Preliminary Note

The protection of your personal data is a matter of great importance and concern to us. We handle the data we collect from you with utmost care; in no case will they be sold to third parties or misused in any other way. This Data Protection Statement informs you of the manner, scope and purpose of processing of personal data (“data” for short in the following) within our online offering and the websites, functions and content connected with it as well as our external online presence sites such as our social media profiles (collectively referred to as our “online offering” in the following). With regard to the terms used, such as “processing” or “controller”, we refer you to the definitions given in Article 4 of the General Data Protection Regulation (GDPR).

Person responsible

Wunschmann GmbH
Precision tools
Etzwiesenstraße 39
72108 Rottenburg
Germany

Phone: +49 7457 8059
Telefax: +49 7457 4697
E-Mail: info@wunschmann.de

Managing Directors of the GmbH
Stephan Wunschmann
Birgit Wunschmann
Stuttgart (Germany) Registry Court
HRB 390249
VAT no.: DE 146889133

Types of processed data:

– master data (e.g. names, addresses)
– contact data (e.g. email addresses, telephone numbers)
– content data (e.g. text entries, photographs, videos)
– usage data (e.g. websites visited, interest in content, access times)
– meta/communication data (e.g. device information, IP addresses)

Purpose of processing:

– provision of an online offering along with its functions and content
– responding to contact requests and communicating with users.
– security measures
– range measurement / marketing

Terms used

“Personal data” means any information relating to an identified or identifiable natural person (“data subject” in the following); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (such as a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed in connection with personal data, whether or not by automated means. The term has a wide meaning and includes virtually any handling of data.

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Legal basis

In accordance with Article 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis is mentioned in the Data Protection Statement, the following applies: The legal basis for obtaining consent is Article 6 (1) (a) and Article 7 GDPR, the legal basis for processing for the purpose of performing our services, executing contractual measures as well responding to inquiries is Article 6 (1) (b) GDPR, the legal basis for processing in order to fulfil our legal obligations is Article 6 (1) (c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, this is done on the legal basis of Article 6 (1) (d) GDPR.

Security measures

In conformity with Article 32 GDPR we take suitable technical and organizational measures to provide a level of security commensurate with the risk at hand giving due consideration to the best available technology, the implementation costs, the nature, scope, context and purposes of processing as well as the individual probabilities of occurrence and the impact such occurrences would have on the rights and freedoms of natural persons. Such measures include in particular securing the confidentiality, integrity and availability of data by controlling physical access to data processing equipment as well as data access, entry, transfer, saving, availability and separation. We have furthermore established procedures which enable data subjects to assert their rights and make it possible to erase data and respond to any compromise of data. In addition, we take the protection of personal data in account already at the time of developing and selecting hardware, software and methods, e.g. by using data protection friendly default settings, in accordance with the principle of data protection by technical design (Article 25 GDPR).

Cooperation with processors and third parties

If, in the context of our processing, we disclose data to other persons or companies (processors or third parties), transmit the data to them or otherwise grant access to the data, this will only take place if we are permitted to so by law, (e.g. where the transmission of the data to third parties, e.g. payment service providers is necessary for the performance of a contract pursuant to Article 6 (1) (b) GDPR), you have given consent, the processing is necessary for compliance with a legal obligation or for the purpose of our legitimate interests (e.g. the use of agents, web hosting providers, etc.).

Where we engage third parties to process data on the basis of a so-called “data processing agreement”, this is done on the basis of Article 28 GDPR.

Transmission to third countries

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or in the context of the use of third-party services or disclosure or transmission of data to third parties, processing will only take place if this is necessary to meet our pre-contractual or contractual obligations, you have given consent to processing, for compliance with a legal obligation or for the purpose of our legitimate interests. To the extent permitted by law and contract, we process the data or have the data processed in a third country only if the special requirements of Articles 44 ff. GDPR have been met. This means that processing is carried out, for example, on the basis of special guarantees, such as an officially recognized confirmation of the adequacy of the level of data protection (e.g. the “Privacy Shield” in the US) or in compliance with officially recognized contractual obligations (so-called “standard contractual clauses”).

Right of data subjects

Under Article 15 GDPR, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, information about these data and other information, as well as a copy of the data.

