Development and
Cooperation

All monthly issues

Data protection statement

Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online services”).

The terms used are not gender-specific.

Status: November 2025

 

Table of contents

  • Preamble
  • Responsible party
  • Contact data protection officer
  • Overview of processing
  • Relevant legal basis
  • Security measures
  • Transmission of personal data
  • International data transfer
  • General information on data storage and deletion
  • Rights of the data subjects
  • Provision of online services and web hosting
  • Use of cookies
  • Contact and request management
  • Communication via messenger
  • Newsletter and electronic notifications
  • Web analysis, monitoring and optimization
  • Online marketing
  • Presence in social networks (social media)
  • Plug-ins and embedded functions and content
  • Changes and updates
  • Definition of terms
  • Changes

 

Responsible party

Fazit Communication GmbH 
Pariser Str. 1 
60486 Frankfurt am Main 
Germany

Email address: datenschutz@fazit.de 

Imprint: https://www.dandc.eu/en/imprint

 

Contact Data Protection Officer

datenschutz@fazit.de

 

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

 

Types of data processed

  • Inventory data
  • Location data
  • Contact details
  • Content data
  • Usage data
  • Meta, communication and procedural data
  • Contact information (Facebook)
  • Event data (Facebook)
  • Protocol data

 

Categories of data subjects

  • Communication partners
  • Users

 

 

Purposes of processing

  • Communication
  • Safety measures
  • Direct marketing
  • Reach measurement
  • Tracking
  • Conversion measurement
  • Click tracking
  • Target group formation
  • Organizational and administrative procedures
  • Firewall
  • Feedback
  • Marketing
  • Profiles with user-related information
  • Provision of our online services and user-friendliness
  • Information technology infrastructure
  • Public relations and information purposes
  • Public relations

 

 

Relevant legal basis

Relevant legal basis under the GDPR: Below you will find an overview of the legal basis under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 (1) (a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6 (1) (f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transfer, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Relevant legal basis under the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (abbreviated as “Swiss DSG”). . Unlike the GDPR, for example, the Swiss DSG does not generally require that a legal basis for the processing of personal data be specified and that the processing of personal data be carried out in good faith, lawfully and proportionately (Art. 6 (1) and (2) of the Swiss DSG). In addition, we only collect personal data for a specific purpose that is recognizable to the data subject and only process it in a manner that is compatible with this purpose (Art. 6 para. 3 of the Swiss DSG).

Note on the applicability of the GDPR and the Swiss FADP: This privacy policy serves to provide information in accordance with both the Swiss FADP and the General Data Protection Regulation (GDPR). For this reason, please note that the terms used in the GDPR are used due to their broader geographical application and comprehensibility. In particular, instead of the terms “processing” of “personal data,” “overriding interest,” and “sensitive personal data” used in the Swiss FADP, the terms ‘processing’ of “personal data,” “legitimate interest,” and “special categories of data” used in the GDPR are used. However, the legal meaning of the terms will continue to be determined in accordance with the Swiss DSG within the scope of its applicability.

Security measures

In accordance with legal requirements, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, availability, and separation. Furthermore, we have established procedures to ensure that the rights of data subjects are exercised, data is deleted, and responses are made to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies we use and the processing of a complete IP address is not necessary, the IP address is shortened (also known as “IP masking”). In this case, the last two digits or the last part of the IP address after a dot are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent or significantly impede the identification of a person based on their IP address.

Securing online connections with TLS/SSL encryption technology (HTTPS): We use TLS/SSL encryption technology to protect user data transmitted via our online services from unauthorized access. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transfer of personal data

As part of our processing of personal data, it may happen that this data is transferred to or disclosed to other bodies, companies, legally independent organizational units, or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

Data transfer within the group of companies: Data transfer within the group of companies: We may transfer personal data to other companies within our group of companies or grant them access to it. This data transfer is based on our legitimate business and economic interests. By this we mean, for example, improving business processes, ensuring efficient and effective internal communication, making optimal use of our human and technological resources, and enabling us to make informed business decisions. In certain cases, data transfer may also be necessary to fulfill our contractual obligations, or it may be based on the consent of the data subjects or legal permission.

Data transfer within the organization: We may transfer personal data to other departments or units within our organization or grant them access to it. If the data transfer is for administrative purposes, it is based on our legitimate business and economic interests or is necessary to fulfill our contractual obligations or if we have the consent of the data subjects or legal permission.

International data transfers

Data processing in third countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to other persons, agencies, or companies (which can be identified by the postal address of the respective provider or if the privacy policy expressly refers to the transfer of data to third countries), this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations to protect your data.

This double safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should changes arise within the framework of the DPF, the standard contractual clauses serve as a reliable fallback option. In this way, we ensure that your data remains adequately protected even in the event of political or legal changes.

We will inform you whether individual service providers are certified under the DPF and whether standard contractual clauses are in place. For more information on the DPF and a list of certified companies, please visit the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English).

Appropriate security measures apply to data transfers to other third countries, in particular standard contractual clauses, express consent, or transfers required by law. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are revoked or there are no further legal grounds for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection information contains additional information on the storage and deletion of data that applies specifically to certain processing procedures.

If there are several specifications regarding the retention period or deletion deadlines for a piece of data, the longest period shall always apply.

If a period does not expressly begin on a specific date and lasts at least one year, it shall automatically begin at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the period is the date on which the termination or other termination of the legal relationship takes effect.

We process data that is no longer stored for its originally intended purpose but is retained due to legal requirements or other reasons exclusively for the reasons that justify its retention.

Further information on processing procedures, methods, and services:

  • Storage and deletion of data: The following general periods apply to storage and archiving under German law:
  • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet, as well as the work instructions and other organizational documents necessary for their understanding (Section 147 (1) No. 1 in conjunction with (3) AO, Section 14b (1) UStG, Section 257 (1) No. 1 in conjunction with (4) HGB).
  • 8 years - Accounting documents, such as invoices and expense receipts (Section 147 (1) No. 4 and 4a in conjunction with (3) sentence 1 AO and Section 257 (1) No. 4 in conjunction with (4) HGB).
  • 6 years - Other business documents: commercial or business letters received, copies of commercial or business letters sent, other documents relevant for taxation purposes, e.g., hourly wage slips, operating statements, calculation documents, price tags, but also payroll documents, insofar as they are not already accounting documents, and cash register receipts (Section 147 (1) No. 2, 3, 5 in conjunction with (3) AO, Section 257 (1) No. 2 and 3 in conjunction with (4) HGB).
  • 3 years - Data required to consider potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and customary industry practices, is stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 BGB).
  • Storage and deletion of data: The following general periods apply to storage and archiving under Swiss law:
  • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting vouchers and invoices, as well as all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (CO)).
  • 10 years - Data necessary for considering potential claims for damages or similar contractual claims and rights, as well as for processing related inquiries, based on previous business experience and customary industry practices, is stored for the statutory limitation period of ten years, unless a shorter period of five years is applicable in certain cases (Art. 127, 130 OR). After five years, claims for rent, lease and capital interest, as well as other periodic payments, for the delivery of food, for meals and for innkeeper's debts, as well as for craft work, small sales of goods, medical services, professional services provided by lawyers, legal agents, attorneys, and notaries, and from the employment relationship of employees (Art. 128 OR).

