Legal Notice &
Privacy Policy

This Privacy Policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data” for short) within the context of our website and the associated websites, features and content, as well as external online presences, such as our social media profile (hereinafter collectively referred to as the “Website”), and databases and storage media of Green Finance Group AG and its subsidiaries. With regard to the terms used, such as “processing” or “data controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Joint data controllers (Art. 26 GDPR)
Green Finance Group AG
Fürst-Franz-Josef-Straße 68
LI-9490 Vaduz

Types of data processed:
– User data (e.g., names, addresses).
– Contact data (e.g., email addresses, phone numbers).
– Content data (e.g., text input, photographs, videos).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
– Material circumstances (e.g., income, capital assets, property)

Categories of data subjects
Visitors and users of the Website, parties interested in products from product partners, and investors in financial market products of the Green Finance Group companies.

Purpose of the processing
The purposes of the processing primarily include the provision of the services offered by the Green Finance Group companies, for example, at https://greenfinance24.com. They offer the following services:
– Management, administrative and advisory services.
– Trade in goods of all kinds (e.g., renewable energy components).
– Rental of moveable property and real estate.
– Property development.
Other purposes of the data processing include:
– Provision of the Website, its features and contents.
– Responding to contact requests and communicating with users.
– Security measures.
– Reach measurement/marketing
– Initiation and conclusion of contracts

Terms used
“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is regarded as identifiable if he or she can be directly or indirectly identified, especially by means of association with an identifier, such as a name, with an identification number, with location data, with an online identifier (e.g., a cookie) or with one or several special features reflecting the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
“Processing” means any operation carried out with or without the aid of automated procedures or any such series of operations in connection with personal data. The term is broad and covers virtually every aspect of dealing with data.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data is not attributed to an identified or an identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
“Data controller” refers to the natural or legal person, public authority, agency, or any other body that alone or jointly with others determines the purposes and means of the processing of personal data.
A “processor ” is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.

Applicable legal bases
In accordance with Article 13 GDPR, we are informing you of the legal basis of our data processing. The legal basis for the processing of the data is constituted by the business licences of the Green Finance Group companies, insofar as automatic data processing is required for the exercise of the trade in question. If the legal basis is not mentioned in this Privacy Policy, the following applies: the legal basis for obtaining consent is Art. 6 para. 1 a) and Art. 7 GDPR, the legal basis for processing for the fulfilment of our services and the execution of contractual measures as well as for replying to enquiries is Art. 6 para. 1 b) GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 d) GDPR serves as the legal basis.

Security measures
In accordance with Art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account current technology, implementation costs, the nature, scope, context and purposes of processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as the associated general access, input, transmission and security of availability, and its separation. We have also established procedures which guarantee the exercise of the rights of data subjects, the deletion of data, and a response to risks concerning the data. In addition, we take the protection of personal data into account as early as when developing or selecting hardware, software and procedures, in accordance with the principle of data protection, through the design of the technology and data-protection-friendly default settings (Art. 25 GDPR).

Cooperation with data processors and third parties
If we disclose data to other persons and companies (data processors or third parties) within the scope of our processing, transmit the data to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g., if transmission of the data to third parties, such as payment service providers, is necessary to fulfil a contract in accordance with Art. 6 para. 1 b) GDPR), if you have given your consent, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
f we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

Transmission to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of the use of third-party services or data disclosure or transfer to third parties, this will only take place to fulfil our (pre)contractual obligations, based on your consent, based on a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the particular requirements of Art. 44 ff. of the GDPR are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level equivalent to that of the EU (e.g., by means of the “Privacy Shield” for the USA) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of the data subjects
You have the right to request confirmation as to whether data concerning you are processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand the restriction of processing of the data in accordance with Art. 18 GDPR.
You have the right to request to receive the data concerning you that you have provided to us, in accordance with Art. 20 GDPR, and to request its transmission to other data controllers.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the responsible supervisory authority.

Right of revocation
You have the right to revoke your consent to the processing of personal data, with effect for the future, pursuant to Art. 7 para. 3 GDPR.

