In this data privacy declaration, we inform you about your rights and about the personal data we process when you visit our website. Therefore, we ask you to read the following carefully. Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, address and communication data or your e-mail address.
Processing refers to any operation or set of operations that is carried out with personal data, be it by automatic means or not, including the collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
Data subject refers to any identified or identifiable natural person whose personal data are processed by the controller.
Controller or "person responsible for controlling" refers to the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
User includes all categories of data subjects impacted by data processing. They include our business partners and other visitors to our website.
For the terms used, we also refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). The terms used, such as "user", are to be understood as gender-neutral.
1. Name and address of the person responsible
PHS Medien Beteiligungen GmbH
T +49 6341 6818-0
F +49 6341 6818-1
The representative of the responsible person is the managing partner Peter Hüftlein-Seeger
2. Data Privacy Officer
PHS Medien Beteiligungen GmbH has appointed a data privacy officer. You can reach him at the e-mail address firstname.lastname@example.org or via our postal address with the addition of "the data privacy officer“.
3. Processing of personal data
3.1. Visit to our website
3.1.1. Scope of data processing
When you visit our website, your browser also transmits certain data to our web server for technical reasons. This involves the following data (so-called server log files):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Operating system and its access status / HTTP status code
- Amount of data transferred
- Website from which the request came ("referrer URL")
- Browser, language and version of the browser software
3.1.2. Purpose of data processing
The storage of this data in log files is necessary so as to ensure the website's functionality. They serve to optimise the website and to ensure the security of our information technology systems.
3.1.3. Legal basis of processing
We collect this data on the basis of our legitimate interest within the meaning of Art. 6 Par. 1 lit. f) GDPR so as to display our website and to ensure its security.
3.1.4. Duration of storage
Information in the log files is stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of seven days and then deleted. Data the further retention of which is necessary for evidentiary purposes shall be exempt from deletion until the respective incident has been finally clarified.
3.1.5. Possibility of objection and removal
The collection of data for the provision of the website and its storage in log files is absolutely necessary for the operation for technical reasons. Consequently, there is no possibility for the user to object.
3.2. Contact form and e-mail contact
3.2.1. Scope of data processing
When you use the contact form on our website, the following data is processed to us: Salutation, title, first name, last name, company, street, house number, postcode, city, country, telephone number, mobile phone number, e-mail address, your sent message, request for callback yes/no.
Alternatively, it is possible to contact us via e-mail addresses provided by us – depending on the request. In these cases, the sender's personal data as transmitted with the e-mail will be processed.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation and for handling the request.
3.2.2. Purpose of data processing
The processing of the personal data from the input mask allows us to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process (e.g., IP address, date, time) serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
3.2.3. Legal basis of the processing
When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 Par. 1 lit. b) GDPR.
3.2.4. Duration of storage
We delete personal data when it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when the circumstances indicate that the matter in question or the request for information has been conclusively clarified.
3.2.5. Possibility of objection and removal
You have the option to revoke your consent to the processing of personal data at any time.
If you contact us via e-mail, you can object to the storage of your personal data at any time. In this case, needless to say, our conversation can no longer be continued. Please send such a revocation to the above-mentioned e-mail address. All personal data stored in the course of contacting us will then be deleted.
3.3.1. Scope of data processing
This is not done by assigning you personally, but by assigning an identification number to the cookie (so-called "cookie ID"). The cookie ID is not merged with your name, your IP address or similar data that would enable the cookie to be assigned to you.
This website uses transient and persistent cookies.
a) Transient cookies are automatically deleted when you close the browser. These include, in particular, so-called session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. Your computer can be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period of time, which may vary, depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
3.3.2. Purpose of data processing
Some elements of our website require that the calling browser can be identified even after a page change. For these, the browser must also be recognised after a page change.
3.3.3. Legal basis of data processing
The legal basis for processing personal data by making use of the technically-necessary cookies is Art. 6 Par. 1 lit. f GDPR.
