Privacy Policy

Privacy policy
https://kontornewmedia.com/

  1. Introduction and terms
  2. GENERAL

    By operating our website with the URL https://kontornewmedia.com/ (hereinafter referred to as “website”), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws – in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). With these data protection provisions, we want to inform you about which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. Furthermore, we will explain to you which rights you are entitled to in order to protect and enforce your data protection.

  3. DEFINTIONS

    Our data protection regulations contain technical terms that are in the GDPR and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:

2.1 Personal data
Personal data” is all information relating to an identified or identifiable person (Art. 4 Par. 1 of the GDPR). Details of an identified person could be their name or e-mail address. However, data can also be described as personal if, despite the fact that a person’s identity cannot be deduced directly from the data, their identity can nonetheless be deduced by combining the data with other information.
A person could, for example, be identified via their address or bank details, date of birth, username, IP address or location details. The key point is that any information that can be used in any way to identify a person can be described as personal data.

2.2 Processing
Under Art. 4 Par. 2 of the GDPR, “processing” describes any process applied to personal data. This especially includes the collection, capture, administration, classification, recording, amendment, printing, making available, use, disclosure, sharing, dissemination, provision, comparison, linking, restriction, erasure or destruction of personal data.

  1. Data Controller and Data Protection Officer
  2. DATA CONTROLLER

    The party respontible for data processing is:

Company: Kontor New Media GmbH (“we”)
Legal representative: Michael Pohl, Jens Thele (Managing Director)
Address: Neumühlen 17, 22763 Hamburg
Phone : +49 (0)40 646 905 10
Fax: +49 (0)40 646 905 186
E-mail: info@kontornewmedia.com
4. DATA PROTECTION OFFICER

We have appointed an external data protection
officer for our company. You can reach him under:

Name: Reinher Karl
Address: HABEWI GmbH & Co KG, Palmaille 96, 22767 Hamburg
Phone: 040/ 18189800
Fax: 040/ 181898099
E-mail: datenschutz@habewi.de

  1. PROCESSING PARAMETERS

    We will process the personal data of you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling in forms) or that you provide automatically when using our services. Your data will only be processed by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. We use external service providers for the hosting of our website. We host our website with the external hosting provider Raidboxes GmbH (address: Friedrich-Ebert-Straße 7, 48153 Münster, Germany) at the data centre location in Falkenstein, Germany. If further external service providers are used for individual processing operations listed in section IV, they will be named there. As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information on exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses (SCC).

III. The processing in detail

  1. COOKIES

6.1 Description of processing
Our website uses cookies. Cookies are small text files that are stored on the user’s end device when a website is visited. Cookies contain information that enables the recognition of a terminal device and possibly certain functions of a website. We distinguish between our own cookies and external, so-called third-party cookies. So-called “session cookies” and “persistent cookies” are used on our site. “Session cookies” are automatically deleted when you end your internet session and close your browser. Persistent cookies remain stored on your end device for a longer period of time. If cookies are technically necessary for the operation of our site, your consent is not required. All other cookies that are not technically necessary are only set after you have actively consented to the use of cookies via our Consent Tool. We use the “Cookie Notice & Compliance for GDPR / CCPA” service to obtain and document consent. The Consent Tool itself saves your selection in a cookie on your end device. This means that you do not need to make a decision about cookies again on a subsequent visit to our website. You can find out which cookies are used on our website for which purpose, how long they are stored on your end device and which consents you may have already declared in the settings of the ConsentTools Cookie Notice & Compliance for GDPR / CCPA.

6.2 Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 6.1.

6.3 Legal basis
The processing is necessary with regard to technically required cookies, as well as the use of the Consent Tool to protect the overriding legitimate interests of the controller (Art. 6 (1) lit. f GDPR). Our legitimate interest lies in the purpose named in section 6.2. With regard to the processing of all other – i.e. non-technically necessary – cookies, the legal basis is consent (Art. 6 (1) a GDPR). Such consent is voluntary.

6.4 Storage period, revocation of consent
Cookies are automatically deleted at the end of a session or at the end of the specified storage period. Since cookies are stored on your terminal device, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted. This can also be done automatically. If cookies for our website are deactivated, deleted or restricted, it may be that individual functions of our website cannot be used or can only be used to a limited extent. You can revoke any consent you may have given for the use of cookies at any time in the settings of the Cookie Notice & Compliance for GDPR / CCPA consent tool with effect for the future.