Right to object
You can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. In particular, you can object to processing for the purposes of direct advertising.
Cookies and right of objection to direct advertising
Cookies are small files stored on users’ computers. A variety of data can be stored within cookies. A cookie serves primarily to save the data of a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, as well as “session cookies” or “transient cookies”, are cookies which are deleted after a user leaves an online offering and closes their browser. For example, the content of a shopping cart in an online shop or a login status can be stored in a cookie of this kind. Cookies are referred to as “permanent” or “persistent” if they remain stored even after the browser has been closed. For example, this allows the login status to be saved if users visit the site again after several days. Likewise, users’ interests may be stored in a cookie of this nature and used for measuring reach or for marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the data controller who operates the website (otherwise, if there are only cookies from the data controller, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and clarify this within the framework of our Privacy Policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Cookies which are already stored can be deleted in the system settings of the browser. Excluding cookies can lead to functional restrictions of this Website.
A general objection to the use of cookies deployed for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site https://www.aboutads.info/choices/ or the EU site https://www.youronlinechoices.com/. In addition, the storage of cookies can be disabled in your browser settings. Please note that this may result in you not being able to use all the features on this Website.
Consent to the use of cookies and transmission to the USA
There are different types of cookies. Those that ensure the functionality and services of our Website, and those that are not strictly necessary. However, before the latter type of cookies is used, your unambiguous consent will be obtained. These involve, for example, cookies from companies that transfer data to third countries (e.g., Google Ireland Ltd. through its processor Google LLC – transfer of data to the USA). If you agree to the use of these cookies, you also consent to the transfer of your data to third countries (Art. 49 para. 1 a) GDPR).
There is no adequacy decision from the EU Commission for the USA. We cannot guarantee that the data will be further processed in the USA in accordance with data protection regulations in force in Austria. Accordingly, risks may arise for you in this regard because you cannot enforce your rights as a data subject, transmitted data may not be able to be deleted or may be further processed for any purpose, and there may be disproportionate accessing of your data by public authorities.
Nevertheless, we strive to use additional measures to increase the level of data protection when transferring data to the USA. When using Google Analytics, these include the following measures, for example:

• Data is not shared for benchmarking or product development purposes
• IP addresses are anonymised (the last digits are replaced by zeros)
• Part of the user agreement with Google Ireland Ltd. is a contract for data processing as well as technical, organisational and contractual measures on the part of Google Ireland Ltd.

