.
Users (e.g. website visitors, users of online services).

PURPOSES OF THE PROCESSING

For the provision of our online content and user-friendliness.
Conversion tracking (measuring the effectiveness of marketing measures).
Office and organizational procedures.
Direct marketing (e.g. via email or by post).
Contact inquiries and communication.
Remarketing.
Reach measurement (e.g. access statistics, identifying returning visitors).
Tracking (e.g. interests/behavior-related profiling, use of cookies).
Server monitoring and error detection.
Provision of contractual services and customer service.
Administration and responding to inquiries

RELEVANT LEGAL BASIS

The following section sets out the legal basis of the General Data Protection Regulation (GDPR), on which basis we are processing the personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations in your and/or our country of residence/domicile may also apply. If a more specific legal basis is relevant in individual cases, we will inform you of this in the privacy statement.

CONSENT (ART. 6 (1) (1) (A) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
PERFORMANCE OF CONTRACT AND PRE-CONTRACTUAL REQUESTS (ART. 6 (1) (1) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
LEGAL OBLIGATION (ART. 6 (1) (1) (C) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
LEGITIMATE INTERESTS (ART. 6 (1) (1) (F) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

NATIONAL DATA PROTECTION REGULATIONS IN GERMANY: In addition to the data protection provisions of the General Data Protection Regulation, the national data protection regulations of Germany also apply. These include, in particular, the Act on Protection against the Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special regulations on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and communication, as well as automated individual decision-making, including profiling. It also regulates data processing for employment-related purposes (section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. In addition, the regional data protection laws of the individual federal states may be applied.

SECURITY MEASURES

In accordance with the legal requirements, we will take appropriate technical and organizational measures, taking into account the state of the art, the implementation costs and the type, scope, circumstances, and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection that is appropriate to the risk.

The measures include, in particular, securing the confidentiality, integrity, and availability of the data by monitoring physical and electronic access to the data and also access, input, and transfer of the data, and securing the availability and their separation. Moreover, we have implemented procedures to guarantee the exercising of data subject rights, the erasure of data, and responses to data threats. We also take into account the protection of personal data when developing and/or selecting hardware, software, and procedures according to the principles of data protection, through technology design and data protection-friendly presets.

SSL ENCRYPTION (HTTPS): To protect your data transferred via our website, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

TRANSMISSION AND DISCLOSURE OF PERSONAL DATA

As part of our personal data processing, data may be transferred or disclosed to other entities, companies, legally independent organizational units, or persons. The recipients of these data may include, for example, financial institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that are integrated into a website. In such a case, we will observe the legal requirements and conclude appropriate contracts or agreements with the recipients of your data in order to protect your data.

DATA PROCESSING IN THIRD COUNTRIES

If we process data in a third county (i.e. outside the European Union (EU), or the European Economic Area (EEA)), or if the processing is carried out as part of the use of third-party services or the disclosure and/or transmission of data to other people, entities, or companies, this will only occur in accordance with the legal regulations.

Subject to express consent or a contractually or legally required transfer, we process the data, or have it processed, in third countries only if they have a recognized level of data protection, a contractual obligation through the so-called Standard Contractual Clauses of the EU Commission, or if there are certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

USE OF COOKIES

Cookies are text files containing data on visited websites or domains, which are saved by a browser on the user’s computer. The main purpose of a cookie is to save information about a user during or after their visit to a website. The saved information may include, for example, language settings on a website, the login status, a shopping cart, or the point where a video was watched. The term “cookies” also covers other technologies that fulfill the same functions as cookies (e.g. when user information is saved using pseudonymous online identifiers, also called “user IDs”).

