Privacy Notice

Jevbio.net is a blog of the European Soci­ety for Evol­u­tion­ary Bio­logy (here­after “ESEB”).

With the fol­low­ing pri­vacy policy we would like to inform you which types of your per­son­al data (here­in­after also abbre­vi­ated as “data”) we pro­cess for which pur­poses and in what scope. The pri­vacy state­ment applies to all pro­cessing of per­son­al data car­ried out by us, both in the con­text of provid­ing our ser­vices and in par­tic­u­lar on our web­site jevbio.net, and with­in extern­al online pres­ences, such as our social media pro­files (here­in­after col­lect­ively referred to as “online services”).

Last Update: 8. Decem­ber 2020

Table of contents

  • Con­trol­ler
  • Over­view of pro­cessing operations
  • Leg­al Bases for the Processing
  • Secur­ity Precautions
  • Trans­mis­sion and Dis­clos­ure of Per­son­al Data
  • Data Pro­cessing in Third Countries
  • Per­form­ing tasks in accord­ance with stat­utes or rules of procedure
  • Pro­vi­sion of online ser­vices and web hosting
  • Blogs and pub­lic­a­tion media
  • Pro­files in Social Net­works (Social Media)
  • Plu­gins and embed­ded func­tions and content
  • Plan­ning, Organ­iz­a­tion and Utilities
  • Eras­ure of data
  • Changes and Updates to the Pri­vacy Policy
  • Rights of Data Subjects
  • Ter­min­o­logy and Definitions

Controller

European Soci­ety for Evol­u­tion­ary Bio­logy (ESEB)
Molen­straat 156
6712 CW Ede
The Neth­er­lands

E‑mail address: office@eseb.org

Overview of processing operations

The fol­low­ing table sum­mar­ises the types of data pro­cessed, the pur­poses for which they are pro­cessed and the con­cerned data subjects.

Categories of Processed Data

  • Invent­ory data (e.g. names, addresses).
  • Con­tent data (e.g. text input, pho­to­graphs, videos).
  • Con­tact data (e.g. email, tele­phone numbers).
  • Meta/communication data (e.g. device inform­a­tion, IP addresses).
  • Usage data (e.g. web­sites vis­ited, interest in con­tent, access times).
  • Con­tract data (e.g. con­tract sub­ject, dur­a­tion, cus­tom­er category).
  • Pay­ment Data (e.g. bank details, invoices, pay­ment history).

Categories of Data Subjects

  • Busi­ness and con­trac­tu­al partners.
  • Com­mu­nic­a­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • ESEB Mem­bers.
  • Users (e.g. web­site vis­it­ors, users of online services).

Purposes of Processing

  • Pro­vi­sion of our online ser­vices and usability.
  • Feed­back (e.g. col­lect­ing feed­back via comments).
  • Con­tact requests and communication.
  • Pro­fil­ing (Cre­at­ing user profiles).
  • Remarket­ing.
  • Web Ana­lyt­ics (e.g. access stat­ist­ics, recog­ni­tion of return­ing visitors).
  • Secur­ity measures.
  • Tar­get­ing (e.g. pro­fil­ing based on interests and beha­viour, use of cookies).
  • Polls and Ques­tion­naires (e.g. sur­veys with input options, mul­tiple choice questions).
  • Pro­vi­sion of con­trac­tu­al ser­vices and cus­tom­er support.
  • Man­aging and respond­ing to inquiries.
  • Cus­tom Audi­ences (Selec­tion of rel­ev­ant tar­get groups for mar­ket­ing pur­poses or oth­er out­put of content).

Legal Bases for the Processing

The leg­al basis on which we pro­cess per­son­al data is described in the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) and the GDPR Exe­cu­tion Act (“UAVG”, “Uit­vo­er­ing­swet Alge­mene ver­or­den­ing gegevens­bes­cherm­ing”). Please note that, in addi­tion to these reg­u­la­tions, nation­al data pro­tec­tion reg­u­la­tions may apply in your coun­try or in our coun­try of res­id­ence or dom­i­cile. If, in addi­tion, more spe­cif­ic leg­al bases are applic­able in indi­vidu­al cases, we will inform you of these in the data pro­tec­tion declaration.

