1. Data processing through social networks

We maintain publicly accessible profiles on social networks. The social networks that we use are specifically listed below. In principle, social networks such as Facebook, Twitter etc. are allowed to comprehensively analyse your usage behaviour when you use their website or a website with integrated social media content (e.g. "Like" buttons or banners). Numerous data protection-related processing activities are triggered when you visit our social media profiles.

In particular:
If you are logged into your social media account and you visit our social media profile, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected using a different method, such as via cookies stored on your device or by recording your IP address. Using data collected in this manner, the operators of the social media portals can create user profiles in which your preferences and interests are stored. These profiles allow promotions relevant to your interests (personalised promotions) to be advertised to you within and beyond the respective social media portal. If you have an account with the respective social network, the personalised promotions can be displayed on all devices that you are logged in to or were logged in to. Please also note that we cannot track all of the processing activities that occur on social media portals. Therefore, depending on the provider, additional processing activities may be performed by the operators of social media portals. In addition, the data collected from your visit to the social media portal and to our social media profiles is analysed for statistical and market research purposes. The social media portals transmit to us, as the operator of the social media profile, anonymised statistics and insights, such as information about interactions with our posts. Using this information, we can determine whether our website was accessed by users/visitors of/to a social media portal via our company profile and the age/gender groups of those users/visitors (applies only when users are logged in). We use the data transmitted to us to optimise our posts and social media profile and to reflect the interests of our website visitors accordingly. For more details, please refer to the terms of use and privacy policy of each social media portal.
 

a) Legal basis
Each time you contact us via the message function or the email address provided on our company profile, we store your user profile ID or email address as well as the other data that you provide. The legal basis for processing this data is Art. 6 Para. 1(b) GDPR, provided that your reason for contacting us is to initiate a contract or discuss contract-related issues. The purpose of our social media profiles is to allow us to interact with the broadest possible group of Internet users. This intention is deemed a legitimate interest as defined by Art. 6, Para. 1(f) GDPR. The fact that we need to respond to your query is also deemed a legitimate interest in processing your data. The analysis processes initiated by social networks may be based on different legal grounds that must be specified by the social network operators (e.g. consent as defined by Art. 6, Para. 1(a) GDPR; you can revoke your consent at any time for these networks).
 

b) Data controller and exercising rights
If you visit one of our social media profiles (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing activities triggered during your visit. In principle, you can exercise your rights (right of access, rectification, erasure, restriction of processing, data portability and the right to object) both against us and against the operator of the respective social media portal (e.g. against Facebook). Please note that, despite our joint responsibility with the operators of social media portals, we do not have full control over the data processing activities performed by social media portals. Our options are based on the corporate policy of the respective provider.
 

c) Duration of storage
The data collected directly by us via our social media profiles is deleted from our systems as soon as the purpose for storing this data no longer applies, you ask us to erase the data, or you revoke your consent for storing the data. Stored cookies remain on your device until you delete them. Mandatory statutory provisions—in particular retention periods—remain unaffected. We have no influence on how long your data is stored by the social network operators for their own purposes. For details, please check the terms of use set out by the respective social network operators (e.g. by viewing their privacy policy; see below).
 

d) Type of data
We may process the existing data from your social media account on the social media portal (e.g. first and last name, address, email address, phone number, gender, age, date of birth), usage data (e.g. visited websites, content interest) and content data (e.g. photos, videos, posts).
 

2. Social networks in detail

a) Facebook
We have a Facebook profile. The jointly responsible data controller of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. For residents of the USA or Canada, the jointly responsible data controller is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). According to Facebook's own information, the data collected is also transmitted to the USA and other third countries. We have concluded an agreement with Facebook regarding joint processing (controller addendum). This agreement sets out which data processing activities we are responsible for and which ones Facebook is responsible for when you visit our Facebook page. This agreement and information about the data transmitted to us can be found at the link below: https://www.facebook.com/legal/terms/page_controller_addendum.

According to Facebook's own information, Facebook uses standard contractual clauses approved by the European Commission and takes other measures in line with EU law to legitimise data transmission from the EEA to the USA and other countries.

You can customise your advertising settings in your Facebook user account. To do this, click the following link and log in:: https://www.facebook.com/settings?tab=ads.

For further details, refer to the Facebook privacy policy: https://www.facebook.com/about/privacy/.
 

b) Instagram
We have an Instagram profile. The jointly responsible data controller of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Instagram"). Accordingly, the information in 1.2 (a) also applies here.

You can object to the use of cookies on Instagram. You can find information about opting out at the following link: https://help.instagram.com/1896641480634370?ref=ig.

For information on how Instagram handles your personal data (https://help.instagram.com/196883487377501?ref=dp) refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.
 

c) Twitter
We use the Twitter messaging service. The jointly responsible data controller of this service is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. For residents of the USA or Canada, the jointly responsible data controller is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). According to Twitter's own information, the data collected is also transmitted to the USA, Ireland and other third countries. Twitter also uses analysis tools provided by other companies, including Google Analytics.

According to Twitter's own information, Twitter uses standard contractual clauses approved by the European Commission and takes other measures in line with EU law to legitimise data transmission from the EEA to the USA and other countries.

You can customise your Twitter privacy settings in your user account. To do this, click the following links and log in:: https://twitter.com/personalization. http://www.twitter.com/settings. https://twitter.com/settings/your_twitter_data.

For further details, refer to the Twitter privacy policy: https://twitter.com/en/privacy.
 

d) LinkedIn
We have a LinkedIn profile. The jointly responsible data controller of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For residents of the USA or Canada, the jointly responsible data controller is LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA ("LinkedIn"). According to LinkedIn's own information, the data collected is also transmitted to the USA and other third countries. LinkedIn uses marketing cookies. LinkedIn also uses analysis tools provided by other companies, including Google Analytics.