THE DIFFERENT COOKIE TYPES AND FUNCTIONS ARE EXPLAINED BELOW:

TEMPORARY COOKIES (ALSO: SESSION COOKIES): Temporary cookies are deleted once a user has left the online content and closed his/her browser, if not before.
PERMANENT COOKIES: Permanent cookies remain saved even after the browser has been closed. For example, this means that the login status can be saved, or preferred content can be displayed directly, when the user visits a website again. The interests of users can also be saved in this type of cookie for reach measurement or marketing purposes.
FIRST-PARTY COOKIES: First-party cookies are set by us.
THIRD-PARTY COOKIES: Third-party cookies are primarily used by advertisers (i.e. third parties) to process user information.
NECESSARY (ALSO: ESSENTIAL OR STRICTLY NECESSARY) COOKIES: Cookies can be strictly necessary for the operation of a website (e.g. to save logins or other user input, or for security reasons).
STATISTICS, MARKETING AND PERSONALIZATION COOKIES: Furthermore, cookies are generally also used in reach measurement and also when the interests of a user or his/her behavior (e.g. viewing certain content, using functions etc.) are saved on individual web pages in a user profile. Such profiles serve to show users content, for example, that corresponds to their potential interests. This process is also called “tracking”, i.e. tracking the potential interests of users. Insofar as we use cookies or tracking technologies, we will inform you about this separately in our privacy statement or when obtaining your consent.

INFORMATION ON THE LEGAL BASIS: The legal basis on which we process your personal data using cookies depends on whether or not we ask for your consent. If we ask for your consent and you agree to the use of cookies, the legal basis for the processing of your data is your declared consent. Alternatively, the data processed using cookies is processed on the basis of our legitimate interests (e.g. for the business operation of our website and its improvement), or if the use of cookies is necessary to fulfill our contractual obligations.

RETENTION PERIOD: If we do not provide you with specific information about the retention period for permanent cookies (e.g. as part of a cookie opt-in), please assume that the retention period may last for up to two years.

GENERAL INFORMATION ON WITHDRAWAL OF CONSENT AND OBJECTION (OPT-OUT): Depending on whether the processing is carried out on the basis of a consent or legal authorization, you have the option at any time to withdraw your consent or to object to the processing of your data using cookie technologies (collectively referred to as “opt-out”). In the first instance, you can indicate your objection using your browser settings, e.g. by deactivating the use of cookies (which may also limit the functionality of our website). An objection to the use of cookies for the purposes of online marketing can also be indicated by using a variety of services, primarily in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. erklärt werden. In addition, you can receive further objection guidance as part of the information on the service providers and cookies used.

PROCESSING OF COOKIE DATA ON THE BASIS OF A CONSENT: PROCESSING OF COOKIE DATA ON THE BASIS OF A CONSENT: We use a procedure for cookie consent management in which the user’s consent to the use of cookies, and/or the processing and providers specified in the cookie consent management procedure, can be obtained, and managed or withdrawn by the user. The declaration of consent is saved so that it does not need to be requested again and so that the consent can be proven in accordance with legal obligations. It can be saved on a server and/or in a cookie (a so-called opt-in cookie, or using similar technologies) so that the consent can be matched to a user and/or a device. Subject to individual information on the providers of cookie management services, the following notices apply: The retention period for the consent may last up to two years. For this purpose, a pseudonymous user ID is created and saved with the date and time of the consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system, and terminal used.

TYPES OF DATA PROCESSED: Usage data (e.g. visited web pages, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
DATA SUBJECTS: Users (e.g. website visitors, users of online services).
LEGAL BASIS: Consent (Art. 6 (1)(1)(a) GDPR), legitimate interests (Art. 6 (1)(1)(f) GDPR).

SERVICES AND SERVICE PROVIDERS USED:

OneTrust: Cookie consent management; Service provider: OneTrust Technology Limited, 82 St John St, Farringdon, London EC1M 4JN, United Kingdom (UK); https://www.onetrust.de/produkte-einwilligungs-und-praeferenzmanagement/; Privacy Statement: https://www.onetrust.com/privacy/.

COMMERCIAL AND BUSINESS SERVICES

We process the data of our contractual and business partners, e.g. customers and stakeholders (referred to collectively as “contractual partners”) in the context of contractual and similar legal relationships and related measures, and in the context of communication with the contractual partners (or before entering into a contract), e.g. to answer inquiries

We process these data to fulfill our contractual obligations, to secure our rights, and for the purposes of the administrative tasks associated with this information, as well as the organizational aspects of the company. We only pass on contractual partner data to third parties, within the framework of applicable law, if this is necessary for the aforementioned purposes or to fulfill legal obligations, or with the consent of the data subjects (e.g. to involved telecommunication, transport and other ancillary services or subcontractors, banks, tax and legal advisors, payment service providers, or the tax authorities). The contractual partners are informed about other forms of processing, e.g. for marketing purposes, in this privacy statement.