  • Con­sent (Art­icle 6 (1) (a) GDPR) — The data sub­ject has giv­en con­sent to the pro­cessing of his or her per­son­al data for one or more spe­cif­ic purposes.
  • Per­form­ance of a con­tract and pri­or requests (Art­icle 6 (1) (b) GDPR) — Per­form­ance of a con­tract to which the data sub­ject is party or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a contract.
  • Legit­im­ate Interests (Art­icle 6 (1) (f) GDPR) — Pro­cessing is neces­sary for the pur­poses of the legit­im­ate interests pur­sued by the con­trol­ler or by a third party, except where such interests are over­rid­den by the interests or fun­da­ment­al rights and freedoms of the data sub­ject which require pro­tec­tion of per­son­al data.

Security Precautions

We take appro­pri­ate tech­nic­al and organ­isa­tion­al meas­ures in accord­ance with the leg­al require­ments, tak­ing into account the state of the art, the costs of imple­ment­a­tion and the nature, scope, con­text and pur­poses of pro­cessing as well as the risk of vary­ing like­li­hood and sever­ity for the rights and freedoms of nat­ur­al per­sons, in order to ensure a level of secur­ity appro­pri­ate to the risk.

The meas­ures include, in par­tic­u­lar, safe­guard­ing the con­fid­en­ti­al­ity, integ­rity and avail­ab­il­ity of data by con­trolling phys­ic­al and elec­tron­ic access to the data as well as access to, input, trans­mis­sion, secur­ing and sep­ar­a­tion of the data. In addi­tion, we have estab­lished pro­ced­ures to ensure that data sub­jects’ rights are respec­ted, that data is erased, and that we are pre­pared to respond to data threats rap­idly. Fur­ther­more, we take the pro­tec­tion of per­son­al data into account as early as the devel­op­ment or selec­tion of hard­ware, soft­ware and ser­vice pro­viders, in accord­ance with the prin­ciple of pri­vacy by design and pri­vacy by default.

SSL encryp­tion (https): In order to pro­tect your data trans­mit­ted via our online ser­vices in the best pos­sible way, we use SSL encryp­tion. You can recog­nize such encryp­ted con­nec­tions by the pre­fix https:// in the address bar of your browser.

Transmission and Disclosure of Personal Data

In the con­text of our pro­cessing of per­son­al data, it may hap­pen that the data is trans­ferred to oth­er places, com­pan­ies or per­sons or that it is dis­closed to them. Recip­i­ents of this data may include, for example, pay­ment insti­tu­tions with­in the con­text of pay­ment trans­ac­tions, ser­vice pro­viders com­mis­sioned with IT tasks or pro­viders of ser­vices and con­tent that are embed­ded in a web­site. In such a case, the leg­al require­ments will be respec­ted and in par­tic­u­lar cor­res­pond­ing con­tracts or agree­ments, which serve the pro­tec­tion of your data, will be con­cluded with the recip­i­ents of your data.

Data Trans­fer with­in the Organ­iz­a­tion: We may trans­fer or oth­er­wise provide access to per­son­al inform­a­tion to oth­er loc­a­tions with­in our organ­iz­a­tion. Inso­far as this dis­clos­ure is for admin­is­trat­ive pur­poses, the dis­clos­ure of the data is based on our legit­im­ate busi­ness and eco­nom­ic interests or oth­er­wise, if it is neces­sary to ful­fil our con­trac­tu­al oblig­a­tions or if the con­sent of those con­cerned or oth­er­wise a leg­al per­mis­sion is present.

Data Processing in Third Countries

If we pro­cess data in a third coun­try (i.e. out­side the European Uni­on (EU), the European Eco­nom­ic Area (EEA)) or the pro­cessing takes place in the con­text of the use of third party ser­vices or dis­clos­ure or trans­fer of data to oth­er per­sons, bod­ies or com­pan­ies, this will only take place in accord­ance with the leg­al requirements.

Sub­ject to express con­sent or trans­fer required by con­tract or law, we pro­cess or have pro­cessed the data only in third coun­tries with a recog­nised level of data pro­tec­tion, on the basis of spe­cial guar­an­tees, such as a con­trac­tu­al oblig­a­tion through so-called stand­ard pro­tec­tion clauses of the EU Com­mis­sion or if cer­ti­fic­a­tions or bind­ing intern­al data pro­tec­tion reg­u­la­tions jus­ti­fy the pro­cessing (Art­icle 44 to 49 GDPR, inform­a­tion page of the EU Com­mis­sion: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Performing tasks in accordance with statutes or rules of procedure

We pro­cess the data of our mem­bers, sup­port­ers, pro­spects, busi­ness part­ners or oth­er per­sons (col­lect­ively, ” data sub­jects ”) when we have a mem­ber­ship or oth­er busi­ness rela­tion­ship with them and per­form our func­tions and are recip­i­ents of profits and bene­fits. Oth­er­wise, we pro­cess the data of data sub­jects on the basis of our legit­im­ate interests, e.g. when it con­cerns admin­is­trat­ive tasks or pub­lic relations.