More detailed information can be found directly on the Google website.
Erasure of data
The data processed by us shall be erased, or their processing restricted, in accordance with Art. 17 and Art. 18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us shall be erased as soon as it is no longer required for its intended purpose and the erasure does not conflict with any statutory storage obligations. If the data is not erased because it is required for other legally permissible purposes, the processing of the data will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies, for example, to data which must be retained for commercial or tax reasons.
In particular, pursuant to legal requirements in Austria, storage lasts for 7 years in accordance with § 132 para. 1 BAO (Austrian Federal Tax Code: accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenditure, etc.), for 22 years in connection with properties, and for 10 years for documents in connection with electronically provided services and telecommunications, radio and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.
Business-related processing
In addition, we process
– contractual data (e.g., the subject matter of the contract, its term, customer category).
– Payment data (e.g., bank details, payment history) of our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
Brokerage services
We process the data of our customers, clients and interested parties (uniformly referred to as “customers”) in accordance with Art. 6 para. 1 b.) GDPR in order to provide them with our contractual or pre-contractual services. The data processed here and the nature, scope and purpose and necessity of its processing, are determined by the underlying contract. This basically includes the portfolio and master data of the customers (name, address, etc.), as well as the contact data (email address, telephone, etc.), the contractual data (content of the order, premiums, terms, information on the brokered companies/insurers/benefits) and payment data (commissions, payment history, etc.). Furthermore, we can process the information on the characteristics and circumstances of persons, or items belonging to them, if this is part of the subject of our order. These can include, for example, information on personal living conditions or mobile or immovable property.
Within the scope of our assignment, it may also be necessary for us to collect special categories of data in accordance with Art. 9 para. 1 GDPR, in particular, information on a person’s health. For this purpose, we will obtain the express consent of the customer if necessary and in accordance with Art. 6 para. 1 a), Art. 7, and Art. 9 para. 2 a) GDPR DSGVO.
To the extent required by law or for the fulfilment of the contract, we disclose or transmit the customer’s data to providers of the brokered services/properties, insurers, re-insurers, broker pools, technical service providers and other service providers, such as cooperating associations, as well as financial service providers, credit institutions and investment companies, social insurance providers, tax authorities, tax consultants, legal advisers, auditors and insurance ombudsmen within the scope of coverage requests and the conclusion and processing of contracts. Furthermore, we can commission subcontractors, such as sub-brokers. We obtain the customer’s consent if this is required for disclosure/transmission (e.g., as can be the case in the event of special categories of data in accordance with Art. 9 GDPR).
The data will be erased after the expiry of the statutory warranty and comparable obligations, whereby the necessity of storing the data is checked every three years; in all other respects, the statutory storage obligations apply.
In the case of statutory archiving obligations, deletion shall take place after their expiry. According to German law, the mandatory retention periods in the insurance and financial sector, in particular, are 5 years for minutes of consultations, 7 years for brokers’ notes and 5 years for brokerage contracts, as well as, in general, 6 years for documents that are relevant under commercial law and 10 years for documents that are relevant under tax law.
Contractual services
We process the data of our contractual partners and interested parties as well as other principals, customers, clients, patrons or contractual partners (uniformly referred to as “contractual partners”) in accordance with Art. 6 para. 1 b.) GDPR in order to provide them with our contractual or pre-contractual services. The data processed here and the nature, scope and purpose, as well as the necessity of its processing, are determined by the underlying contractual relationship.
The data processed includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and telephone numbers) as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).
We do not process special categories of personal data unless they are part of commissioned or contractual processing.
We process data which is necessary to justify and fulfil the contractual services and we point out the necessity of its disclosure, unless this is evident for the contractual partners. It is only disclosed to external persons or companies if this is required within the framework of a contract. When processing the data provided to us within the framework of an order, we act in accordance with the instructions of the client as well as with the legal requirements.
When our online services are used, we may store the IP address and the time of the action in question taken by the user. The data is stored on the basis of our legitimate interests as well as the user’s interests in protection against misuse and other unauthorised use. In principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims according to Art. 6 para. 1 f.) GDPR or there is a legal obligation to do so in accordance with Art. 6 para. 1 c) GDPR.
The data will be deleted if the data is no longer required for the fulfilment of contractual or statutory duties of care or for the handling of any warranty or comparable obligations, whereby the necessity of storing the data is checked every three years; in all other respects, the statutory storage obligations apply.
Administration, financial accounting, office organisation, contact management
We process data within the framework of administrative tasks as well as the organisation of our company, financial accounting and compliance with legal obligations, e.g., archiving. We process the same data in this regard that we process in the course of providing our contractual services. The bases for the processing are Art. 6 para. 1 GDPR and Art. 6 para. 1 f) GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose of and our interest in the processing lies in administration, financial accounting, office organisation and archiving of data, that is to say, tasks which serve the maintenance of our business activities, the performance of our tasks and the provision of our services. The erasure of data with respect to contractual services and contractual communication corresponds to the information specified in these processing activities.
