DATA PROTECTION

MAGIC Holo

MAGIC HOLO – PRIVACY POLICY

Introduction

This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services and within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter collectively referred to as “online offer”):

  • In the first section of the privacy policy, you will find information on the data controller and an overview of our processing operations.
  • The second section contains information on your rights, the relevant legal standards and general information on our processing of data.
  • The third section contains information on the individual processing operations.
    This section is subdivided into further areas, such as our core services, reach measurement or marketing.
  • The fourth and final section contains explanations and descriptions of the terms used in the privacy policy.
    This means that if you are unfamiliar with the terms used (e.g. “personal reference” or “cookie”), please refer to the last section.
    Otherwise, all terms used (e.g. “controller” or “user”) are to be understood as gender-neutral.

Table of contents

Section I – Controller and overview of data processing

– Responsible person
– Description of our services on tasks
– Types of data processed:
– Processing of special categories of data (Art. 9 para. 1 GDPR)
– Categories of data subjects affected by the processing:
– Purpose of the processing

Section II – Rights of data subjects, legal bases and general information

– Rights of the data subjects
– Right of withdrawal
– Right of objection
– Cookies and right to object in direct marketing
– Exclusively automated data processing
– Deletion of data and archiving obligations
– Changes and updates to the privacy policy
– Relevant legal bases
– Security of data processing
– Disclosure and transmission of data
– Transfers to third countries

Section III – Processing procedures

Core area of data processing
– Agency services
– Hardware rental
– Recruiting & Consulting
– Answering inquiries and customer support
– Administration, financial accounting, office organization, archiving
– Business analyses and market research

Data protection information for applicants
– Application procedure
– Application procedure – Applicant pool

External online presences
– Online presence in social media

Web server and security
– Hosting
– Server logs

Embedded content and functions
– Services and content from Google
– Typekit- External fonts
– Functions and content from Twitter
– Videos from Vimeo

Optimization and security
– Mouseflow

marketing
– Newsletter distribution and performance measurement
– Communication by post, e-mail, fax or telephone
– Prize draws and competitions

Reach measurement, online marketing and technology partners
– Google Tag Manager
– Google Analytics
– Google AdWords

Section IV – Definitions

Section I – Controller and overview of data processing

Person responsible

Mangold & Mangold Corporate Communications GmbH & Co. KG
Prinzenstraße 5, 55218 Ingelheim am Rhein
Personally liable partner: Mangold & Mangold Verwaltungs-GmbH with the managing directors
Matthias Mangold & Horst Mangold
Telephone: +49 61 32 / 8990 4210
E-mail: info@mangold-mangold.com
Complete imprint: https://mangold-mangold.com/impressum/

The controller is also referred to below as “we” or “us.” Note: The data protection officer(s) must be specified if a data protection officer must be appointed. Otherwise, this passage can be removed. According to the current legal opinion, it is not necessary to provide the email address as a contact option. Further details such as the name, address or telephone number are recommended, but optional.

Description of our services on tasks

Advertising agency services, consulting services, hardware rental.

Types of data processed:

– Inventory data (e.g., names, addresses).
– Contact details (e.g., e-mail addresses, telephone numbers).
– Content data (e.g., text entries, photographs, videos).
– Contract data (e.g., subject matter of the contract, term, customer category).
– Payment data (e.g. bank details, payment history).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
– Applicant data (e.g. names, contact details, qualifications, application documents).

Processing of special categories of data (Art. 9 para. 1 GDPR)

In principle, no special categories of data are processed unless they are provided by the user for processing, e.g. entered in online forms.

Categories of data subjects affected by the processing:

– Customers / interested parties / business partners.
– Visitors and users of the online offer.
– Applicants
In the following, we also refer to the data subjects collectively as “users”.

Purpose of the processing

– Provision of the online offer, its contents and functions.
– Provision of contractual services, service and customer care.
– Answering contact requests and communicating with users.
– Marketing, advertising and market research.
– Safety measures.

Automated decision in individual cases (Art. 22 GDPR):

We hereby inform you that we do not carry out any exclusively automated data processing.
Status: May 2019

Section II – Rights of data subjects, legal bases and general information

Rights of the data subjects

You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

You have accordingly.
Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with Art. 18 GDPR.

You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.

You also have acc.
Art. 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to withdraw your consent in accordance with.
Art. 7 para.
3 GDPR with effect for the future.

Right of objection

You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR.
In particular, you may object to processing for direct marketing purposes.

Cookies and right to object in direct marketing

We use temporary and permanent cookies, i.e. small files that are stored on users’ devices (for an explanation of the term and function, see the last section of this privacy policy).
Some of the cookies are used for security purposes or are necessary for the operation of our online offering (e.g. to display the website) or to save the user’s decision when confirming the cookie banner.
In addition, we or our technology partners use cookies to measure reach and for marketing purposes, about which users will be informed in the course of the privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser.
Stored cookies can be deleted in the system settings of the browser.
The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website https://optout.aboutads.info or the EU website https://optout.aboutads.info. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this website.