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right to information: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification: In accordance with the legal requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased immediately or, alternatively, in accordance with legal requirements, to request a restriction on the processing of the data.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format in accordance with legal requirements, or to request that it be transferred to another controller.
  • Complaint to supervisory authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you usually reside, the supervisory authority of your workplace or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Rights of data subjects under the Swiss DSG:

As a data subject, you have the following rights under the provisions of the Swiss DSG:

  • Right to information: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary to enable you to exercise your rights under this law and to ensure transparent data processing.
  • Right to data disclosure or transfer: You have the right to request the disclosure of your personal data that you have provided to us in a commonly used electronic format.
  • Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
  • Right to object, erasure, and destruction: You have the right to object to the processing of your data and to request that the personal data concerning you be erased or destroyed.

Provision of online services and web hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time stamps, persons involved). Log data (e.g., log files relating to logins or the retrieval of data or access times). Content data (e.g., text or image messages and posts, as well as information relating to them, such as details of authorship or time of creation).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures. Firewall.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.”
  • Legal basis: Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Further information on processing operations, procedures, and services:

  • Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also known as a “web host”); Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files.” The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and, on the other hand, to ensure server utilization and stability; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
  • Service provider for online offering and web hosting

 

  • blackpoint: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: blackpoint GmbH, Friedberger Str. 106 b, 61118 Bad Vilbel; Website: https://www.blackpoint.de/. Privacy policy: https://www.blackpoint.de/datenschutz.
  • Sucuri: Firewall, security, and error detection functions to detect and prevent unauthorized access attempts and technical vulnerabilities that could enable such access. For these purposes, cookies and similar storage methods necessary for this purpose may be used, and security logs may be created during the check and, in particular, in the event of unauthorized access. In this context, the IP addresses of users and their activities, including the time of access, are processed and stored, compared with the data provided by the provider of the firewall and security function, and transmitted to the latter; Service provider: Sucuri LLC., parent company: GoDaddy Media Temple, Inc. d/b/a Sucuri, 6060 Center Dr. Suite 500, Los Angeles CA 90045, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Privacy policy: https://sucuri.net/privacy; Data processing agreement: https://sucuri.net/dpa/. Basis for third-country transfers: EU/EEA - Standard contractual clauses (https://sucuri.net/dpa/), Switzerland - Standard contractual clauses (https://sucuri.net/dpa/).

Use of cookies

The term “cookies” refers to functions that store and read information on users' end devices. Cookies can also be used for various purposes, such as to ensure the functionality, security, and convenience of online offerings and to analyze visitor traffic. We use cookies in accordance with legal requirements. To this end, we obtain the consent of users in advance if necessary. If consent is not necessary, we rely on our legitimate interests. This applies if the storage and retrieval of information is essential in order to provide explicitly requested content and functions. This includes, for example, the storage of settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about the scope of cookies and which cookies are used.

Information on the legal basis for data protection: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:

  • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. This allows, for example, the log-in status to be stored and preferred content to be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g., when obtaining consent), they should assume that these are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to the processing in accordance with the legal requirements, including by means of their browser's privacy settings.

  • Types of data processed: Meta, communication, and procedural data (e.g., IP addresses, time stamps, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Further information on processing procedures, processes, and services:

  • Processing of cookie data based on consent: We use a consent management solution that obtains users' consent to the use of cookies or to the procedures and providers specified in the consent management solution. This procedure is used to obtain, log, manage, and revoke consent, in particular with regard to the use of cookies and similar technologies that are used to store, read, and process information on users' end devices. As part of this procedure, users' consent for the use of cookies and the associated processing of information, including the specific processing and providers specified in the consent management procedure. Users also have the option of managing and revoking their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. Storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information about the providers of consent management services is available, the following general information applies: The duration of storage of the consent is up to two years. A pseudonymous user identifier is created and stored together with the time of consent, details of the scope of consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and device used. Legal basis: Consent (Art. 6(1)(a) GDPR).
  •  
  • Service provider for consent management
  • Usercentrics: Consent management: Procedure for obtaining, logging, managing, and revoking consent, in particular for the use of cookies and similar technologies for storing, reading, and processing information on users' end devices and for processing such information; Service provider: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany; Website: https://usercentrics.com/de/. Privacy policy: https://usercentrics.com/de/datenschutzerklaerung/.

Contact and inquiry management

When contacting us (e.g., by mail, contact form, email, telephone, or social media) and within the framework of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

  • Types of data processed: Inventory data (e.g., full name, contact information, customer number, etc.); contact data (e.g., email addresses or telephone numbers); Content data (e.g., text or image messages and posts, as well as information relating to them, such as details of authorship or time of creation) Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.”
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further information on processing procedures, processes, and services:

  • Contact form: When you contact us via our contact form, by email, or other means of communication, we process the personal data you provide in order to respond to and process your request. This usually includes information such as your name, contact details, and, if necessary, other information that you provide and that is required for proper processing. We use this data exclusively for the stated purpose of establishing contact and communication; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Communication via messenger

We use messengers for communication purposes and therefore ask you to note the following information on the functionality of messengers, encryption, the use of communication metadata, and your options for objection.

You can also contact us by alternative means, e.g., by telephone or email. Please use the contact options provided to you or the contact options specified within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption enabled to ensure that the message content is encrypted.

However, we also point out to our communication partners that although the messenger providers cannot view the content, they can find out that and when communication partners are communicating with us, as well as technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) is also processed.

Information on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and you contact us on your own initiative, for example, we use messengers in relation to our contractual partners and in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and fulfillment of our communication partners' needs for communication via messenger. Furthermore, we would like to point out that we will not transfer the contact details provided to us to Messenger without your consent.

Revocation, objection, and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (i.e., for example, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any questions from the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any legal retention obligations.

Reservation of reference to other communication channels: To ensure your security, we ask for your understanding that we may not be able to respond to inquiries via Messenger for certain reasons. This applies to situations in which, for example, contract details must be treated as particularly confidential or a response via Messenger does not meet formal requirements. In these cases, we recommend that you use more suitable communication channels.

  • Types of data processed: Contact details (e.g., email addresses or telephone numbers); content data (e.g., text or image messages and posts, as well as information relating to them, such as details of authorship or time of creation) ; usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication. Direct marketing (e.g., by email).
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.”
  • Legal basis: Consent (Art. 6(1)(a) GDPR); contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing operations, procedures, and services:

  • WhatsApp: Text messages, voice and video calls, sending images, videos, and documents, group chat function, end-to-end encryption for increased security; Service provider: WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.whatsapp.com/; Privacy policy: https://www.whatsapp.com/legal. Basis for third country transfers: Data Privacy Framework (DPF).

