Privacy Policy

This privacy policy provides you with information about the type, scope and purpose of the processing of personal data (hereinafter “data”) within our online services and the websites, functions and content connected with them as well as our external online presence, such as our social media profiles (hereinafter collectively “online services”). For the terms used, such as “personal data” or its “processing”, we refer you to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller and data protection officer

Jürg Lys, Email: j.lys@zibris.ch

Types of data processed:

  • Base data (e.g. names and addresses).
  • Contact data (e.g. email and telephone numbers).
  • Content data (e.g. text, photographs and videos).
  • Contract data (e.g. subject of the contract, term and customer category).
  • Payment data (e.g. bank details and payment history).
  • Usage data (e.g. websites visited, interest in content, and access times).
  • Meta/communication data (e.g. device information and IP addresses).

Processing of special categories of data (Art. 9(1) GDPR):

  • No special categories of data are processed unless they are provided for processing by the users, e.g. entered in online forms.

Categories of data subjects affected by the processing:

  • Customers, interested parties, and suppliers.
  • Visitors and users of the online services.

In the rest of the policy we also refer to data subjects collectively as “users”.

Purpose of the processing:

  • To make the online services, their content and functions available.
  • To provide contractual and other services as well as customer care.
  • To respond to contact enquiries and communicate with users.
  • For market, advertise and conduct market research.
  • Security measures.

Last revised: 17.12.2020

2. Changes and updates to the privacy policy

We recommend regularly reviewing the content of our privacy policy. We will modify the privacy policy as soon as it becomes necessary because of any changes in the data processing we carry out. We will immediately notify you if your cooperation is required as a result of the changes (e.g. consent) or you specifically need to be otherwise notified.

3. Security measures

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons; the principal measures include safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access to, input, disclosure, safeguarding of availability and segregation of the data. We have also established procedures to ensure data subjects’ rights can be exercised, data erased and a response can be taken if data is compromised. We also already take the protection of personal data into account when developing and selecting hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).

The main security measures include the encrypted transmission of data between your browser and our server. As with any connection to a web server, the server of our web hosting provider cyon in Basel, Switzerland, logs and stores certain technical data. This data includes the IP address and the operating system of your device, the data, the access time, the type of browser and the browser request including the origin of the request (referrer). This is necessary for technical reasons so we can make our website available to you. cyon protects this data from unauthorised access by a variety of technical and organisational measures and does not pass the data on to third parties. Where we process personal data in this context, we do so based on our interest in providing you with the best possible user experience and to safeguard the security and stability of our systems.

4. Working with processors and third parties

4.1. If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, we will do so only if this is legally permissible (e.g. if the transmission of the data to third parties, such as to payment service providers, is necessary to perform the contract pursuant to Art. 6(1)(b) GDPR), you have consented, or a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

4.2. If we appoint third parties to process data on the basis of a “processing agreement”, we will only do so pursuant to Art. 28 GDPR.

5. Transmitting data to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing, or transmitting data to third parties, we will do so only if this is done to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permission, we will process or permit the processing of data in a third country only if the special requirements of Art. 44 et seq. GDPR apply. This means that processing is carried out, for example, on the basis of special guarantees, such as official acknowledgement that the level of data protection corresponds to that of the EU (e.g. in the case of the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (“standard contractual clauses”).

6. Rights of data subjects

6.1. You have the right to request confirmation as to whether the data in question is being processed, to access this data, and to obtain further information and a copy of the data under Art. 15 GDPR.

6.2. You have the right under Art. 16 GDPR to request that your data is completed or that any errors in your data are rectified.

6.3. Under Art. 17 GDPR, you have the right to obtain the erasure of the data in question without delay or, alternatively, to demand restriction of the processing of the data under Art. 18 GDPR.

6.4. You have the right to request to receive the data concerning you that you have provided to us under Art. 20 GDPR and to request its transmission to other data controllers.

6.5. You also have the right to lodge a complaint with the competent supervisory authority under Art. 77 GDPR.

8. Right to object

You may object at any time to the future processing of your data under Art. 21 GDPR. The objection can be made in particular with respect to processing of your data for the purpose of direct advertising.

9. Cookies and right to object to direct advertising

We use temporary and permanent cookies, i.e. small files that are stored on users’ devices (for an explanation of this term and its function, see the last section of this privacy policy). The cookies are partly used for security purposes, or to ensure we can operate our online services (e.g. to display the website) or to save the user’s decision when confirming the cookie banner. We or our technology partners also use cookies for measuring reach and for marketing purposes, which users are informed about in the privacy policy.

You can declare your general objection to the use of cookies for online marketing purposes for a large number of services, especially those used for tracking purposes, by using the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. You may also prevent cookies from being stored by deactivating them in your browser settings. Please note that you may then not be able to use all the functions of these online services.