The data pro­cessed, the type, scope and pur­pose and the neces­sity of their pro­cessing, are determ­ined by the under­ly­ing mem­ber­ship or con­trac­tu­al rela­tion­ship, from which the neces­sity of any data inform­a­tion arises (oth­er­wise we refer to neces­sary data).

We delete data that is no longer required for the per­form­ance of our stat­utory and busi­ness pur­poses. This is determ­ined accord­ing to the respect­ive tasks and con­trac­tu­al rela­tion­ships. We retain the data for as long as it may be rel­ev­ant for the pur­pose of con­duct­ing busi­ness and with regard to any war­ranty or liab­il­ity oblig­a­tions on the basis of our legit­im­ate interest in their reg­u­la­tion. The neces­sity of stor­ing the data is checked reg­u­larly; oth­er­wise the stat­utory stor­age oblig­a­tions apply.

  • Pro­cessed data types: Invent­ory data (e.g. names, addresses), Pay­ment Data (e.g. bank details, invoices, pay­ment his­tory), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tract data (e.g. con­tract object, dur­a­tion, cus­tom­er category).
  • Data sub­jects: Users (e.g. web­site vis­it­ors, users of online ser­vices), Mem­bers, Busi­ness and con­trac­tu­al partners.
  • Pur­poses of Pro­cessing: Pro­vi­sion of con­trac­tu­al ser­vices and cus­tom­er sup­port, Con­tact requests and com­mu­nic­a­tion, Man­aging and respond­ing to inquiries.
  • Leg­al Basis: Per­form­ance of a con­tract and pri­or requests (Art­icle 6 (1) (b) GDPR), Legit­im­ate Interests (Art­icle 6 (1) (f) GDPR).

Provision of online services and web hosting

In order to provide our online ser­vices securely and effi­ciently, we use the ser­vices of one or more web host­ing pro­viders from whose serv­ers (or serv­ers they man­age) the online ser­vices can be accessed. For these pur­poses, we may use infra­struc­ture and plat­form ser­vices, com­put­ing capa­city, stor­age space and data­base ser­vices, as well as secur­ity and tech­nic­al main­ten­ance services.

The data pro­cessed with­in the frame­work of the pro­vi­sion of the host­ing ser­vices may include all inform­a­tion relat­ing to the users of our online ser­vices that is col­lec­ted in the course of use and com­mu­nic­a­tion. This reg­u­larly includes the IP address, which is neces­sary to be able to deliv­er the con­tents of online ser­vices to browsers, and all entries made with­in our online ser­vices or from websites.

Email Send­ing and Host­ing: The web host­ing ser­vices we use also include send­ing, receiv­ing and stor­ing emails. For these pur­poses, the addresses of the recip­i­ents and senders, as well as oth­er inform­a­tion relat­ing to the send­ing of emails (e.g. the pro­viders involved) and the con­tents of the respect­ive emails are pro­cessed. The above data may also be pro­cessed for SPAM detec­tion pur­poses. Please note that emails on the Inter­net are gen­er­ally not sent in encryp­ted form. As a rule, emails are encryp­ted dur­ing trans­port, but not on the serv­ers from which they are sent and received (unless a so-called end-to-end encryp­tion meth­od is used). We can there­fore accept no respons­ib­il­ity for the trans­mis­sion path of emails between the sender and recep­tion on our server.

  • Pro­cessed data types: Con­tent data (e.g. text input, pho­to­graphs, videos), Usage data (e.g. web­sites vis­ited, interest in con­tent, access times), Meta/communication data (e.g. device inform­a­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­it­ors, users of online services).
  • Leg­al Basis: Legit­im­ate Interests (Art­icle 6 (1) (f) GDPR).

Blogs and publication media

We use blogs or com­par­able means of online com­mu­nic­a­tion and pub­lic­a­tion (here­in­after “pub­lic­a­tion medi­um”). Read­ers’ data will only be pro­cessed for the pur­poses of the pub­lic­a­tion medi­um to the extent neces­sary for its present­a­tion and com­mu­nic­a­tion between authors and read­ers or for secur­ity reas­ons. For the rest, we refer to the inform­a­tion on the pro­cessing of vis­it­ors to our pub­lic­a­tion medi­um with­in the scope of this pri­vacy policy.

