Introduction
With the following privacy policy, we aim to inform you about the types of personal data (hereinafter also referred to as “data”) we process, the purposes for which we process it, and the extent of such processing. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and specifically on our websites, mobile applications, and external online presences, such as our social media profiles (collectively referred to as the “online services”).
As of: March 11, 2025
Table of Contents
Introduction
Responsible Party
Overview of Data Processing
Relevant Legal Bases
Security Measures
Transfer of Personal Data
Data Processing in Third Countries
Deletion of Data
Use of Cookies
Provision of Online Services and Web Hosting
Blogs and Publications
Contact and Inquiry Management
Newsletters and Electronic Notifications
Web Analysis, Monitoring, and Optimization
Online Marketing
Affiliate Programs and Affiliate Links
Social Media Presence
Plugins and Embedded Features and Content
Changes and Updates to the Privacy Policy
Rights of Data Subjects
Definitions
Responsible Party
Léman Pixelfactory
Rue Louis-de-Savoie 44
1110 Morges
Email:
mail@pixelfactory.ch
Imprint:
https://jendrik.ch/impressum
Overview of Data Processing
The following overview summarizes the types of data processed and the purposes of their processing, along with the affected individuals.
Types of Processed Data
Inventory data
Location data
Contact data
Content data
Contract data
Usage data
Meta/communication data
Categories of Affected Individuals
Communication partners
Users
Purposes of Processing
Provision of contractual services and customer service
Contact inquiries and communication
Security measures
Direct marketing
Reach measurement
Tracking
Conversion measurement
Affiliate tracking
Management and response to inquiries
Feedback
Marketing
Profiles with user-related information
Provision of our online services and user-friendliness
IT infrastructure
Relevant Legal Bases
Below is an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations in your or our country of residence or location may apply. If specific legal bases apply in individual cases, we will inform you of this in the privacy policy.
Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of legitimate interests pursued by the data controller or a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data.
In addition to the GDPR’s data protection provisions, national regulations in Germany apply, particularly the Federal Data Protection Act (BDSG). The BDSG contains specific provisions regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transfers, and automated decision-making, including profiling. It also governs data processing for employment purposes (§ 26 BDSG), particularly regarding the initiation, execution, or termination of employment relationships and employee consent. Furthermore, national data protection laws of the individual federal states may apply.
Additionally, national regulations in Switzerland apply, specifically the Federal Act on Data Protection (DSG). The DSG is particularly relevant when no EU/EEA citizens are involved, and, for example, only data from Swiss citizens is processed.
Security Measures
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing, as well as the different likelihoods and degrees of risk to the rights and freedoms of natural persons.
These measures include securing the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data, as well as access, input, transfer, availability, and separation. Additionally, we have procedures in place to ensure the exercise of data subject rights, data deletion, and responses to data threats. Furthermore, we consider data protection during the development or selection of hardware, software, and procedures, in line with the principle of privacy by design and privacy-friendly default settings.
TLS Encryption (https):
To protect your data transmitted via our online services, we use TLS encryption. You can recognize encrypted connections by the prefix “https://” in your browser’s address bar.
Transfer of Personal Data
As part of our processing of personal data, data may be transferred to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include IT service providers or providers of services and content embedded in a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.
Data Processing in Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place as part of third-party services or disclosure or transmission of data to other individuals, entities, or companies, it will only occur in compliance with legal requirements.
Subject to explicit consent or necessary transmission due to contract or legal obligations, we process or have the data processed only in third countries with an adequate level of data protection, contractual obligations through EU Commission Standard Contractual Clauses, where certifications or binding internal data protection rules are in place (Art. 44 to 49 GDPR, EU Commission Information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
Data Deletion
The data we process will be deleted in accordance with legal requirements as soon as their processing consent is withdrawn or other permissions no longer apply (e.g., when the purpose of data processing has ceased to exist or the data are no longer needed for the purpose). If the data are not deleted because they are required for other legally permissible purposes, their processing will be limited to those purposes. That means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is required for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.
Our privacy notices may also contain additional information regarding the retention and deletion of data that apply primarily to the respective processes.
Use of Cookies
Cookies are small text files or other storage markers that store information on devices and retrieve information from those devices, for example, to store login status in a user account, shopping cart contents in an e-shop, viewed content, or used features of an online service. Cookies can also be used for various purposes, such as ensuring the functionality, security, and comfort of online services and creating visitor traffic analytics.