Under Article 16 GDPR, you have the right to have incomplete personal data concerning you completed and to have inaccurate personal data rectified.

You have the right to obtain the erasure of personal data concerning you without delay under Article 17 GDPR or, alternatively, the right to obtain restriction of processing under Article 18 GDPR.

Under Article 20 GDPR, you have the right to receive the personal data concerning you which you have provided to us and have the right to have those data transmitted to another controller.

Under Article 77 GDPR, you furthermore have the right to lodge a complaint with the competent supervisory authority.

Right of withdrawal

Under Article 7 (3) GDPR, you have the right to withdraw your consent with effect for the future.

Right to object

Under Article 21 GDPR, you have the right to object to the future processing of data concerning you at any time. Such an objection may in particular be directed against the processing of data for direct marketing purposes.

Cookies and the right to object to direct marketing

“Cookies” are small files that are stored on users’ computers. Cookies can store a variety of information. Cookies are primarily used to store information about users (or devices on which the cookies are stored) during or after their visit to an online offering. Temporary cookies, “session cookies” or “transient cookies”, are cookies which are deleted after the user leaves a website and closes his/her browser. These types of cookies are used e.g. to store the content of the shopping basket in an online store or the login status. Cookies that are referred to as “permanent” or “persistent” are cookies that remain stored even after the browser has been closed. For example, the login status can be stored if users visit it  after several days have passed. Such cookies can also be used to store the interests of users for range measurement or marketing purposes. “Third-party cookies” are cookies that are set by providers other than the data controller operating the website (where cookies are only set by the controller they are referred to as “first-party cookies”).

We may use temporary and permanent cookies and provide information about the cookies we use in our Data Protection Statement.

Users who do not wish cookies to be stored in their computer are requested to deactivate the relevant option in their browser settings. Stored cookies can be deleted in the browser’s system settings. The blocking of cookies may limit the functionality of this online offering.

The US American webpage http://www.aboutads.info/choices/ and the EU webpage http://www.youronlinechoices.com/ both provide a facility for declaring a general objection to the use of cookies for online marketing purposes, especially by tracking, which is received by a large number providers . Furthermore, it is also possible to disable the storage of cookies by changing the browser’s settings. Please note that if you do this, you may not be able to use all the functions of this online offering.

Erasure of data

The data we process will either be erased or restricted in processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this Data Protection Statement, the data we store will be erased as soon as the data are no longer necessary for the purposes for which they were collected and this does not conflict with statutory retention requirements. Where data are not erased because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data are blocked and not processed for other purposes. This applies, for example, to data that have to be retained for reasons of commercial or tax law.

Under German law, the retention period is specifically 10 years pursuant to §§ 147 (1) of the German Tax Code (AO) and 257 Section 1 Nos. 1 and 4 and Section 4 of the German Commercial Code (HGB) (books, records, progress reports, accounting vouchers, account books, tax-related records etc.) and 6 years pursuant to § 257 Section 1 Nos. 2 and 3 and Section 4 (1) HGB (business letters).

Under Austrian law, the retention period is specifically 7 years pursuant to § 132 Section 1 of the Austrian Tax Code (BAO) (accounting documents, vouchers/invoices, accounts, vouchers, business papers, statements of revenue and expenditures etc.), 22 years in the context of land property and 10 years in the context of services performed by electronic means, telecommunication services, radio and television broadcasting services to non-entrepreneurs in EU member states and services to which the Mini One Stop Shop (MOSS) procedure is applied.

Hosting

We use hosting services to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.

In so doing, we or our hosting provider process master data, contact data, content data, contract data, usage data, metadata and communication data of customers, prospects or visitors of this online offering on the basis of our legitimate interests in an efficient and secure website provisioning in accordance with Article 6 (1) (f) GDPR in conjunction with Article 28 GDPR (conclusion of a data processing agreement).

Collection of access data and log files

On the basis of our legitimate interests, within the meaning of Article 6 (1) (f) GDPR, we or our hosting provider collects data about each access to the server on which this service is located (termed server log files). The access data include the name of the accessed website, file, date and time of access, amount of data transferred, notification on successful access, browser type plus version, the operating system of the user, referrer URL (previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and then erased. Data which need to be stored for purposes of proof are exempt from erasure until the relevant incident has been resolved.