10. Erasing data

10.1. The data we process will be erased or its processing restricted under Art. 17 and 18 GDPR. Unless expressly stated within the scope of this privacy policy, the data we store will be erased as soon as it is no longer required for its intended purpose and its erasure does not conflict with any statutory retention obligations. If the data is not erased because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained due to commercial or tax law.

10.2. In accordance with legal requirements, all bookkeeping and business correspondence is kept for 10 years pursuant to Art. 957 to 963 of the Swiss Code of Obligations. (commercial ledgers, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, books, records, management reports, accounting documents, commercial and business letters, electronic data traffic, documents relevant for taxation, etc.).

11. Providing contractual services

11.1. We process base data (e.g. names and addresses and contact data of users) and contract data (e.g. services used, names of contact persons and payment information) for the purpose of fulfilling our contractual obligations and services under Art. 6(1)(b) GDPR. The fields marked as mandatory in online forms are required for the contract to be entered into.

11.2. When users register, log back in or use our online services, we store the IP address and the time and date of the respective user action. We store this information based on our legitimate interests and those of the users to protect against misuse and other unauthorised use. This data is not passed on to third parties unless this is necessary for us to assert any claims that we may have or there is a legal obligation to do so under Art. 6(1)(c) GDPR.

11.3. We process usage data (e.g. the web pages of our online services visited or interest in our products) and content data (e.g. entries in the contact form or user profile) in a user profile for advertising purposes, e.g. in order to display product information to users based on the services they have used to date.

11.4. We delete this data after statutory warranty and comparable obligations expire. We review every three years the need to keep the data; in the case of statutory archiving obligations, we delete the data once these obligations expire (10 years); information is kept in the customer account until it is deleted.

12. Making contact

12.1. When we are contacted (via the contact form or by email), the user’s details are processed for the purpose of dealing with the request for contact and its handling pursuant to Art. 6(1)(b) GDPR.

12.2. Users’ details may be stored in our customer relationship management system (“CRM system”) or comparable enquiry-handling system.

12.3. We use the “Gravity Forms” system provided by Rocket Genius, Inc. (1620 Centerville Turnpike, Suite 102, Virginia Beach VA 23464-6500, United States) on the basis of our legitimate interests (efficient and fast processing of user requests).

12.4. We delete the requests if they are no longer necessary. We review this necessity every two years; we permanently store requests from customers who have a customer account and refer the customer account details for deletion. Where statutory archiving obligations apply, we delete the data once these obligations expire (10 years).

13. Collecting access data and log files

13.1. We collect access data each time the server on which this service is located (server log files) is accessed and do so on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification that the website has been successfully accessed, browser type and version, user’s operating system, referrer URL (page previously visited), IP address and the requesting provider.

13.2. Log file information is stored for security reasons (e.g. to clarify if misuse or fraud has occurred) for a maximum of seven days and then deleted. Data that needs to be stored for evidentiary purposes is exempt from deletion until the respective incident has been conclusively clarified.

14. Online presence on social media

14.1. We maintain an online presence on social networks and platforms on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR in order to be able to communicate with customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

14.2. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presence or send us messages.

15. Cookies and reach measurement

15.1. Cookies are items of information that are transmitted from our web server or third-party web servers to the users’ web browsers and deposited there for later retrieval. Cookies may be small files or other types of stored information.

15.2. We use session cookies which are only stored for the duration of your current visit to our online presence (e.g. to save your login status or the shopping cart function so you are able to use our online services). A randomly generated unique identification number known as a session ID is stored in a session cookie. A cookie also contains information about its origin and how long it has been stored. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online services and log out or close the browser, for example.

15.3. This privacy policy informs users of the ways in which cookies are used to measure reach in pseudonymous form.

15.4. If users do not want cookies to be stored on their computer, they should deactivate the respective option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to restrictions in the functionality of these online services.

15.5. You can object to the use of cookies used for measuring reach and for advertising purposes via the Network Advertising Initiative opt-out page(https://optout.networkadvertising.org) or the US website (https://www.aboutads.info/choices) or the European website (https://www.youronlinechoices.com).

16. Use of third-party services and content

16.1. Within our online services, we use the content or services of third-party providers on the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and economically efficient operation of our online services in accordance with Art. 6(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly “content”). This always presupposes that the third-party providers of this content are aware of the IP address of the users as without the IP address they would not be able to deliver the content to their browser. The IP address is thus required to display this content. We endeavour to only use content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. These pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, date and time of visit and other information about the use of our online services, and may also be linked to such information from other sources.