Com­ment sub­scrip­tions: When users leave com­ments or oth­er con­tri­bu­tions, their IP addresses may be stored based on our legit­im­ate interests. This is done for our safety, if someone leaves illeg­al con­tents (insults, for­bid­den polit­ic­al pro­pa­ganda, etc.) in com­ments and con­tri­bu­tions. In this case, we ourselves can be pro­sec­uted for the com­ment or con­tri­bu­tion and are there­fore inter­ested in the author’s identity.

Fur­ther­more, we reserve the right to pro­cess user data for the pur­pose of spam detec­tion on the basis of our legit­im­ate interests.

On the same leg­al basis, in the case of sur­veys, we reserve the right to store the IP addresses of users for the dur­a­tion of the sur­veys and to use cook­ies in order to avoid mul­tiple votes.

The per­son­al inform­a­tion provided in the course of com­ments and con­tri­bu­tions, any con­tact and web­site inform­a­tion as well as the con­tent inform­a­tion will be stored per­man­ently by us until the user objects.

  • Pro­cessed data types: Invent­ory data (e.g. names, addresses), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­to­graphs, videos), Usage data (e.g. web­sites vis­ited, interest in con­tent, access times), Meta/communication data (e.g. device inform­a­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­it­ors, users of online services).
  • Pur­poses of Pro­cessing: Pro­vi­sion of con­trac­tu­al ser­vices and cus­tom­er sup­port, Feed­back (e.g. col­lect­ing feed­back via online form), Secur­ity meas­ures, Man­aging and respond­ing to inquiries.
  • Leg­al Basis: Per­form­ance of a con­tract and pri­or requests (Art­icle 6 (1) (b) GDPR), Legit­im­ate Interests (Art­icle 6 (1) (f) GDPR).

Profiles in Social Networks (Social Media)

We main­tain online pres­ences with­in social net­works and pro­cess user data in this con­text in order to com­mu­nic­ate with the users act­ive there or to offer inform­a­tion about us.

We would like to point out that user data may be pro­cessed out­side the European Uni­on. This may entail risks for users, e.g. by mak­ing it more dif­fi­cult to enforce users’ rights.

In addi­tion, user data is usu­ally pro­cessed with­in social net­works for mar­ket research and advert­ising pur­poses. For example, user pro­files can be cre­ated on the basis of user beha­viour and the asso­ci­ated interests of users. The user pro­files can then be used, for example, to place advert­ise­ments with­in and out­side the net­works which are pre­sumed to cor­res­pond to the interests of the users. For these pur­poses, cook­ies are usu­ally stored on the user­’s com­puter, in which the user­’s usage beha­viour and interests are stored. Fur­ther­more, data can be stored in the user pro­files inde­pend­ently of the devices used by the users (espe­cially if the users are mem­bers of the respect­ive net­works or will become mem­bers later on).

For a detailed descrip­tion of the respect­ive pro­cessing oper­a­tions and the opt-out options, please refer to the respect­ive data pro­tec­tion declar­a­tions and inform­a­tion provided by the pro­viders of the respect­ive networks.

Also in the case of requests for inform­a­tion and the exer­cise of rights of data sub­jects, we point out that these can be most effect­ively pur­sued with the pro­viders. Only the pro­viders have access to the data of the users and can dir­ectly take appro­pri­ate meas­ures and provide inform­a­tion. If you still need help, please do not hes­it­ate to con­tact us.

Face­book:

We are jointly respons­ible (so called “joint con­trol­ler”) with Face­book Ire­land Ltd. for the col­lec­tion (but not the fur­ther pro­cessing) of data of vis­it­ors to our Face­book page. This data includes inform­a­tion about the types of con­tent users view or inter­act with, or the actions they take (see “Things that you and oth­ers do and provide” in the Face­book Data Policy: https://www.facebook.com/policy), and inform­a­tion about the devices used by users (e.g., IP addresses, oper­at­ing sys­tem, browser type, lan­guage set­tings, cook­ie inform­a­tion; see “Device Inform­a­tion” in the Face­book Data Policy: https://www.facebook.com/policy). As explained in the Face­book Data Policy under “How we use this inform­a­tion?” Face­book also col­lects and uses inform­a­tion to provide ana­lyt­ics ser­vices, known as “page insights,” to site oper­at­ors to help them under­stand how people inter­act with their pages and with con­tent asso­ci­ated with them. We have con­cluded a spe­cial agree­ment with Face­book (“Inform­a­tion about Page-Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which reg­u­lates in par­tic­u­lar the secur­ity meas­ures that Face­book must observe and in which Face­book has agreed to ful­fil the rights of the per­sons con­cerned (i.e. users can send inform­a­tion access or dele­tion requests dir­ectly to Face­book). The rights of users (in par­tic­u­lar to access to inform­a­tion, eras­ure, objec­tion and com­plaint to the com­pet­ent super­vis­ory author­ity) are not restric­ted by the agree­ments with Face­book. Fur­ther inform­a­tion can be found in the “Inform­a­tion about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

