INFORMATION ACCORDING TO ART. 13, 14 AND 21 EU BASIC DATA PROTECTION REGULATION – DSGVO
We hereby inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations. Which data is processed in detail and how it is used depends largely on the services you have requested or agreed with us.
1. WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHOM CAN I CONTACT?
The person responsible is:
media plan GmbH
2. WHICH SOURCES AND DATA DO WE USE?
We process personal data that we receive from you in the course of our business relationship or that we need to process so that we can offer you access to our website. In addition, we process – to the extent necessary for the provision of our service – personal data that we have permissibly received from other companies (e.g. Kreditreform) (e.g. for the execution of orders, the performance of contracts or on the basis of consent given by you). On the other hand, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. debtor lists, press, media, etc.) and are allowed to process.
Relevant personal data are personal details and contact data (name, address, telephone number and e-mail address). In addition, this may also include order data or data from the fulfillment of our contractual obligations, such as advertising and sales data, documentation data, data about your use of our offered telemedia, as well as other data comparable to the aforementioned categories.
3. WHAT DO WE PROCESS YOUR DATA FOR (PURPOSE OF PROCESSING) AND ON WHAT LEGAL BASIS?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
3.1 For the fulfillment of contractual obligations (Art. 6 para. 1 lit. b DSGVO).
Personal data is processed to provide the service of creating customized, individual media concepts and process solutions and also, in particular, to execute our contracts or pre-contractual measures with you and to execute your orders.
The purposes of data processing are primarily based on the specific contract (e.g., to supplement and implement media concepts, market analyses, media buying, campaign implementation, evaluation, tracking and reporting and may include, among other things, employee data in addition to customer and supplier data.
Further details on the purpose of data processing can be found in the respective applicable terms and conditions.
3.2 Within the framework of the balancing of interests (Art. 6 para. 1 lit. f DSGVO).
To the extent necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. Examples:
– Advertising or market and opinion research, unless you have objected to the use of your data;
– Assertion of legal claims and defense in legal disputes;
– Ensuring IT security;
– Prevention and investigation of criminal offenses;
– Analysis of access to the website and compilation of visitor statistics;
– Measures for business management and further development of services and products.
3.3 Based on your consent (Art. 6 para. 1 lit. a DSGVO).
Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Consent given can be revoked at any time with effect for the future.
Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by this.
3.4 Due to legal requirements (Art. 6 para. 1 lit. c DSGVO) or in the public interest (Art. 6 para. 1 lit. e DSGVO).
If we are legally obliged to process your data, processing also takes place on this basis. This may involve, for example, obligations to provide proof to the tax office or other authorities.
4. WHO RECEIVES MY DATA?
Within our company, those departments receive your data that need it to fulfill our contractual and legal obligations. Processors used by us (Art. 28 DSGVO) may also receive data for these purposes. These are companies in the categories of IT services, web audience analysis, logistics, printing services, telecommunications, debt collection, consulting and advisory services, as well as sales, marketing, banks, government agencies, campaign management systems, accounting software, tax consultants and auditors.
Data is only passed on to recipients outside our company if this is required by law, you have given your consent or we are authorized to provide information. Under these conditions, recipients of personal data may be, for example:
– Public bodies and institutions (e.g. supervisory authorities) in the event of a legal or official obligation.
Other data recipients may be those bodies for which you have given us your consent to transfer data or have exempted consent.
5. HOW LONG WILL MY DATA BE STORED?
To the extent necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB), the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), generally amount to three years, but in certain cases can also be up to thirty years.
6. IS DATA TRANSFERRED TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION?
Data is only transferred to third countries (countries outside the European Economic Area – EEA) if this is necessary for the execution of the contracts concluded with you or is required by law or if you have given us your consent. We will inform you separately about details, if required by law.
7. WHAT DATA PROTECTION RIGHTS DO I HAVE?
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
8. IS THERE AN OBLIGATION FOR ME TO PROVIDE DATA?
Within the scope of our business relationship, you are only required to provide the personal data that is necessary for the establishment, implementation and termination of a business relationship or that we are legally obligated to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it.
Furthermore, in order to provide chargeable services, it is necessary for us to ask for additional data, such as the method of payment requested by you.
9. TO WHAT EXTENT IS THERE AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES?
Automated decision-making processes based on your personal data do not take place.
10. THIRD PARTY FUNCTIONS
This website uses the web analytics service Lead ForensicsLead Forensics works on the basis of reverse business IP tracking. A small tracking code is placed on a company’s website(s) that allows it to identify the business IP addresses of its website visitors. Lead Forensics matches the identified business IP address to a one hundred percent global database of companies and business information. The Lead Forensics software is designed almost exclusively to use business-related information to effectively match a business IP address to broader business data and provide valuable business-related visitor information to our clients. Lead Forensics does not identify personal IP addresses, mobile devices, or other data unrelated to the business.
This website uses features of the Google Analytics web analytics service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. Ireland.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and its advertising.
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website: Disable Google Analytics.
Our website uses Google conversion tracking. If you have reached our website via an ad placed by Google, Google Adwords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in the tracking, you can refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser so that cookies from the domain “googleleadservices.com” are blocked.
Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
Google Analytics Remarketing
This website uses the remarketing function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. Ireland. The function is used to present website visitors with interest-based advertisements within the Google advertising network. A so-called “cookie” is stored in the browser of the website visitor, which makes it possible to recognize the visitor when they visit websites that belong to the Google advertising network. On these pages, the visitor can be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google’s remarketing function.
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This enables Google to know that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
If your browser does not support web fonts, a standard font will be used by your computer.