In this regard, we disclose or transmit data to tax authorities, consultants, such as tax consultants or auditors, and other fee collection offices and payment service providers.
Furthermore, we store information regarding suppliers, event organisers and other business partners on the basis of our business interests, e.g., for the purpose of making contact at a later date. In principle, we store this data, which is mainly company-related, permanently.
Business analyses and market research
In order to operate our business economically, to be able to recognise market tendencies, wishes of the contracting parties and users, we analyse the data available to us on business transactions, contracts, enquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, and metadata on the basis of Art. 6 para. 1 f) GDPR, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our Website.
The analyses are carried out for the purpose of business evaluations, marketing and market research. We can include the profiles of registered users with information on, e.g., the services they have used. The analyses help us to improve user-friendliness and to optimise our offer and our competitiveness. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised values.
If these analyses or profiles are personal, they will be deleted or made anonymous upon user termination, otherwise after two years from the conclusion of the contract. Macroeconomic analyses and general determinations of trends are also prepared anonymously wherever possible.
Information on data protection in the application process
We process the applicant’s data only for the purpose and in the context of the application procedure in accordance with the legal requirements. The processing of the applicant’s data takes place in order to fulfil our (pre)contractual obligations in the context of the application procedure within the meaning of Art. 6 para. 1 1 b) GDPR and Art. 6 para. 1 f) GDPR, provided data processing becomes necessary for us, e.g., within the framework of legal procedures (in Germany, § 26 of the Federal Data Protection Act applies in addition).
The application procedure requires that applicants provide us with their data. Insofar as we offer an online form, the necessary applicant data can be found in the job descriptions and basically include information on the person, their postal and contact addresses, and the documents associated with the application, such as a cover letter, curriculum vitae, references and certificates. In addition, applicants may voluntarily provide us with additional information.
By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the nature and scope set out in this Privacy Policy.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are provided as part of the application procedure, they shall also be processed in accordance with Art. 9 para. 2 b) GDPR (e.g., health data, such as, e.g., about the status of a severe disability, or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 1 GDPR are requested from applicants during the application procedure, this is additionally processed in accordance with Art. 9 para. 2 (a) GDPR (e.g. health data, if these are necessary for exercising the profession).
If available, applicants can send us their applications on our website using an online form. The data is encrypted and transmitted to us in line with state-of-the-art technology.
Applicants can also send us their applications via email. Please note, however, that emails are generally not sent in an encrypted form and that the applicants themselves must ensure that they are encrypted. We, therefore, cannot accept any responsibility for the transmission of the application between the sender and its receipt on our server and therefore recommend that an online form or post is used instead. For, instead of applying via the online form and email, applicants also have the option to send us their application by post.
If the application is successful, the data provided by the applicants may be further processed by us for the purpose of employment. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if they withdraw their application, which they are entitled to do at any time.
The deletion will take place after a period of six months, reserving the justified withdrawal by the applicant, so that we can answer any follow-up questions regarding the application and meet our obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax regulations.
Talent pool
Within the scope of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of two years on the basis of their consent within the meaning of Art. 6, para. 1 b) and Art. 7 GDPR.
The application documents in the talent pool are processed exclusively within the scope of future job advertisements and the search for employees and will be destroyed at the latest upon expiry of the above-mentioned period. The applicants are instructed that their consent to their inclusion in the talent pool is voluntary and has no influence on the current application process, and that they can revoke this consent at any time for the future and declare their objection within the meaning of Art. 21 GDPR.
Akismet anti-spam testing
Our Website uses the “Akismet” service provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. Its use is based on our legitimate interests within the meaning of Art. 6 para. 1 f) GDPR. This service distinguishes the comments of real people from spam comments. All comments are sent to a server in the USA, where they are analysed and stored for four days for comparison purposes. If a comment has been classified as spam, the data will be stored beyond that time. This information includes the name entered, the email address, the IP address, the content of the comment, the referrer, information about the browser used and the computer system, and the time of the entry.
For more information on Akismet’s collection and use of data, please refer to Automattic’s privacy policy: https://automattic.com/privacy/.
Users are welcome to use pseudonyms, or to refrain from entering their name or email address. You can completely prevent the transfer of data by not using our comment system. That would be a shame, but, unfortunately, we do not see any other alternatives that are just as effective.
Accessing profile pictures from Gravatar
We use the Gravatar service from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, within our Website and, specifically, on our blog.
