Privacy

Privacy policy of Baufi24 Baufinanzierung GmbH

We, Baufi24 Baufinanzierung GmbH, take the protection of your personal data very seriously. When you visit our website and/or use our services, personal data is processed. We treat your personal data in accordance with the legal regulations of the relevant data protection laws, in particular the European Data Protection Regulation (DSGVO) and this data protection notice. This privacy notice covers the use of our digital offerings, including our social media profiles. Our digital offers may contain links to other offers of third party service providers to which this privacy policy does not refer.

 

  1. Person in charge

1.1 Data processing under sole responsibility

If you have registered or would like to register as a user on one of our websites and for data processing in the context of our websites and the services we offer, Baufi24 Baufinanzierung GmbH is responsible for the data processing carried out by us or on our behalf. You can reach us at the following contact details:

 

Baufi24 Baufinanzierung GmbH

Kattrepelsbrücke 1

D-20095 Hamburg

datenschutz@baufi24.de

 

If you have any questions regarding data protection at our company, please write to us at the aforementioned postal address, with the addition of "data protection" or at the e-mail address provided, or contact our data protection officer, Mr. Malte Rheingans, directly at bilthouse@cogito.consulting| https://cogito.consulting.

 

1.2 Data processing under joint responsibility

Baufi24 Baufinanzierung GmbH also processes personal data under joint responsibility within the meaning of Art. 26 DSGVO together with Bilthouse GmbH, Kattrepelsbrücke 1, 20095 Hamburg, Hüttig & Rompf GmbH, Hanauer Landstraße 126 - 128, 60314 Frankfurt, Bilthouse Service GmbH, Kattrepelsbrücke 1, 20095 Hamburg, FinLink GmbH, Köpenicker Str. 125, 10179 Berlin and Creditweb GmbH, Mathias-Brüggen-Str. 154 ,50829 Cologne, Kredit24 GmbH, Kattrepelsbrücke 1, 20095 Hamburg (together the "Parties"). In the context of joint responsibility in data processing, the Parties have concluded a contract pursuant to Art. 26 DSGVO. There it is agreed that the Parties jointly process personal data in order to optimally process and distribute customer inquiries within the Bilthouse Group. Baufi24, Hüttig & Rompf and Creditweb each acquire customers for their brand, but customers can be referred within the Bilthouse Group, in particular to ensure better, coordinated customer care and, if necessary, to be able to respond to excess inquiries. Furthermore, it was agreed that each of the parties is responsible for the data processing carried out by them, i.e. independently assumes all rights and obligations arising therefrom, including the processing of data subject rights. Nevertheless, data subjects can contact each of the parties with their concerns and claims at any time using the contact details provided above.

 

  1. purposes and legal bases of data processing

2.1 Data processing for the provision of our services

We process personal data in order to handle the contractual relationships and, if necessary, to be able to submit needs-based contractual offers. We collect and process personal data in particular to the extent necessary for the provision of services in the context of the provision of the functionalities of our websites and/or to the extent necessary for the performance of our contractual relationship. This concerns in particular the e-mail address, if applicable the name or the form of address, which were chosen in order to ensure that only registered persons have access to certain functions of our websites, in order to be able to provide user-specific optimized services and, if applicable, in order to be able to communicate regarding the use of our services.

 

In addition, we process data that is relevant in the consulting process. The personal data processed and used by us in this context are personal details/documents such as name, address, e-mail address, telephone number, marital status, occupation, personal financial circumstances and liabilities, income and expenses; details/documents on the object of financing or the use of funds of the loan; details/documents on the financing and settlement such as balance, interest, term, disbursement requirements, etc. the use of funds of the loan; details/documents on financing and processing, such as balance, interest rate, term, disbursement requirements, application status, processing status, as well as details/documents on follow-up financing, such as remaining balance, installment, interest rate, end of interest commitment(s), and current financing bank.

 

In all forms, we collect bindingly only those personal data that are absolutely necessary for the initiation or processing of the contractual relationship. The collection of data that is not absolutely necessary, but in which we are interested in order to optimize the fulfillment of the purpose, is only optional. In this case, it can be decided on a voluntary basis whether and which data we should receive.