  • Pro­cessed data types: Invent­ory data (e.g. names, addresses), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­to­graphs, videos), Usage data (e.g. web­sites vis­ited, interest in con­tent, access times), Meta/communication data (e.g. device inform­a­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­it­ors, users of online services).
  • Pur­poses of Pro­cessing: Con­tact requests and com­mu­nic­a­tion, Tar­get­ing (e.g. pro­fil­ing based on interests and beha­viour, use of cook­ies), Remarket­ing, Web Ana­lyt­ics (e.g. access stat­ist­ics, recog­ni­tion of return­ing visitors).
  • Leg­al Basis: Legit­im­ate Interests (Art­icle 6 (1) (f) GDPR).

Ser­vices and ser­vice pro­viders being used:

Plugins and embedded functions and content

With­in our online ser­vices, we integ­rate func­tion­al and con­tent ele­ments that are obtained from the serv­ers of their respect­ive pro­viders (here­in­after referred to as “third-party pro­viders”). These may, for example, be graph­ics, videos or social media but­tons as well as con­tri­bu­tions (here­in­after uni­formly referred to as “Con­tent”).

The integ­ra­tion always pre­sup­poses that the third-party pro­viders of this con­tent pro­cess the IP address of the user, since they could not send the con­tent to their browser without the IP address. The IP address is there­fore required for the present­a­tion of these con­tents or func­tions. We strive to use only those con­tents, whose respect­ive pro­viders use the IP address only for the dis­tri­bu­tion of the con­tents. Third parties may also use so-called pixel tags (invis­ible graph­ics, also known as “web beacons”) for stat­ist­ic­al or mar­ket­ing pur­poses. The “pixel tags” can be used to eval­u­ate inform­a­tion such as vis­it­or traffic on the pages of this web­site. The pseud­onym­ous inform­a­tion may also be stored in cook­ies on the user­’s device and may include tech­nic­al inform­a­tion about the browser and oper­at­ing sys­tem, refer­ring web­sites, vis­it times and oth­er inform­a­tion about the use of our web­site, as well as may be linked to such inform­a­tion from oth­er sources.

Inform­a­tion on leg­al basis: If we ask users for their con­sent (e.g. in the con­text of a so-called “cook­ie ban­ner con­sent”), the leg­al basis for pro­cessing is this con­sent. Oth­er­wise, user data will be pro­cessed on the basis of our legit­im­ate interests (i.e. interest in the ana­lys­is, optim­isa­tion and eco­nom­ic oper­a­tion of our online ser­vices. We refer you to the note on the use of cook­ies in this pri­vacy policy.

  • Pro­cessed data types: Usage data (e.g. web­sites vis­ited, interest in con­tent, access times), Meta/communication data (e.g. device inform­a­tion, IP addresses), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­to­graphs, videos).
  • Data sub­jects: Users (e.g. web­site vis­it­ors, users of online services).
  • Pur­poses of Pro­cessing: Pro­vi­sion of our online ser­vices and usab­il­ity, Pro­vi­sion of con­trac­tu­al ser­vices and cus­tom­er sup­port, Tar­get­ing (e.g. pro­fil­ing based on interests and beha­viour, use of cook­ies), Feed­back (e.g. col­lect­ing feed­back via online form).
  • Leg­al Basis: Legit­im­ate Interests (Art­icle 6 (1) (f) GDPR), Con­sent (Art­icle 6 (1) (a) GDPR).