16.2. The following links provide an overview of third-party providers and their content, together with links to their privacy policies, which contain additional information on the processing of data and the opt-out rights, some of which have already been described here:

  • External fonts from Google, LLC., https://www.google.com/fonts(“Google Fonts”). Google Fonts is usually integrated by a server request to Google (usually in the USA). Privacy policy: https://policies.google.com/privacy and opt-out: https://adssettings.google.com/authenticated.
  • Maps provided by the “Google Maps” service of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/ and opt-out: https://www.google.com/settings/ads/.
  • Within our online offer, we use the marketing functions (so-called “LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. With the help of the LinkedIn Insight Tag, we can in particular analyse the success of our campaigns within LinkedIn or determine target groups for them based on the interaction of the users with our online offer. If you are registered with LinkedIn, it is possible for LinkedIn to assign your interaction with our online offering to your user account. Even if you click the “Recommend Button” of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. LinkedIn is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • External code of the JavaScript framework “jQuery”, provided by the third-party provider jQuery Foundation, https://jquery.org.

17. HubSpot

17.1 On this website we use HubSpot for our online marketing activities. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

17.2 Hubspot uses web beacons and cookies that help us analyse your use of our website. This means that when you contact us, subscribe to our newsletter, download a publication or submit another form integrated in Hubspot, your activities on our website are assigned to your cookie if you have given your consent, thereby enabling us to analyse your website use in greater detail (e.g. pages visited, date and time of visits, forms completed, documents downloaded). In addition, for some forms we send you requested digital resources by e-mail. This allows us to better tailor the user experience on our website and our communications to the needs of our visitors.

You can disable or individually allow/block the use of cookies by our website or third party providers at any time in your browser settings.

17.3 You can deactivate or individually allow/block the use of cookies by our website or third-party providers in your browser settings at any time, as already mentioned. How to do this is described in the section Cookies and Web Beacons (see above).

17.4 HubSpot is certified under the terms of the EU – U.S. Privacy Shield Framework and is subject to TRUSTe ‘s Privacy Seal and the U.S. – Swiss Safe Harbor Framework. For comprehensive information on how HubSpot handles and protects the data it collects, please see the Privacy Policy: https://legal.hubspot.com/privacy-policy

18. google analytics

18.1. We use Google Analytics, a web analytics service provided by Google LLC (“Google”), based on our legitimate interests (i.e. interest in the analysis, optimisation and economically efficient operation of our online services in accordance with Art. 6(1)(f) GDPR). Google uses cookies. The information collected by the cookie about the use of the online services by the user is usually transmitted to a Google server in the USA and stored there.

18.2. Google is certified under the Privacy Shield agreement and therefore provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

18.3. Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on the activities within these online services and to provide us with additional services related to the use of these online services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics to display the ads placed within Google’s advertising services and those of its partners only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Google (so-called “Remarketing Audiences” or “Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to ensure that our advertisements correspond to the potential interest of the users and do not have a harassing effect.

18.4. We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

18.5. The IP address transmitted by the user’s browser will not be combined with any other data held by Google. Users can prevent cookies from being stored by setting their browser software accordingly; users can also prevent the data generated by the cookie relating to their use of the online services from being collected and sent to and processed by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

18.6. You can find out more information about Google’s use of data, settings options and what the options to object are on the Google website: https://www.google.com/intl/de/policies/privacy/partners  (“Data use by Google when you use our partners’ websites or apps”),  https://policies.google.com/technologies/ads  (“Data use for advertising purposes”),  https://adssettings.google.com/authenticated (“Managing information Google uses to display ads to you”).

19. google-re/marketing-services

19.1 We use the marketing and remarketing services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Park Park, Mountain View, CA 9.1. DSGVO) the marketing and remarketing services (in short “Google marketing services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

19.2 Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

19.3 Google’s marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which he or she has shown interest on other websites, this is referred to as “remarketing”. For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he or she is interested in and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transmitted in full to a Google server in the USA and shortened there. The IP address will not be merged with user data within other Google offerings. The aforementioned information may also be combined by Google with such information from other sources. If the user subsequently visits other websites, he or she can be shown ads tailored to his or her interests.

19.4 User data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. I.e. from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

19.5 The Google marketing services we use include the online advertising programme “Google Ads”. In the case of Google Ads, each Ads customer receives a different “conversion cookie”. Cookies can therefore not be tracked across Ads customers’ websites. The information obtained through the cookie is used to generate conversion statistics for Ads customers who have opted in to conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

19.6 We may include third party advertisements based on the Google marketing service “DoubleClick”. DoubleClick uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the internet.

19.7 We may include third party advertisements based on the Google marketing service “AdSense”. AdSense uses cookies to enable Google and its partner websites to display ads based on users’ visits to this website or other websites on the internet.

19.8 We may also use the “Google Optimizer” service. Google Optimizer allows us to track the effect of various changes to a website (e.g. changes to the input fields, design, etc.) as part of so-called “A/B testing”. For these testing purposes, cookies are placed on the users’ devices. Only pseudonymous data of the users will be processed.