 

The basis for the data processing is Art. 6 para. 1 p. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

 

2.2 Data processing in the context of construction financing

For the preparation of your offer for a construction financing, we rely on a network of specialized consultants. This network is supervised by the companies from our group of companies to which we transmit the data you provide for the preparation of the offer. On the basis of the data transmitted by us from the network, a consultant(s) is/are determined who will prepare your offer. In order for the consultant(s) to prepare your offer and contact you, the data you entered on our website will be transmitted. An outline of how your proposal will be managed can be found on this website:
https://www.baufi24.de/finanzierungsablauf.

 

The basis for the data processing is Art. 6 para. 1 p. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

 

Your advisor will contact you after receiving the data in order to further support you in your project. In this respect, she/he will act as a real estate loan broker. Your advisor will use specialized Internet services to find the right construction financing for you, enabling a comparison of financing from more than 500 banks. This software is operated by third party service providers to whom your application data is transmitted to the extent necessary. Your advisor will provide you with the mandatory information for these service providers in accordance with Art. 14 DSGVO.

The legal basis for the processing of data for the preparation of the offer by your advisor(s) is Art. 6 (1) b) DSGVO, as the advisor's activity is carried out in response to your request and serves to prepare the conclusion of a contract for the arrangement of a construction financing.
If you commission the consultant with the further support of your financing project, the legal basis for the corresponding processing of your data is Art. 6 (1) b) DSGVO, as it is carried out for the execution of the corresponding contract.

 

2.3 Data processing in the context of the "Apply for installment credit" function

If you use the "Apply for installment credit" function, you are using an offer from Kredit24 GmbH, Kattrepelsbrücke 1, 20095 Hamburg, which is integrated into our websites. The data protection provisions of Kredit24, available at https://www.kredit24.de/Datenschutz, the data protection provisions of the Europace marketplace, available at https://meinedatenschutzhinweise.de/SEN18.pdf and the data protection provisions of ECON Application GmbH, available at  , apply to this.  

 

The legal basis for the data processing for the preparation of the offer regarding the financing is Art. 6 para. 1 b) DSGVO, as the data processing is carried out upon your request and serves the preparation of the conclusion of a contract for an installment loan.

 

2.4 Data processing during the real estate search and transfer to partners

If you would like to use our ImmoPartner service, it is necessary that you provide us with the necessary data on the property you are looking for. We use this data to find suitable real estate offers for you. For this purpose, the data is transmitted anonymously to our partners (e.g. real estate agents, developers, new construction sales organizations, construction companies), who make these real estate offers available.

 

The voluntary provision of personal data enables us to offer you content or services which, due to their nature, can only be offered to users who provide us with their personal data and details of their property search.

 

With your consent, in addition to the data on the property you are looking for, we will also send our partners an anonymized copy of your financing certificate, which your personal advisor has prepared for you. This is done to increase your chances of finding a property, as it provides our partners with information on your basic solvency. No personal data is transmitted to our partners in this process. The ImmoPartner service is only offered in the context of a personal consultation with one of our mediated financial advisors. With your consent, we will contact you by e-mail to send you the real estate offers received from our partners and to further support you in your project.

 

The legal basis for this use of your data is your consent pursuant to Art.6 para. 1 p.1 lit. a) DSGVO. Your consent can be revoked at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

2.5 Data processing in the context of the customer account

By creating a customer account, we process the data you provide in order to manage the customer account and to enable you to use the services we offer in connection with your customer account.

 

In addition to the data you provide, further data may be processed depending on the use of our offers in connection with your customer account. This includes, for example, calculation results for financing, financing questions and offers, property searches and valuations, communication with us and personal preferences.

 

The basis for the data processing is Art. 6 para. 1 p. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

 

2.6 Data processing for communication purposes

In addition to the contractual data, we process communication data (name, address, telephone number, e-mail address) in order to process any inquiries and/or to be able to contact data subjects and/or to send (possibly automated) notifications in the context of our contractual services. Personal data provided to us by e-mail or via another communication channel opened by us will only be processed for correspondence with the data subject or only for the purpose for which the data was provided to us. This may involve the following data: Name, first name, address, if applicable company, if applicable IP address and if applicable date and time of sending.