According to LinkedIn's own information, LinkedIn uses standard contractual clauses approved by the European Commission and takes other measures in line with EU law to legitimise data transmission from the EEA to the USA and other countries.

If you wish to disable LinkedIn marketing cookies, use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For information on how LinkedIn handles your personal data, refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
 

e) Pinterest
We have a Pinterest profile. The jointly responsible data controller of this service is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. For residents of the USA or Canada, the jointly responsible data controller is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94107, USA ("Pinterest"). According to Pinterest's own information, the data collected is also transmitted to the USA and other third countries. Pinterest also uses analysis tools provided by other companies, including Google Analytics.

Pinterest uses marketing cookies: https://policy.pinterest.com/en/cookies

If you wish to disable Pinterest marketing cookies, you can find information about opting out at the following link: https://help.pinterest.com/en/article/personalized-ads-on-pinterest or directly at https://www.pinterest.com/settings/privacy

For information on how Pinterest handles your personal data, refer to Pinterest's privacy policy: https://policy.pinterest.com/en/privacy-policy.
 

f) YouTube
We have a YouTube profile. The jointly responsible data controller of this service is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"). For residents of the USA or Canada, the jointly responsible data controller is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. According to YouTube and Google's own information, the data collected is also transmitted to the USA and other third countries. YouTube and Google also use analysis tools including Google Analytics.

According to YouTube and Google's own information, Google uses legal frameworks and takes other measures to guarantee a suitable level of data protection.

If you wish to disable YouTube or Google marketing cookies, use the following link: https://adssettings.google.com/ or directly at: https://adssettings.google.com/authenticated.

For information on how YouTube handles your personal data, refer to YouTube's privacy guidelines:: https://support.google.com/youtube/answer/7585465?hl=de and privacy policy: https://policies.google.com/privacy.
 

g) TikTok
When using our TikTok account please check carefully what personal data you share with us via TikTok. We specifically point out to you that TikTok stores its users’ data (e.g. personal information, IP address, etc.) and, where applicable, also uses it for business purposes.

Insofar as we are the sole processors of the data which you forward to us via TikTok we are the data controller for data processing within the meaning of the General Data Protection Regulation (GDPR).

We have no influence over what data is gathered or further processed by TikTok. Furthermore, we cannot identify the extent to which data is stored; where it is stored or how long it is stored for; the extent to which TikTok complies with existing erasure obligations; what evaluations and links are carried out using the data and who the data is forwarded to. If you wish to avoid TikTok processing the data which you transmit to us, then please establish contact with us using other means. For our full contact details, please see our legal notice.

Insofar as the data which you forward to us via TikTok is also or solely processed by TikTok, then, in addition to us, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Eire will also be the data controller for data processing within the meaning of the GDPR. Insofar as TikTok and we are the joint controllers within the meaning of Art. 26 GDPR, then we have concluded an agreement with TikTok concerning this joint responsibility. This agreement regulates, in particular, who assumes which obligations arising from the GDPR, in particular regarding the safeguarding of the data subjects’ rights, and who will comply with which information obligations as per Articles 13 and 14 GDPR. To view this agreement visit https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.

We ourselves gather personal data, for example if you establish contact with us via a contact form or messenger service. Please see the relevant contact form for information on what data we gather if you use a contact form to get in touch with us. This data will be stored and used solely for the purpose of answering your enquiry and/or to contact you as well as for corresponding technical administration. 

For more information on TikTok Technology Limited’s data processing, please see the TikTok Technology Limited data protection/ privacy declaration at https://www.tiktok.com/legal/page/eea/privacy-policy/en. The above-mentioned data protection/ privacy declaration applies for all services which are offered by TikTok Technology Limited. The above-mentioned data protection/ privacy declaration applies for all services which are offered by TikTok Technology Limited. 

The processing procedures referred to below, for which we are jointly responsible together with TikTok, are the following:

• “Collection and transmission of developer data and/or event data by (and to) TikTok” – i.e. TikTok gathers data per click (= event) for evaluation;
• “Measurement and insight reporting” – i.e. TikTok gathers and evaluates data to provide us with corresponding reports;
• “Contact details matching” – i.e. the contact details which you generate will be compared with other profiles/ parameters which we specify;
• “Developer tool functionality” – i.e. we use feedback and other knowledge which we gain to continuously improve the functionalities of our website;
• “Custom audiences (customer file) product” – i.e. we can define precisely which target group we select for specific measures;
• “Lead generation product” – i.e. we implement a call to action link or an in-website app, for example, to generate lead ads.

When you use TikTok your personal data may be forwarded to servers which are located outside the European Economic Area. The ECJ currently considers that the level of protection for data transfers to the USA is inadequate and that this is accompanied by various risks to the lawfulness and security of data processing.

Data processing in third countries is carried out on the basis of EU Commission model contracts regulating the forwarding of personal data to third countries (so-called standard contractual clauses). To obtain a copy of these standard contractual clauses please contact TikTok at privacy@tiktok.com.

The duration of personal data archiving is determined on the basis of the relevant legal basis; by the processing purpose and – insofar as relevant – also on the basis of the corresponding archiving periods specified by law (e.g. commercial and tax law-related archiving periods). Insofar as the other information provided in this declaration regarding specific processing situations does not state otherwise, then for the rest the personal data which is stored will be erased when it is no longer required for the purposes for which it was gathered or otherwise processed.

The legal basis for data processing within the scope of your use of our TikTok account is our legitimate interest in answering your enquiry as per Art. 6 Para. 1 (f) GDPR. Following conclusive handling of your enquiry your data will be erased insofar as this does not conflict with any statutory archiving periods. We assume that final handling will have taken place when the evidence indicates that the relevant matter has been conclusively clarified.