Gravatar is a service that allows users to log in and store profile pictures and their email addresses. If users leave posts or comments on other online sites using the email address in question (especially on blogs), this allows their profile pictures to be displayed next to the posts or comments. For this purpose, the email address communicated by the users to Gravatar is transmitted in encrypted form in order to check whether a profile has been stored for it. This is the sole purpose of the transmission of the email address, and it will not be used for other purposes, but will be deleted thereafter.
The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 para. 1 f) GDPR, since we use Gravatar in order to offer the authors of posts or comments the possibility of personalising their contributions with a profile picture.
By displaying the images, Gravatar obtains the IP address of the users, as this is necessary for communication between a browser and an online service. For more information on Gravatar’s collection and use of the data, please refer to Automattic’s privacy policy: https://automattic.com/privacy/.
If users do not want a user picture that is linked to their email address at Gravatar to appear in the comments, they should use an email address that is not registered with Gravatar to make the comment. We also point out that it is also possible to use an anonymous email address, or no email address at all, if the users do not want their own email address to be sent to Gravatar. Users can completely prevent the transfer of data by not using our commenting system.
Retrieval of emojis and smilies
Our WordPress blog uses graphic emojis (or smilies), i.e., small graphic files that express feelings, which are obtained from external servers. In the process, the providers of the servers collect the IP addresses of the users. This is necessary so that the emoji files can be transmitted to the users’ browsers. The emoji service is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Privacy policy of Automattic: https://automattic.com/privacy/. The server domains used are s.w.org and twemoji.maxcdn.com, which, as far as we know, are so-called content delivery networks, i.e., servers that only serve for the fast and secure transmission of the files, whereby the personal data of the users is deleted after transmission.
The use of the emojis is based on our legitimate interests, i.e., an interest in an attractive design of our Website in accordance with Art. 6 para. 1 f) GDPR.
Contacting us
When contacting us (for example, by contact form, email, telephone or via social media), the user’s details are processed for the handling of the contact enquiry in accordance with Art. 6 para. 1 b) GDPR. User information can be stored in a Customer Relationship Management System (“CRM system”) or comparable ticket system.
We delete the enquiries if they are no longer necessary. We review whether they are necessary every two years; the statutory archiving obligations also apply.
Newsletter
The following notes are about our newsletter, its content and procedures regarding registration, distribution and statistical evaluation. They also explain your right to appeal. By subscribing to our newsletter, you agree to receive the newsletter and consent to the procedures outlined.
Content of the newsletter: we will only send newsletters, emails and other electronic notifications containing advertising information (hereinafter collectively referred to as “newsletters”) with the consent of the recipients or legal permission. If, during registration for the newsletter, its content is described specifically, this will form the basis on which users consent to receiving newsletters. In addition, our newsletters contain information about our products and accompanying information (e.g., safety instructions), offers, promotions and our company.
Double opt-in and logging: registration for our newsletter takes place as part of a so-called double opt-in procedure. This means that upon registration, you will receive an email requesting confirmation of your registration. Confirmation is required to ensure that no one can sign up using another person’s email address. A record of registrations to the newsletter is kept in order to record the registration process in accordance with legal requirements. This includes the storage of the time of registration and time of confirmation, as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
Subscription details: To subscribe to the newsletter, simply enter your email address. Optionally, we ask you to enter a name for the newsletter, so that we can address you personally.
The newsletters are dispatched and their performance measured on the basis of the recipients’ consent in accordance with Art. 6 para. 1 a) and Art. 7 GDPR in conjunction with § 107 para. 2 of the Telecommunications Act (TKG) or on the basis of legal permission pursuant to § 107 paras. 2 and 3 TKG.
The registration procedure is logged on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) GDPR. Our interest is based on the use of a user-friendly and secure newsletter system that serves our business interests as well as the users’ expectations and also allows us to prove consent.
Cancellation/revocation. You can cancel your subscription to our newsletter at any time by revoking your consent to receive it. You will find a link for cancelling your subscription to the newsletter at the end of each newsletter. We may store email addresses which have unsubscribed for up to three years based on our legitimate interests before we delete them so as to be able to prove previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion can be submitted at any time provided that the existence of prior consent is confirmed at the same time.
Newsletter – Newsletter2Go
The newsletter is sent by the mailing service provider Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin, Germany. You can view the privacy policy of the newsletter mailing service provider here: https://www.newsletter2go.de/datenschutz/.
The mailing service provider is used on the basis of our legitimate interests in pursuant to Art. 6 para. 1 1 f) GDPR and a data processing agreement in accordance with Art. 28 para. 3 sentence 1 GDPR. The mailing service provider may use recipients’ data in an anonymous form, i.e., without assigning it to a user, to optimise or improve its own services, for example, for the technical optimisation of delivery and presentation of the newsletter or for statistical purposes. However, the mailing service provider will not use the data of newsletter recipients either to write to recipients itself or to transmit the data to third parties.
Newsletter – Performance measurement
The newsletters contain a so-called “web-beacon”, i.e., a pixel-sized file that is retrieved from the server when opening the newsletter from our server or that of our email delivery service provider. When it is accessed, technical information, such as information concerning the browser and your system, as well as your IP address and the time of the access, are collected.