Exclusively automated data processing

In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

We hereby inform you that we do not carry out any exclusively automated data processing.

Deletion of data and archiving obligations

The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR.
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted.
This means that the data is blocked and not processed for other purposes.
This applies, for example, to data that must be retained for commercial or tax law reasons.

Note: The information applies to Germany.
Please change this information if other storage obligations apply to you:

In accordance with legal requirements, records are stored for 6 years in accordance with § 257 Para.
1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para.
1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy.
We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary.
We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

The basis for commercial communications outside of business relationships, in particular by post, telephone, fax and e-mail, is contained in § 7 UWG.

Security of data processing

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk; the measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and their separation.
Furthermore, we have established procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data threats.
Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server.

Employees are bound to secrecy with regard to data protection, instructed and briefed, and made aware of possible liability consequences.

Disclosure and transmission of data

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), you have given your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

If we disclose, transfer or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and, in addition, on the basis of an order processing contract.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met.
This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Section III – Processing procedures

The following presentation provides you with an overview of the processing activities we carry out, which we have subdivided into further areas of activity.
Please note that the areas of activity are for guidance only and that the processing activities may overlap (e.g. the same data may be processed in several procedures).

For reasons of clarity and comprehensibility, you will find the frequently repeated terms in Section IV of this privacy policy.

Core area of data processing

In this section you will find information on our core services and tasks, such as answering inquiries and providing our contractual services as well as the ancillary tasks associated with them.

Consent with Borlabs Cookie

Our website uses Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document these in compliance with data protection regulations.
The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored.
This data is not passed on to the provider of Borlabs Cookie.

The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies.
Mandatory statutory retention periods remain unaffected.
Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies.
The legal basis for this is Art. 6 para.
1 lit.
c GDPR.

Agency services

We process our customers’ data as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.

– Processed data: Inventory data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos, content of application procedures), contract data (e.g., subject matter of contract, term), payment data (e.g., bank details, payment history), employee and applicant data.
– Special categories of personal data: Generally no, unless these are part of commissioned processing.
– Data subjects: Customers, interested parties, website visitors, employees (freelancers, employees, applicants), business partners and their employees, customers or users.
– Purpose of processing: Provision of contractual services, billing, customer service.
– Legal basis: Art. 6 para. 1 lit. b GDPR (contractual services), Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimization).
– Necessity / interest in processing: We process data that is necessary for the justification and fulfillment of the contractual services and point out the necessity of their disclosure.
– Disclosure external and purpose: No, only if required within the scope of the order.
– Processing in third countries: No, only in the context of an entry.
– Deletion of the data:
– The deletion takes place after the expiry of statutory warranty and comparable obligations; the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (6 years, in accordance with Section 257 (1) HGB, 10 years, in accordance with Section 147 (1) AO); with regard to data processed on behalf, the deletion takes place in accordance with the specifications of the order.

Hardware rental

Rental and sale of hardware (e.g. displays) and related consulting.

– Processed data: Inventory data (e.g., names, addresses), Contact data (e.g., e-mail, telephone numbers), Content data (e.g., content of displays), Contract data (e.g., subject matter of contract, duration), Payment data (e.g., bank details, payment history).
– Special categories of personal data:
– Purpose of processing: Provision of contractual services, billing, customer service.
– Necessity / interest in processing: We process data that is necessary for the justification and fulfillment of the contractual services and point out the necessity of their disclosure.
– Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance), Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimization).
– Affected parties: customers, interested parties, business partners.
– Necessity / interest in processing: We process data that is necessary for the justification and fulfillment of the contractual services and point out the necessity of their disclosure.
– Deletion of the data: The deletion takes place after the expiry of statutory warranty and comparable obligations; the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (6 years, according to § 257 para. 1 HGB, 10 years, according to § 147 para. 1 AO).

Recruiting & Consulting

Consulting and placement services in the recruiting sector; collection of applicant data and forwarding to clients.

– Processed data: Inventory data (e.g., names, addresses), Contact data (e.g., e-mail, telephone numbers), Content data (e.g., text input, photographs, videos, content of application procedures), Contract data (e.g., subject matter of contract, duration), Payment data (e.g., bank details, payment history), Employee and applicant data, Usage data (access times, IP), Metadata (information on devices used, operating system).
– Special categories of personal data: No, except for the subject of the contract (data concerning health, religious affiliation, ethnicity – if required for application procedures).
– Legal basis: Art. 6 para. 1 lit. b GDPR (contractual services), Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimization).
– Affected parties: customers, interested parties, business partners, applicants.
– Purpose of processing: Provision of contractual services, billing, customer service.
– Type, scope, mode of processing and special protective measures: We offer an online form whose entries are transmitted in encrypted form; in the context of commissioned activities, we act on the basis of order processing contracts.
– Necessity / interest in processing: We process data that is necessary for the justification and fulfillment of the contractual services and point out the necessity of their disclosure.
– External disclosure and purpose: Web hosting, on the basis of a data processing agreement based on legitimate interests in security and efficiency.
– Processing in third countries: no.
– Guarantee for processing in third countries:
– Deletion of the data: With regard to the data of the contractual partners, deletion takes place after the expiry of statutory warranty and comparable obligations; the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry (6 years, pursuant to Section 257 (1) HGB, 10 years, pursuant to Section 147 (1) AO); with regard to the data of applicants, deletion takes place in accordance with the specifications in the order and the statutory requirements, i.e. deletion generally expires 6 months after the end of the application procedure.