Newsletter and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) exclusively with the consent of the recipients or on a legal basis. If the content of the newsletter is specified during registration, this content is decisive for the consent of the users. To subscribe to our newsletter, it is usually sufficient to provide your email address. However, in order to be able to offer you a personalized service, we may ask you to provide your name so that we can address you personally in the newsletter, or to provide further information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address in a block list (so-called “blocklist”) for this purpose alone.

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it has been carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Contents:

With our E+Z newsletter, you will receive news, in-depth analyses, good news, and tender notices from the global development policy community directly in your inbox twice a month.

Types of data processed: Inventory data (e.g., full name, customer number, etc.); contact details (e.g., email address); Meta, communication, and procedural data (e.g., IP addresses, time stamps, persons involved). Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).

  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email).
  • Legal basis: Consent (Art. 6(1)(a) GDPR).
  • Right to object (opt-out): You can unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter at the end of each newsletter, or you can use one of the contact options listed above, preferably email.

Further information on processing procedures, methods, and services:

  • Measurement of opening and click rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. During this retrieval, technical information such as details about your browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval location (which can be determined using the IP address) or access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to the individual newsletter recipients and stored in their profiles until it is deleted. The evaluations serve to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of opening and click rates, the storage of the measurement results in the user profiles, and their further processing are based on the consent of the users. Unfortunately, it is not possible to revoke the performance measurement separately; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted; Legal basis: Consent (Art. 6 (1) (a) GDPR).
  • Provider of newsletters and electronic notifications

 

  • XQueue Maileon: Newsletter distribution; Service provider: XQueue GmbH
  • Christian-Pleß-Str. 11-13
  • 63069 Offenbach am Main
  • Germany; Website: https://maileon.com/de/. Privacy policy: https://maileon.com/de/plattform/funktionen/sicherheit-datenschutz/.

Web analysis, monitoring, and optimization

Web analysis (also known as “reach measurement”) is used to evaluate visitor traffic to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify at what time our online offering or its functions or content are used most frequently, or invite reuse. It also enables us to identify areas that require optimization.

In addition to web analysis, we can also use test procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, can be created for these purposes, and information can be stored in a browser or on a terminal device and then read out. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have agreed to the collection of their location data by us or by the providers of the services we use, the processing of location data is also possible.

In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.” Storage of cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods, and services:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a terminal device in order to identify which content users have accessed within one or more usage processes, which search terms they have used, which they have accessed again, or how they have interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users who refer to our online offering and technical aspects of their end devices and browsers.
  • Pseudonymous user profiles are created with information from the use of various devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any other purpose. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), https://business.safety.google/adsprocessorterms; Switzerland - Data Privacy Framework (DPF), https://business.safety.google/adsprocessorterms; Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).
  • Google as recipient of consent: The consent given by users in a consent dialog (also known as “cookie opt-in/consent,” “cookie banner,” etc.) serves several purposes. On the one hand, it helps us fulfill our obligation to obtain consent for the storage and retrieval of information on and from users' devices (in accordance with ePrivacy guidelines). On the other hand, it covers the processing of users' personal data in accordance with data protection regulations. This consent also applies to Google, as the company is required by the Digital Markets Act to obtain consent for personalized services. We therefore share the status of user consent with Google. Our consent management software informs Google whether consent has been given or not. The aim is to ensure that the consent or non-consent of users is taken into account when using Google Analytics and when integrating functions and external services. This allows user consent and its revocation within the scope of Google Analytics and other Google services in our online offering to be dynamically adjusted depending on the user's selection. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://support.google.com/analytics/answer/9976101?hl=de. Privacy policy: https://policies.google.com/privacy.
  • Google Tag Manager: We use Google Tag Manager, a software from Google that allows us to centrally manage so-called website tags via a user interface. Tags are small code elements on our website that serve to record and analyze visitor activities. This technology helps us to improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, store cookies with user profiles, or perform independent analyses. Its function is limited to simplifying and streamlining the integration and management of tools and services that we use on our website. Nevertheless, when using Google Tag Manager, the IP address of the user is transmitted to Google, which is necessary for technical reasons in order to implement the services we use. Cookies may also be set in the process. However, this data processing only takes place if services are integrated via Tag Manager. For more detailed information about these services and their data processing, please refer to the further sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Data processing agreement:
  • https://business.safety.google/adsprocessorterms. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).

Online marketing

We process personal data for the purpose of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users, as well as the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar procedures are used to store information about the user that is relevant for the display of the aforementioned content. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used, and information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

In addition, the IP addresses of users are stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored as part of the online marketing process, but rather pseudonyms. This means that neither we nor the providers of the online marketing process know the actual identity of the users, but only the information stored in their profiles.

The statements in the profiles are usually stored in cookies or by means of similar processes. These cookies can generally also be read later on other websites that use the same online marketing process and analyzed for the purpose of displaying content, supplemented with further data, and stored on the server of the online marketing provider.

In exceptional cases, it is possible to assign clear data to the profiles, primarily if the users are members of a social network, for example, whose online marketing methods we use and which links the user profiles with the aforementioned information. Please note that users can enter into additional agreements with the providers, for example by giving their consent during registration.

We generally only have access to summarized information about the success of our advertisements. However, we can use conversion measurements to check which of our online marketing methods have led to a conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Information on revocation and objection:

We refer you to the privacy policy of the respective providers and the options for objection (so-called “opt-out”) specified by the providers. If no explicit opt-out option has been specified, you have the option of disabling cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore recommend the following additional opt-out options, which are offered collectively for the respective regions:

  1. a) Europe: https://www.youronlinechoices.eu.
  2. b) Canada: https://www.youradchoices.ca/choices.
  3. c) USA: https://www.aboutads.info/choices.
  4. d) Cross-regional: https://optout.aboutads.info.
  • Types of data processed: Content data (e.g., text or image messages and posts, as well as information relating to them, such as details of authorship or time of creation); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time stamps, persons involved); Event data (Facebook) (“Event data” is information that is sent to the provider Meta via Meta Pixel (whether via apps or other channels) and relates to persons or their actions. This data includes details about website visits, interactions with content and functions, app installations, and product purchases. Event data is processed with the aim of creating target groups for content and advertising messages (custom audiences). It is important to note that event data does not include actual content such as comments posted, login information, or contact information such as names, email addresses, or phone numbers. Meta deletes “event data” after a maximum of two years, and the target groups created from it disappear when our Meta user accounts are deleted. ); Contact information (Facebook) (“Contact information” is data that (clearly) identifies data subjects, such as names, email addresses, and phone numbers, which can be transmitted to Facebook, e.g., via Facebook Pixel or upload for matching purposes for the purpose of creating Custom Audiences. After matching for the purpose of creating target groups, the contact information is deleted).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); Conversion measurement (measurement of the effectiveness of marketing measures); target group formation; marketing; profiles with user-related information (creation of user profiles); provision of our online offering and user-friendliness. Click tracking.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.” Storage of cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing operations, procedures, and services:

