Name: Digital Control GmbH & Co. KG
Street, house number: Kaistraße 16a
Post code, town/city, country: 40221 Düsseldorf, Germany
Commercial Register, no.: Amtsgericht Düsseldorf, HRA 24347
Managing Director: Joachim Schrader
Telephone number: +49 211 9753208 - 0
E-mail address: firstname.lastname@example.org
Data Protection Officer
Name: Julia Epp
Street, house number: Kaistraße 16a
Post code, town/city, country: 40221 Düsseldorf, Germany
Telephone number: +49 211 9753208 - 0
E-mail address: email@example.com
1. Fundamental information on data processing and legal basis
1.2. With respect to the terminology used, e.g. ‘personal data’ or the ‘use’ of such data, please refer to the definitions given in Article 4 of the GDPR.
1.3. Users’ personal data processed within the scope of our online presence includes usage data (e.g. the websites visited that form part of our online presence, interest in our services) and content data (e.g. information entered into the contact form, i.e. name, telephone number, e-mail address and company name).
1.4. The term ‘user’ includes all categories of persons affected by data processing. This includes … our business partners, customers, interested parties and other people who visit our websites. The terminology used is intended to be gender-neutral.
1.5. We process the personal data of users exclusively in compliance with the relevant data protection provisions. This means that user data is processed only where this is permissible by law.
In particular, this refers to where data processing is required by law or is required for us to provide contractual services (e.g. processing orders), or for our online services, where the user has provided his or her consent, or where this is based on our legitimate interests (i.e. interests in the analysis, optimisation and economical operation and security of our online presence within the meaning of Article 6 Paragraph 1 Letter f. of the GDPR, … with particular reference to measuring reach, creating profiles for advertising and marketing purposes, collecting access data and using services from third-party providers).
1.6. Please note that the legal basis of consent is Article 6 Paragraph 1 Letter a. and Article 7 of the GDPR, the legal basis for processing to fulfil our services and carry out contractual measures is Article 6 Paragraph 1 Letter b. of the GDPR, the legal basis for processing to meet our legal obligations is Article 6 Paragraph 1 Letter c. of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6 Paragraph 1 Letter f. of the GDPR.
2. Security measures
2.1. We take organisational, contractual and technical security measures that are up-to-date to ensure that we comply with the provisions of data protection laws, thus safeguarding the data processed by us against accidental or intentional manipulation, loss and destruction, and against access by unauthorised persons.
2.2. In particular, security measures include the encrypted transmission of data between your browser and our server.
3. Sharing data with third parties and third-party providers
3.1. Data is only shared with third parties and third party providers in accordance with legal provisions. Even then, we only share user data with third parties if this is required for contractual purposes, e.g. based on Article 6 Paragraph 1 Letter b) of the GDPR, or for the economic and effective operation of our business based on our legitimate interests in accordance with Article 6 Paragraph 1 Letter f of the GDPR.
3.2. If we use subcontractors to provide our services, we make suitable legal arrangements and take appropriate technical and organisational steps to ensure that the personal data is safeguarded in line with the relevant legal provisions.
4.1. If you contact us (via the contact form or by e-mail), user information is used to process the contact request and then settle it in accordance with Article 6 Paragraph 1 Letter b) of the GDPR, and is saved in our website’s content management system in case there are any follow-up questions.
5. Collecting access data and log files
5.1. We, and/or our webspace provider, shall collect data based on our legitimate interests within the meaning of Article 6 Paragraph 1 Letter f. of the GDPR by accessing the server for the website on which you find this service (‘server log files’). Access data includes the name of the website accessed, the file, date and time of access, data volume transferred, a successful access alert, browser type including version, the user’s operating system, the referrer URL (the site visited immediately before), the IP address and the requesting provider.
5.2. For security reasons (e.g. to assist in resolving cases of misuse or fraud), log file information is saved for a maximum of one year before being deleted. If data must be stored for evidence purposes, deletion is excluded until the incident has been fully resolved.
5.3. We use log data exclusively for statistical evaluation for operational, security and website optimisation purposes. However, we reserve the right to subsequently review log data if there is a justified suspicion of unlawful use based on concrete evidence.
6. Cookies and reach measurement
6.1. The term ‘cookies’ refers to information that is sent from our web server or from third-party web servers to the user’s web browser and stored there for later use. Cookies may be small files or may constitute other forms of information storage.
Cookies are small files that make it possible for specific information about the device to be saved on the user’s accessing device (PC, tablet, smartphone, etc.) They are used to make websites more user-friendly, thus helping users (e.g. by storing log-in details). They are also used for collecting statistical data relating to website use …, which can then be analysed for the purposes of website improvement. The user can change how cookies are used.
6.2. We also use a type of cookies called ‘session cookies’, which are only stored for the duration of the visit our website (e.g. to store your log-in status or enable the shopping cart function, thus facilitating basic use of our website). A session cookie contains a randomly generated unique ID number, known as a ‘session ID’. A cookie also contains information about its origin and retention period. These cookies cannot save any other data. Session cookies are deleted when you stop using our website and close the browser, for example.
6.4. If the user does not want cookies to be stored on their computer, they are given the option to deactivate them using the browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Removing cookies may limit the functionality of this website.
7. Google Analytics
7.2. Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
7.3. Google will use this information on our behalf for the purpose of evaluating the user’s use of the website, compiling reports on website activity and providing us other services relating to website activity and internet usage. This process may involve creating pseudonymised usage profiles of users from the processed data.