Answering inquiries and customer support

We process the information in the inquiries that we receive via our contact form and in other ways, e.g. via email, in order to respond to the inquiries.
For these purposes, the inquiries may be stored in our customer relationship management (CRM) system or in similar procedures that we use to manage inquiries.

– Processed data: Inventory data, contact data, content data, contract data, payment data, usage data, metadata.
– Data subjects: Customers, interested parties, business partners, website visitors.
– Purpose of processing: Answering inquiries.
– Legal basis: Art. 6 para. 1 lit. b. GDPR in the case of (pre-)contractual relationships, otherwise Art. 6 para. 1 lit. f. GDPR.
– Necessity / interest in processing: Necessary to respond to the requests.
– Disclosure external and purpose: No.
– Processing in third countries: No.
– Deletion of the data: We delete the requests if they are no longer required.
We review the necessity every two years; we store inquiries from customers who have a customer account permanently and refer to the information on the customer account for deletion.
In the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation);

Administration, financial accounting, office organization, archiving

We process data in the context of administrative tasks and the organization of our company, financial accounting and compliance with legal obligations, such as archiving.

We also store information on suppliers, event organizers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date.
We generally store this data, most of which is company-related, permanently.

– Processed data: Data that we process as part of our contractual services.
– Special categories of personal data: no.
– Legal basis: Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR.
– Data subjects: Customers, interested parties, business partners, website visitors.
– Purpose of processing: administration, financial accounting, office organization, archiving.
– Necessity / interest in processing: Processing is necessary to maintain our company and our services.
– Deletion of the data: The deletion of data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.

Business analyses and market research

In order to operate our business economically and to identify market trends, customer and user requirements, we analyze the data we have on business transactions, contracts, inquiries, etc.

– Processed data: Inventory data, communication data, contract data, payment data, usage data, metadata.
– Legal basis: Art. 6 para. 1 lit. f. GDPR.
– Data subjects: Customers, interested parties, business partners, visitors and users of the online offer.
– Purpose of processing: Business analysis, marketing, advertising, market research.
– Type, scope, mode of processing: profiling, first-party cookies, anonymous analyses.
– Necessity / interest in processing: Increased user-friendliness, optimization of the offer, business efficiency.
– Processing in third countries: No.
– Deletion of data: If this data is personal, upon termination, otherwise after two years from the conclusion of the contract.
Otherwise, the overall business analyses and general trend determinations are prepared anonymously where possible.

Data protection information for applicants

This section informs applicants about the processing of their data as part of the application process.

Application procedure

Applicants can send us their applications using an online form on our website.
The data is transmitted to us in encrypted form in accordance with the state of the art.
Alternatively, applicants can send us their applications by e-mail.
However, please note that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves.
We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using the online form.

Instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post.

– Processed data: Inventory data, contact data, content data (content of application folder, correspondence, internal comments).
– Special categories of personal data: Yes, to the extent necessary for the application process or provided by applicants (e.g. health data).
– Legal basis: Art. 6 para.
1 lit.
b. DSGVO, § 26 BDSG.

– Data subjects: Applicants
– Purpose of processing: Implementation of the application procedure, selection of applicants.
– Special protective measures: Restriction of access to application documents to bodies involved in the application process; encrypted transmission option.
– Necessity / interest in processing: Prerequisite for applicant selection.
– External disclosure and purpose: PME – Personal- und Managemententwicklung, Horst Mangold, Prinzenstraße 5, 55218 Ingelheim am Rhein (consulting, implementation of online application procedures)
– Privacy policy: http://mangold-mangold.com/datenschutz/.
– Processing in third countries: no.
– Deletion of the data: The data provided by applicants may, in the event of a successful application, be further processed by us for the purposes of the employment relationship; otherwise, if the application for a job offer is unsuccessful, the applicants’ data will be deleted or anonymized.
Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
The deletion takes place, subject to a justified revocation by the applicants, after a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the General Equal Treatment Act (AGG).

Application procedure – Applicant pool

If, as part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of two years, we will also inform them about the processing relating to the applicant pool:
Applicants are informed that their consent to inclusion in the applicant pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future and declare an objection within the meaning of Art. 21 GDPR.