 

The processing of this data is based on Art. 6 (1) lit. b DSGVO if the communication is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on consent (Art. 6 (1) (a) DSGVO) if this has been obtained in this regard. You can revoke your consent at any time with effect for the future. You can declare the revocation by making the appropriate setting in the consent management tool used, if applicable, or by e-mail. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.7 E-mail newsletter/advertising

If you would like to receive an e-mail subscription offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive e-mail notifications. If you do not declare your consent as a logged-in user, but via a publicly accessible form, we will send you an e-mail with a confirmation link to the specified e-mail address after your entry (double-opt-in). If you do not confirm your registration, your information will be blocked and automatically deleted after one month.

 

The only mandatory data for concluding such a subscription is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. We do not collect any other data in this context. We use this data exclusively for sending the requested e-mail notifications. Insofar as we use an order processor to send e-mails, we will of course comply with the applicable data protection laws.

 

The data processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You can revoke your consent to the sending of e-mail notifications at any time and unsubscribe from the respective subscription. You can declare the revocation by clicking on the link provided in each e-mail or by sending a message to us using the contact details listed under point 1. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.8 Data transmission to or processing by third parties

Users of our services may be given the opportunity to transfer data to third parties. This can take place within the framework of the fulfillment of a contract, for example in the case of a consultation request, or on the basis of consent. For this purpose, it may be necessary to actively select whether personal data should be transmitted to the respective third party.

 

If, for example, you submit a consulting request via one of our websites, we transmit the data you provide to our relevant cooperation partners, who are named in the context of the transmission or in advance as part of the conclusion of the contract. The respective company is solely responsible for this data, the content of the data provided or generated and/or processed by the respective cooperation partner. If you have any questions regarding the handling of your data by or at this company, in particular also in the case of inquiries regarding data protection law, please contact the respective company and take note of the data protection information of the respective company.

 

Third parties may use your data for subsequent contact and thus for the purposes stated in the context of your order or your consent, e.g. for the purpose of consultation or for (pre)contractual measures. The third party may then act as its own controller for the further processing of the data thus transmitted. Users must therefore contact the respective third party directly in order to assert their so-called data subject rights (see below on data subject rights), etc.

 

Insofar as the processing of the above data is carried out for the initiation or implementation of a contractual relationship, the legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO. Otherwise, the data processing is based on consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. Consent given can be revoked at any time with effect for the future. For this purpose, an informal communication to us and/or, if applicable, to the respective third party is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.9 Cookies

We use so-called cookies on some of our websites/apps in order to offer website-specific services.

 

Cookies are small text files that are stored on the user's terminal device and may contain data about the respective user in order to enable access to various functions, among other things. Cookies are stored on the end device used in each case and may be read by us from here. Consequently, you have control over the use of cookies. By changing the settings, you may be able to deactivate or restrict the transmission of cookies and, for example, reject cookies from third parties or cookies in general. However, if you disable cookies for our services, you may not be able to use the offered functions or services or not to the full extent.

 

We use necessary cookies, which are required to enable the provision of the services owed by us or to ensure the functionality of our services. The legal basis for setting these cookies is Section 25 (2) No. 2 TTDSG. The processing of personal data possibly carried out in this context is then based on Art. 6 para. 1 p. 1 lit. b DSGVO, which permits the processing of data for the performance of a contract or pre-contractual measures, or according to Art. 6 para. 1 p. 1 lit. f DSGVO, which permits data processing to safeguard the legitimate interests of the controller, unless the interests or the fundamental rights and freedoms of the data subject outweigh the interest of the controller in the data processing. Our interest then lies in ensuring the provision of the functions of our services.

 

For the use of other, non-required cookies, we may obtain your consent. The setting of cookies is then based on your consent in accordance with §25 para. 1 TTDSG, any processing of personal data carried out in this context in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO. You may revoke your consent at any time. The legality of the data processing already carried out on the basis of your consent remains unaffected by the revocation.

 

2.10 Trustpilot

If you allow us to ask you to rate our financing advice, we will send you an e-mail at a later date. In this email you will find a link to the corresponding page at one of our partners, ausgezeichnet.org or trustpilot.com. You are not obligated to provide a rating and can also revoke your consent at any time.