Ser­vices and ser­vice pro­viders being used:

  • Font Awe­some: Dis­play of fonts and sym­bols; Ser­vice pro­vider: Fonticons, Inc. ‚6 Port­er Road Apart­ment 3R, Cam­bridge, MA 02140, USA; Web­site: https://fontawesome.com/; Pri­vacy Policy: https://fontawesome.com/privacy.
  • Google Fonts: We integ­rate the fonts (“Google Fonts”) of the pro­vider Google, whereby the data of the users are used solely for pur­poses of the rep­res­ent­a­tion of the fonts in the browser of the users. The integ­ra­tion takes place on the basis of our legit­im­ate interests in a tech­nic­ally secure, main­ten­ance-free and effi­cient use of fonts, their uni­form present­a­tion and con­sid­er­a­tion of pos­sible licens­ing restric­tions for their integ­ra­tion. Ser­vice pro­vider: Google Ire­land Lim­ited, Gor­don House, Bar­row Street, Dub­lin 4, Ire­land, par­ent com­pany: Google LLC, 1600 Amphi­theatre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://fonts.google.com/; Pri­vacy Policy: https://policies.google.com/privacy.
  • Shar­iff: We use the pri­vacy-secure “Shar­iff” but­tons. “Shar­iff” was developed to provide more pri­vacy on the net and to replace the usu­al “share” but­tons of social net­works. It is not the browser of the user, but the serv­er on which this online offer is loc­ated, which estab­lishes a con­nec­tion with the serv­er of the respect­ive social media plat­forms and quer­ies, for example, the num­ber of Likes, etc.. The user remains anonym­ous. More inform­a­tion about the Shar­iff pro­ject can be found at Git­Hub: https://github.com/heiseonline/shariff. Ser­vice pro­vider Git­Hub B.V., Vijzel­straat 68–72, 1017 HL Ams­ter­dam, The Neth­er­lands; Web­site: https://github.com/ ; Pri­vacy Policy: https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-privacy-statement.

Planning, Organization and Utilities

We use ser­vices, plat­forms and soft­ware from oth­er pro­viders (here­in­after referred to as ” third-party pro­viders”) for the pur­poses of organ­iz­ing, admin­is­ter­ing, plan­ning and provid­ing our ser­vices. When select­ing third-party pro­viders and their ser­vices, we com­ply with the leg­al requirements.

With­in this con­text, per­son­al data may be pro­cessed and stored on the serv­ers of third-party pro­viders. This may include vari­ous data that we pro­cess in accord­ance with this pri­vacy policy. This data may include in par­tic­u­lar mas­ter data and con­tact data of users, data on pro­cesses, con­tracts, oth­er pro­cesses and their contents.

If users are referred to the third-party pro­viders or their soft­ware or plat­forms in the con­text of com­mu­nic­a­tion, busi­ness or oth­er rela­tion­ships with us, the third-party pro­vider pro­cessing may pro­cess usage data and metadata that can be pro­cessed by them for secur­ity pur­poses, ser­vice optim­isa­tion or mar­ket­ing pur­poses. We there­fore ask you to read the data pro­tec­tion notices of the respect­ive third-party providers.

Inform­a­tion on leg­al basis: If we ask the users for their con­sent to the use of third party pro­viders, the leg­al basis of the pro­cessing is con­sent. Fur­ther­more, the pro­cessing can be a com­pon­ent of our (pre)contractual ser­vices, provided that the use of the third party was agreed with­in this con­text. Oth­er­wise, user data will be pro­cessed on the basis of our legit­im­ate interests (i.e. interest in effi­cient, eco­nom­ic and recip­i­ent friendly ser­vices). In this con­text, we would also like to refer you to the inform­a­tion on the use of cook­ies in this pri­vacy policy.

  • Pro­cessed data types: Invent­ory data (e.g. names, addresses), Con­tact data (e.g. email, tele­phone num­bers), Con­tent data (e.g. text input, pho­to­graphs, videos), Usage data (e.g. web­sites vis­ited, interest in con­tent, access times), Meta/communication data (e.g. device inform­a­tion, IP addresses).
  • Data sub­jects: Com­mu­nic­a­tion part­ner (Recip­i­ents of emails, let­ters, etc.), Users (e.g. web­site vis­it­ors, users of online services).
  • Pur­poses of Pro­cessing: Con­tact requests and com­mu­nic­a­tion, Web Ana­lyt­ics (e.g. access stat­ist­ics, recog­ni­tion of return­ing vis­it­ors), Tar­get­ing (e.g. pro­fil­ing based on interests and beha­viour, use of cook­ies), Man­aging and respond­ing to inquir­ies, Feed­back (e.g. col­lect­ing feed­back via online form), Polls and Ques­tion­naires (e.g. sur­veys with input options, mul­tiple choice ques­tions), Pro­fil­ing (Cre­at­ing user pro­files), Cus­tom Audi­ences (Selec­tion of rel­ev­ant tar­get groups for mar­ket­ing pur­poses or oth­er out­put of content).
  • Leg­al Basis: Con­sent (Art­icle 6 (1) (a) GDPR), Per­form­ance of a con­tract and pri­or requests (Art­icle 6 (1) (b) GDPR), Legit­im­ate Interests (Art­icle 6 (1) (f) GDPR).