– Legal basis: 6 para. 1 lit. b. and Art. 7 GDPR, § 26 BDSG.
– Purpose of processing: To reserve applicants for future application procedures.
– Special protective measures: The application documents in the talent pool are only processed in the context of future job advertisements and the search for employees.
– Deletion of the data: At the end of the two-year period.

External online presences

In this section you will find information on our data processing in the context of operating external online presences, e.g. in social media.

Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services.
When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

The links/buttons to social networks and platforms (hereinafter referred to as “social media”) used within our online offering generally only establish contact between social networks and users when users click on the links/buttons and the respective networks or their websites are accessed.
This function corresponds to the mode of action of a regular online link.

– Social networks/platforms used by us: LinkedIn, Twitter, Xing, YouTube.
– Processed data: Inventory data, communication data, content data, usage data, metadata.
– Special categories of personal data: Generally no, unless specified by users.
– Legal basis: 6 para.
1 lit f. GDPR.

– Data subjects: Users of the social media presences (this may include customers and interested parties).
– Purpose of processing: Information and
– Type, scope, functionality of processing: By operators of the respective platforms, usually: permanent cookies, tracking, targeting, remarketing, content and behavioral advertising.
– Necessity / interest in processing: Expectations of users who are active on the platforms, commercial interests.
– External disclosure and purpose: To the social networks/platforms.
– Processing in third countries: USA.
– Guarantee for processing in third countries: Privacy Shield.
– Deletion of the data: The deletion rules of the respective platforms apply.

Web server and security

Hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services, technical maintenance services.

– Processed data: Inventory data, contact data, content data, contract data, usage data, meta/communication data.
– Special categories of personal data:
– Legal basis: 6 para. 1 lit. f., 28 GDPR.
– Data subjects: Customers, interested parties, visitors to the online offer.
– Special protective measures:
– Processing in third countries: USA.
– External disclosure and purpose: 1&1 Internet SE, Eigendorfer Str. 57, 56410 Montabaur (web hosting); Deutsche Telekom AG, Friedrich-Ebert-Allee 140, 53113 Bonn (data storage).
– Necessity / interest in processing: security, commercial interests.
– Deletion: Corresponds to processing within the scope of our core services.

Server logs

The server on which this online service is located collects log files in which user data is stored each time the online service is accessed.
The data is used on the one hand for statistical analysis to maintain and optimize server operation and on the other hand for security purposes, e.g. to detect potential unauthorized access attempts.

– Processed data: Usage data and metadata (name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider).
– Special categories of personal data:
– Legal basis: 6 para. 1 lit. f GDPR.
– Data subjects: Customers, interested parties, visitors to the online offer.
– Purpose of processing: Optimization of server operation and security monitoring.
– Necessity / interest in processing: security, commercial interests.
– Processing in third countries: no.
– Deletion of data: After 7 days from collection.

Embedded content and functions

In this section, we inform you which content, software or functions (“content” for short) of other providers we use within the scope of our online offer on the basis of Art. 6 para.
1 lit.
f GDPR (so-called “embedding”).
Embedding takes place in order to make our online offering more interesting for our users or for legal reasons, e.g. to be able to present videos or social media contributions within our online offering at all.
Embedding may also serve to improve the speed or security of the online offering, e.g. if software elements or fonts are obtained from other sources.
In all cases, the processed data includes the usage and metadata of the users and also the IP address necessarily transmitted to the provider for embedding the content, and the data subjects include the visitors to our online offering.
The categories of data subjects include the users of our online offering, customers and interested parties.
Further explanations can be found in the definitions of terms, in particular regarding the functionalities and protective measures, at the end of this privacy policy.
The deletion of the data is determined by the data protection conditions of the providers of the embedded content.

Google services and content

We use the following services and content from the provider Google: YouTube – videos; Google Maps – maps; Google Fonts – fonts; Google – Recaptcha (detection of bots during form entries).

– Processed data: Usage data, metadata.
– Type, scope and function of processing: permanent cookies, third-party cookies, interest-based marketing,
– Special protective measures: Pseudonymization, opt-out.
– Opt-out: http://tools.google.com/dlpage/gaoptout?hl=de, https://adssettings.google.com/.
– External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
– Privacy policy: https://policies.google.com/privacy.
– Processing in third countries: USA.
– Guarantee for processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
– Deletion of the data: The data will be deleted in accordance with Google’s provisions.

Typekit- External fonts

– Processed data:
– Type, scope, mode of processing: No cookies are set for the purpose of delivering the fonts.
– External disclosure: Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland.
– Privacy policy: https://www.adobe.com/privacy/policies/typekit.html.
– Processing in third countries: USA.
– Guarantee for processing in third countries: https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active
– Deletion of the data: The data will be deleted in accordance with Adobe’s provisions.

Twitter functions and content

Functions and content of the Twitter service may be integrated into our online offering.
This may include, for example, content such as images, videos or texts and buttons with which users can express their liking of the content, the authors of the content or subscribe to our posts.

