- Introduction and terms
By operating our website with the URL https://kontornewmedia.com/ (hereinafter referred to as “website”), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws – in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). With these data protection provisions, we want to inform you about which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. Furthermore, we will explain to you which rights you are entitled to in order to protect and enforce your data protection.
Our data protection regulations contain technical terms that are in the GDPR and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:
2.1 Personal data
“Personal data” is all information relating to an identified or identifiable person (Art. 4 Par. 1 of the GDPR). Details of an identified person could be their name or e-mail address. However, data can also be described as personal if, despite the fact that a person’s identity cannot be deduced directly from the data, their identity can nonetheless be deduced by combining the data with other information.
A person could, for example, be identified via their address or bank details, date of birth, username, IP address or location details. The key point is that any information that can be used in any way to identify a person can be described as personal data.
Under Art. 4 Par. 2 of the GDPR, “processing” describes any process applied to personal data. This especially includes the collection, capture, administration, classification, recording, amendment, printing, making available, use, disclosure, sharing, dissemination, provision, comparison, linking, restriction, erasure or destruction of personal data.
- Data Controller and Data Protection Officer
- DATA CONTROLLER
The party respontible for data processing is:
Company: Kontor New Media GmbH (“we”)
Legal representative: Michael Pohl, Jens Thele (Managing Director)
Address: Neumühlen 17, 22763 Hamburg
Phone : +49 (0)40 646 905 10
Fax: +49 (0)40 646 905 186
4. DATA PROTECTION OFFICER
We have appointed an external data protection
officer for our company. You can reach him under:
Name: Reinher Karl
Address: HABEWI GmbH & Co KG, Palmaille 96, 22767 Hamburg
Phone: 040/ 18189800
Fax: 040/ 181898099
- PROCESSING PARAMETERS
We will process the personal data of you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling in forms) or that you provide automatically when using our services. Your data will only be processed by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. We use external service providers for the hosting of our website. We host our website with the external hosting provider Raidboxes GmbH (address: Friedrich-Ebert-Straße 7, 48153 Münster, Germany) at the data centre location in Falkenstein, Germany. If further external service providers are used for individual processing operations listed in section IV, they will be named there. As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information on exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses (SCC).
III. The processing in detail
6.1 Description of processing
6.3 Legal basis
The processing is necessary with regard to technically required cookies, as well as the use of the Consent Tool to protect the overriding legitimate interests of the controller (Art. 6 (1) lit. f GDPR). Our legitimate interest lies in the purpose named in section 6.2. With regard to the processing of all other – i.e. non-technically necessary – cookies, the legal basis is consent (Art. 6 (1) a GDPR). Such consent is voluntary.
6.4 Storage period, revocation of consent
6.5 Recipients and transfer to third countries
When third-party cookies are used, data may be transmitted to the corresponding providers of these third-party services. Under certain circumstances, data may also be transferred to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and the transmission to third countries in the settings of the Consent Tool or in the corresponding passage for the third-party service in these data protection provisions.
- CONTACT FORM AND CONTACT BY E-MAIL
7.1 Description of processing
For contacting us, we have provided a contact form on our website. In this form, you are asked to enter your e-mail address, your name and a message to us. When you press the “Send” button, the data is transmitted to us using SSL encryption (see section 11.). The contact form can only be transmitted if you accept our data protection provisions by clicking the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. To contact us, you can write to us via the e-mail address provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.
By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.
7.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 7.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the fulfilment of the contract (Art. 6 para. 1 lit. b GDPR).
7.4 Storage period
We delete the data as soon as it is no longer required to
achieve the purpose for which it was collected. This is usually the case when the respective communication with you has ended. The communication is deemed to have ended when it is clear from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after expiry of the legal retention period.
- SOCIAL NETWORKS
8.1 Description of processing
Our website does not use any so-called social media plugins. The Facebook, LinkedIn and Instagram logos displayed on our website are merely linked to the corresponding profiles of our company on the social networks. A data transfer to the social networks does not take place with the integration of the logos. If you click on one of the logos, you will only be redirected to the external website of the respective social network. However, our profiles within the social networks do constitute data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment, “share”, “like” or “retweet” a post, this information will also be stored in your user account. As a rule, your interactions with our profile can also be viewed by us. On the social network Facebook, we have the possibility to obtain statistical data about the use of our Facebook page via the so-called “Insights” function. These statistics are provided by Facebook. The “Insights” function cannot be disabled. We cannot decide to switch this function on or off. It is available to all Facebook Fan Page operators, regardless of whether you use Facebook’s Insights feature or not. We are provided with the following data via Facebook Insights for a selectable period of time with regard to fans, subscribers, people reached and people interacting: Total page views, likes including origin, page activity, post interactions, reach, post reach (broken down into organic, viral and paid interactions), comments, shared content, replies and demographic analysis, i.e. country of origin, gender and age. In the Insights statistics, it is not possible for us to identify subscribers and fans of our site and to view their profiles. On the social networks Facebook and Instagram, we have the possibility to obtain statistical data about the use of our Facebook page or our Instagram profile via the so-called “Insights” function. These statistics are provided by Facebook and Instagram. The “Insights” function cannot be disabled. We cannot decide to switch this function on or off. It is available to all Facebook fan page operators and all Instagram business account operators, regardless of whether you use the Insights function or not. We are provided with the following data via Facebook Insights for a selectable period of time in anonymised form with regard to fans, subscribers, people reached and people interacting: Total page views, likes including origin, page activity, post interactions, reach, post reach (broken down into organic, viral and paid interactions), comments, shared content, replies and demographic analysis, i.e. country of origin, gender and age. With the Insights statistics, it is not possible for us to identify subscribers and fans of our page and to view their profiles.Furthermore, Instagram Insights provides us with anonymised data on the development and reach of our Instagram profile and the posts, stories and videos we post there. We also receive statistical information on the place of origin, gender and age of the subscribers to our Instagram profile in the Instagram insights. The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your end device. You have the right to object to the creation of these user profiles, for the exercise of which you must contact the social networks directly.