  • Meta pixels and target group formation (custom audiences): With the help of meta pixels (or comparable functions for transmitting event data or contact information via interfaces in apps), Meta is able to identify visitors to our online offering as a target group for the display of advertisements (so-called “meta ads”). Accordingly, we use the Meta Pixel to display the Meta Ads we place only to users on Meta platforms and within the services of partners cooperating with Meta (so-called “Audience Network” https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g., interest in certain topics or products, which can be seen from the websites visited) that we transmit to Meta (so-called “Custom Audiences”) . With the help of the Meta pixel, we also want to ensure that our Meta ads correspond to the potential interests of users and do not appear intrusive. With the help of the Meta pixel, we can also track the effectiveness of Meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta ad (so-called “conversion measurement”); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/; Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing; Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), standard contractual clauses (https://www.facebook.com/legal/EU_data_transfer_addendum), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum) ; Further information: User event data, i.e., behavioral and interest information, is processed for the purposes of targeted advertising and target group formation on the basis of the joint responsibility agreement (“Addendum for Controllers,” https://www.facebook.com/legal/controller_addendum). Joint responsibility is limited to the collection and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transfer of data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
  • Extended matching for Meta Pixel: In addition to the processing of event data in connection with the use of Meta Pixel (or comparable functions, e.g., in apps), contact information (data identifying individual persons, such as names, email addresses, and telephone numbers) is also collected by Meta within our online offering or transmitted to Meta. The processing of contact information serves to form target groups (so-called “custom audiences”) for the display of content and advertising information based on the presumed interests of users. The collection, transmission, and comparison with data available at Meta does not take place in plain text, but as so-called “hash values,” i.e., mathematical representations of the data (this method is used, for example, when storing passwords). After matching for the purpose of forming target groups, the contact information is deleted; Legal basis: Consent (Art. 6 (1) (a) GDPR); Privacy policy: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing; Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), https://www.facebook.com/legal/EU_data_transfer_addendum; Switzerland - Data Privacy Framework (DPF), https://www.facebook.com/legal/EU_data_transfer_addendum. Further information: https://www.facebook.com/legal/terms/data_security_terms.
  • Facebook advertisements: Placement of advertisements within the Facebook platform and evaluation of the advertising results; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF); Opt-out option: We refer to the data protection and advertising settings in the user's profile on the Facebook platforms, as well as to Facebook's consent procedure and contact options for exercising information and other data subject rights, as described in Facebook's privacy policy; Further information: User event data, i.e., behavioral and interest information, is processed for the purposes of targeted advertising and target group formation on the basis of the joint responsibility agreement (“Addendum for Controllers,” https://www.facebook.com/legal/controller_addendum). Joint responsibility is limited to the collection and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
  • Google Ad Manager: We use the “Google Ad Manager” service to place ads on the Google advertising network (e.g., in search results, in videos, on websites, etc.). Google Ad Manager is unique in that it displays ads in real time based on users' presumed interests. This allows us to display ads for our online offering to users who may have a potential interest in our offering or who have previously shown interest in it, as well as to measure the success of the ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/; Data processing terms for Google advertising products: Information about the services Data processing terms between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms. if Google acts as a processor, data processing terms for Google advertising products and standard contractual clauses for third-country data transfers: https://business.safety.google/adsprocessorterms.
  • Google Ads and conversion measurement: Online marketing methods for the purpose of placing content and ads within the service provider's advertising network (e.g., in search results, in videos, on websites, etc. ) so that they are displayed to users who are likely to be interested in the ads. In addition, we measure the conversion of the ads, i.e., whether users have taken the opportunity to interact with the ads and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR), legitimate interests (Art. 6 (1) (f) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.
  • LinkedIn Insight Tag: Code that is loaded when a user visits our online offering and tracks the user's behavior and conversions and stores them in a profile (possible uses: measuring campaign performance, optimizing ad delivery, building custom and similar audiences); Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy, Cookie policy: https://www.linkedin.com/legal/cookie_policy; Data processing agreement: https://www.linkedin.com/legal/l/dpa; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), https://legal.linkedin.com/dpa, Switzerland - Data Privacy Framework (DPF), https://legal.linkedin.com/dpa. Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • LinkedIn advertisements: Placement of advertisements within the LinkedIn platform and evaluation of the advertising results; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR), legitimate interests (Art. 6 (1) (f) GDPR) ; Website: https://business.linkedin.com/de-de/marketing-solutions/ads; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Data processing agreement: https://www.linkedin.com/legal/l/dpa; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), https://de.linkedin.com/legal/l/dpa; Switzerland - Data Privacy Framework (DPF), https://de.linkedin.com/legal/l/dpa ; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further information: https://legal.linkedin.com/dpa.
  • UTM parameters: Analysis of sources and user actions based on an extension of web addresses referring to us with an additional parameter, the “UTM” parameter. For example, a UTM parameter “utm_source=platformX &utm_medium=video” can tell us that a person clicked on the link on platform X within a video. The UTM parameters provide information about the source of the link, the medium used (e.g., social media, website, newsletter), the type of campaign, or the content of the campaign (e.g., posting, link, image, and video). With the help of this information, we can, for example, check our visibility on the internet or the effectiveness of our campaigns; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Stape: Server-side tag management, recording of user interactions without the use of browser cookies, forwarding of this data to analysis and marketing tools; Service provider: Stape Inc, 8 The Green Suite # 12892, Dover DE 19901, USA; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://stape.io/; Privacy policy: https://stape.io/privacy-notice; Data processing agreement: https://stape.io/dpa. Basis for third country transfers: EU/EEA - Standard Contractual Clauses (https://stape.io/dpa), Switzerland - Standard contractual clauses (https://stape.io/dpa).

Presence on social networks (social media)

We maintain an online presence on social networks and process user data in this context in order to communicate with users who are active there or to provide information about us.

We would like to point out that user data may be processed outside the European Union in this context. This may pose risks for users, as it could, for example, make it more difficult to enforce user rights.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of users. The latter may in turn be used to place advertisements within and outside the networks that are presumed to correspond to the interests of the users. For this reason, cookies are usually stored on users' computers, in which the usage behavior and interests of users are stored. In addition, data can also be stored in the usage profiles independently of the devices used by users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer you to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively asserted with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly.