– Processed data: Usage data, metadata; if users are registered with the service, the above data may be linked to their profiles and to this data stored with the service (in particular inventory data).
– Type, scope, mode of processing: social plugins, permanent cookies, third-party cookies, interest-based marketing, tracking, remarketing.
– External disclosure: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
– Privacy policy: https://twitter.com/de/privacy.
– Processing in third countries: USA.
– Guarantee for processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
– Deletion of the data: The data will be deleted in accordance with the provisions of Twitter.

Videos from Vimeo

– Processed data: Usage data, metadata; if users are registered with the service, the above data may be linked to their profiles and to this data stored with the service (in particular inventory data).
– Type, scope, function of processing: Permanent cookies, third-party cookies, tracking, interest-based marketing, profiling, remarketing.
– Opt-out: For Google services used: http://tools.google.com/dlpage/gaoptout?hl=de, (setting advertisements: http://www.google.com/ads/preferences).
– External disclosure: Vimeo Inc, Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA.
– Privacy policy: https://vimeo.com/privacy.
– Processing in third countries: USA.
– Deletion of the data: The data will be deleted in accordance with the provisions of Vimeo.

Optimization and security

In this section you will find information on the data processing carried out by us for the purpose of optimizing our online offer.
It primarily serves to improve the user-friendliness and functionality of our online offering.

Mouseflow

Mouseflow allows us to track the effects of various changes to a website (e.g. changes to input fields, design, etc.) as part of so-called “A/B testing” and with pseudonymous observation of user behavior.
– Processed data: Usage data, metadata.
– Type, scope, function of processing: heat maps, recording of the use of the online offer (pseudonymized), permanent cookies, third-party cookies.
– Special protective measures: IP masking, pseudonymization, opt-out.
– Opt-out: https://mouseflow.com/opt-out/.
– External disclosure: Mouseflow Inc, 2205 152nd Ave NE, Redmond, WA 98052, USA.
– Privacy policy: https://mouseflow.com/privacy/, https://mouseflow.com/gdpr/.
– Processing in third countries: USA.
– Guarantee for processing in third countries: https://www.privacyshield.gov/participant?id=a2zt0000000TS56AAG&status=Active.
– Deletion of data: 1-12 months.

Marketing

This section provides you with information on the data processing we carry out for the purpose of optimizing our marketing and market research services.

Newsletter distribution and performance measurement

We only send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) with the consent of the recipient or legal permission.
Subscribers’ data is logged, as we are obliged to provide proof of registration.
We also keep track of whether newsletters have been opened and whether links have been clicked.
This information is stored per user for technical reasons, but is not used to monitor individual users, but rather, for example, to adapt content and offers to users.
Information that we should collect in addition to the e-mail address (e.g. name) is used to address the user personally or to adapt the content of the newsletter to the user.

– Content of the newsletter: As stated in the registration form, otherwise information about our services and our company.
– Processed data: Inventory data (e-mail address), usage data (time of registration, time of confirmation double opt-in, IP address, opening of the e-mail, time and place, time and click on a link in the newsletter).
– Special categories of personal data:
– Legal basis: 6 para. 1 lit. a, Art. 7 GDPR and Section 7 para. 2 no. 3 UWG, para. 3 (dispatch), Art. 6 para. 1 lit. c i.V.m. Art. 7 para. 1 GDPR (logging), Art. 6 para. 1 lit. f GDPR (analysis).
– Affected parties: E-mail recipients
– Purpose of processing: Newsletter dispatch, optimization, proof of consent.
– Type, scope and function of the processing: Web beacon.
– Necessity / interest in processing: Only the e-mail information is required for sending, the other information is voluntary and serves to personalize and optimize the content based on the interests of the users; the obligation to provide proof of consent is the reason for logging; the success measurement is based on legitimate interests in optimizing the content for the users and on the basis of business interests
– Opt-out: An unsubscribe link is included in every newsletter.
– External disclosure and purpose: Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin (sending newsletters, security).
– Privacy policy: https://www.cleverreach.com/de/datenschutz/.
– Special protective measures: Data processing agreement with Mailchimp.
– Processing in third countries: no.
– Deletion of the data: After unsubscribing from the newsletter, the e-mail addresses are stored for two years for the purpose of proving the previous registration, including log data for the registration (time, IP address), and then deleted.
We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them for the purpose of sending the newsletter in order to be able to prove that consent was previously given.
The processing of this data is limited to the purpose of a possible defense against claims.
An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

Communication by post, e-mail, fax or telephone

Dispatch of information material, contact by telephone.
– Processed data: Inventory data, address and contact data, contract data.
– Special categories of personal data:
– Legal basis: Art. 6 para. 1 lit. a, Art. 7 GDPR, Art. 6 para. 1 lit. f GDPR in conjunction with legal requirements for advertising communications.
– Data subjects: Customers, participants, interested parties, communication partners.
– Purpose of processing: Promotional communication.
– Type, scope, mode of processing: Contact is only made with the consent of the contact partners or within the scope of legal permissions.
– Necessity / interest in processing: Information and business interests.
– External disclosure and purpose: N
– Processing in third countries: No.
– Deletion of the data: With objection/revocation or discontinuation of the basis for authorization, provided that this does not conflict with any legitimate purposes; in the event of revoked consent, we may store the data required to prove consent for up to three years on the basis of our legitimate interests before we delete it in order to be able to prove that consent was previously given.
The processing of this data is limited to the purpose of a possible defense against claims.
An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time.