Consent Notice: We use cookies in compliance with legal regulations. Therefore, we obtain prior consent from users unless this is not legally required. Consent is not necessary when storing and retrieving information, including cookies, is absolutely necessary to provide users with an explicitly requested telemedia service (i.e., our online offering). The revocable consent is clearly communicated to users and includes information about the specific use of cookies.
Notice on Data Protection Legal Basis: The legal basis for processing personal data via cookies depends on whether we request consent from users. If users consent, the legal basis for processing their data is the given consent. Otherwise, the data processed through cookies will be based on our legitimate interests (e.g., for the economic operation of our online services and improving usability) or, if necessary, to fulfill our contractual obligations.
Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:
Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest when the user leaves an online service and closes their device (e.g., browser or mobile application).
Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, login status can be saved or preferred content displayed when the user visits a website again. The data collected via cookies can also be used for measuring reach. If we do not provide explicit details about the type and storage duration of cookies (e.g., during consent collection), users should assume that cookies are permanent and the storage duration can be up to two years.
General Information on Revocation and Objection (Opt-Out): Users can revoke their given consent at any time and also object to processing according to the legal provisions of Art. 21 GDPR. Users can also declare their objection through their browser settings, e.g., by deactivating the use of cookies (which may limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
Further Information on Processing Procedures, Methods, and Services:
Processing of Cookie Data Based on Consent: We use a cookie consent management procedure, where users’ consents for the use of cookies, as well as the associated processing and providers, are collected and managed. The consent declaration is stored to avoid asking for consent again and to be able to prove consent in accordance with legal requirements.
Provision of Online Services and Web Hosting
We process user data to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.
Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Content data (e.g., entries in online forms).
Affected Persons: Users (e.g., website visitors, online service users).
Processing Purposes: Providing our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
Legal Basis: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
Further Information on Processing Procedures, Methods, and Services:
Provision of Online Services on Rented Storage Space: For the provision of our online services, we use storage space, computing capacity, and software rented from a corresponding server provider (also referred to as a “web host”).
Legal Basis: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
Collection of Access Data and Log Files: Access to our online services is logged in the form of server log files. These may include the address and name of the requested websites and files, date and time of access, transferred data volumes, successful retrieval messages, browser type and version, user’s operating system, referrer URL (previous page visited), and, typically, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid server overloads (especially in the case of malicious attacks like DDoS attacks), and to ensure server load and stability.
Legal Basis: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that is necessary for evidentiary purposes is exempt from deletion until the respective incident is fully clarified.
Blogs and Publication Media
We use blogs or similar online communication and publication media (hereinafter referred to as “publication media”). The data of readers are processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. For further details, please refer to the information on processing the visitors of our publication medium in this privacy notice.
Processed Data Types:
Inventory data (e.g., names, addresses)
Contact data (e.g., email, phone numbers)
Content data (e.g., inputs in online forms)
Usage data (e.g., visited websites, interest in content, access times)
Meta/communication data (e.g., device information, IP addresses)
Affected Individuals: Users (e.g., website visitors, users of online services)
Purposes of Processing:
Provision of contractual services and customer service
Feedback (e.g., collecting feedback via online forms)
Providing our online offer and user-friendliness
Security measures
Managing and responding to inquiries
Legal Basis:
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Additional Information on Processing Processes, Procedures, and Services:
Comments and Contributions:
When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves illegal content in comments and contributions (insults, banned political propaganda, etc.). In this case, we may be held accountable for the comment or contribution and are therefore interested in the identity of the author. We also reserve the right to process user data for spam detection based on our legitimate interests. On the same legal basis, we reserve the right to store IP addresses of users during surveys and use cookies to prevent multiple votes. The information provided in comments and contributions, including personal data, contact and website information, and content information, will be stored by us until users object.
Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Contact and Inquiry Management
When contacting us (e.g., via contact forms, email, phone, or social media), as well as in the context of existing user and business relationships, the details of the inquiring individuals are processed to the extent necessary to respond to the contact inquiries and any requested actions.
Processed Data Types:
Contact data (e.g., email, phone numbers)
Content data (e.g., inputs in online forms)
Usage data (e.g., visited websites, interest in content, access times)
Meta/communication data (e.g., device information, IP addresses)
Affected Individuals:
Communication partners
Purposes of Processing:
Contact inquiries and communication
Managing and responding to inquiries
Feedback (e.g., collecting feedback via online forms)
Providing our online offer and user-friendliness
Legal Basis:
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
Additional Information on Processing Processes, Procedures, and Services:
Contact Form:
When users contact us through our contact form, email, or other communication channels, we process the data provided in connection with the inquiry.
Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Newsletters and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipients or a legal permission. If specific contents of the newsletter are defined during the subscription, they are binding for the consent of the users. Otherwise, our newsletters contain information about our services and us.
To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide your name for personalized addressing in the newsletter, or other details if necessary for the purposes of the newsletter.
Double Opt-In Procedure:
The subscription to our newsletter is generally done via a Double-Opt-In procedure. That means you will receive an email after subscribing, asking you to confirm your subscription. This confirmation is necessary to prevent someone from subscribing with a foreign email address. Subscriptions are logged to comply with legal requirements. This includes storing the time of subscription and confirmation, as well as the IP address. Changes to the data stored with the mailing service provider are also logged.
Deletion and Restriction of Processing:
We can store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to prove the previously given consent. The processing of this data is limited to the purpose of potentially defending claims. An individual deletion request is possible at any time, provided the former consent is confirmed. In case of obligations to permanently respect objections, we reserve the right to store the email address solely for this purpose in a block list.
The logging of the subscription process is based on our legitimate interests for the purpose of proving the proper procedure. If we use a service provider for email distribution, this is based on our legitimate interests in an efficient and secure mailing system.
Content:
Information about us, our services, promotions, and offers.
Processed Data Types:
Inventory data (e.g., names, addresses)
Contact data (e.g., email, phone numbers)
Meta/communication data (e.g., device information, IP addresses)
Usage data (e.g., visited websites, interest in content, access times)
Affected Individuals:
Communication partners
Purposes of Processing:
Direct marketing (e.g., via email or postal mail)
Legal Basis:
Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR);
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Right to Object (Opt-Out):
You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe can be found at the end of every newsletter, or you can use one of the contact options mentioned above, preferably email.
Additional Information on Processing Processes, Procedures, and Services:
Measuring Open and Click Rates:
The newsletters contain a “web beacon,” a pixel-sized file retrieved from our server or, if we use a mailing service provider, from its server when the newsletter is opened. During this retrieval, technical information such as the browser, system information, IP address, and the time of the retrieval are collected. This information is used to improve the newsletter’s technical performance based on technical data, target groups, and reading behavior, as well as the retrieval locations (which can be determined by the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and other aspects.
Mailchimp:
Email distribution and marketing platform; Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA;
Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
Website: Mailchimp; Privacy policy: Mailchimp Privacy Policy;
Contractual processing agreement: Mailchimp Terms;
Standard contractual clauses (Ensuring data protection level for processing in third countries): Included in the contract processing agreement;
Further information: Special security measures: Mailchimp EU Data Transfers.
Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as “reach measurement”) is used to evaluate visitor traffic on our online offerings and may include pseudonymous data regarding behavior, interests, or demographic information, such as age or gender. Reach analysis helps us identify when our online offering or its functions and content are most frequently used or need improvement. It also allows us to see which areas need optimization.
In addition to web analysis, we may also use testing procedures, such as A/B testing, to test and optimize different versions of our online offerings or components.
Unless otherwise stated, profiles, i.e., data aggregated from a usage process, may be created, and information may be stored and retrieved from a browser or device for these purposes. Collected information includes, in particular, visited websites and elements used on them, as well as technical data, such as the browser, computer system, and usage times. If users have agreed to the collection of their location data with us or the providers of services we use, location data may also be processed.
IP addresses of users are stored, but we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no personally identifiable data (such as email addresses or names) is stored for web analysis, A/B testing, or optimization. Instead, pseudonyms are used. Therefore, we and the providers of the software do not know the true identity of the users but only the data stored in their profiles for these procedures.
Processed Data Types:
Usage data (e.g., visited websites, interest in content, access times)
Meta/communication data (e.g., device information, IP addresses)
Affected Individuals:
Users (e.g., website visitors, users of online services)
Purposes of Processing:
Reach measurement (e.g., access statistics, recognition of returning visitors)
Profiles with user-related information (creating user profiles)
Tracking (e.g., interest-/behavior-based profiling, use of cookies)
Providing our online offering and user-friendliness
Security Measures:
IP masking (pseudonymization of IP addresses)
Legal Basis:
Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Additional Information on Processing Processes, Procedures, and Services:
Google Analytics:
Web analysis, reach measurement, and user flow measurement; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR);
Website: Google Analytics;
Privacy policy: Google Privacy Policy;
Contractual processing agreement: Google Ads Processor Terms;
Standard contractual clauses (ensuring data protection level for processing in third countries): Google Ads Processor Terms;
Opt-out option: Opt-Out Plugin; Settings for ad display: Google Ads Settings;
Further information: Google Privacy for Business.