Provision of contractual services

We process master data (e.g., users’ names, addresses and contact data), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and performing our services in accordance with Article 6 (1) (b) GDPR. Where fields in online forms are identified as requiring an entry this is for the purpose of contract conclusion.

When someone uses our online services, we store the IP address and the time of the respective user action. The data are stored on the basis of our legitimate interests as well as the user’s interest in protection against misuse and other unauthorized use. These data are not passed on to third parties as a matter of principle, unless this is necessary for the pursuit of our claims or there is a legal obligation in accordance with Article 6 (1) (c) GDPR.

We process usage data (e.g., the visited websites of our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertizing purposes in a user profile in order to show the user e.g. product information based on services used by them in the past.

The data are deleted after expiration of legal warranty and comparable obligations. The necessity of data retention is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after the obligation has expired. Data stored in a customer account remain there until its termination.

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks and organization of our business, financial accounting and complying with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. Such processing is based on Article 6 (1) (c) GDPR and Article 6 (1) (f) GDPR, and it affects customers, prospects, business partners and website visitors. The purpose and our interest in the processing lies in the administration, financial accounting, office organization and archiving of data, i.e., in tasks which serve to maintain our business, perform our duties and provide our services. The deletion of data with regard to contractual services and contractual communication is handled as stated for these processing activities.

We disclose or transmit data to the financial administration, consultants, such as tax accountants or auditors, and other charging centres and payment service providers.

Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, e.g. for later contact. We generally store these data, which are mainly company-related, permanently.

Business analyses and market research

We analyze the data on business transactions, contracts, inquiries, etc. available to us in order to conduct our business economically and identify market tendencies and customer and user wishes. We process master data, communication data, contract data, payment data, usage data, metadata on the basis of Article 6 (1) (f) GDPR. Among the persons affected by this processing are customers, prospects, business partners, visitors and users of the online offering.

The analyses are carried out for the purpose of business assessments, marketing and market research. We can take into account the profiles of registered users with information, e.g. on the purchases they have made. The analyses serve us to increase the user-friendliness and optimize our offering and our economic efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated values.

If these analyses or profiles are personal, they will be deleted or made anonymous upon termination of the user or else after two years from the conclusion of the contract. Apart from that, macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.

Data protection notices in the application process

We process applicant data only for the purpose and within the scope of the application process and in accordance with the legal requirements. Applicant data are processed for the purpose of fulfilling our (pre)contractual obligations in the context of the application procedure within the meaning of Article 6 (1) (b) GDPR and Article 6 (1) (f) GDPR if we are obliged to do so, e.g., in the context of legal procedures (in Germany § 26 of the German Data Protection Law (BDSG) applies in addition).

 

The application procedure requires that applicants provide us with their data. If we provide an online form, the required applicant data are marked or else can be inferred from the job descriptions. In general, applicant data include personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. Beyond that, applicants may voluntarily provide us with additional information.

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this Data Protection Statement.

Insofar as special categories of personal data within the meaning of Article 9 (1) GDPR are voluntarily communicated within the context of the application procedure, they are processed additionally in accordance with Article 9 (2) (b) GDPR (e.g. health data, such as severe disability status or ethnic origin). Insofar as special categories of personal data within the meaning of Article 9 (1) GDPR are requested from applicants within the context of the application procedure, they are processed additionally in accordance with Article 9 (2) (a) GDPR (e.g. health data, if these are required for the exercise of the profession).

If made available, applicants can send us their applications via an online form on our website. The data are encrypted and transmitted to us according to the state of the art.
Applicants can also send us their applications by email. Please note, however, that emails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We cannot therefore accept any responsibility for the transmission path of the application between the sender and its receipt on our server and therefore recommend that you use an online form or postal dispatch. Instead of using the online application form and email, applicants still have the option of sending us their application by post.

If the application is successful, the data provided by the applicants can be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, applicants’ data are deleted. Applicants’ data are also deleted if an application is withdrawn, which applicants are entitled to do at any time.

Unless the applicant makes a justified revocation, the deletion will take place after a period of six months, so that we can answer any follow-up questions concerning the application and meet our record-keeping obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Contact

When contacting us (e.g. via contact form, email, telephone or via social media), the user’s details are processed for processing and handling the contact enquiry in accordance with Article 6 (1) (b) GDPR. User information can be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization system.