Competitions and contests

As part of competitions and contests (“competitions” for short), we process the data of the participants in order to carry out the competitions.
Users will receive further information on the processing of their data in the context of the individual competitions as well as any consent to the publication of their names or competition entries within the conditions of participation of the respective competitions.

– Processed data: Inventory data, communication data, content data (e.g. entries to competitions).
– Special categories of personal data:
– Legal basis: 6 para.
1 lit.
b GDPR.

– Data subjects: Participants
– Purpose of the processing: Implementation of the competitions, notification of prizes, dispatch of prizes, possibly presentation of winners.
– External disclosure and purpose: Shipping companies for the purpose of shipping prizes, possibly sponsors of prizes.
– Processing in third countries: No, except for shipping of prizes abroad.
– Deletion of the data: As soon as the data is not required for the execution of the competition (e.g. in the event of queries about prizes); when winners or competition entries are published, they generally remain online permanently; otherwise archiving in the event of a legal obligation (end of commercial law (6 years) and tax law (10 years) retention obligation).

Reach measurement, online marketing and technology partners

In this section, we inform you which services of technology partners we use to measure reach and for online marketing purposes.
These services are used on the basis of Art. 6 para.
1 lit.
f GDPR and our interest in increasing user-friendliness, optimizing our offer and its business efficiency.
In all cases, the processed data includes usage data and metadata.
Further explanations can be found in the definitions of terms, in particular regarding the functionalities and protective measures, at the end of this privacy policy.
Unless otherwise stated, the deletion of the data is determined in accordance with the data protection declarations of the technology partners.

Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example).
The Tag Manager itself (which implements the tags) does not process any personal user data.
With regard to the processing of users’ personal data, please refer to the following information on Google services.
Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

We use Google Analytics for the purposes of reach measurement and target group formation.

– Processed data: Usage data, metadata.
– Type, scope, function of processing: permanent cookies, third-party cookies, tracking, interest-based marketing, profiling, custom audiences, remarketing.
– Special protective measures: Pseudonymization, IP masking, conclusion of order processing contract, opt-out.
– Opt-out: http://tools.google.com/dlpage/gaoptout?hl=de (browser add-on), https://adssettings.google.com/ (setting for advertisements).
– External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
– Privacy policy: https://policies.google.com/privacy.
– Processing in third countries: USA.
– Guarantee for processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
– Deletion of data: 14 months.

Google AdWords

We use Google AdWords to measure the success of the advertisements we place on Google.

– Processed data: Usage data, metadata, customer ID with us (Google only receives the customer ID as a pseudonymous date without the associated inventory data, such as the customer’s name, address or email).
– Type, scope and function of processing: permanent cookies, third-party cookies, tracking, conversion measurement, interest-based marketing, profiling.
– Special protective measures: Pseudonymization, IP masking, conclusion of order processing contract, opt-out.
– Opt-out: https://adssettings.google.com/.
– External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
– Privacy policy: https://policies.google.com/privacy.
– Processing in third countries: USA.
– Guarantee for processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
– Deletion of the data: The data may be processed by Google for up to two years before it is anonymized or deleted.

Section IV – Definitions

This section provides you with an overview of the terms used in this privacy policy.
Many of the terms are taken from the law and are defined above all in Art. 4 GDPR.
The legal definitions are binding.
The following explanations, on the other hand, are primarily intended to aid understanding.
The terms are listed in alphabetical order.

A/B tests – A/B tests are used to improve the user-friendliness and performance of online offers.
For example, users are shown different versions of a website or its elements, such as input forms, on which the placement of the content or labels of the navigation elements can differ.
The behavior of the users, e.g. longer time spent on the website or more frequent interaction with the elements, can then be used to determine which of these websites or elements are more likely to meet the needs of the users.

Affiliate links – “Affiliate links” are links with the help of which the linking websites refer users to websites with product or other offers.
The operators of the respective linking websites can receive a commission if users follow the affiliate links and subsequently take advantage of the offers.
For this purpose, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently take advantage of them at the instigation of the affiliate links.
It is therefore necessary for the functionality of affiliate links that they are supplemented by certain values that become part of the link or are otherwise stored, e.g. in a cookie.
The values include, in particular, the source website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising material ID, partner ID and categorizations.

After-sales – “After-sales” are marketing processes in which, for example, customers of an online store are presented with advertising offers from other providers (which are usually based on the services or products purchased in the online store).
In other respects, the way after-sales works is similar to the way affiliate links work.