3.3.4. Duration of storage
Session cookies are deleted as soon as the browser is closed.
Persistent cookies are automatically deleted after a predefined period of time.
3.3.5. Possibility of objection and removal
However, please note that you may not be able to use all the functions of our website in this case.
3.4. Web analysis
3.4.1. Scope of data processing
We use Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google") on our website.
The information collected by Google about your use of this website (e.g., the pages visited on our website) is transferred to and stored in a Google server in the USA, where it is analysed, and the result made available to us in anonymised form.
On our website, we use the IP anonymisation offered by Google. In this case, your IP address is abbreviated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA in exceptional cases and abbreviated there.
Google is certified in the EU-US Privacy Shield, which guarantees an adequate level of data privacy for data at Google in the USA.
3.4.2. Purpose of data processing
On our behalf, Google uses this information to evaluate the use of our website and to compile reports on the activities within our website. This enables us to improve your online experience and increase our website's user-friendliness.
3.4.3. Legal basis of processing
Our legitimate interest in data processing by Google Analytics lies in the above-mentioned purposes. The legal basis is Art. 6 Par. 1 lit. f GDPR.
3.4.4. Duration of storage
Sessions and campaigns are terminated after a certain period of time. Sessions are ended by default after 30 minutes of no activity, and campaigns are ended after six months. The time limit for campaigns can be a maximum of two years
3.4.5. Possibility of objection and removal
The IP address transmitted by your browser will not be merged with other Google data. You can avoid cookies from being stored by setting your browser software accordingly, as described above in the "cookies" section. You can also prevent the collection of data generated by the cookie and related to your use of our website by Google and the processing of this data by Google by downloading and installing the available browser plug-in from Google: https://tools.google.com/dlpage/gaoptout?hl=de .
3.5. Google AdWords
3.5.1. Scope of data processing
We use Google Adwords to draw attention to our offers on external websites, with the help of advertising media (so-called Google Adwords). These advertisements are delivered by Google via so-called "Ad Servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for evaluating success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. In the aforementioned, we have described what cookies are and how they can be deleted. These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Adwords customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user has clicked on the ad and been redirected to that page. A different cookie is assigned to each Adwords customer. Therefore, cookies cannot be tracked via the websites of Adwords customers. We do not collect or process any personal data in the aforementioned advertising measures ourselves. We only receive statistical evaluations from Google. With these evaluations, we can recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, the provider may still be able to obtain and store your IP address.
3.5.2. Purpose of data processing
We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. This way, we pursue the interest of showing you advertising that is of interest to you, of making our website more interesting for you and of achieving a fair calculation of advertising costs.
3.5.3. Legal basis of processing
The data processing serves our legitimate interest to target advertising. Legal basis is Art. 6 Par. 1 lit. f) GDPR.
3.5.4. Duration of storage
These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
3.5.5. Possibility of objection and removal
You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google. de/settings/ads , with this setting being deleted when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices , with this setting being deleted when you delete your cookies; d) by permanently disabling them in your Firefox, Internet explorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin .
More information on data privacy at Google can be found her: http://www.google.com/intl/de/policies/privacy und https://services.google.com/sitestats/de. Alternatively, you can visit the website of the network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
3.6. Google Remarketing
3.6.1. Scope of data processing
In addition to Adwords Conversion, we use the Google Remarketing application (Google Marketing Services for short) from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
This is a procedure with which we would like to address you again. Through this application, our advertisements can be displayed to you during your further internet use after visiting our website. This is done by means of cookies stored in your browser, through which your usage behaviour is recorded and evaluated by Google when you visit various websites. We have described above what cookies are and how they can be deleted. With the help of these cookies, user behaviour when visiting our website can be analysed and then used for targeted product recommendations and interest-based advertising.
In this way, Google can determine your previous visit to our website. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used in remarketing.