Ser­vices and ser­vice pro­viders being used:

  • Hoot­suite: Social media man­age­ment plat­form that provides a set of integ­rated solu­tions for meas­ure­ment & bench­mark­ing, per­form­ance optim­iz­a­tion, visu­al­iz­a­tion & ana­lys­is, con­tent cre­ation & pub­lish­ing and com­munity main­ten­ance; Ser­vice pro­vider: Hoot­Suite Media Inc., 5 East 8th Aven­ue. Van­couver, V5T 1R6, Canada; Web­site: https://hootsuite.com; Pri­vacy Policy: https://hootsuite.com/legal/privacy.

Erasure of data

The data pro­cessed by us will be erased in accord­ance with the stat­utory pro­vi­sions as soon as their pro­cessing is revoked or oth­er per­mis­sions no longer apply (e.g. if the pur­pose of pro­cessing this data no longer applies or they are not required for the purpose).

If the data is not deleted because they are required for oth­er and leg­ally per­miss­ible pur­poses, their pro­cessing is lim­ited to these pur­poses. This means that the data will be restric­ted and not pro­cessed for oth­er pur­poses. This applies, for example, to data that must be stored for com­mer­cial or tax reas­ons or for which stor­age is neces­sary to assert, exer­cise or defend leg­al claims or to pro­tect the rights of anoth­er nat­ur­al or leg­al person.

Fur­ther inform­a­tion on the eras­ure of per­son­al data can also be found in the indi­vidu­al data pro­tec­tion notices of this pri­vacy policy.

Changes and Updates to the Privacy Policy

Please inform your­self reg­u­larly about the con­tents of our data pro­tec­tion declar­a­tion. We will adjust the pri­vacy policy as changes in our data pro­cessing prac­tices make this neces­sary. We will inform you as soon as the changes require your cooper­a­tion (e.g. con­sent) or oth­er indi­vidu­al notification.

If we provide addresses and con­tact inform­a­tion of com­pan­ies and organ­iz­a­tions in this pri­vacy policy, we ask you to note that addresses may change over time and to veri­fy the inform­a­tion before con­tact­ing us.

Rights of Data Subjects

As data sub­ject, you are entitled to vari­ous rights under the GDPR, which arise in par­tic­u­lar from Art­icles 15 to 21 of the GDPR:

  • Right to Object: You have the right, on grounds arising from your par­tic­u­lar situ­ation, to object at any time to the pro­cessing of your per­son­al data which is based on let­ter (e) or (f) of Art­icle 6(1) GDPR , includ­ing pro­fil­ing based on those provisions.

Where per­son­al data are pro­cessed for dir­ect mar­ket­ing pur­poses, you have the right to object at any time to the pro­cessing of the per­son­al data con­cern­ing you for the pur­pose of such mar­ket­ing, which includes pro­fil­ing to the extent that it is related to such dir­ect marketing.

  • Right of with­draw­al for con­sents: You have the right to revoke con­sents at any time.
  • Right of access: You have the right to request con­firm­a­tion as to wheth­er the data in ques­tion will be pro­cessed and to be informed of this data and to receive fur­ther inform­a­tion and a copy of the data in accord­ance with the pro­vi­sions of the law.
  • Right to rec­ti­fic­a­tion: You have the right, in accord­ance with the law, to request the com­ple­tion of the data con­cern­ing you or the rec­ti­fic­a­tion of the incor­rect data con­cern­ing you.
  • Right to Eras­ure and Right to Restric­tion of Pro­cessing: In accord­ance with the stat­utory pro­vi­sions, you have the right to demand that the rel­ev­ant data be erased imme­di­ately or, altern­at­ively, to demand that the pro­cessing of the data be restric­ted in accord­ance with the stat­utory provisions.
  • Right to data port­ab­il­ity: You have the right to receive data con­cern­ing you which you have provided to us in a struc­tured, com­mon and machine-read­able format in accord­ance with the leg­al require­ments, or to request its trans­mis­sion to anoth­er controller.
  • Com­plaint to the super­vis­ory author­ity: You also have the right, under the con­di­tions laid down by law, to lodge a com­plaint with a super­vis­ory author­ity, in par­tic­u­lar in the Mem­ber State of your habitu­al res­id­ence, place of work or place of the alleged infringe­ment if you con­sider that the pro­cessing of per­son­al data relat­ing to you infringes the GDPR.