Aggregated data – Aggregated data is summarized data that does not allow any conclusions to be drawn about an individual and is therefore not personal.
For example, the visit times on a website can be stored as average values.

Anonymous data – Anonymity exists if a person is not at least identifiable on the basis of data by the controller with the means available to him.
In particular, aggregated data can be anonymous.

Processor – A “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Special categories of personal data – This refers to data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Data subject – See “personal data”.
Clicktracking – “Clicktracking” makes it possible to monitor the movements of users within an entire online offering.
As the results of these tests are more accurate if the user’s interaction can be tracked over a certain period of time (e.g. to see whether a user likes to return), cookies are usually stored on the user’s computer for these test purposes.

Conversion – “Conversion” or “conversion measurement” refers to a process that can be used to determine the effectiveness of marketing measures.
For this purpose, a cookie is usually stored on the user’s device within the websites on which the marketing measures take place and then retrieved again on the target website (e.g. this allows us to track whether the ads we placed on other websites were successful).

Cookies – “Cookies” are small files that are stored on users’ computers.
Different information can be stored within the cookies.
A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service.
Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes their browser.
The content of a shopping cart in an online store or a login status within a community can be stored in such a cookie, for example.
Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”.
For example, the login status in a community can be saved if users visit it after several days.
The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes (see e.g. remarketing).
Cookies from providers other than the controller who operates the online service are offered as “third-party cookies” (otherwise, if they are only the controller’s cookies, they are referred to as “first-party cookies”).

Cross-device tracking – cookies and fingerprints are device-related.
Cross-device tracking is necessary in order to be able to evaluate the interests of users in the context of smartphone use for advertisements on desktop PCs.
For example, logins to social networks such as Facebook can be used for this purpose.
Alternatively, location data, IP addresses and user behavior are used to achieve up to 98% more precise user delimitation.
Cookies and web beacons are generally used for cross-device tracking purposes.

Custom audiences – “Custom audiences” (or “user-defined target groups”) are defined when target groups are determined for advertising purposes, e.g. the display of advertisements.
For example, based on a user’s interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online store in which they viewed the products.
In turn, “lookalike audiences” (or similar target groups) are when the content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created.
Cookies and web beacons are generally used for the purpose of creating custom audiences and lookalike audiences.
“Custom audiences from website” means that the target groups are formed on the basis of visitors to your own website.
“Custom audiences from file” means that, for example, a list of email addresses is uploaded to the respective advertising network or platform to form the target groups.

Demographic data – Demographic data is general information about groups of people or individuals, e.g. characteristics such as age, gender, place of residence and social characteristics such as occupation, marital status or income.
Demographic data is collected as part of reach measurement and in online marketing for the purposes of interest-based marketing or for business analyses that are used, for example, to determine target groups.

Third party – A “third party” is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Third country – Third countries are countries in which the GDPR is not directly applicable law, i.e. basically countries that are not part of the European Union (EU) or the European Economic Area (EEA).
Consent – “Consent” of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Embedding – See “Embedding”.
Embedding – With embedding, third-party content or software functions (see plugins) are integrated into your own online presence in such a way that they are displayed or executed on this online presence.
No copy of the content is created, as it is called up from the original server (e.g. videos, images, posts on social networks, widgets with ratings).
When embedding, it is technically necessary for the content provider to collect the user’s IP address in order to display the embedded content in the user’s browser.
Furthermore, the content provider may, for example, store cookies on the user’s device.

Extended matching – “Extended matching” is an option of the Facebook pixel, which means that inventory data such as telephone numbers, email addresses or Facebook IDs of users are transmitted to Facebook in encrypted form to form target groups for Facebook ads and are only used for this purpose.
Error tracking – Error tracking is used, for example, to detect incorrectly executed program code in order to eliminate it and thus ensure the functionality and security of online offers.
Fingerprints and other online identifiers – “Fingerprints” correspond to cookies in terms of their function, whereby a file is not stored on the user’s device.
These digital fingerprints can, for example, be created individually as cross-sums from individual factors of devices, such as computing power or browser plug-ins for devices, and thus be used for reach measurement, profiling, remarketing, interest-based and behavior-based advertising.

First-party cookies – See “Cookies”.
Heatmaps – “Heatmaps” are mouse movements of users that are summarized into an overall picture, which can be used, for example, to recognize which website elements are preferred and which website elements users prefer less.
IP address – The IP address (“IP” stands for Internet Protocol) is a sequence of numbers that can be used to identify devices connected to the Internet.
When a user accesses a website on a server, they tell the server their IP address.
The server then knows that it must send the data packets with the content of the website to this address.

IP mask ing – “IP masking” refers to a method in which the last octet, i.e. the last two numbers of an IP address, are deleted so that the IP address can no longer be used to uniquely identify a person.
IP masking is therefore a means of pseudonymizing processing procedures, particularly in online marketing.

Interest-based marketing or interest-based and behavioral advertising – Interest-based and/or behavioral advertising is the term used when profiling is used to determine the potential interest of users in advertisements (online behavioral advertising, OBA for short).
Cookies and web beacons are generally used for these purposes.