 

The legal basis for the processing is Art. 6 para. 1 a) DSGVO. We delete the data that we require as proof that you have consented to the sending of the e-mail after the expiry of the limitation period for corresponding obligations to provide proof. In the event of a revocation, we delete your consent and the related personal data immediately.

 

2.11 Google Analytics

On some of our web pages, Google Analytics may be used, integrated via the Google Tag Manager, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"), provided that you have consented to this data processing. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

 

When you visit our website, we may assign you a so-called client ID. This client ID is reassigned for each browser you use if the corresponding cookie is not already stored in it. If you have a user account on our website, we will also assign you a user ID and, with your consent, link this to the client ID(s). Unlike the user ID, we are thus unable to specifically assign the client IDs to persons without a user account. The IDs are stored by means of a cookie with the name _ga. This cookie has a lifetime of 2 years. When you visit our website with the browser, this cookie is read by us in order to read the ID(s) and restart the cookie's lifetime. As soon as you log in to our website, we can assign your until then pseudonymous client IDs to your unique user ID, even if the usage takes place in different browsers.

Using your pseudonymous client ID or - if available - your personal user ID, we then create personalized statistics with your consent on how you use our website. We use the following data for this purpose:

  • technical information about the browser and terminal device used (e.g. language setting, screen resolution)
  • via which website/ via which advertising medium they have come to our website
  • whether you take certain actions on our website, so-called conversions, such as requesting a financing offer or opening a customer account
  • Your use of our website (which links are clicked on, how long do you stay on a certain page, from which website do you leave our offer)

 

The evaluations created in this way enable us to understand how you use our website and which advertising measures have what success. This allows us to optimize our website (in particular its structure, content, functions) and advertising measures and thus our business success.

 

The personal reference of the data is stored for 14 months after your last use of our website. The deletion of data whose storage period has been reached takes place automatically once a month.

 

However, since IP anonymization is activated on our website in the event that Google Analytics is used, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.

 

For more information on terms of use and data protection, please visit http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/. We would like to point out once again that the code "anonymizeIp" has been added to Google Analytics on this website to ensure anonymized collection of IP addresses (so-called IP masking).

 

Important in connection with data processing in the USA: According to the European Court of Justice, the data protection standard in the USA is insufficient and there is a risk that your data will be processed by US authorities, for control and monitoring purposes and possibly without any legal remedy.

 

The data processing explained above may be based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with Art. 49 para. 1 p. 1 lit. a DSGVO. Art. 49 para. 1 p. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. You can declare the revocation by making the appropriate setting in the consent management tool used, if applicable. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.12 Matomo 

We may use the web analytics service Matomo to analyze the use and optimize our website. When used, Matomo creates an internal hash value for each visitor to the respective website, which is calculated from various factors such as the anonymized IP address, the resolution, the browser, the plugins used and the operating system. Unlike other statistical programs, Matomo does not transmit any data to a third-party server. The IP address transmitted by the browser via Matomo is neither merged with other data collected by us nor passed on to third parties and is only stored anonymously. Within the scope of our web analysis with Matomo, no tracking cookies are set on the computer. If individual pages of our website are called up, the following data are processed: two bytes of the IP address of the calling system (anonymous), browser type and version, operating system used, the website called up, the website from which our website is visited (referrer URL) - unless the browser prohibits this, the pages and files called up on our website, if applicable. the website visited after ours (when clicking on an external link on our website), the date and time of access, the time spent on the website, the frequency with which the website is accessed, the location (country).

 

The use of Matomo described above is based on Art. 6 (1) p. 1 lit. f DSGVO. We have a legitimate interest in analyzing user behavior in order to optimize our website and identify errors.

 

2.13 GoogleMaps

On some of our websites, we may use the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

You can find more information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

Important in connection with data processing in the USA: According to the European Court of Justice, the data protection standard in the USA is insufficient and there is a risk that your data will be processed by US authorities, for control and monitoring purposes and possibly without any legal remedy.