We inform the contractual partners which data are required for the aforementioned purposes before or during the data collection, e.g. in online forms, through specific labeling (e.g. colors) and/or symbols (e.g. asterisks etc.), or in person.

We erase the data after expiry of the statutory warranty and similar obligations, i.e. generally after 4 years, unless the data are saved in a customer account, e.g. for as long as they have to be kept for legal archiving reasons (e.g. for tax purposes, the retention period is usually 10 years). We erase data disclosed to us by the contractual partner when placing an order in accordance with the specifications of the order, and in principle after the end of the order.

If we use service providers or platforms to perform our services, the relationship between the users and providers is subject to the terms of business and privacy notices of the respective third-party providers or platforms.

PHARMACEUTICAL COMPANIES: We process the data of our customers, clients, stakeholders and other contractual partners (referred to collectively as “customers”) in order to provide them with our contractual or pre-contractual services, in particular support and the shipment of medical devices. The processed data, and the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and business relationship.

If required for fulfillment of our contract or by law, and/or if the customer has given their consent, we disclose or communicate customer data in compliance with professional legal regulations to third parties or representatives, e.g. authorities, courts, or in the field IT, office or similar services.

TYPES OF DATA PROCESSED: User data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. emails, telephone numbers), contract data (e.g. object of agreement, term, customer category).
DATA SUBJECTS: Stakeholders, business and contractual partners, customers.
PURPOSES OF THE PROCESSING: Provision of contractual services and customer service, contact requests and communication, office and organizational procedures, administration and responding to inquiries.
LEGAL BASIS: Performance of contract and pre-contractual requests (Art. 6 (1)(1)(b) GDPR), legal obligation (Art. 6 (1)(1)(c) GDPR), legitimate interests (Art. 6 (1)(1)(f) GDPR).

PROVISION OF THE WEBSITE AND WEB HOSTING

In order to securely and efficiently provide our website, we use the services of one or more web hosting providers, from whose servers (and/or from servers managed by them) the website can be retrieved. For these purposes, we may make use of infrastructure and platform services, computing capacity, memory, and database services as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting services may include all the information about the users of our website that arises during use and communication. This regularly includes the IP address, which is required to deliver the website to the browser, and all entries made within our website or on web pages.

COLLECTION OF ACCESS DATA AND LOG FILES: We (or our web hosting provider) collect data each time the server is accessed (so-called server log files). The server log files can include the address and name of the retrieved websites and files, the date and time of the retrieval, transmitted data volume, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (of the previously visited page) and usually IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid server overload (especially in the event of malicious attacks, so-called DDoS attacks), and also to guarantee the capacity of the servers and their stability.

TYPES OF DATA PROCESSED: Content data (e.g. entries in online forms), usage data (e.g. visited web pages, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
DATA SUBJECTS: Users (e.g. website visitors, users of online services).
PURPOSES OF THE PROCESSING: Reach measurement (e.g. access statistics, identifying returning visitors), tracking (e.g. interests/behavior-related profiling, use of cookies), conversion tracking (measuring the effectiveness of marketing measures), server monitoring and error detection.
LEGAL BASIS: Legitimate interests (Art. 6 (1)(1)(f) GDPR).

SERVICES AND SERVICE PROVIDERS USED:

Squarespace: Squarespace provides software as a service for the creation and hosting of websites. Service provider:
Squarespace, Inc. 8 Clarkson St, New York, NY 10014, USA; Website: https://www.squarespace.com; Privacy statement: https://www.squarespace.com/privacy.

CONTACT

When contact is made with us (e.g. via contact form, email, telephone, or social media), the details of the inquiring person are processed, insofar as this is necessary to answer the contact inquiries and any requested measures.

Contact inquiries as part of contractual or pre-contractual relationships are answered to fulfill our contractual obligations or to answer (pre-)contractual inquiries and otherwise on the basis of the legitimate interests in answering the inquiries.