We delete the inquiries if they are no longer necessary. We review the necessity every two years; beyond that, the statutory archiving obligations apply.

Newsletter

In the following we inform you about the content of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter you agree to its receipt and the outlined processes.

Newsletter content: We send newsletters, emails, and other electronic notifications containing information for advertising purposes (referred to in the following as “newsletter”) only with the recipient’s consent, or legal permission. Provided that the newsletter content is described in concrete terms upon subscription, it is considered to be the basis of user consent. Furthermore, our newsletter contains information regarding our services, activities, and our business.

Double opt-in and records: Our newsletter subscription process employs the so-called double opt-in method. This means that after subscribing you will receive an email requesting confirmation of your subscription. This confirmation is necessary to prevent anyone from signing up under an email address that does not belong to them. Newsletter subscriptions are recorded in order to provide evidence in accordance with the legal provisions. This includes storing the time of subscription and the time of confirmation, as well as the IP address. Changes to data of yours that are saved by the distribution service provider will also be recorded.

Subscription data: It suffices to provide your email address to subscribe to our newsletter. Optional for you, we request that you provide a name so that we can personalize the newsletter.

The dispatch of the newsletter and the performance measurement associated with it is based on the recipients’ consent pursuant to Article 6 (1) (a) and Article 7 GDPR in conjunction with § 107 Section 2 of the German Telecommunications Law (TGK) or on the basis of legal permission pursuant to § 107 Sections 2 and 3 TKG.

The subscription procedure is recorded on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. We are interested in the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to provide proof of consent.

Cancellation/Revocation – You may cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the email addresses of unsubscribers for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of these data is limited to the purpose of a possible defence against claims. Cancellation may also be requested individually at any time, provided that in doing so consent is confirmed to have existed up until then.

Newsletter – distribution service provider

We use the services of the distribution service provider “MailChimp”, a newsletter distribution platform of the US-based Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection policy of this distribution service provider can be viewed at https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified in accordance with the Privacy Shield Agreement, thus guaranteeing that it adheres to European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). We use the services of the distribution service provider on the basis of our legitimate interests pursuant to Article 6 (1) (f) GDPR and a processing agreement pursuant to Article 28 (3) Sentence 1 GDPR.

The distribution service provider may use the recipients’ data in pseudonymized form, i.e. without attributing them to a user, for the optimization or improvement of their own services, e.g. to optimize the technical performance of the dispatch and presentation of the newsletter or for statistical purposes. However, the distribution service provider will not use the data of our newsletter recipients to write directly to the latter or to transfer the data to third parties.

Newsletter – success measurement

The newsletters contain a so-called “web-beacon”, i.e., a pixel-sized file that is retrieved from our server or that of our distribution service provider, if we are using one, when the newsletter is opened. This call initially involves the collection of technical information, such as information about the browser and your system, as well as your IP address and time of retrieval.

This information is used to improve the technical performance of services based on the technical data or based on the audiences and their reading habits, based in turn on their retrieval locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our goal nor that of the distribution service provider, if we are using one, to observe individual users. The evaluations rather serve us to recognize the reading habits of our users and to adapt our content to them or to send differential content according to the interests of our users.

Jetpack (WordPress Stats)

Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR), we use the plugin Jetpack (specifically its subfunction “WordPress Stats”), which uses a tool for statistical evaluation of visitor access and is operated by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA . Jetpack uses what are called cookies. These are text files that are stored on your computer and make it possible to analyze how you use the website.

The information generated by the cookie about your use of this online offering is stored in a server in the USA. Data processed in this context can be used to create user profiles relating to the users. Such user profiles are used for analysis, not for advertizing purposes. For further information please refer to the data protection statements of Automattic: https://automattic.com/privacy/ and information about Jetpack cookies: https://jetpack.com/support/cookies/.