 

The data processing is then based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with. Art. 49 para. 1. p. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. [If applicable: You can declare the revocation by setting it accordingly in our Consent Management Tool or by].  For this purpose, an informal communication to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.14 Google Ads

On some of our web pages, we may use Google Remarketing Tags. If you have consented to this data processing. These are services provided by Google, which use cookies that are stored on your computer and allow an analysis of your use of the website. The information collected by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States, as explained in the preceding paragraph. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Third-party providers, including Google, place ads on websites on the Internet. Third-party vendors, including Google, use stored cookies to serve ads based on a user's previous visits to this website. Google will not associate your IP address with any other data held by Google. You can object to the collection and storage of data at any time with effect for the future. You can deactivate the use of cookies by Google by visiting the Google advertising deactivation page. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can object to the collection and storage of data at any time with effect for the future. You can find further information on Google's provisions here.

 

As an alternative to the browser plugin or within browsers on mobile devices, please click on the following link,  to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Disable Google Analytics 

 

For more information on terms of use and data privacy, please visit http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.

 

Important in connection with data processing in the USA: According to the European Court of Justice, the data protection standard in the USA is insufficient and there is a risk that your data will be processed by US authorities, for control and monitoring purposes and possibly without any legal remedy.

 

The storage of Google cookies and the evaluation for statistical purposes is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with. Art. 49 para. 1. p. 1 lit. a DSGVO. You can revoke your consent at any time. [If applicable: You can revoke by setting the appropriate settings in our Consent Management Tool or by].  You can declare the revocation by clicking on the aforementioned opt-out link, or by sending a message to the contact details mentioned in section 1 (e.g. e-mail, fax, letter). The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.15 Microsoft Advertising/Bing Ads

On some of our web pages, we use Microsoft Advertising, formerly Bing Ads, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"), for website analysis. Provided that you have consented to this data processing. In the process, Microsoft sets a cookie on your terminal device if you have accessed our website via a Microsoft advertisement. In this way, Microsoft and we can recognize that someone has clicked on one of our ads and has been redirected to one of our previously defined target websites. In addition, Microsoft may be able to track usage patterns across multiple electronic devices through so-called cross-device tracking and thereby display personalized advertising on Microsoft websites and in Microsoft apps. In each case, we only learn the total number of users who clicked on a Bing Ads ad and were then redirected to the relevant target website. Microsoft collects, processes and uses information via the cookie set, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are used to display advertisements. According to Microsoft, no personal information about the identity of the user is processed.

 

When visiting our website, you can prevent the collection of your data by Microsoft as explained above at any time by deactivating the setting of the cookie required for this via your Internet browser under user settings. You can also prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by declaring your revocation under the following link http://choice.microsoft.com/de-DE/opt-out.

 

Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website https://privacy.microsoft.com/de-de/privacystatement and at https://about.ads.microsoft.com/de-de/ressourcen/Richtlinien/richtlinien-zur-datensicherheit-und-datnschutzerklaerung.

 

Important in connection with data processing in the USA: According to the European Court of Justice, the data protection standard in the USA is insufficient and there is a risk that your data will be processed by US authorities, for control and monitoring purposes and possibly without any legal remedy.

 

The storage of Microsoft cookies and the evaluation for statistical purposes are based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with. Art. 49 para. 1. p. 1 lit. a DSGVO. You can revoke your consent at any time. [If applicable: You can declare the revocation by corresponding setting in our Consent Management Tool or by].  You can declare the revocation by clicking on the aforementioned opt-out link, or by sending a message to the contact details mentioned under point 1 (e.g. e-mail, fax, letter). The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.16 Data processing in the context of our Facebook company page & Facebook Pixel

We operate a company page (fan page) on the social network facebook.com ("Facebook") of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We are jointly responsible with Facebook for the operation of the Facebook fan page within the meaning of Art. 26 DSGVO. The joint responsibility agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.

 

For the nature and extent of the information you provide to Facebook, the related purposes of Facebook's data processing, the lawfulness of such processing, and information on how to exercise your rights, please see the Data Policy, as well as other information provided by Facebook regarding the processing of "Insights Data." https://de-de.facebook.com/policy.php

 

Facebook provides us with so-called page insights for our site. Page insights (https://www.facebook.com/business/a/page/page-insights) are summarized data that allow us to learn how people interact with our site. The generation and provision of these page insights is the responsibility of Facebook, we have no influence on it. This also applies to the data processing, which is carried out exclusively for Facebook's purposes. Facebook also assumes all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).