This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their access locations (which can be determined with the help of the IP address) or access times. Statistical data collection also includes an analysis of when the newsletters are opened and which links are clicked on. For technical reasons, this information can be assigned to the individual newsletter recipients. Neither we nor the mailing service provider, if involved, are interested in observing the behaviour of individual users. ather, these evaluations serve to enable us to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this Website.
In this regard, either we or our hosting provider process the inventory data, contact data, content data, contractual data, usage data, and meta and communication data of customers, interested parties and visitors of this Website based on our legitimate interests in the efficient and secure provision of this Website, in accordance with Art. 6 para. 1 f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
Collection of access data and log files
We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 f) GDPR regarding each access to the server on which this service is located (known as server log files). Access data includes the name of the requested website, the file, the date and time of access, the amount of data transferred, a report as to whether the site was successfully accessed, the browser type and version, the user’s operating system, the referrer URL (the site visited before coming to our site), the user’s IP address, and the requesting internet service provider.
Log file information is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data which must be retained as potential evidence is not deleted until the relevant incident has been conclusively clarified.
Google Analytics
Based on our legitimate interests (i.e., interests in the analysis, optimisation, and economical operation of our Website in accordance with Article 6 para. 1 f) GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the user’s use of the Website is generally transmitted to and stored on a Google server in the USA.
Google is certified under the Privacy Shield agreement, thereby offering a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
On our behalf, Google will use this information to analyse the use of our Website by users, to compile reports on activities on this Website, and to provide us with other services related to the use of this Website and the internet. Pseudonymous usage profiles of users may be created from the data processed.
We only use Google Analytics with IP anonymisation active. This means that users’ IP addresses are truncated by Google within EU member states or other countries party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.
The IP address sent by your browser will not be associated with other data held by Google. Users may prevent the use of cookies by selecting the appropriate settings in their browser; users can also prevent Google from collecting the data generated by the cookie regarding their use of the Website and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB
Further information on the use of data by Google, as well as settings and objection options, can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Users’ personal data will be deleted or anonymised after 14 months.
Google Universal Analytics
We use Google Analytics in the design as “Universal Analytics“. “Universal Analytics” refers to a process from Google Analytics in which user analysis is carried out on the basis of a pseudonymous user ID, thus creating a pseudonymous profile of the user with information from the use of different devices (so-called “cross-device tracking”).
Target group formation with Google Analytics
We also use Google Analytics to display advertisements placed by Google and its partners within advertising services only to users who have also shown an interest in our Website or who have certain characteristics (e.g. interest in certain topics or products that are determined by the websites visited) that we transmit to Google (known as “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our advertisements correspond to the potential interest of users.
Google AdWords and conversion measurement
Based on our legitimate interests (i.e., interest in the analysis, optimisation, and economical operation of our Website within the meaning of Art. 6 para. 1 f) GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield agreement, thereby offering a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the online marketing process Google “AdWords” to place ads on the Google Advertising Network (e.g., in search results, videos, on websites, etc.) in order to show them to users who have a possible interest in the ads. This allows us to display ads for and within our Website in a more targeted manner, so as to only display ads which might correspond to users’ interests. If a user is, for example, displayed ads for products in which they have shown interest on other websites, this is referred to as “remarketing”. For these purposes, when the user accesses our and other websites on which Google marketing services are active, Google directly executes a Google code, and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. These allow users’ devices to store a unique cookie, which is a small file (comparable technology may also be used instead of cookies). This file keeps a record of which websites the user visited, which contents they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, the time of the visit and further information about the use of the Website.
We also receive a unique “conversion cookie”. The information collected using this cookie is used by Google to generate conversion statistics for us. However, we only see the total number of anonymous users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not obtain any information that can be used to identify users personally.
User data is processed pseudonymously within the Google Display Network. This means that, rather than storing and processing users’ names or email addresses, for example, Google processes the relevant cookie-related data within pseudonymous user profiles. This means that, from Google’s perspective, ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google’s servers in the USA.
Further information on the use of data by Google, as well as settings and objection options, can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Facebook Pixel, Custom Audiences and Facebook conversion
Due to our legitimate interests in the analysis, optimisation and economic operation of our Website, and for these purposes, the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used within our Website.