We process personal data for online marketing purposes, which may include the marketing of advertising space or the presentation of advertising and other content (referred to collectively as “content”) based on the potential interests of users, as well as measuring their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (a so-called “cookie”) or similar methods are used, which store relevant information about the user for displaying the aforementioned content. This information may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical details such as the browser used, the computer system used, and details regarding usage times and functions used. If users have consented to the collection of location data, such data may also be processed.
We also store users’ IP addresses. However, we use available IP masking methods (i.e., pseudonymization by shortening the IP address) to protect users. In general, online marketing procedures do not store users’ real data (e.g., email addresses or names), but pseudonyms. That means we, as well as the providers of the online marketing services, do not know the actual identity of the users, only the data stored in their profiles.
The information in the profiles is generally stored in cookies or by using similar methods. These cookies can later be read out on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content, as well as supplemented with other data and stored on the server of the online marketing provider.
In exceptional cases, real data can be assigned to the profiles. This happens, for example, if users are members of a social network whose online marketing procedure we use, and the network links the users’ profiles with the aforementioned information. We ask users to note that they may make additional agreements with the providers, e.g., by consenting during registration.
We generally only have access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion tracking, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. The conversion tracking is used solely to analyze the success of our marketing activities.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses). Affected persons: Users (e.g., website visitors, users of online services). Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); marketing; profiles with user-related information (creation of user profiles); conversion measurement (measurement of the effectiveness of marketing measures). Security measures: IP masking (pseudonymization of the IP address). Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Right to object (Opt-out): We refer to the privacy policies of the respective providers and the opt-out options provided by them (so-called “opt-out”). If no explicit opt-out option is provided, there is the possibility to disable cookies in your browser settings. However, this may limit some functions of our online offer. We therefore also recommend the following opt-out options, which are generally offered in the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-border: https://optout.aboutads.info. Further notes on processing procedures, methods, and services:
Google Ads and Conversion Tracking: We use the online marketing method “Google Ads” to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are shown to users who are presumed to be interested in the ads (so-called “conversion”). We also measure the conversion of the ads. However, we only learn about the total anonymous number of users who clicked on our ad and were redirected to a page with a so-called “conversion tracking tag.” We do not receive any information that allows us to identify users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; More information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices; Data processing terms between controllers and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.
Google Adsense with personalized ads: We use the Google Adsense service with personalized ads to display ads within our online offering, and we receive compensation for displaying or otherwise using them; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; More information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices; Data processing terms for Google advertising products: Information on services, data processing terms between controllers and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.
Google Adsense with non-personalized ads: We use the Google Adsense service with non-personalized ads to display ads within our online offering, and we receive compensation for displaying or otherwise using them; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; More information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices; Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.
Affiliate programs and affiliate links: We integrate so-called affiliate links or other references (such as search forms, widgets, or discount codes) to the offers and services of third-party providers into our online offer (referred to collectively as “affiliate links”). When users follow the affiliate links or later use the offers, we may receive a commission or other benefits from these third-party providers (referred to collectively as “commission”).
To track whether users have used the offers of an affiliate link we deployed, it is necessary for the respective third-party providers to know that the users followed an affiliate link within our online offering. The assignment of the affiliate links to the respective business transactions or other actions (e.g., purchases) serves the sole purpose of commission settlement and is erased as soon as it is no longer necessary for this purpose.
For the purposes of assigning affiliate links, affiliate links may be supplemented with certain values that are part of the link or otherwise, for example, stored in a cookie. These values may include, in particular, the source website (referrer), the time, an online identifier of the website operator on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.
Legal basis notes: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, users’ data is processed based on our legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.
Processed data types: Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses). Affected persons: Users (e.g., website visitors, users of online services). Purposes of processing: Affiliate tracking. Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Further notes on processing procedures, methods, and services:
Amazon Affiliate Program: Affiliate partner program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliated companies); Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.amazon.de; Privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.
Booking.com Affiliate Program: Affiliate marketing partner program; Service provider: Booking.com B.V., Herengracht 597, 1017 CE Amsterdam, Netherlands; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.booking.com; Privacy policy: https://www.booking.com/content/privacy.de.html.
Social media presence: We maintain online presences in social networks and process data of users in this context to communicate with users active there or to offer information about us.