TYPES OF DATA PROCESSED: User data (e.g. names, addresses), contact details (e.g. emails, telephone numbers), content data (e.g. entries in online forms).
DATA SUBJECTS: Communication partners.
PURPOSES OF THE PROCESSING: Contact inquiries and communication.
LEGAL BASIS: Performance of contract and pre-contractual inquiries (Art. 6 (1)(1)(b) GDPR), legitimate interests (Art. 6 (1)(1)(f) GDPR).

VIDEO CONFERENCES, ONLINE MEETINGS, WEBINARS, AND SCREEN SHARING

We use platforms and applications from other providers (hereafter referred to as “third-party providers”) for the purposes of carrying out video and audio conferences, webinars and other types of video and audio meetings. We comply with legal requirements when selecting third-party providers and their services.

In this context, communication participant data are processed and saved on the third-party provider servers, provided these data form part of the communication processes with us. These data may include, in particular, login and contact details, visual and vocal contributions and entries in chats, and shared screen content.

If users are referred to the third-party providers, or their software or platforms, in the context of communication, business, or other relationships with us, the third-party providers can process usage data and metadata for security purposes, service optimization, or marketing purposes. Therefore, please take note of the privacy notices of the respective third-party providers.

INFORMATION ON THE LEGAL BASIS: If we ask users for their consent to the use of third-party providers or certain functions (e.g. consent to conversations being recorded), the legal basis for the processing is the consent. Moreover, their use can be part of our (pre-)contractual services, provided the use of third-party providers was agreed in this regard. Otherwise, the user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. In this regard, we would also like to refer you to the information on the use of cookies in this privacy statement.

TYPES OF DATA PROCESSED: User data (e.g. names, addresses), contact details (e.g. emails, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. visited web pages, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
DATA SUBJECTS: Communication partners, users (e.g. website visitors, users of online services).
PURPOSES OF THE PROCESSING: Provision of contractual services and customer service, contact requests and communication, office and organizational procedures, direct marketing (e.g. via email or by post).
LEGAL BASIS: Consent (Art. 6 (1)(1)(a) GDPR), performance of contract and pre-contractual requests (Art. 6 (1)(1)(b) GDPR), legitimate interests (Art. 6 (1)(1)(f) GDPR).

SERVICES AND SERVICE PROVIDERS USED:

Google Hangouts / Meet: Messenger and conference software;
Service provider: Google Ireland Limited, Gordon House, Barrow Street,
Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://hangouts.google.com/; Privacy statement: https://policies.google.com/privacy.
Zoom: Video conferences, web conferences, and webinars; Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Website: https://zoom.us; Datenschutzerklärung: https://zoom.us/docs/de-de/privacy-and-legal.html; Standard contractual clauses (guaranteeing the data protection level of processing in third countries): https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA).

CLOUD SERVICES

We use software services accessible via the internet and running on their providers’ servers (so-called “cloud services”, also referred to as “software as a service”) for the following purposes: Document storage and management, calendar management, sending emails, spreadsheets and presentations, exchanging documents, content, and information with certain recipients, or publishing web pages, forms or other content and information as well as chats and participation in audio and video conferences.

In this context, personal data may be processed and saved in the servers of the providers, provided these data form part of the communication processes with us, as stated in this privacy statement. These data may include, in particular, master data and contact details of the users, data on operations, contracts, other processes, and their content. The cloud services providers also process usage data and metadata, which are used by them for security purposes and service optimization.

If we provide forms or other documents and content for other users or publicly accessible web pages with the help of cloud services, the providers can save cookies on the devices of the users for web analysis purposes or to save user settings (e.g. in case of media control).

INFORMATION ON THE LEGAL BASIS: If we request consent for the use of cloud services, the legal basis for the processing is the consent. Moreover, their use can be part of our (pre-)contractual services, provided the use of cloud services was agreed in this regard. Otherwise, the user data are processed on the basis of our legitimate interests (i.e. an interest in efficient and secure administration and collaboration processes).

TYPES OF DATA PROCESSED: User data (e.g. names, addresses), contact details (e.g. emails, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. visited web pages, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contract data (e.g. object of agreement, term, customer category).
DATA SUBJECTS: Customers, employees (e.g. salaried employees, job candidates, former employees), stakeholders, communication partners.
PURPOSES OF THE PROCESSING: Office and organizational procedures.
LEGAL BASIS: Consent (Art. 6 (1)(1)(a) GDPR), performance of contract and pre-contractual requests (Art. 6 (1)(1)(b) GDPR), legitimate interests (Art. 6 (1)(1)(f) GDPR).