We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the “Insights” function of Facebook and Instagram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.
8.3 Legal basis
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 8.2. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 para. 1 lit. a GDPR. The data processing with regard to our Facebook page and our Instagram page is also carried out on the basis of joint responsibility in accordance with Art. 26 GDPR.
8.4 Recipients and transmission to third countries
The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.
The social networks also process your personal data in the USA.
9.1 Description of processing
Our website uses services from “YouTube” a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos from the platform on our website as so-called iFrame so that they can be played directly on our website. The videos are embedded in the “extended data protection mode” offered on YouTube, i.e. no personal data will be transmitted from you to Google as long as you do not play the videos. Only when you play a video will data be transmitted to Google, over which we have no control. If you play a video embedded on a sub-page of our website, Google will be informed which sub-page you have visited and which video you have viewed. Your IP address may also be transmitted to Google. If you are logged in as a YouTube or Google user, Google will associate this information with your user account. Google stores your data as user profiles and uses them for advertising purposes, market research and/or to tailor Google’s websites to your needs. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google directly. Further information on data protection at Google can be found at www.google.com/intl/de-DE/policies/privacy/.
The processing is done in order to show you videos on our website.
9.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose named in section 9.2.
9.4 Recipients and transmission to third countries
By integrating YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA.
- DOUBLECLICK BY GOOGLE
10.1 Description of the processing.
The use of DoubleClick cookies only enables Google and its partner websites to serve ads based on previous visits to our or other websites on the internet.
10.3 Legal basis
The processing is based on consent pursuant to Art. 6 (1) lit. a GDPR. This is obtained by us via a consent tool. Such consent is voluntary.
10.4 Storage period and right of objection, revocation of consent
- Security measures
To protect your personal data from unauthorised access, we have provided our website with an SSL and TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s end device. You can recognise active SSL or TLS encryption by a small lock logo that is displayed on the far left of the browser’s address bar.
- Your rights
- DATA SUBJECT RIGHTS
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
12.1 Right of Access (Art. 15 GDPR)
You have the right to be informed by us if we are processing your personal data. If we are processing it, you have the right under Art. 15 of the GDPR to be informed as to what data we are processing and the right to additional information as specified in Art. 15 of the GDPR.
12.2 Rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed, including by means of providing a supplementary statement.
12.3 Erasure (Art. 17 GDPR)
You have the right to obtain from us the erasure of your personal data without undue delay, and we shall have the obligation to erase your personal data without undue delay where one of the following grounds under Art. 17 of the GDPR applies (e.g. if your data is no longer required for the purpose for which we were using it).
12.4 Restriction of processing (Art. 18 GDPR)
You have the right to demand that we restrict the processing of your personal data, provided that one of the criteria specified under Art. 18 of the GDPR is met (e.g. if you dispute the accuracy of your personal data, its processing will be restricted for the period necessary for us to check its accuracy).
12.5 Data portability (Art. 20 GDPR)
Subject to the criteria specified under Art. 20 of the GDPR, you have the right to be given your data in a structured, commonly used and machine-readable format.
12.6 Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to withdraw your previously provided consent for data processing. The withdrawal will take effect from the time you request it (i.e. it will have future effect but no retrospective affect).
12.7 Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right with a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged infringement.
12.8 Restraint on automated decisions/profiling (Art. 22 GDPR)
Decisions which have legal effects concerning you or which significantly affect you must not be based
solely on automated processing of personal data – including profiling. We inform you that we do not use automated decision-making including profiling with regard to your personal data.
12.9 Right of objection (Art. 21 GDPR)
If we process your personal data on the basis of Art. 6(1)(f) GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case – also irrespective of a specific situation – you have the right to object at any time to the processing of your personal data for direct marketing.
Status: January 2022