6.5 Recipients and transfer to third countries
When third-party cookies are used, data may be transmitted to the corresponding providers of these third-party services. Under certain circumstances, data may also be transferred to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and the transmission to third countries in the settings of the Consent Tool or in the corresponding passage for the third-party service in these data protection provisions.

  1. CONTACT FORM AND CONTACT BY E-MAIL

7.1 Description of processing
For contacting us, we have provided a contact form on our website. In this form, you are asked to enter your e-mail address, your name and a message to us. When you press the “Send” button, the data is transmitted to us using SSL encryption (see section 11.). The contact form can only be transmitted if you accept our data protection provisions by clicking the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. To contact us, you can write to us via the e-mail address provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

7.2 Purpose
By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.

7.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 7.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the fulfilment of the contract (Art. 6 para. 1 lit. b GDPR).

7.4 Storage period
We delete the data as soon as it is no longer required to
achieve the purpose for which it was collected. This is usually the case when the respective communication with you has ended. The communication is deemed to have ended when it is clear from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after expiry of the legal retention period.

  1. SOCIAL NETWORKS

8.1 Description of processing
Our website does not use any so-called social media plugins. The Facebook, LinkedIn and Instagram logos displayed on our website are merely linked to the corresponding profiles of our company on the social networks. A data transfer to the social networks does not take place with the integration of the logos. If you click on one of the logos, you will only be redirected to the external website of the respective social network. However, our profiles within the social networks do constitute data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment, “share”, “like” or “retweet” a post, this information will also be stored in your user account. As a rule, your interactions with our profile can also be viewed by us. On the social network Facebook, we have the possibility to obtain statistical data about the use of our Facebook page via the so-called “Insights” function. These statistics are provided by Facebook. The “Insights” function cannot be disabled. We cannot decide to switch this function on or off. It is available to all Facebook Fan Page operators, regardless of whether you use Facebook’s Insights feature or not. We are provided with the following data via Facebook Insights for a selectable period of time with regard to fans, subscribers, people reached and people interacting: Total page views, likes including origin, page activity, post interactions, reach, post reach (broken down into organic, viral and paid interactions), comments, shared content, replies and demographic analysis, i.e. country of origin, gender and age. In the Insights statistics, it is not possible for us to identify subscribers and fans of our site and to view their profiles. On the social networks Facebook and Instagram, we have the possibility to obtain statistical data about the use of our Facebook page or our Instagram profile via the so-called “Insights” function. These statistics are provided by Facebook and Instagram. The “Insights” function cannot be disabled. We cannot decide to switch this function on or off. It is available to all Facebook fan page operators and all Instagram business account operators, regardless of whether you use the Insights function or not. We are provided with the following data via Facebook Insights for a selectable period of time in anonymised form with regard to fans, subscribers, people reached and people interacting: Total page views, likes including origin, page activity, post interactions, reach, post reach (broken down into organic, viral and paid interactions), comments, shared content, replies and demographic analysis, i.e. country of origin, gender and age. With the Insights statistics, it is not possible for us to identify subscribers and fans of our page and to view their profiles.Furthermore, Instagram Insights provides us with anonymised data on the development and reach of our Instagram profile and the posts, stories and videos we post there. We also receive statistical information on the place of origin, gender and age of the subscribers to our Instagram profile in the Instagram insights. The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your end device. You have the right to object to the creation of these user profiles, for the exercise of which you must contact the social networks directly.

8.2 Purpose
We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the “Insights” function of Facebook and Instagram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.

8.3 Legal basis
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 8.2. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 para. 1 lit. a GDPR. The data processing with regard to our Facebook page and our Instagram page is also carried out on the basis of joint responsibility in accordance with Art. 26 GDPR.

8.4 Recipients and transmission to third countries
The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.
– Facebook: Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA. Privacy policy: http://www.facebook.com/policy.php; http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.
– Instagram: Instagram LLC, 1601 Willow Rd, Menlo Park, California 94025, USA; privacy policy: https://help.instagram.com/155833707900388/. –
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; privacy policy: https://de.linkedin.com/legal/privacy-policy? .
The social networks also process your personal data in the USA.