For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which web pages the user has visited, which content he or she is interested in and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring web pages, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform you within the scope of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is transferred in full to a Google server in the USA and shortened there. The IP address will not be merged with user data within other Google offerings. The aforementioned information may also be combined by Google with such information from other sources. If you visit a Google advertising network website after visiting our website, you may be presented with advertisements featuring content from our website.
Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data privacy law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
3.6.2. Purpose of data processing
On our behalf, Google uses this information to bring previous visitors to our website back to our internet presence and to target them with interest-based advertising.
3.6.3. Legal basis of processing
We use the following data on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 Par. 1 lit. f. GDPR)
3.6.4. Duration of storage
Sessions and campaigns are terminated after a certain period of time. By default, sessions are ended after 30 minutes of no activity and campaigns are ended after six months. The time limit for campaigns can be a maximum of two years.
3.6.5. Possibility of objection and removal
If you generally do not wish cookies to be used, you can set your browser so that cookies are not accepted. Please note that, in this case, you may only be able to use our website to a limited extent or not at all. We have described how to deactivate cookies in your browser in the Cookies chapter.
For more information on the use of data for marketing purposes by Google, please visit the overview page: https://www.google.com/policies/technologies/ads. Google's data privacy declaration is available at https://www.google.com/policies/privacy.
If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
4. Data security
We take state-of-the-art technical, contractual and organisational measures for data processing security. This way, we ensure that the provisions of the data privacy laws, in particular the General Data Protection Regulation, are complied with and that the data processed by us is protected against destruction, loss, modification, and unauthorised access. These security measures also include the encrypted transmission of data between your browser and our servers. Please note that SSL encryption is only activated for transmissions carried out via the Internet if the key symbol appears in the lower menu bar of your browser window and the address begins with https://. SSL (Secure Socket Layer) encryption technology protects data transmission from illegal access by third parties. In absence of this option, you can also choose not to send certain data via the Internet.
All information that you transmit to us is stored and processed on our servers in the Federal Republic of Germany.
5. Passing on of data to third parties and third-party providers
Data is only passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, e.g., on the basis of Art. 6 Par. 1 lit. b) GDPR for contractual purposes or in the economic and effective operation of our business, on the basis of legitimate interests pursuant to Art. 6 Par. 1 lit. f) GDPR.
We use subcontractors for the provision of our services, in particular for the operation, maintenance and hosting of the website, as part of a contract processing pursuant to Art. 28 GDPR. We have taken appropriate legal precautions as well as corresponding technical and organisational measures to ensure the privacy of personal data in accordance with the relevant legal regulations.
6. External services and content on our website
We integrate external services or content on our website. This is done on the basis of our legitimate interests in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Par. 1 lit. f GDPR.
When using such a service or displaying third-party content, communication data such as date, time and IP address are exchanged between you and the respective provider for technical reasons. This is, in particular, your IP address, which is required for the display of content in your browser.
It may occur that the provider of the respective services or content processes your data for further, specific purposes. However, as we have no influence on the data collected by third parties and their processing, we cannot provide any binding information on the purpose and scope of the processing of your data.
For more information on the purpose and scope of the collection and processing of your data, please refer to the data privacy notices of the providers of the services or content we integrate who are responsible for data privacy in each case.
The following list provides an overview of third-party providers and their content and links to their data privacy declarations, which contain further information on data processing and objection options.
7. Your rights
If we process your personal data, you are a data subject within the meaning of the Data Protection Regulation (GDPR). Data Protection Regulation (GDPR) and you have the following rights vis-à-vis us of the personal data concerning you:
- Right to information (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to deletion (Art. 17 GDPR)
- Right to restriction of the processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
You also have the right to complain to a data privacy supervisory authority about our processing of your personal data.
We reserve the right to change the data privacy declaration in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. To the extent that user consent is required or components of the data privacy declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
Please inform yourself about the content of the data privacy declaration at regular intervals.