 

The purpose of our data processing of the data provided by Facebook is the statistical evaluation of the use of our fan page. This enables us to determine, for example, preferred times of visits and posts by our users and to use this data to optimize our posts and our fan page. In addition, we process personal data made publicly available by you on Facebook (e.g., clear names in the user profile) as well as data directly related to activities on our Fanpage (e.g., contributions, posts, likes, marks), also for the purpose of communicating with you.

 

We also use Facebook Pixel for conversion measurement. This allows us to track the behavior of visitors to our online activities when they have been redirected to our offers by clicking on a Facebook ad. In this way, we can evaluate the effectiveness of our Facebook ads for statistical and market research purposes and optimize future advertising measures. The data collected in this way is anonymous for us and we cannot draw any conclusions about the identity of the users recorded in this way, if applicable. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as page operator. You can deactivate the "Custom Audiences" remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

 

The basis for data processing is Art. 6 (1) p. 1 lit. b DSGVO, which permits the processing of data for the performance of a contract or pre-contractual measures, insofar as the data is processed in accordance with the Facebook Terms of Use, otherwise, insofar as there is a data protection responsibility on our part, Art. 6 (1) p. 1 lit. f DSGVO, which permits the processing of data for the protection of the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject are not overridden. Our interest lies in providing content and communicating with Facebook users and improving the reach and effectiveness of our posts.

 

Please assert your rights to information, correction, deletion, restriction of processing and data portability of your stored Insights data against Facebook, as Facebook has assumed the corresponding obligations:

 

Meta Platforms Ireland Limited

4 Grand Canal Square

Dublin 2, Ireland

Privacy policy: https://www.facebook.com/about/privacy/

 

2.17 Data processing with Hubspot

We use the software HubSpot of the software company of the same name from the USA with the following branch office in Ireland: HubSpot, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland (hereinafter referred to as "Hubspot"). HubSpot is a software solution for the control and realization of digital inbound marketing and for the management of customer relationships (so-called CRM (Customer Relationship Management)). When you give your consent, Hubspot sets a cookie (see above) via your browser. In particular, this enables the identification and processing of your previous and subsequent website visits. For more information on cookies and how they work in general, please refer to section 2.8 of this privacy policy. For more information, please refer to the Terms of Use and Privacy Policy of HubSpot Inc. at http://www.hubspot.com/terms-of-service and at http://www.hubspot.com/privacy-policy. For more information on how HubSpot's specific tracking cookies work, please visit https://knowledge.hubspot.com/de/account/how-does-hubspot-track-visitors.

 

We may also use the services of HubSpot to contact visitors to our website and to determine which of our company's services are of interest to them. We use all the information we collect exclusively to optimize our marketing. With the help of HubSpot, we may send automated e-mail notifications to registered users, such as welcome messages, but also - if consent has been granted - newsletters about services and/or current promotions of our company. For this purpose, the following data may be processed if and to the extent specified: First name, last name, e-mail address, telephone number. The information is stored on HubSpot servers in the USA, among other places. As a processor of our company, HubSpot is contractually obligated to comply with the standards of the European Commission on data protection in the interest of a secure and data protection-compliant handling of your sensitive data. This is ensured through the use of so-called standard contractual clauses. You can find the exact regulations at https://legal.hubspot.com/dpa.

 

Important in connection with data processing in the USA: According to the European Court of Justice, the data protection standard in the USA is inadequate and there is a risk that your data will be processed by US authorities, for control and monitoring purposes and possibly without any legal remedy. However, the standard contractual clauses of the EU Commission used in this case, as described above, are now intended to guarantee a European level of data protection.

 

The processing of personal data is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with. Art. 49 para. 1. p. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. The legality of the data processing already carried out remains unaffected by the revocation. Insofar as the processing of the above data is carried out for the initiation or implementation of a contractual relationship, the legal basis is Art. 6 para. 1 p. 1 lit. b DSGVO.