19.9 Furthermore, we may use the “Google Tag Manager” to integrate and manage the Google analysis and marketing services on our website.

19.10. For more information on Google’s use of data for marketing purposes, please see the overview page: https://policies.google.com/technologies/ads?hl=en, Google’s privacy policy is available at https://policies.google.com/privacy?hl=en

19.11. If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated

20. Facebook-, Custom Audiences und Facebook-Marketing-Dienste

20.1 Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimisation and economic operation of our online offer and for these purposes.

20.2 Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

20.3 With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

20.4 Furthermore, when using the Facebook Pixel, we use the additional function “extended matching” (in this case, data such as telephone numbers, e-mail addresses or Facebook IDs of the users) to create target groups (“Custom Audiences” or “Look Alike Audiences”) are transmitted to Facebook (encrypted). Further notes on “advanced matching”: https://www.facebook.com/business/help/611774685654668.

20.5 We also use the “Custom Audiences from File” procedure of the social network Facebook, Inc. In this case, the email addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to determine recipients of our Facebook ads. In this way, we want to ensure that the ads are only displayed to users who are interested in our information and services.

20.6 The processing of data by Facebook is carried out within the framework of Facebook’s data use policy. Accordingly, general information on the display of Facebook ads, in Facebook’s data usage policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.

20.7 You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

20.8 To prevent your data from being collected by the Facebook pixel on our website, please click the following link: Facebook-Opt-Out Note: When you click the link, an “opt-out” cookie is stored on your device. If you delete the cookies in this browser, then you must click the link again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain where the link was clicked.

20.9 You can also opt out of the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative’s opt-out page. (http://optout.networkadvertising.org/) and additionally the US-American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/) disagree.

21. Newsletter

21.1. Below we provide you with details about the contents of our newsletter, the registration, delivery and statistical evaluation procedure, and your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.

21.2. Content of the newsletter: we send newsletters, emails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or if this is legally permissible. If the contents of the newsletter are specifically described when you register, the user is deemed to have granted their consent. Our newsletters also contain information about our products, services, promotions, and our company.

21.3 Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.

21.4 Dispatch service provider: The newsletter is dispatched using “HubSpot”, a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. You can view the data protection provisions of the dispatch service provider here: https://legal.hubspot.com/privacy-policy HubSpot is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with the European level of data protection. (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active).

21.5. Based on its own information, the delivery service provider may also use this data in pseudonymous form, i.e. without assigning it to a user, to optimise or improve its own services, e.g. to technically optimise the delivery and presentation of the newsletter or for statistical purposes in order to determine which countries the recipients are from. However, the delivery service provider does not use our newsletter recipients’ data to write to them itself or pass it on to third parties.

21.6. Registration data: to sign up for the newsletter, all you need to do is enter your email address. Optionally, we ask you to enter a name in the newsletter so that we can address you personally.

21.7. Measuring performance: the newsletters contain a web beacon, i.e. a pixel-sized file that is retrieved from the server of the delivery service provider when the newsletter is opened. When this is retrieved, technical information, such as information on the browser and your system, your IP address and the time and date of the retrieval are initially collected. This information is used to improve the technology of the services based on the technical data or the target groups, and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or the access times. The statistical surveys also include information about whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information may be assigned to the individual newsletter recipients. However, it is neither our nor the delivery service provider’s intention to monitor individual users. We use the evaluations instead to determine the reading habits of our users and to adapt our content to them or to deliver different content based on the interests of our users.

21.8. The newsletter is delivered and its success is measured on the basis of the recipients’ consent pursuant to Art. 6(1)(a), Art. 7 GDPR in conjunction with section 7(2) no. 3 of the Federal Act on Unfair Competition (UCA) or on the basis of legal permission pursuant to section 7(3) UCA.

21.9. The registration process is logged on the basis of our legitimate interests under Art. 6(1)(f) GDPR and serves as proof of consent to receive the newsletter.

21.10. Cancellation/revocation: newsletter recipients can cancel receipt of our newsletter at any time, i.e. revoke their consent. You can find a link to cancel the newsletter at the end of each newsletter. Your consent to measure performance will lapse simultaneously. As it is unfortunately not possible to separately revoke measurement of performance, the entire newsletter subscription must be cancelled in this case. When you unsubscribe from the newsletter, your personal data will be deleted unless its retention is legally required or justified, in which case its processing will be limited to these exceptional purposes only. In particular, we may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them for the purposes of delivering newsletters in order to be able to demonstrate consent had previously been granted. The processing of this data is limited to the purpose of averting any claims asserted against us. It is possible at any time to make an individual request for deletion, provided that it is confirmed at the same time that consent was previously granted.

Contact Anrufen