Terminology and Definitions

This sec­tion provides an over­view of the terms used in this pri­vacy policy. Many of the terms are drawn from the law and defined mainly in Art­icle 4 GDPR. The leg­al defin­i­tions are bind­ing. The fol­low­ing explan­a­tions, on the oth­er hand, are inten­ded above all for the pur­pose of com­pre­hen­sion. The terms are sor­ted alphabetically.

  • Con­trol­ler: “Con­trol­ler” means the nat­ur­al or leg­al per­son, pub­lic author­ity, agency or oth­er body which, alone or jointly with oth­ers, determ­ines the pur­poses and means of the pro­cessing of per­son­al data.
  • Cus­tom Audi­ences: Tar­get group form­a­tion (or “cus­tom audi­ences”) is the term used when tar­get groups are determ­ined for advert­ising pur­poses, e.g. dis­play of advert­ise­ments. For example, a user­’s interest in cer­tain products or top­ics on the Inter­net may be used to infer that that user is inter­ested in advert­ise­ments for sim­il­ar products or the online store in which they viewed the products. “Lookalike Audi­ences” (or sim­il­ar tar­get groups) is the term used to describe con­tent that is viewed as suit­able by users whose pro­files or interests pre­sum­ably cor­res­pond to the users for whom the pro­files were cre­ated. Cook­ies are gen­er­ally used for the pur­poses of cre­at­ing cus­tom audi­ences and lookalike audi­ences. Tar­get groups can be cre­ated by pro­cessing vis­it­ors of an online ser­vice or can be uploaded to the pro­vider of an online mar­ket­ing tech­no­logy by means of upload­ing (which is usu­ally done pseudonymised).
  • Per­son­al Data: “per­son­al data” means any inform­a­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (“data sub­ject”); an iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, dir­ectly or indir­ectly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fic­a­tion num­ber, loc­a­tion data, an online iden­ti­fi­er or to one or more factors spe­cif­ic to the phys­ic­al, physiolo­gic­al, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­tity of that nat­ur­al person.
  • Pro­cessing: The term “pro­cessing” cov­ers a wide range and prac­tic­ally every hand­ling of data, be it col­lec­tion, eval­u­ation, stor­age, trans­mis­sion or erasure.
  • Pro­fil­ing: “Pro­fil­ing” means any auto­mated pro­cessing of per­son­al data con­sist­ing in the use of such per­son­al data to ana­lyse, eval­u­ate or pre­dict cer­tain per­son­al aspects relat­ing to a nat­ur­al per­son (depend­ing on the type of pro­fil­ing, this includes inform­a­tion regard­ing age, gender, loc­a­tion and move­ment data, inter­ac­tion with web­sites and their con­tents, shop­ping beha­viour, social inter­ac­tions with oth­er people) (e.g. interests in cer­tain con­tents or products, click beha­viour on a web­site or the loc­a­tion). Cook­ies and web beacons are often used for pro­fil­ing purposes.
  • Remarket­ing: Remarket­ing” or “retar­get­ing” is the term used, for example, to indic­ate for advert­ising pur­poses which products a user is inter­ested in on a web­site in order to remind the user of these products on oth­er web­sites, e.g. in advertisements.
  • Tar­get­ing: Track­ing” is the term used when the beha­viour of users can be traced across sev­er­al web­sites. As a rule, beha­viour and interest inform­a­tion with regard to the web­sites used is stored in cook­ies or on the serv­ers of the track­ing tech­no­logy pro­viders (so-called pro­fil­ing). This inform­a­tion can then be used, for example, to dis­play advert­ise­ments to users pre­sum­ably cor­res­pond­ing to their interests.
  • Web Ana­lyt­ics: Web Ana­lyt­ics serves the eval­u­ation of vis­it­or traffic of online ser­vices and can determ­ine their beha­viour or interests in cer­tain inform­a­tion, such as con­tent of web­sites. With the help of web ana­lyt­ics, web­site own­ers, for example, can recog­nize at what time vis­it­ors vis­it their web­site and what con­tent they are inter­ested in. This allows them, for example, to optim­ize the con­tent of the web­site to bet­ter meet the needs of their vis­it­ors. For pur­poses of web ana­lyt­ics, pseud­onym­ous cook­ies and web beacons are fre­quently used in order to recog­nise return­ing vis­it­ors and thus obtain more pre­cise ana­lyses of the use of an online service.