  • Types of data processed: Contact details (e.g., email addresses or telephone numbers); Content data (e.g., text or image messages and posts, as well as information relating to them, such as details of authorship or time of creation); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Inventory data (e.g., full name, residential address, contact information, customer number, etc.). Meta, communication, and procedural data (e.g., IP addresses, time stamps, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Communication; feedback (e.g., collecting feedback via online form); public relations; provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Public relations and information purposes.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.”
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing operations, procedures, and services:

  • Bluesky: Decentralized social media network—enables the creation, sharing, and commenting of content, as well as the following of user profiles; Service provider: Bluesky, PBLLC., Seattle, USA, support@bsky.app; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://bsky.social/. Privacy policy: https://bsky.social/about/support/privacy-policy.
  • Facebook pages: Profiles within the Facebook social network - Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not the further processing) of data from visitors to our Facebook page (known as a “fan page”). This data includes information about the types of content that users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/) . As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights,” to page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook (“Page Insights Information,” https://www.facebook.com/legal/terms/page_controller_addendum), which specifically regulates the security measures Facebook must observe and in which Facebook has agreed to comply with the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to Facebook). The rights of users (in particular the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), https://www.facebook.com/legal/EU_data_transfer_addendum, Switzerland - Data Privacy Framework (DPF), https://www.facebook.com/legal/EU_data_transfer_addendum.
  • LinkedIn: Social network - Together with LinkedIn Ireland Unlimited Company, we are responsible for the collection (but not the further processing) of visitor data used to generate “Page Insights” (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. In addition, details about the devices used are collected, such as IP addresses, operating system, browser type, language settings, and cookie data, as well as information from user profiles, such as job title, country, industry, hierarchy level, company size, and employment status. Information on LinkedIn's processing of user data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
  • We have entered into a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum,” https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures that LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), https://legal.linkedin.com/dpa; Switzerland - Data Privacy Framework (DPF), https://legal.linkedin.com/dpa. Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • X: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://x.com. Privacy policy: https://x.com/de/privacy.
  • Sprinklr

Fazit Communication GmbH uses the customer experience management tool “sprinklr” to process and evaluate social media content. The tool is operated by Sprinklr Inc., 29 West 35th Street New York, NY 10001, USA. The tool is used to process content from the social media channels Facebook, X, and Instagram operated by Fazit Communication GmbH. The data collected there is content that is distributed and processed via the respective platforms. https://www.sprinklr.com/privacy/

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may be, for example, graphics, videos, or city maps (hereinafter referred to collectively as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore necessary for the display of this content or these functions. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” , information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, but may also be linked to such information from other sources.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and process data (e.g., IP addresses, time stamps, persons involved) ; location data (information about the geographical position of a device or person). Event data (Facebook) (“Event data” is information that is sent to the provider Meta via meta pixels (whether via apps or other channels), for example, and relates to persons or their actions. This data includes details about website visits, interactions with content and features, app installations, and product purchases. Event data is processed with the aim of creating target groups for content and advertising messages (custom audiences). It is important to note that event data does not include actual content such as written comments, login information, or contact information such as names, email addresses, or phone numbers. Meta deletes “event data” after a maximum of two years, and the target groups formed from it disappear when our Meta user accounts are deleted.
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); target group formation; marketing. Profiles with user-related information (creation of user profiles).
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.” Storage of cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Legal basis: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing operations, procedures, and services:

Integration of third-party software, scripts, or frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from other providers' servers (e.g., function libraries that we use for the presentation or user-friendliness of our online offering).

  • jQuery): We integrate software into our online offering that we retrieve from other providers' servers (e.g., function libraries that we use for the purpose of displaying or improving the user-friendliness of our online offering). In doing so, the respective providers collect the IP address of the users and may process it for the purpose of transmitting the software to the users' browsers, for security purposes, and for the evaluation and optimization of their offerings. - We integrate software into our online offering that we retrieve from servers of other providers (e.g., function libraries that we use for the presentation or user-friendliness of our online offering). In doing so, the respective providers collect the IP address of the users and may process it for the purpose of transmitting the software to the users' browsers, for security purposes, and for the evaluation and optimization of their offerings; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Bluesky: Decentralized social media network—enables the creation, sharing, and commenting of content, as well as the following of user profiles; legal basis: legitimate interests (Art. 6(1)(f) GDPR); service provider: Bluesky, PBLLC. , Seattle, USA, support@bsky.app; Website: https://bsky.social/. Privacy policy: https://bsky.social/about/support/privacy-policy.
  • Facebook plugins and content: Facebook social plugins and content - This may include content such as images, videos, or text and buttons that allow users to share content from this online offering within Facebook. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/ - Together with Meta Platforms Ireland Limited, we are jointly responsible for the collection or receipt in the context of a transfer (but not the further processing) of “event data” which Facebook collects or receives as part of a transfer for the following purposes: a) Displaying content and advertising information that matches the presumed interests of users; b) Delivery of commercial and transaction-related messages (e.g., contacting users via Facebook Messenger); c) Improvement of ad delivery and personalization of features and content (e.g., improvement of recognition of which content or advertising information is likely to correspond to the interests of users). We have entered into a special agreement with Facebook ( “Addendum for Controllers,” https://www.facebook.com/legal/controller_addendum), which specifically regulates the security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, send requests for information or deletion directly to Facebook). Note: When Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain any information about individual users and are anonymous to us), this processing is not carried out within the framework of joint responsibility, but on the basis of a data processing agreement ( “Data Processing Terms,” https://www.facebook.com/legal/terms/dataprocessing) , the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the US, on the basis of standard contractual clauses (“Facebook-EU Data Transfer Addendum,” https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
  • Google Fonts (hosted on our own server): Provision of font files for the purpose of user-friendly presentation of our online offering; Service provider: Google Fonts are hosted on our server; no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • gstatic.com: Content Delivery Network (CDN) - Service that helps deliver content from an online offering, especially large media files such as graphics or program scripts, faster and more securely using regionally distributed servers connected via the Internet; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: legitimate interests (Art. 6(1)(f) GDPR); website: https://www.google.de/. Privacy policy: https://policies.google.com/privacy.
  • Google Fonts (hosted on our own server): Provision of font files for the purpose of user-friendly presentation of our online offering; Service provider: Google Fonts are hosted on our server; no data transmitted to Google; legal basis: legitimate interests (Art. 6 (1) (f) GDPR).
  • Changes and updates

We ask you to regularly review the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and check the information before contacting them.

Definition of terms

This section provides an overview of the terms used in this privacy policy. Where the terms are defined by law, their legal definitions apply. The following explanations are primarily intended to aid understanding.