Facebook-Pixel, Custom Audiences and Facebook-Conversion

Based on our legitimate interests in the analysis, optimization and economic operation of our online offering and for these purposes, our online offering uses what is called the “Facebook pixel” of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

Facebook is certified in accordance with the Privacy Shield Agreement, thus guaranteeing that it adheres to European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

The Facebook pixel allows Facebook to identify the visitors to our online offering as a target group for the display of advertisements (known as Facebook ads). Accordingly we use the Facebook pixel in order to display the Facebook ads placed by us only to those Facebook users who have shown an interest in our online offering, or who exhibit certain characteristics (e.g. interest in certain topics or products, determined based on the websites that are visited), which we transmit to Facebook (known as Custom Audiences). We also use the Facebook pixel to ensure that our Facebook ads correspond to the potential interests of users and are not perceived as bothersome. With the help of the Facebook pixel, we are also able to understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were forwarded to our website after clicking a Facebook advertisement (known as conversion).

Facebook processes the data according to Facebook’s data usage guideline. Corresponding general information about the display of Facebook ads in Facebook’s data usage guideline: https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and its functionality is available in the Facebook help section: https://www.facebook.com/business/help/651294705016616.

You can object to the recording of data by the Facebook pixel and their use for the display of Facebook ads. To choose what types of advertisements are displayed to you on Facebook, you can call up the page set up by Facebook and follow the instructions for configuring usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, meaning they apply to all devices including desktop computers and mobile devices.

You can also object to the use of cookies for the purpose of measuring coverage and for promotional purposes on the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and on the US website  (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Social media online presence

We maintain a social media online presence and other platforms in order to communicate with active customers, prospects and users, and to inform them about our services. When viewing the respective networks and platforms, the business conditions and data processing policies of the respective operators apply.

Unless stated otherwise in our Data Protection Statement, we process the data of users who communicate with us in social networks and on platforms by, e.g., writing contributions on our online presence sites or sending us messages.

Integration of Services and Content of Third Parties

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR), we use the content and service offers of third-party providers in order to integrate their content and services, e.g. videos or fonts (collectively referred to in the following as “content”).

The third-party provider of such content always requires the user’s IP address in order to be able to send the content to their browser. In other words, the IP address is needed in order to display this content. We endeavour only to use such content where the respective provider uses the IP address exclusively to deliver said content. Third-party providers may additionally use “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as the number of visitors accessing the pages of this website. The pseudonymized information may additionally be stored on user devices in the form of cookies. This information may include, amongst other things, technical information on the browser and operating system, referring websites, time spent on the website, and further details on how users make use of our online offering, and it can also be combined with analogous information from other sources.

Youtube

We use videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection statement: https://www.google.com/policies/privacy/; opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We use fonts of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google Fonts”). Data protection statement: https://www.google.com/policies/privacy/; opt-out: https://adssettings.google.com/authenticated.

Google Maps

We use the maps of the service “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, users’ IP addresses and location data, which, however, are not collected without their consent (as a rule according to the settings of their mobile devices). The data can be processed in the USA. Data protection statement: https://www.google.com/policies/privacy/; opt-out: https://adssettings.google.com/authenticated.

Use of Facebook social plugins

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR) we use social plugins (“plugins”) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These plugins can display interactive elements or content (e.g. videos, graphics or text contributions) and can be identified by one of the Facebook logos (white “f” on a blue tile, the term “like”, or a “thumbs up” sign) or are marked with the addition “Facebook social plug-in”. The list and appearance of Facebook social plug-ins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified in accordance with the Privacy Shield Agreement, thus guaranteeing that it adheres to European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user calls up a function of this online offering that contains such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offering. In this process, user profiles may be created from the processed data. We have therefore no influence on the scope of the data collected by Facebook using this plug-in and therefore provide users with information according to our own level of knowledge .

By integrating plugins, Facebook receives the information that a user has viewed the corresponding page of the online offering. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plug-ins, such as by pressing the “Like” button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a Facebook member, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and extent of data collection, further processing and the use of data by Facebook as well as users’ related rights and settings options to safeguard their privacy can be inferred from Facebook’s privacy policies at https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their membership data stored on Facebook, they must log out of Facebook before using our online offering and delete their cookies. Further settings options and means of objecting to the use of data for advertising purposes are available in Facebook’s profile settings at  https://www.facebook.com/settings?tab=ads  or via the US page  http://www.aboutads.info/choices/  or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Here it is possible to generate the content that is used within the module.