  1. YOUTUBE

9.1 Description of processing
Our website uses services from “YouTube” a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos from the platform on our website as so-called iFrame so that they can be played directly on our website. The videos are embedded in the “extended data protection mode” offered on YouTube, i.e. no personal data will be transmitted from you to Google as long as you do not play the videos. Only when you play a video will data be transmitted to Google, over which we have no control. If you play a video embedded on a sub-page of our website, Google will be informed which sub-page you have visited and which video you have viewed. Your IP address may also be transmitted to Google. If you are logged in as a YouTube or Google user, Google will associate this information with your user account. Google stores your data as user profiles and uses them for advertising purposes, market research and/or to tailor Google’s websites to your needs. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google directly. Further information on data protection at Google can be found at www.google.com/intl/de-DE/policies/privacy/.

9.2 Purpose
The processing is done in order to show you videos on our website.

9.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 9.2.

9.4 Recipients and transmission to third countries
By integrating YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA.

  1. DOUBLECLICK BY GOOGLE

    10.1 Description of the processing.
    Doubleclick by Google is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Doubleclick by Google uses cookies to present you with advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which advertisements were displayed in your browser and which advertisements were called up. The cookies do not contain any personal information.

10.2 Purpose
The use of DoubleClick cookies only enables Google and its partner websites to serve ads based on previous visits to our or other websites on the internet.

10.3 Legal basis
The processing is based on consent pursuant to Art. 6 (1) lit. a GDPR. This is obtained by us via a consent tool. Such consent is voluntary.

10.4 Storage period and right of objection, revocation of consent
We have explained the storage period and your control and setting options for cookies in section 6. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. Furthermore, you can prevent the collection of the data generated by the cookies and related to your use of the websites to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link under the item DoubleClick deactivation extension. Alternatively, you can deactivate the DoubleClick cookies on the Digital Advertising Alliance page under the following link. You can revoke the consent you have given at any time in the settings of the consent tool with effect for the future.

  1. Security measures

    To protect your personal data from unauthorised access, we have provided our website with an SSL and TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s end device. You can recognise active SSL or TLS encryption by a small lock logo that is displayed on the far left of the browser’s address bar.

  2. Your rights
  3. DATA SUBJECT RIGHTS

With regard to the data processing by our company described above, you are entitled to the following data subject rights:

12.1 Right of Access (Art. 15 GDPR)
You have the right to be informed by us if we are processing your personal data. If we are processing it, you have the right under Art. 15 of the GDPR to be informed as to what data we are processing and the right to additional information as specified in Art. 15 of the GDPR.

12.2 Rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed, including by means of providing a supplementary statement.

12.3 Erasure (Art. 17 GDPR)
You have the right to obtain from us the erasure of your personal data without undue delay, and we shall have the obligation to erase your personal data without undue delay where one of the following grounds under Art. 17 of the GDPR applies (e.g. if your data is no longer required for the purpose for which we were using it).

12.4 Restriction of processing (Art. 18 GDPR)
You have the right to demand that we restrict the processing of your personal data, provided that one of the criteria specified under Art. 18 of the GDPR is met (e.g. if you dispute the accuracy of your personal data, its processing will be restricted for the period necessary for us to check its accuracy).

12.5 Data portability (Art. 20 GDPR)
Subject to the criteria specified under Art. 20 of the GDPR, you have the right to be given your data in a structured, commonly used and machine-readable format.

12.6 Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to withdraw your previously provided consent for data processing. The withdrawal will take effect from the time you request it (i.e. it will have future effect but no retrospective affect).

12.7 Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right with a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged infringement.

12.8 Restraint on automated decisions/profiling (Art. 22 GDPR)
Decisions which have legal effects concerning you or which significantly affect you must not be based
 solely on automated processing of personal data – including profiling. We inform you that we do not use automated decision-making including profiling with regard to your personal data.

12.9 Right of objection (Art. 21 GDPR)
If we process your personal data on the basis of Art. 6(1)(f) GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case – also irrespective of a specific situation – you have the right to object at any time to the processing of your personal data for direct marketing.

Status: January 2022