We point out that data of users may be processed outside the European Union. This can pose risks for users because, for example, the enforcement of users’ rights may be more difficult.
Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and interests. These profiles may be used to display ads within and outside of networks that presumably match users’ interests. To achieve these purposes, cookies are typically stored on users’ devices, in which their usage behavior and interests. These profiles may be used to display ads within and outside of networks that presumably match users’ interests. To achieve these purposes, cookies are typically stored on users’ devices, in which their usage behavior and interests are recorded. If users are members of the respective social network, their profiles may also be linked to other devices.
We process user data based on legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) to effectively communicate with our users or to provide information about us.
Processed data types: Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses). Affected persons: Users (e.g., website visitors, users of online services). Purposes of processing: Communication with users; direct marketing. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
We ask you to regularly review the content of our Privacy Policy. We will update the Privacy Policy whenever changes in the data processing we conduct make it necessary. We will inform you whenever these changes require any action on your part (e.g., consent) or any other individual notification.
If we provide addresses and contact information of companies and organizations in this Privacy Policy, please note that the addresses may change over time and we ask you to verify the details before making contact.
Rights of the Data Subject
As a data subject, you have various rights under the GDPR, particularly those outlined in Articles 15 to 21 GDPR:
Right to Object: You have the right to object, for reasons arising from your particular situation, at any time to the processing of your personal data that is carried out based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising purposes; this also applies to profiling if it is related to such direct marketing.
Right to Withdraw Consent: You have the right to withdraw your consent at any time.
Right to Information: You have the right to obtain confirmation of whether your data is being processed, and to request information about this data, as well as additional details and a copy of the data in accordance with legal requirements.
Right to Rectification: You have the right, under the relevant legal provisions, to request the correction of inaccurate data or the completion of incomplete data concerning you.
Right to Erasure and Restriction of Processing: You have the right to request the immediate erasure of your data, or alternatively, to request the restriction of its processing, in accordance with legal provisions.
Right to Data Portability: You have the right to receive personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal provisions.
Right to Lodge a Complaint with Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your usual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
Supervisory Authority Responsible for Us:
Postal Address:
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de
Definitions
This section provides an overview of the terms used in this Privacy Policy. Many of the terms are derived from the law and are defined in Article 4 of the GDPR. The legal definitions are binding. The following explanations aim to aid understanding. The terms are listed alphabetically.
Affiliate Tracking: Affiliate tracking refers to tracking links that direct users to websites offering products or other services. Operators of the referring websites may receive a commission if users follow these “affiliate links” and subsequently take advantage of the offers (e.g., purchase goods or use services). This requires that the providers track whether users, interested in certain offers, take action through the affiliate links. This necessitates the inclusion of specific values in the link, or their storage in a cookie, which are necessary for the affiliate tracking to function. These values include the referring website (referrer), time, an online identifier of the website operator, an online identifier of the offer, and user-specific identifiers.
Conversion Measurement: Conversion measurement (also known as “action analysis”) is a method used to determine the effectiveness of marketing campaigns. Usually, a cookie is stored on the user’s device within the websites running the marketing campaigns and is later retrieved on the target website. For example, we can track whether the ads we placed on other websites were successful.
Personal Data: “Personal data” refers to any information related to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if they can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or other unique features of their physical, physiological, genetic, mental, economic, cultural, or social identity.
Profiles with User-Related Information: The processing of “profiles with user-related information,” or simply “profiles,” involves any type of automated processing of personal data, where this data is used to analyze or predict certain personal aspects (e.g., behavior, interests, or demographics). Profiling often uses cookies and web beacons.
Reach Measurement: Reach measurement (also called web analytics) is used to evaluate visitor traffic to an online service and can involve tracking visitors’ behavior or interest in specific information on the website, such as page content. Reach measurement helps website owners understand when visitors are on the site and what content interests them.
Location Data: Location data is generated when a mobile device (or another device with location capabilities) connects to a cell tower, Wi-Fi, or similar technical system to determine the device’s geographical location. Location data can be used to display maps or provide location-specific information.
Tracking: Tracking refers to the ability to monitor user behavior across multiple online services. This typically involves storing behavioral and interest-related information in cookies or on servers of the tracking technology providers, which can then be used to display targeted ads based on user interests.
Controller: The “controller” is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.
Processing: “Processing” refers to any operation or series of operations performed on personal data, whether automated or manual. It includes activities such as collection, storage, analysis, transmission, or deletion.
Created with the free Privacy Policy Generator by Dr. Thomas Schwenke.