 

2.18 Log files

Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The data records stored in this process contain the following data: Browser type and browser version, operating system used, referrer URL, time of server request, shortened IP address.

 

This data cannot be assigned to specific persons. A combination of this data with other data sources is not made. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.

 

The basis for data processing is Art. 6 (1) p. 1 lit. f DSGVO, which permits the processing of data to protect the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject are not overridden.

 

2.19 Data processing for the protection of legitimate interests

We also process your data if it is necessary to protect the legitimate interests of us or of third parties. This may be the case in particular to ensure IT security and IT operations, especially in the case of support requests, to be able to trace and prove facts in the event of legal disputes or, among other things, to statistically evaluate usage.

 

The basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate interest in the data processing listed above.

 

2.20 Data processing for advertising purposes

In the case of the use of your data for advertising purposes for services or products of us and/or, if applicable, our cooperation partners, we may obtain your consent or we may advertise for you because we already have a contractual relationship with you and you receive this information from us as a so-called existing customer.

 

If you, as an existing customer, do not wish to receive any further information about our services, a message to us is sufficient to discontinue this type of information. Otherwise, the data processing is based on your consent (Art. 6 para. 1 p. 1 lit. a DSGVO). You can revoke your consent at any time with effect for the future. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.21 Data processing for market and opinion research

We may also use your data for market and opinion research. Of course, we use this exclusively anonymized for statistical purposes and only for our company. Your answers to surveys will not be passed on to third parties or published.

 

The basis for data processing is Art. 6 (1) p. 1 lit. f DSGVO, which permits the processing of data to protect the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject are not overridden.

 

2.22 Other data processing based on your consent

It may also happen that we request your consent for the processing of personal data. Any granting of consent and the relevant data processing is done on a voluntary basis and in case of non-consent you will not suffer any disadvantages.

 

The data processing is then based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. An informal communication to us is sufficient for this purpose. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.23 Data processing for compliance with legal obligations

In addition, we process your data to fulfill legal obligations (e.g. regulatory requirements, commercial and tax law retention and verification obligations).

 

The basis for the data processing is Art. 6 para. 1 p. 1 lit. c DSGVO, which permits the processing for the fulfillment of a legal obligation.

 

2.24 Data processing for applications

You can send us applications for positions in our company via our websites and the contact details we have stored there. Insofar as personal data is transmitted to us in this way or in any other way when you apply, we will process your data for the purpose of reviewing, processing and responding to your application and, if necessary, for preparing the employment relationship.

 

The basis for the data processing is either Art. 88 para. 1 DSGVO, § 26 para. 1 BDSG (new) which allows the processing of data for the decision on the establishment, for the establishment as well as for the implementation of employment relationships or - if you have given your consent - Art. 6 para. 1 p. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

2.25 Data transfers to third countries

For various services that are used on our website with your consent or process data by means of them (e.g. for advertising purposes), you will find the warning in this privacy notice that data transfer to third countries may occur.

 

What does this hint mean?

 

In the event of a data transfer to a third country, your personal data will leave the local scope of the GDPR. In individual cases, a level of data protection may apply in the third country that does not meet the requirements of the GDPR. For some states, e.g. Switzerland, there is a so-called adequacy decision. In these states, in the opinion of the EU Commission, the level of data protection law meets the requirements of the GDPR. They are therefore considered safe for data protection purposes. For other countries, in particular the USA, there is no such decision, as in these countries there is no level of protection for your personal data that corresponds to that of the GDPR. In the case of a data transfer to a third country, it may therefore be that your personal data is transferred to a country for which there is no level of data protection that is compatible with the GDPR.

 

What does this mean for your personal data?

 

In the context of an economy based on the division of labor, many companies use service providers to process personal data. In other cases, large companies, such as Google, Amazon, Facebook or Apple, have numerous different companies in different countries that do not each perform data processing on their own. Rather, these use group-wide IT services, so that, for example, a company in Ireland uses services of the parent company in the USA. For this purpose, either personal data is transferred to the USA or the parent company in the USA has access to the data in the EU.