SERVICES AND SERVICE PROVIDERS USED:

GOOGLE CLOUD SERVICES: Cloud storage services; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/; Privacy statement: https://www.google.com/policies/privacy, Security information: https://cloud.google.com/security/privacy; Standard contractual clauses (guaranteeing the data protection level of processing in third countries): https://cloud.google.com/terms/data-processing-terms; https://cloud.google.com/terms/data-processing-terms.

NEWSLETTERS AND ELECTRONIC NOTIFICATIONS

We send newsletters, emails and other electronic notifications (hereafter “newsletters”) only with the consent of the recipients, or with legal authorization. If, during registration for the newsletter, its content is specifically described, this is a determining factor for the user’s consent. Our newsletter contains information about our services and us.

To register for our newsletter, you usually just need to enter your email address. However, we may ask you to provide a name so that we can address you personally in the newsletter, or other information if this is necessary for the purposes of the newsletter.

DOUBLE OPT-IN PROCEDURE: Registering for our newsletter is normally a double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with someone else’s email address. Registrations for the newsletter are recorded as proof that the registration process has been carried out in accordance with legal requirements. This includes saving the time and date of registration and confirmation, and also the IP address. Changes to your data saved by the distributor are also recorded.

ERASURE AND RESTRICTION OF PROCESSING: We can save the email addresses for up to three years on the basis of our legitimate interests before we erase them, so that we can prove that consent had been given previously. The processing of these data is restricted to the purpose of a possible defense against complaints. An individual application for erasure is possible at any time, if the prior existence of a consent is confirmed at the same time. In the event of obligations to take note of objections on a permanent basis, we reserve the right to save email addresses in a blocklist for this purpose alone.

The registration procedure is recorded on the basis of our legitimate interests for the purpose of proving that the procedure was carried out properly. If we entrust email transmission to a service provider, this is carried out on the basis of our legitimate interests in an efficient and secure distribution system.

INFORMATION ON THE LEGAL BASIS: The newsletter is distributed on the basis of the recipient’s consent or, if consent is not necessary, on the basis of our legitimate interests in direct marketing, insofar and to the extent that this is permitted by law, e.g. in the case of advertising to existing customers.

If we entrust email transmission to a service provider, this is carried out on the basis of our legitimate interests. The registration procedure is recorded on the basis of our legitimate interests in order to prove that it was carried out in accordance with the law.

CONTENT: Information about us, our services, campaigns, and offers.

TYPES OF DATA PROCESSED: User data (e.g. names, addresses), contact details (e.g. emails, telephone numbers), meta/communication data (e.g. device information, IP addresses).
DATA SUBJECTS: Communication partners.
PURPOSES OF THE PROCESSING: Direct marketing (e.g. via email or by post).
LEGAL BASIS: Consent (Art. 6 (1)(1)(a) GDPR), legitimate interests (Art. 6 (1)(1)(f) GDPR).
OPT-OUT: You can unsubscribe from our newsletter at any time, i.e. withdraw your consent or object to continued receipt of the newsletter. You can find a link for unsubscribing at the end of each newsletter, or you can use one of the aforementioned contact options, preferably email.

ONLINE MARKETING

We process personal data for online marketing purposes, which may include, in particular, the marketing of advertising space or the display of promotional and other content (referred to collectively as “content”) on the basis of the user’s potential interests, and measuring their effectiveness.

For this purpose, user profiles are created and saved in a file (a so-called “cookie”) or similar procedures are used, by means of which relevant information about the user is saved for the presentation of the aforementioned content. This information may include, for example, viewed content, visited web pages, used online networks, but may also include communication partners and technical information concerning the browser and computer system used, and information about usage periods. If users have consented to the collection of their location data, these can also be processed.

The IP addresses of the users are also saved. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect the users. In general no direct user data (such as email addresses or names) are saved for the online marketing procedure, instead pseudonyms are used. This means that neither we nor the online marketing providers know the actual identities of the users, but instead only the information saved in their profiles.