  • Inventory data: Inventory data includes essential information necessary for the identification and management of contractual partners, user accounts, profiles, and similar assignments. This data may include personal and demographic information such as names, contact information (addresses, telephone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between individuals and services, facilities, or systems by enabling unique assignment and communication.
  • Firewall: A firewall is a security system that protects a computer network or a single computer from unwanted network access.
  • Content data: Content data includes information generated in the course of creating, editing, and publishing content of all kinds. This category of data can include text, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not limited to the actual content, but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.
  • Click tracking: Click tracking allows us to monitor user movements within an entire online offering. Since the results of these tests are more accurate when user interaction can be tracked over a certain period of time (e.g., so that we can find out whether a user likes to return), cookies are usually stored on users' computers for these testing purposes.
  • Contact details: Contact details are essential information that enables communication with individuals or organizations. They include telephone numbers and email addresses, as well as communication tools such as social media handles and instant messaging identifiers.
  • Conversion measurement: Conversion measurement (also known as “visit action evaluation”) is a process that can be used to determine the effectiveness of marketing measures. To do this, a cookie is usually stored on users' devices within the websites where the marketing measures are carried out and then retrieved again on the target website. For example, this allows us to track whether the ads we place on other websites were successful.
  • Meta, communication, and procedural data: Meta, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Meta data, also known as data about data, includes information that describes the context, origin, and structure of other data. It may include details about file size, creation date, document author, and change history. Communication data captures the exchange of information between users across various channels, such as email correspondence, call logs, social media messages, and chat histories, including the individuals involved, timestamps, and transmission routes. Procedural data describes the processes and procedures within systems or organizations, including workflow documentation, transaction and activity logs, and audit logs used to track and verify operations.
  • Usage data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data includes a wide range of information that shows how users use applications, which features they prefer, how long they stay on certain pages, and which paths they navigate through an application. Usage data may also include frequency of use, timestamps of activities, IP addresses, device information, and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. In addition, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings
  • Personal data: “Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
  • Profiles with user-related information: The processing of “profiles with user-related information,” or “profiles” for short, includes any type of automated processing of personal data that consists of using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.). Cookies and web beacons are often used for profiling purposes.
  • Log data: Log data is information about events or activities that have been logged in a system or network. This data typically includes information such as timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data is often used to analyze system problems, monitor security, or generate performance reports.
  • Reach measurement: Reach measurement (also known as web analytics) is used to evaluate visitor traffic to an online offering and can include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, operators of online offerings can, for example, identify at what time users visit their websites and what content they are interested in. This enables them, for example, to better tailor the content of their websites to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more accurate analyses of the use of an online offering.
  • Location data: Location data is generated when a mobile device (or another device with the technical capabilities to determine its location) connects to a radio cell, Wi-Fi, or similar technical means and functions for determining location. Location data is used to indicate the geographically determinable position of the respective device on Earth. Location data can be used, for example, to display map functions or other location-dependent information.
  • Tracking: “Tracking” refers to the tracking of user behavior across multiple online services. As a rule, information about behavior and interests is stored in cookies or on the servers of the providers of tracking technologies (so-called profiling) with regard to the online services used. This information can then be used, for example, to show users advertisements that are likely to match their interests.
  • Controller: The “controller” is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data, whether it is collection, evaluation, storage, transmission, or deletion.
  • Target group formation: Target group formation (also known as “custom audiences”) refers to the determination of target groups for advertising purposes, e.g., the display of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online shop where they viewed the products. The term “lookalike audiences” (or similar target groups) is used when content that is considered suitable is displayed to users whose profiles or interests are presumed to correspond to those of the users for whom the profiles were created. Cookies and web beacons are generally used for the purpose of creating custom audiences and lookalike audiences.

Changes

From time to time, it is necessary to adapt the content of this privacy policy. We therefore reserve the right to change it at any time in the future. We will also publish the amended version of the privacy policy here. When you visit us again, you should therefore read the privacy policy again.

 

 

 

 

 

 

 

 

 

 

 

Data protection statement

We use cookies on our website. Some of them are essential, while others help us to improve this website and your experience. You can accept the necessary cookies or adjust cookie settings individually, and at any time you can view these settings and deselect cookies later on if you wish.

Data protection settings

Here you will find an overview of your cookies settings:

"Cookie Settings"

Here you can find an overview of all the cookies used. You can give your consent to entire categories.

Essential (4)

Essential cookies enable basic functions and are required for the faultless functioning of the website.

Name/Provider: Drupal Cookie / Owner of this website | Purpose: Saves the visitor's settings as selected in the Drupal Cookie Box.
Name/Provider: PHPSESSID / Owner of this website | Purpose: Stores the state data of the user for all page requests.
Name/Provider: Google Analytics / Google LLC | Purpose: Google cookie for website analytics. Generates statistical data on the way the visitor uses the website. | Data protection statement: https://policies.google.com/privacy 
Name/Provider: Google Tag Manager / Google LLC | Purpose: Google cookie for managing enhanced script and event handling. | Data protection statement: https://policies.google.com/privacy

External media (7)

Content of video platforms and social media platforms are blocked as standard. If cookies from external media are accepted, then access to this content no longer requires manual consent.

Name/Provider: Facebook | Purpose: Used for unblocking Facebook content. | Data protection statement: https://www.facebook.com/privacy/explanation 
Name/Provider: Google Maps / Google LLC | Purpose: Used for unblocking Google Maps content. | Data protection statement: https://policies.google.com/privacy 
Name/Provider: Instagram / Facebook | Purpose: Used for unblocking Instagram content | Data protection statement: https://www.instagram.com/legal/privacy/ 
Name/Provider: X (twitter.com) | Purpose: Used for unblocking X (twitter.com) content. | Data protection statement: https://twitter.com/privacy 
Name/Provider: Vimeo | Purpose: Used for unblocking Vimeo content. | Data protection statement: https://vimeo.com/privacy 
Name/Provider: YouTube | Purpose: Used for unblocking YouTube content. | Data protection statement: https://policies.google.com/privacy

Reset Cookie Consent

Privacy settings

Here you can manage your data privacy and consent settings for this website. We request certain data to continually improve your experience on our website. We will only collect and use data for specific uses you have consented to. See the settings page for more details.

Privacy settings

 

Data protection information

We attach great importance to the protection of your personal data. We therefore strictly adhere to the legal provisions governing the admissibility of the handling of personal data and have taken appropriate technical and organisational precautions. The following declaration gives you an overview of how we guarantee this protection and what kind of data we collect for what purpose.

-->


  1. General information on data processing
     
  2. Scope of the processing of personal data

We only collect and use our users’ personal data of insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of our users’ personal data takes place regularly and only with the user's consent. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

Fazit Communication GmbH is entitled, with your voluntary consent, to collect, process and store, combine with other data, archive and use your personal data for the purpose of providing information about Fazit Communication GmbH products. You give your consent either in writing or by clicking on the corresponding declaration. In particular, personal data will only be passed on to third parties if you have given your express prior consent or if we are obliged to surrender the data, for example due to an official order.

  1. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 para. 1 lit. a EU Data Protection Ordinance (GDPR) serves as the legal basis for the processing of personal data. In the processing of personal data required for the performance of a contract to which the data subject is a party, art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event of the vital interests of the data subject or another natural person requiring the processing of personal data, article 6(1)(d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

  1. Data erasure and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.


  1. Provision of the website and creation of log files
     
  2. description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

(1) Information about the browser type and version used
(2) The user's operating system
(3) The user’s Internet service provider  of the user
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user's system reaches our website
(7) Websites accessed by the user's system via our website

The data are also stored in the log files of our system. The IP addresses of the user or other data that enable the assignment of the data to a user are not affected by this. These data are not stored together with other personal data of the user.