Lookalike Audiences – See Custom Audiences.
Opt-in – The term “opt-in” means registration or consent, depending on the context.
If a registration (e.g. by entering an email address in an online form field) is confirmed by sending a confirmation email to the owner of the email address, this is referred to as a double opt-in (DOI).

Opt-out – The term opt-out means to unsubscribe and can, for example, represent an objection (e.g. to tracking) or a termination (e.g. for newsletter subscriptions).
Opt-out cookie – An “opt-out cookie” is a small file (see “Cookies”) that is stored in your browser and in which it is noted that, for example, a tracking service should not process your data.
The “opt-out cookie” is only valid for the browser in which it was saved, i.e. the browser in which you clicked the opt-out link.
If cookies are deleted in this browser, you will have to click the opt-out link again.
Furthermore, an opt-out link can only be limited to the domain on which the opt-out link was clicked.

Permanent cookies – See “Cookies”.
Personal data/personal reference – “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Plugins/social plugins – Plugins (or “social plugins” in the case of social functions) are third-party software functions that are integrated into the online offering.
They can be used, for example, to output interaction elements (e.g. a “Like” button) or content (e.g. external comment function or posts in social networks).

Profiling – “Profiling” means any form of automated processing of personal data consisting of the use of personal data to analyze, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this includes information relating to age, gender, location data and movement data, interaction with websites and their content, shopping behavior, social interactions with other people) (e.g. interests in certain content or products, click behavior on a website or location).
Cookies and web beacons are often used for profiling purposes.

Privacy Shield – The EU-US Privacy Shield is an informal agreement in the field of data protection law that was negotiated between the European Union and the United States of America.
It consists of a series of assurances from the US government and a decision by the EU Commission.
Companies that are certified under the Privacy Shield offer a guarantee of compliance with European data protection law (https://www.privacyshield.gov).

Pseudonymization/ pseudonyms – “Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and it is ensured that the personal data is not attributed to an identified or identifiable natural person; i.e. if an exact interest profile of the computer user is stored in a cookie (quasi a “marketing avatar”), but not the name of the user, then the data is processed pseudonymously.
If the user’s name is stored, e.g. as part of their email address or IP address, then the processing is no longer pseudonymous.

– Reach measurement – Reach measurement is used to evaluate the flow of visitors to an online offering and can include their behavior, interests or demographic information, such as age or gender.
With the help of reach analysis, website owners can, for example, recognize what types of people visit their website at what time and what content they are interested in.
This allows them, for example, to better optimize the content of the website to the needs of their visitors.
Cookies and web beacons are often used for reach analysis purposes.

Remarketing/retargeting – The term “remarketing” or “retargeting” is used when, for example, it is noted for advertising purposes which products a user was interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
Cookies are generally used for profiling purposes.

Session cookies – See “Cookies”.
Single sign-on – “Single sign-on” or “single sign-on authentication” is a procedure that allows users to log in to an online service, including other online services, with the help of a user account.
The prerequisite for single sign-on authentication is that users are registered with the respective single sign-on provider and enter the required access data on the web form provided for this purpose.
Authentication takes place directly with the respective single sign-on provider.
As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that cannot be used by us (so-called “user handle”).
Whether we receive further data depends solely on the single sign-on procedure used, the data releases selected as part of authentication and also which data users have released in the privacy or other settings of the user account with the single sign-on provider.
Depending on the single sign-on provider and the user’s choice, it can be different data, usually the e-mail address and the user name.
The password entered as part of the single sign-on procedure is neither visible to us nor is it stored by us.
Users are asked to note that their details stored with us can be automatically compared with their user account with the single sign-on provider, but that this is not always possible or actually takes place.
If, for example, users’ email addresses change, users must change them manually in their user account with us.
If users decide that they no longer wish to use the link to their user account with the single sign-on provider for the single sign-on procedure, they must remove this link from their user account with the single sign-on provider.
If users wish to delete their data with us, they must cancel their registration with us.

Third-party cookies – See “Cookies”.
Tracking – The term “tracking” is used when the behavior of users can be tracked across several online offers, e.g. for remarketing purposes.
The behavioral and interest information collected with regard to the online offers used is stored as user profiles in cookies or on the servers of marketing service providers (e.g. Google or Facebook).

Universal Analytics – “Universal Analytics” refers to a Google Analytics process in which user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices (“cross-device tracking”).
Controller – The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing ” means any operation or set of operations which is performed on personal data, whether or not by automated means.
The term is broad and covers practically any handling of data.

Web beacons – “Web beacons” (also known as “pixels”, “measurement pixels” or “tracking pixels”) are small, pixel-sized graphics that are embedded in websites or HTML emails.
They can be used, for example, to determine whether an email has been opened (at least if image display is activated in emails) or how often a website is accessed by a user.

Widgets – See embedding.
Tracking pixels – See web beacons.