The information in the profiles is usually saved in cookies or using similar methods. Generally speaking, these cookies can also be read later on other websites that use the same online marketing procedure, analyzed for the purpose of presenting content, and also supplemented with other data, and saved on the server of the online marketing provider.

Exceptionally, identifying data can be matched to the profiles. This is the case, for example, if the users belong to a social network whose online marketing procedures we use, and the network links the user profiles with the aforementioned information. Please note that users can enter into additional agreements with the providers, e.g. by giving their consent when registering.

We only have access to aggregate information about the success of our advertisements. However, in the context of so-called conversion tracking, we can check which of our online marketing procedures have resulted in conversion, that is to say conclusion of a contract with us, for example. Conversion tracking is only used to analyze the success of our marketing measures.

Unless otherwise stated, please assume the any cookies used will be saved for a period of two years.

INFORMATION ON THE LEGAL BASIS: If we ask users for their consent to the use of third-party providers, the legal basis for the data processing is the consent. Otherwise the user data are processed on the basis of our legitimate interests (i.e. an interest in efficient, economical, and user-friendly services). In this regard, we would also like to refer you to the information on the use of cookies in this privacy statement.

Google Universal Analytics: Google Universal Analytics: We use Google Analytics in the form of Universal Analytics (https://support.google.com/analytics/answer/2790010?hl=de&ref_topic=6010376). “Universal Analytics” refers to a procedure by Google Analytics in which user analysis is carried out on the basis of a pseudonymized user ID, and thus a pseudonymized user profile is created with information from the use of different devices (so-called “cross-device tracking”).

TYPES OF DATA PROCESSED: Usage data (e.g. visited web pages, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
DATA SUBJECTS: Users (e.g. website visitors, users of online services), stakeholders.
PURPOSES OF THE PROCESSING: Tracking (e.g. interests/behavior-related profiling, use of cookies), remarketing, conversion tracking (measuring the effectiveness of marketing measures), interests/behavior-related marketing, profiling (creating user profiles), reach measurement (e.g. access statistics, identifying returning visitors).
SECURITY MEASURES: IP masking (pseudonymization of the IP address).
LEGAL BASIS: Consent (Art. 6 (1)(1)(a) GDPR), legitimate interests (Art. 6 (1)(1)(f) GDPR).
OPT-OUT: We refer to the privacy notices of the respective providers and the opt-out specified for the providers. If no explicit opt-out option has been specified, you can switch off cookies in your browser settings. However, this may limit the functions of our website. Therefore, we also recommend the following opt-out options, a summary of which is set out below for each region: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territory: https://optout.aboutads.info.

SERVICES AND SERVICE PROVIDERS USED:

Google Analytics: Online marketing and web analysis; Service provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy statement: https://policies.google.com/privacy; Opt-Out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for pop-up advertisements: https://adssettings.google.com/authenticated.

PRESENCE ON SOCIAL NETWORKS (SOCIAL MEDIA)

We maintain an online presence on social networks, and for this we process user data in order to communicate with users who are active on social media or to provide information about us.

Please note that this may include the processing of user data outside the European Union. This can entail risks for users because, for example, it could be more difficult for users to exercise their rights.

Moreover, user data of users is usually processed for marketing research and advertising purposes within social networks. For example, usage profiles may be created on the basis of the usage behavior and resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks, which are assumed to correspond to the user’s interests. For this purpose, cookies are usually saved on the users’ computers and the usage behavior and interests of the users are saved in these cookies. In addition, data may also be saved in the usage profiles independently of the devices used by the users (in particular, if the users are members of the respective platforms and are logged into them).

For a detailed description of the types of processing and the opt-out options, please see the privacy statements and information from the operators of the respective networks.

In the event of information requests and the assertion of data subject rights, please note that these can be asserted most effectively with the providers. Only the providers have access to the user data and can take appropriate action immediately, and provide information. However, you can contact us if you need help.

Facebook: Together with Facebook Ireland Ltd., we are responsible for the collection (but not the further processing) of the data from visitors to our Facebook page (a so-called “fan page”). These data include information on the types of content that users view or interact with, or the actions performed by them (see “Things that you and others do and provide” in the Facebook privacy policy: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, and cookie data; see “Device Information” in the Facebook privacy policy: https://www.facebook.com/policy).