7.4. We use Google Analytics to show adverts within Google and Google partner advertising services only to users who have shown an interest in our website or have certain characteristics (e.g. interest in certain topics or products based on visited websites); we share this information with Google (‘remarketing’ or ‘Google Analytics audiences’). We also use remarketing audiences to ensure that our adverts match a user’s potential interests and are not of a harassing nature.
7.5. We only use Google Analytics in combination with IP anonymisation. This means that user IP addresses will be truncated by Google within European Union Member States and in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the US and truncated there.
7.6. The IP address sent by the user’s browser will not be associated with other Google data. Users can prevent cookies from being stored by changing their respective browser software settings; users can also prevent Google from capturing data generated by cookies that relates to the use of the website, as well as prevent Google from processing this data by downloading and installing the browser add-on available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en
7.7. More information about Google’s data use, settings and opt-out options can be found on Google’s website: https://policies.google.com/privacy/partners?hl=en (‘How Google uses data when you use our partners’ sites or apps’) https://policies.google.com/technologies/ads?hl=en (‘Technologies and Principles/Advertising), https://adssettings.google.com/?hl=en (‘Ads Settings’).
8. Google Remarketing / Google AdWords / Google Tag Manager
8.1. For the purposes of our legitimate interests (i.e. our interest in analysing, optimising and running our websites in a commercially viable manner within the meaning of Article 6 Paragraph 1 Letter f. of the GDPR), we use the marketing and remarketing services (hereinafter referred to as ‘Google marketing services’) provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (‘Google’).
8.2. Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
8.3. Google marketing services enable us to display ads for and on our website in a more targeted fashion, helping us to only show ads to users that are potentially of interest to them. The method we use, known as remarketing, involves, for example, showing users ads for products in which they have already shown an interest on other websites.
For this purpose, our websites – and other websites on which Google marketing services are active – contain a snippet of code, which is executed directly by Google. This integrates what are known as (re)marketing tags in the website (invisible image files or code, also known as web beacons). With the help of these tags, an individual cookie, i.e. a small file, is saved on the user’s device (comparable technologies may also be used instead). These cookies may be set from a few different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file notes which sites the user visits, which content interests the user, and which offers they have clicked, as well as technical information on the browser and operating system, referring websites, visit duration and other data on the use of the website.
The information referred to above may also be linked to comparable information from other sources. If the user subsequently visits other websites, they may be presented with ads tailored to them according to their interests.
8.4. User data is processed in a pseudonymised manner within the context of Google marketing services, i.e. Google does not store and process details such as the name or email address of the user, but instead processes the relevant data within pseudonymised usage profiles based on cookies. This means that, from Google’s perspective, the ads are not managed for and displayed to a named, identifiable person, but rather for and to the cookie holder, regardless of who this cookie holder is. This is not, however, the case if a user has expressly granted Google permission to process their data in a non-pseudonymised manner. Information collected on users by Google marketing services is transmitted to Google and stored on Google’s servers in the USA.
8.5. One of the Google marketing services we use is the online advertising service ‘Google AdWords’. In the case of Google AdWords, each AdWords client receives a different ‘conversion cookie’. Thus, cookies cannot be tracked across the websites of AdWords clients. The information collected by the conversion cookies is used to provide aggregate conversion statistics for AdWord clients who have opted in to conversion tracking. This is an assessment of previously defined actions that a user has carried out on the website. AdWords clients are informed of the total number of users who clicked on their ad and were forwarded to a conversion tracking tag page. However, they do not receive any information that would enable them to identify users personally.
8.6. Another Google marketing service we use is ‘Google Tag Manager’. With the aid of Google Tag manager, Google analysis and marketing services can be embedded in our website (= Google Analytics and Google AdWords).
8.8. If you wish to opt out of personalised advertising by Google marketing services, you can adjust your preferences and opt-out settings by visiting the following page: https://adssettings.google.com/?hl=en.
9. User rights
9.1. Users have the right to obtain information free of charge on the personal data we have collected about them.
9.2. In addition, users have the right to correct any inaccurate data, restrict the processing of their personal data or delete it, and, where applicable, assert their right to data portability. Users also have the right to submit a complaint to the relevant supervisory authorities if they suspect that data has been processed unlawfully.
9.3. Users may also withdraw their consent, generally with effect for the future.
10. Deletion of data
10.1. The data stored by us is deleted once it is no longer required for the designated purpose and provided that we have no statutory obligation to retain said data. In the event user data is not deleted because it is required for other purposes permitted by law, then its processing shall be restricted accordingly, i.e. the data shall be blocked and no longer processed for other purposes. This applies, for example to user data that must be retained due to commercial or tax requirements.
10.2. According to statutory regulations, documents must be retained for 6 years as per Section 257 Paragraph 1 of the German Commercial Code (Handelsgesetzbuch, HGB) (accounting ledgers, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and for 10 years as per Section 147 Paragraph 1 of the German Fiscal Code (Abgabenordnung, AO) (accounts and records, situation reports, accounting records, trade and business letters, other documents of relevance for taxation, etc.).
11. Right to object
Users can object to the future processing of their personal data at any time in accordance with statutory provisions. This right to object applies in particular to the processing of data for the purposes of direct advertising.
Düsseldorf, April 2018