Facebook has been certified under the Privacy Shield agreement, thereby offering a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook Pixel, Facebook is able to determine the visitors to our Website as a target group for the presentation of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to display our Facebook Ads only to Facebook users who have shown an interest in our Website or who have certain traits (e.g., interests in certain topics or products that are determined based on the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of Facebook Pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. The Facebook Pixel also helps us understand the effectiveness of Facebook Ads for statistical and marketing research purposes by showing us whether users are directed to our site after they have clicked a Facebook Ad (so-called “conversion”).
Facebook processes the data in accordance with Facebook’s Data Usage Policy. Accordingly, general information on the display of Facebook Ads can be found in the Facebook Data Usage Policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook Pixel and how it works, please visit the Facebook Help section: https://www.facebook.com/business/help/651294705016616.
You can object to the collection of your data by the Facebook Pixel and its use to display Facebook ads. To set what types of ads you see within Facebook, go to the page set up by Facebook and then follow the information there about the settings for interest-based advertising: https://www.facebook.com/settings?tab=ads. The settings apply across platforms, i.e., they are applied to all devices, such as desktop computers or mobile devices.
Furthermore, you can object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and, additionally, the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Online social media presence
We maintain online presences on social networks and platforms in order to communicate with active customers, interested parties, and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our Privacy Policy, we process the data of users who communicate with us on social networks and platforms, e.g., write posts on our pages or send us messages.
Integrating third-party services and content
On the basis of our legitimate interests (i.e., interest in the analysis, optimisation, and economic operation of our Website within the meaning of Art. 6 para. 1 f) GDPR), we include content or service offerings from third parties in order to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content can see the IP address of users, since without the IP address they would not be able to send the content to the users’ browsers. Your IP address is therefore necessary in order to display this content. We strive to only use content whose respective provider uses the IP address solely for the delivery of that content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. “Pixel tags” can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, the time of the visit, and other information about the use of our Website. It may also be linked to such information from other sources.
Vimeo
We may embed the videos of the Vimeo platform of Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy Policy: https://vimeo.com/privacy. We point out that Vimeo may use Google Analytics and, in this regard, refer to the privacy policy (https://www.google.com/policies/privacy) and opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or Google’s settings for data use for marketing purposes (https://adssettings.google.com/.).
YouTube
We integrate videos from the platform “YouTube” by the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google Fonts
We integrate fonts (“Google Fonts”) provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google ReCaptcha
We integrate the feature for detecting bots, e.g., when entries are made in online forms (“ReCaptcha”), from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google Maps
We integrate maps from the service “Google Maps” by the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users; however, these are not collected without their consent (as a rule provided within the framework of the settings of their mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Typekit fonts from Adobe
Based on our legitimate interests (i.e., interests in the analysis, optimisation, and economical operation of our Website in accordance with Article 6 para. 1 f) GDPR), we use external “Typekit” fonts from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield agreement, thereby offering a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).
The use of Facebook social plugins
Based on our legitimate interests (i.e., interest in the analysis, optimisation, and economical operation of our Website within the meaning of Art. 6 para. 1 f) GDPR), we use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Plugins can display interaction elements or content (e.g., videos, graphics or text contributions) and are identified by a Facebook logo (white “f” on a blue tile, the term “Like”, or a “thumbs up” sign) or by the phrase “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins is published at: https://developers.facebook.com/docs/plugins/.
Facebook has been certified under the Privacy Shield agreement, thereby offering a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When users access a feature of this Website that contain such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device to be integrated into the Website. In the process, user profiles can be created from the processed data. Therefore, we have no influence on the scope of the data which Facebook collects using this plugin and, thus, inform the user based on our knowledge.
As a result of the inclusion of the plugin, Facebook receives the information that a user has accessed the corresponding page of the Website. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example, by clicking the Like button or writing a comment, the corresponding information is directly transmitted from their browser to Facebook to be stored there. If a user is not a member of Facebook, it is still possible that Facebook will find out their IP address and save it. According to Facebook, only anonymised IP addresses are stored in Germany.
The purpose and scope of the data collection and further processing and use of the data by Facebook, as well as the related rights and settings options to protect users’ privacy, can be found in Facebook’s privacy policy https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about them via this Website and link it to their membership data stored at Facebook, he or she must log out of Facebook before using our Website and delete their cookies. More settings and ways to revoke permission to use your data for advertising purposes are available in your Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings apply across platforms, i.e., they are applied to all devices, such as desktop computers or mobile devices.