INFORMATION ABOUT YOUR RIGHT TO OBJECT ACCORDING TO ART. 21 GDPR
1. right to object on a case-by-case basis.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) of the DS-GVO (data processing based on a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
2. right to object to processing of data for direct marketing purposes.
In individual cases, we process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and should preferably be addressed to:
media plan GmbH
CHAINS OF INFECTION
I Introduction and terms
In connection with the Corona virus (infection chains), we process personal data from you. We treat these confidentially and process them in accordance with the applicable laws – in particular the German Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG-neu). With our data protection regulations, we want to inform you which personal data we collect, for which purposes and on which legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain what rights you have to protect and enforce your data protection.
Our data protection provisions contain technical terms that are in the DSGVO and the BDSG-neu. For your better understanding, we would like to explain these terms in simple terms in advance:
2.1 “Personal data” means any information relating to an identified or identifiable person (Art. 4 No. 1 DSGVO). Information of an identified person can be e.g. the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one’s own information or that of others and thus learning who the person is. A person can be identified, for example, by providing his or her address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
2.2 “Processing” is understood by Art. 4 No. 2 DSGVO to mean any operation in connection with personal data. This relates in particular to the collection, recording, organization, ordering, storage, adaptation or modification, reading out, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction of personal data.
II. responsible person and contact person
3. responsible person
The person responsible for data processing is:
3.1.Person responsible (Art. 30 Para. 1 lit. a DS-GVO).
Media Plan GmbH
Hermann-Sielcken-Str. 60 | 76530 Baden-Baden
Phone: +49 (0)7221 – 99 22 8 – 41
Fax: +49 (0)7221 – 99 22 8 – 32
3.2 Legal representative
Name: Frank Lankers
4. data protection officer
We have appointed a data protection officer for our company. You can reach him under:
Name: HABEWI GmbH & Co. KG
Legal representative: HABEWI Beteiligungs- GmbH, represented by the managing director Arne Platzbecker
Address: Palmaille 96, 22767 Hamburg, Germany
Telephone: 040/ 460 089 66
Fax: 040/ 460 089 77
III. processing framework
5. processing framework
At the time of the Corona Pandemic (chains of infection), we process the personal data from you listed in detail below in section 6.
Unless explicitly stated in section 6, the data will only be processed internally and will generally not be sold, lent or transferred to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called commissioned processing, in which we as the client are authorized to issue instructions to our contractors. We use external service providers to operate and host our internal IT systems and data. If external service providers are used for individual processing operations listed in Section 6, they will be named there.
With regard to the processing described in section 6, data is not transferred to third countries and is not planned.
6 Corona Pandemic (chains of infection)
6.1 Description of processing: In the course of the Corona Pandemic, we collect the following data from you: Name, first name, address, telephone number. If you visit one of our offices, we ask you to leave the above data with the responsible personnel. Lists will be provided for this purpose or you will be contacted directly by the staff.
6.2 Purpose: The processing is carried out in order to be able to transmit your personal data to the health authorities for the period of the Corona pandemic, if necessary. This serves the purpose of tracing chains of infection by the Health Department in the event that a person who has fallen ill has visited our office.
6.3 Legal basis: The processing of your personal data is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO by means of consent. If the transfer of data to the public health department is also a legal obligation under the Infection Protection Act or general orders of the state of Baden Württemberg, the legal basis is Article 6 (1) sentence 1 lit. c DSGVO. The processing is carried out for the fulfillment of a legal obligation to the public health department.
6.4 Storage period: The personal data we collect from you will be deleted as soon as it is no longer necessary for the purpose of its processing. We process your personal data as long as we need the collected information during the Corona Pandemic. This is 4 weeks at the moment.
6.5 Recipients: Your personal data will be processed within Media Plan for the above-mentioned purpose and, if necessary, transmitted to the relevant health authority.
7. data subject rights
With regard to the data processing by Media Plan described above, you are entitled to the following data subject rights:
7.1 Information (Art. 15 DSGVO). You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, they have a right to information about this personal data and to the information listed in detail in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.
7.2 Correction (Art. 16 DSGVO). You have the right to demand that we correct any inaccurate personal data relating to you without undue delay and, if necessary, to complete any incomplete
personal data without undue delay.
7.3 Deletion (Art. 17 DSGVO). You have the right to demand that we delete personal data concerning you without undue delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies, e.g. if your data is no longer required for the purposes we pursue.
7.4 Restriction of data processing (Art. 18 DSGVO). You have the right to request us to restrict processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
7.5 Data portability (Art. 20 DSGVO). You have the right, under the conditions set out in Art. 20 DSGVO, to request that the data relating to you be handed over in a structured, common and machine-readable format.
7.6 Withdrawal of Consent (Art. 7(3) DSGVO). You have the right to revoke your consent at any time in the case of processing based on consent. The revocation shall apply from the
time of its assertion. In other words, it has effect for the future. The processing therefore does not become unlawful retroactively as a result of the revocation of consent.
7.7 Complaint (Art. 77 GDPR). If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can exercise this right at a supervisory authority in the EU member state of your residence, workplace or the place of the alleged infringement.
7.8 Prohibition of automated decisions/profiling (Art. 22 GDPR). Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data – including profiling. We inform you that we do not use automated decision-making including profiling with regard to your personal data.
7.9 Right to object (Art. 21 DSGVO) . If we process personal data from you on the basis of Art. 6(1)(f) DSGVO (to protect overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 DSGVO. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any case – also regardless of a specific situation – you have the right to object at any time to the processing of your personal data for direct marketing.