As explained in the Facebook privacy policy in the section “How do we use this information?”, Facebook collects and uses information to provide analysis services, so-called “Page Insights” for page operators so that they can gain insights into how people interact with their pages and the associated content. We have concluded a special agreement with Facebook (“Information about Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), in which the security measures Facebook must observe are specified, and in which Facebook has also agreed to fulfill the rights of data subjects (i.e. users can address requests for information or erasure to Facebook directly, for example). The rights of users (in particular the right of access, erasure, objection, and the right to complain to the competent supervisory authorities) are not restricted by the agreements with Facebook. You can find more information in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

TYPES OF DATA PROCESSED: User data (e.g. names, addresses), contact details (e.g. emails, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. visited web pages, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
DATA SUBJECTS: Users (e.g. website visitors, users of online services).
PURPOSES OF THE PROCESSING: Contact requests and communication, tracking (e.g. interests/behavior-related profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, identifying returning visitors).
LEGAL BASIS: Legitimate interests (Art. 6 (1)(1)(f) GDPR).

SERVICES AND SERVICE PROVIDERS USED:

Instagram: Social network; Service provider: Instagram Inc., 1601
Willow Road, Menlo Park, CA, 94025, USA, Parent company: Facebook,
1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Privacy statement: https://instagram.com/about/legal/privacy.
Facebook: Social network; Service provider: Facebook Ireland Ltd., 4
Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA;
Website: https://www.facebook.com; Privacy statement: https://www.facebook.com/about/privacy; Opt-Out: Advertisement settings: https://www.facebook.com/settings?tab=ads.
LinkedIn: Social network; Service provider: LinkedIn Ireland
Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy statement: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
YouTube: Social network and video platform; Service provider: Google
Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain
View, CA 94043, USA; Privacy statement: https://policies.google.com/privacy; Opt-Out: https://adssettings.google.com/authenticated.

PLUGINS AND INTEGRATED FUNCTIONS AND CONTENT

We integrate functional and content elements into our website, which are obtained from the servers of their respective providers (hereafter referred to as “third-party providers”). For example, this can be graphics, videos or social media buttons and posts (hereafter referred to as “content”).

The integration always necessitates the third-party providers of this content processing the IP address of the user because without the IP address, they could not send the content to their browser. Thus, the IP address is necessary for the provision of this content or functions. We endeavor to only use this type of content if the respective provider only uses the IP address to deliver the content. Third-party providers can also use so-called pixel tags (hidden graphics, also called “web beacons”) for statistical or marketing purposes. The pixel tags allow information to be analyzed, for example visitor traffic to the pages of these websites. In addition, the pseudonymous information can also be saved in cookies on the user’s device and contain, among other things, technical information about the browser, operating system, referring web pages, visiting times and other information on the use of our website, and they can also be linked to this type of information from other sources.

TYPES OF DATA PROCESSED: Usage data (e.g. visited web pages, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
DATA SUBJECTS: Users (e.g. website visitors, users of online services).
PURPOSES OF THE PROCESSING: Provision of our website and user-friendliness, provision of contractual services and customer service.
LEGAL BASIS: Legitimate interests (Art. 6 (1)(1)(f) GDPR).

SERVICES AND SERVICE PROVIDERS USED:

ReCaptcha: We integrate the “ReCaptcha” function for detecting bots, e.g. for entries in online forms. Information about the user’s behavior (e.g. mouse movements or searches) are analyzed to help differentiate between humans and bots. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com/recaptcha/; Privacy statement: https://policies.google.com/privacy; Widerspruchsmöglichkeit Opt-Out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for pop-up advertisements: https://adssettings.google.com/authenticated.

ERASURE OF DATA

In according with legal requirements, the data processed by us is erased as soon as the consents authorizing the processing are withdrawn or other authorizations no longer apply (e.g. if the purpose of this data processing is no longer applicable or the processing is no longer necessary for the purpose).

If the data are not erased because they are required for other lawful purposes, their processing shall be limited to these purposes. This means, the data will be locked and not processed for other purposes. This applies, for example, to data that have to be kept for commercial or tax law reasons, or if it is necessary to save the data for the purpose of asserting, exercising or defending legal claims, or to protect the rights of another natural or legal person.

More information on the erasure of personal data can be found in the context of the individual privacy notices of this privacy statement.