Fazit Communication GmbH cannot assign these data to specific persons. They serve exclusively for the statistical evaluation and improvement of our offers and services by providing information about the use of the information provided by Fazit Communication GmbH.


  1. Legal basis for data processing

The legal basis for the temporary storage of data is art. 6 para. 1 lit. f GDPR.


  1. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the user’s IP address must remain stored for the duration of the session.

Our legitimate interest in data processing pursuant to art. 6 para. 1 lit. f GDPR also lies in these purposes.


  1. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.



III. Use of cookies
 

  1. Custom cookies
  2. a) Description and scope of data processing
    Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require the calling browser to be identified even after a page change. The log-in information (II number 1) is stored and transmitted in the cookies.
  3. b) Legal basis for data processing 
    The legal basis for the processing of personal data using cookies is art. 6 para. 1 lit. f GDPR.
  4. c) Purpose of data processing
    The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies.
  5. d) Duration of storage and restriction of the use of cookies
    Cookies are stored on the user's computer and transmitted to our site. They are automatically deleted at the end of each session.

As a user, you have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.


  1. Use of website analysis services
  2. a) Description and scope of data processing
    Various analysis tools are integrated into the websites we operate.

Google Analytics

Some websites use Google Analytics, a web analytics service provided by Google Inc. ("Google"), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will previously be shortened by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide the website operator with further services associated with website use and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. Google Analytics data may not be passed on without the customer's consent, unless special circumstances such as legal requirements exist.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address), and from processing these data by downloading and installing the browser plug-in available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

For further information on the collection and use of data by Google and your rights to protect your privacy, please refer to the data protection information at https://www.google.de/intl/de/policies/privacy/.

  1. b) Legal basis for data processing

The legal basis for the temporary storage of data and log files is art. 6 para. 1 lit. f GDPR.

  1. c) Purpose of data processing
    The purpose of using the data and of analysis with website services is to optimize our services.
  2. d) Duration of storage and restriction of the use of cookies
    Cookies are stored on the user's computer for up to two years and transmitted to our site by the user.

As a user, you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.


  1. Remarketing

The websites use the Google Inc. "("Google") remarketing or "similar target group" function. This feature allows visitors to the sites to be targeted with advertisements by personalized, interest-based ads being delivered to visitors to the sites when they visit other sites on the Google Display Network. Google uses cookies to analyze website usage, which forms the basis for creating interest-based advertisements. Google stores a small file with a sequence of numbers in the browsers of visitors to the website. This number is used to record visits to the website and anonymised data on the use of the website. No personal data of visitors to the website are stored. If you subsequently visit another website in the Google Display Network, you will see ads that are highly likely to include previously accessed product and information areas.

You can disable the use of cookies by third parties by visiting the deactivation page of the Network Advertising Initiative at http://www.networkadvertising.org/choices/ and implementing the additional opt-out information mentioned therein.

For more information about Google Remarketing and Google's privacy policy, please visit: http://www.google.com/privacy/ads/

On some of our websites we use the remarketing function "Custom Audiences" of Facebook Inc. (1601 p. California Ave, Palo Alto, CA 94304, USA; "Facebook").

This function serves the purpose of targeting the visitors of the website with interest-related advertising on Facebook.

For this purpose, the Facebook remarketing tag was implemented on the website. This tag establishes a direct connection to the Facebook servers while visiting the website transferring to the Facebook server which of our pages you have visited. Facebook maps this information to your personal Facebook account. When you visit the Facebook social network, you will see personalized, interest-based Facebook ads.


To object to the processing of your personal data, you can deactivate the remarketing function "Custom Audiences" at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. For more information about Facebook's collection and use of the data, your rights and ways to protect your privacy, please see Facebook's privacy policy at https://www.facebook.com/about/privacy/.

 

 


  1. Contacting
     

  2. Description and scope of data processing

On some of our Internet pages there is a contact form which can be used for electronic contact. If a user accepts this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:

(1) First name
(2) Name
(3) Subject
(4) E-mail
(5) Your message

At the time the message is sent, the following data are also stored:

(1) The user’s IP address
(2) Date and time of entry

Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, the data are not disclosed to third parties. The data areused exclusively for processing the conversation.


  1. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of establishing contact is art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is art. 6 exp. 1 lit. b GDPR.


  1. Purpose of data processing

The processing of the personal data from the input mask serves us only  with regard to the processing of the establishment of contact.

The other personal data processed during the sending process via the contact form serve to prevent misuse of the contact form and to ensure the security of our IT systems.


  1. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the matter has been clarified once and for all.

If statutory provisions provide for retention obligations (e.g. six years for commercial letters received, section 257 (4) of the German Commercial Code(HGB)), deletion shall take place after expiry of the corresponding period.


  1. Data provided by you
     
  2. Description and scope of data processing

In some areas of the site, you may be asked to provide personal information in order to use the offers or free features described or to participate in special promotions (subscription orders, product orders, editorial or advertising newsletters, participation in competitions or other promotions). You will be informed about which information you must provide for these offers and which data you can voluntarily provide.

In particular, the following data may be collected: Name, address, bank details, password, date of birth, e-mail address, declarations of consent, information on the concluded legal transaction.

To fulfill your order or registration we pass your data on to partners, who in turn act in conformity with the data protection regulations.

You can apply at any time to have your customer account deleted at datenschutz(*)fazit(.)de.

When subscribing to a newsletter, the user receives a confirmation message after registration, which contains a link to the final registration (double opt-in). This ensures that the newsletter is explicitly desired.

You can unsubscribe from the newsletter via a personalized link that will be sent with each mailing.


  1. Legal basis for data processing

If the purpose of data collection is to conclude a contract, the legal basis for processing is art. 6 para. 1 lit. b GDPR. Furthermore, data will be processed on the basis of a consent given by you (art 6 para. 1 lit. a GDPR).


  1. Purpose of data processing

The data is processed for the purpose of enabling the use of the respective offers and functions. Inasmuch as you provide further data voluntarily, we use them to design our services according to your needs.


  1. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is usually the case if the service you have used (e.g. newsletter order, creation of a personal user profile) is cancelled.

If statutory provisions provide for retention obligations (e.g. six years for commercial letters received, section 257 (4) HGB), deletion shall take place after expiry of the corresponding period.
 


  1. Use of social media links or plug-ins
     
  2. General

Social media channels are linked on our website. By clicking on the button you will be forwarded to the respective network. A direct link between the pages only exists if you are logged in to the respective network.