 

By concluding so-called standard contractual clauses, the GDPR allows to agree that the contractual partner, e.g. the parent company in the USA, must comply with the requirements of the GDPR for the corresponding data processing, even if these would otherwise not apply to the contractual partner. This is intended to contractually create a level of data protection that corresponds to that of the GDPR so that the data subjects are not placed in a worse position than if their personal data were processed in the EU.

 

However, contracts bind only the parties to them, and not third parties such as government agencies. Therefore, in one country, such as the U.S., government agencies may have the right to access personal data of EU citizens, even if it violates their rights. These accesses can be very broad and all relate to all your data that is processed there. They can take place without a judge or similar having to order them. They can be secret, so that you do not know about these accesses. And they may be such that you have no way to defend yourself against access and any use of your data, especially in a court of law. Furthermore, the data subject rights to which you are entitled under the GDPR (e.g., information, deletion) may also not exist or may not be enforced. The data processed in this way may also be combined with other data concerning you from other sources, for example, to create a profile about you.

 

This possible use of your data could, but does not have to, be associated with disadvantages for you. Since government agencies in third countries in particular are not subject to EU or German law, it is not possible to specify exactly what disadvantages these may be. Disadvantages can therefore be of any nature, e.g. economic or political. For example, it could be that you are denied entry into a country, but it could also be that this data is used against you in foreign criminal proceedings. The disadvantages can therefore be very serious in individual cases

 

How high are my risks?

 

We cannot give a general answer as to how high the risks described are in individual cases. We can only point out that the decisive question is which service, and thus which company, has access to data relating to you in connection with your use of our website. Furthermore, it is decisive which personal data is affected by this. On our website, it is - in our opinion - only a possible processing of personal data in third countries, in connection with advertising services such as Google, Microsoft or Facebook. This will be data about which website you visited and when, how long you stayed on it, from where the access took place approximately, which end device or software (browser, app) was used for this, which interactions they have made on the website, if this is transmitted to the operator of the service (e.g. the purchase of a product after clicking on an advertisement. Please read the information provided with the respective services) and, if applicable, other data that the respective operator processes. For this, we refer you to the respective data protection information of the services. The links to these can be found in these data protection notices in the explanation of the respective service.

 

You must weigh up for yourself whether granting consent and a possible transfer to a third country could create a situation for you that you do not want to live with. In this case, please do not give your consent to the use of these services.

 

You will not suffer any disadvantages if you do not give the consent

 

If you do not want to give your consent to the use of certain or all services or storage of cookies, this has no disadvantages for you on our website. All our offers are available to our customers under the same conditions, regardless of whether they give consent or not. Of course, you can also revoke your consent at any time with effect for the future.

 

  1. recipients of the personal data

Your personal data will only be passed on to third parties or otherwise transferred if this is necessary for the purpose of contract processing or billing or if you have previously consented or if there is a legal basis for the transfer.

 

Insofar as we use the services of third parties for the implementation and handling of processing operations, the provisions of the GDPR are complied with. Service providers that support us in the provision of our services to you include hosting providers, email service providers, payment providers.

 

  1. duration of data storage

In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. For example, we store your data on the basis of statutory obligations to provide proof and to retain data, which result, among other things, from the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). The storage periods are then up to ten full years. In addition, we retain your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years). Insofar as we process the data for the purpose of fulfilling a contract, we store it at least as long as the respective contract exists and thereafter until no resulting claims can be asserted against us. Even after this period has expired, it may be that we now continue to process the data stored until then on the basis of contract performance on the basis of a legitimate interest by way of a change of purpose. We store the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the balancing of interests reaches a different result or an effective objection to the respective data processing has been filed and we otherwise have no other authorization to continue this respective data processing.

 

  1. data security

Your personal data is transferred securely by us through encryption. We use the SSL (Secure Socket Layer) coding system for this. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.

 

  1. data subject rights

Within the scope of the applicable legal provisions, you have the right at any time to free information about your personal data stored by us, its origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time using the contact details given in section 1. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, common and machine-readable format.

 

If you have given us consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. Unless we can demonstrate compelling legitimate grounds for further processing that override your interests, rights and freedoms, or if we process the relevant data from you for the purpose of direct marketing, we will then no longer process your data (Art. 21 DSGVO).

 

In addition, you have the option of contacting a data protection supervisory authority (right of complaint).