AMENDING AND UPDATING THE PRIVACY STATEMENT

Please read the content of our privacy statement on a regular basis. We update the privacy statement as soon as this becomes necessary due to changes to the data processing performed by us. We will inform you as soon as any action on your part (e.g. consent) or other individual notification becomes necessary because of the amendments.

If we specify addresses and contact information for companies and organizations in this privacy statement, please note that the addresses may change over time and please check the information before contacting the company or organization.

RIGHTS OF DATA SUBJECTS

In accordance with the GDPR, as a data subject you have various rights arising particularly from Art. 15 to 21 GDPR:

RIGHT TO OBJECT: YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU ON THE BASIS OF ART. 6 (1) (E) OR (F) GDPR, INCLUDING PROFILING BASED ON THOSE PROVISIONS. IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING.
RIGHT TO WITHDRAW CONSENT: You have the right to withdraw your consent at any time.
RIGHT OF ACCESS: You have the right to request confirmation as to whether or not relevant data are being processed, and the right of access to these data and other information, and copies of the data in accordance with legal requirements.
RIGHT TO RECTIFICATION: In accordance with legal regulations, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
RIGHT TO ERASURE AND RESTRICTION OF PROCESSING: Under the legal regulations, you have the right to request the immediate erasure of data concerning you, or alternatively to request that the data processing be restricted in accordance with legal regulations.
RIGHT TO DATA PORTABILITY: According to legal regulations, you have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, or to request that those data be transmitted to another controller.
COMPLAINTS TO THE SUPERVISORY AUTHORITIES: Under the legal regulations, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of the personal data concerning you infringes the GDPR.

DEFINITION OF TERMS

This section contains an overview of the terminology used in this privacy statement. Many of the terms are taken from the law and defined in Art. 4 GDPR in particular. The legal definitions are binding. However, the following explanations are primarily intended to aid understanding. The terms are arranged alphabetically.

CONVERSION TRACKING: Conversion tracking is a procedure that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually saved on the user’s device within the web pages on which the marketing measures are implemented and then retrieved again on the target web page. For example, this means that we can understand whether the advertisements we placed on other web pages were successful.
PERSONAL DATA: “Personal data” are all the information concerning an identified or identifiable natural person (hereafter referred to as “data subject”); a natural person is identifiable if they can be directly or indirectly identified, especially by linking to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more special characteristics which express the physical, physiological, genetic, mental, commercial, cultural, or social identity of this natural person.
REACH MEASUREMENT: Reach measurement (also called web analytics) is the analysis of streams of visitors to a website and can incorporate the behavior of visitors or their interest in certain information, such as the content of web pages.
With the help of reach analysis, website owners can, for example, find out at which times visitors visit their website and in which content they are interested. Therefore, they can adapt the content of the website to better meet the needs of their visitors, for example. For the purpose of reach analysis, pseudonymous cookies and web beacons are often used to identify returning visitors and thus obtain a more accurate analysis of the use of a website.
REMARKETING: “Remarketing” or “retargeting” is when, for example, it is noted for advertising purposes which products a user has shown interest in on a website in order to remind the user about these products on other websites, e.g. in advertisements.
SERVER MONITORING AND ERROR DETECTION: With the aid of server monitoring and error detection, we can ensure the availability and integrity of our website content and use the processed data to technically optimize our website. Performance, capacity and similar technical values are processed, which provide information about the stability of our website and any noticeable problems. In the event of errors and problems, individual inquiries from users of our website are collected to identify and rectify the source of the problem.
TRACKING: “Tracking” is when the behavior of users can be traced across several websites. Behavior and interest information regarding the websites used is usually saved in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to correspond to their interests.
CONTROLLER: "Controller” means the natural or legal person, public authority, agency or other entity which, alone or jointly with others, determines the purposes and means of the processing of personal data.
PROCESSING: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is far-reaching and covers practically every handling of data, whether collection, analysis, storage, transmission, or erasure.

Webseite

Neue Werte
www.neuewerte.de - Digitalagentur für Strategie, Kreation und Entwicklung

Tel.: 030 609 888 211

Neue Werte ist nicht Verantwortlicher der Website oder verantwortlich für dessen Inhalte.