We may have included buttons ("plug-ins") from various social networks on our websites so that you can also use the interactive possibilities of the social networks you use on our websites. These plug-ins provide various functions, the subject and scope of which is determined by the operators of the social networks. We use a 2-click procedure to better protect your personal data. By pressing the button next to the respective plug-in, the plug-in is activated, which is indicated by the color change of the plug-in button from gray to colored. Then you can use the respective plug-in by clicking on the button of the plug-in. Please note that we are not providers of social networks and have no influence on data processing by the respective service providers. The legal basis for the use of the plug-ins is, insofar as personal data are processed here, art. 6 para. 1 f EU GDPR, whereby our legitimate interest consists in the provision of interaction possibilities for the purpose of advertising (recital 47 EU GDPR) and in the demand-oriented design of our Internet services for interaction with social networks to which the users of our website belong.

More details about the individual plug-ins can be found in the following information:


  1. Facebook/Instagram

Our pages include plug-ins from the social network "Facebook", 1601 South California Avenue, Palo Alto, CA 94304, USA. You can recognize the Facebook plug-ins by the Facebook logo or the "Like" button on our page. An overview of the Facebook plug-ins can be found here:https://developers.facebook.com/docs/plugins/.

When you activate the plug-in, the plug-in establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can refer to the content of our pages in your Facebook profile.

We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted, or how it is used by Facebook, and that we are not responsible for the data processing by Facebook. For more information, please see Facebook's Privacy Policy at https://de-de.facebook.com/privacy/policy/.

The Instragram button is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The relevant data protection declaration can be found at https://privacycenter.instagram.com/policy/.


  1. X (twitter.com)

Our pages include functions of the social network "X (twitter.com)". These functions are provided by Twitter Inc, Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND. By using X and the "Re-Tweet" function, the websites you visit are linked to your X account and made known to other users. Data is also transmitted to X. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how it is used by X. For more information, please see X's Privacy Policy at https://x.com/de/privacy.


  1. YouTube

Videos from the external video platform YouTube are integrated on our website. This website is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. By default, no automated connection to YouTube's servers is established. This means that the operator does not receive any data from you when calling up the web pages. If the videos do not have a preview image, the video is displayed via an iFrame.

You can decide for yourself if the YouTube videos should be activated. Only when you release the playback of the videos by clicking on "Start video" do you give your one-time consent that the data required for this (including the Internet address of the current page and your IP address) will be transmitted to the operator.

If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

For more information on how user data is used, please see YouTube's Privacy Policy at https://policies.google.com/privacy?hl=en&gl=en


  1. Sprinklr

FAZIT Communication GmbH uses the Customer Experience Management Tool "sprinklr" for the processing and evaluation of social media content. The tool is operated by Sprinklr Inc. 29 West 35th Street New York, NY 10001, USA. The tool processes content from the social media channels Facebook, X (twitter.com) and Instagram operated by Fazit Communication GmbH. The data collected there are contents that are distributed and processed via the respective platforms.
 

  1. LinkedIn

Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitors' data used to create the "page insights" (statistics) of our LinkedIn profiles. This data includes information about the types of content users view or interact with and the actions they take. Details are also collected about the devices used, such as IP addresses, operating system, browser type, language settings and cookie data, as well as information from the user profiles, such as job function, country, industry, hierarchy level, company size and employment status. Data protection information on the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have concluded a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum", https://legal.linkedin.com/pages-joint-controller-addendum), which regulates in particular which security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of the data subjects (i.e. users can, for example, send requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. The further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transfer of data to the parent company LinkedIn Corporation in the USA; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:  https://www.linkedin.comPrivacy Policy: https://www.linkedin.com/legal/privacy-policyBasis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Option to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.


VII. Rights of the data subject
 

If personal data are processed by you, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:


  1. Right to information

You can ask the person in charge to confirm whether we process personal data relating to you.

If such processing dos take place, you can request the following information from the person responsible:

(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been or are still being disclosed;
(4) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of personal data relating to you, a right to limitation of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data relating to you are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to art. 46 GDPR in connection with the transmission.


  1. Right to rectification

You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed relating to you are incorrect or incomplete. The person responsible shall make the correction without delay.


  1. Right to limitation of processing

Under the following conditions, you may request that the processing of personal data relating to you be restricted:

(1) if you dispute the accuracy of the personal data relating to you for a period that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the data controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
(4) if you have filed an objection to the processing pursuant to art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data  relating to you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.


  1. Right to deletion

  2. a) Duty to delete
    You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

(1) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, on which the processing was based pursuant to art. 6 para. 1 lit. a or art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to art. 21 para. 2 GDPR.
(4) The personal data relating to you were processed unlawfully.
(5) The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered pursuant to art. 8 para. 1 GDPR.

  1. b) Information to third parties
    If the data controller has made the personal data relating to you public and is obliged to delete it pursuant to art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
  2. c) Exceptions
    The right to cancellation does not exist insofar as the processing is necessary:

(1) to exercise freedom of expression and information;
(2) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant to art. 9 para. 2 lit. h and i and art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.


  1. Right to information

If you have exercised your right to have the data controller rectify, delete or limit the processing, he is obliged to inform all recipients to whom the personal data relating to you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves disproportionate effort.

The person responsible shall have the right to be informed of such recipients.


  1. Right to data transferability

You have the right to receive the personal data relating to you that you provided the person responsible with in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

(1) processing is based on consent pursuant to art. 6 para. 1 lit. a GDPR or art. 9 para. 2 lit. a GDPR or on a contract pursuant to art. 6 para. 1 lit. b GDPR and
(2) processing is carried out by means of automated methods.

In exercising this right, you also have the right to request that the personal data relating to you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.


  1. Right of objection

You have the right to object at any time, for reasons arising from your particular circumstances, to the processing of personal data relating to you under article 6(1)(e) or (f) ofGDPR; this also applies to profiling based on these provisions.

The data controller then no longer processes the personal data relating to you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

You have the possibility of exercising your right of objection in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.


  1. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.


  1. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) the legislation of the Union or of the Member States to which the person responsible is subject is admissible and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
(3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to art. 9 para. 1 GDPR, unless art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.


  1. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or which you suspect of infringement, if you believe that the processing of personal data relating to you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under article 78 GDPR.


  1. Modification of data and revocation

On request, Fazit Communication GmbH will inform you in writing; taking into account the legal requirements, whether and which personal data are stored. Please send your inquiries to datenschutz(*)fazit(.)de.

You can update, correct, supplement or delete your personal data at any time.

If this is not technically possible at the address at which you provided the data, you can contact us at any time at the following address:

datenschutz(*)fazit(.)de


This address can also be used for the revocation of a given consent to the use of your data. In this case your data will be deleted immediately. If data have been transferred to third parties with your consent, these third parties will be informed immediately and requested to delete the data. You are entitled to restrict your consent to the use of your data. In this case, the data will only be deleted within the scope of the restriction.

For technical reasons, it cannot be completely ruled out that there may be an overlap between the revocation and the use of your data within the framework of a campaign that has already started.

As at: November 2025