Privacy Policy
What happens with your personal data when you visit our website, when you make an order or a reservation or subscribe to our newsletter or if you visit our pages on Facebook and Instagram? Find out here in our Privacy Policy.
A. General information on how we deal with personal data
In the following, we provide you with information about how we process personal data in certain situations. In this Part A you can find some general information. In the other parts you can find out about the individual situations in which we process data.
Personal data are all data relating to an identified or identifiable natural person. This may include for example your name, address and email address, but also the IP address of the device you are using to access the Internet and your user behaviour on our website.
Personal data are processed when you use our website, contact us by email or send us questions using a contact form, buy tickets or make a reservation.
1. Controller
The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) is
TV-Turm Alexanderplatz Gastronomiegesellschaft mbH
Panoramastrasse 1A
10178 Berlin
Telephone: +49 (0) 30 2475750
E-Mail: info@tv-turm.de
2. Data Protection Officer
You can contact our data protection officer by email atdatenschutz@tv-turm.de. We would expressly like to point out that when you use this email address the content is not noted exclusively by our data protection officer. If you wish to share confidential information with him, we would ask you to use this email address in the first instance to initiate direct contact.
3. Collaboration with third parties
We sometimes use external service providers and partners for processing your data, for example for hosting the CMS of our website and dealing with customer feedback. We have taken the greatest care in selecting and commissioning them. The partners are either subject to our directions within the scope of contractual processing or have entered into other agreements with us in respect of data protection, for instance if we are jointly responsible for processing the data. We also collaborate with partners who are professionally sworn to secrecy, such as tax advisors, lawyers and other service providers.
4. Data transfer to third countries
We sometimes use services whose providers are based in third countries (i.e. countries outside the European Union or European Economic Area) or process personal data there, that is, countries where the level of data protection is not in line with that in the European Union. If this is the case, and the European Union has not issued an adequacy decision (Article 45 of the GDPR) for these countries, we have taken appropriate precautions to guarantee a reasonable level of data protection. These include the standard contractual clauses of the European Union.
Where this is not possible, we base the data transfer on the derogations in Article 49 of the GDPR, in particular your explicit consent or the necessity of the transfer for the performance of a contract or for the implementation of pre-contractual measures.
If transfer to a third country is envisaged and there is no adequacy decision and no appropriate guarantees exist, it is possible and there is the risk that the authorities (especially secret services) in the third country in question may gain access to the transferred data to collect and analyse them, and that your rights as a data subject may not be able to be enforced. You will similarly be informed of this when we ask for your consent with the consent banner.
5. Storage period
As a matter of principle, we only store personal data for as long as is necessary for fulfilling the purpose for which we have collected the data. After this we erase the data without undue delay unless we still need the data until the end of the statutory limitation period for purposes of evidence for claims under civil law or due to statutory storage obligations.
For purposes of evidence we must keep your contract data for three years with effect from the end of the year in which our business relationship with you ends. Any claims there may be will not expire in line with the normal statutory limitation period before this time.
Even after this we still need to store some of your data for bookkeeping reasons. We are legally obliged to do so in accordance with statutory documentation duties, especially those under the German Commercial Code [Handelsgesetzbuch] and the Tax Code [Abgabenordnung]. The periods stipulated there for safekeeping of documents are from two to ten years. Where relevant, we will let you know in the sections below relating to individual kinds of processing about the storage period applicable in those cases.
6. Your rights as a subject of data processing
You have the following rights as a data subject:
- the right to withdraw your consent once given;
- the right to object to the processing of your personal data (Article 21 of the GDPR);
- the right to obtain information about your personal data being processed by us (Article 15 of the GDPR);
- the right to obtain rectification of incorrect personal data about you stored by us (Article 16 of the GDPR);
- the right to obtain erasure of your personal data (Article 17 of the GDPR);
- the right to restrict the processing of your personal data (Article 18 of the GDPR);
- the right to portability of your personal data (Article 20 of the GDPR);
- the right to make a complaint to a supervisory authority (Article 77 of the GDPR).
To exercise your rights as described here you may at any time use the contact details provided above. This is also the case if you wish to obtain copies from us of guarantees proving the existence of an appropriate level of data protection. We will comply with your data protection request to the extent that the relevant legal requirements are met.
Your enquiries regarding exercise of your data privacy rights and our replies to them will be kept for documentation purposes for a period of up to three years or, on a case-by-by case basis, longer than this if need be for the establishment, exercise or defence of legal claims. The legal basis for this is Article 6(1) (f) of the GDPR, based on our legitimate interest of defence against civil law claims according to Article 82 of the GDPR, avoidance of fines according to Article 83 of the GDPR and fulfilment of our duty of demonstrating compliance under Article 5(2) of the GDPR.
You have the right to withdraw the consent you have given us at any time. The consequence of this will be that we will no longer continue the data processing into the future that is based on this consent. Your withdrawal of consent will not affect the lawfulness of processing carried out on the basis of your consent up to the time of its withdrawal.
Insofar as we process your data on the basis of our legitimate interests, you have the right to lodge an objection at any time to the processing of your data on grounds relating to your particular situation. If you are objecting to the processing of your data for direct marketing purposes, you have a general right to object which will be honoured by us without reasons being given by you.
If you wish to exercise your right to withdraw consent or to object, an informal notification to the above contact details is sufficient.
Finally, you have the right to lodge a complaint to a data protection supervisory authority. You may, for example, exercise this right with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. In Berlin, where we have our registered office, the responsible supervisory authority for data protection and freedom of information is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin; Tel.: +49 30 13889-0, email: mailbox@datenschutz-berlin.de.
7. Automated decision-making
We do not use automated decision-making or profiling.
8. Changes to the Privacy Policy
We update this Privacy Policy from time to time, for instance when we update our website or if there are any changes in statutory or official regulations.
B. Data processing when you access our website
Every time you visit our website, we collect connection data automatically transmitted by your browser to make your visit to our website possible. These connection data include the HTTP header information including the user agent, and comprise in particular
- the IP address of the requesting device,
- the method (e.g. GET, POST), date and time of the request,
- the address of the requested website and path of the requested file,
- if applicable the website or file you previously accessed (HTTP referrer),
- details of the browser and operating system you are using,
- the version of the HTTP protocol, HTTP status code, and size of the file being delivered,
- request information such as language, type of content, coding of the content and fonts.
Processing these connection details is absolutely necessary to make your visit to our website possible, to guarantee the long-term functionability and security of our systems and for generally looking after the administration of our website. The connection data are also stored in internal log files for the purposes described above, but only for as long as is necessary and limited to the content that is absolutely necessary, to enable us for instance to find the cause of repeated access requests or access requests made with criminal intent which endanger the stability and security of our website and to take the appropriate action.
The legal basis for the processing of these data is Article 6(1) (f) of the GDPR.
The data will be erased as soon as they are no longer needed for the purpose for which they were collected. If the data have been collected for the provision of the website, this will be when the relevant session is ended. If the data are stored in log files, this will be after no more than 30 days. It is possible to store data for longer than this on a case-by-case basis if we have a legitimate interest in doing so.
We host the CMS for our website with IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. This company, with which we have signed a contractual processing agreement, has undertaken only to store the data in Europe.
C. Processing of data for general contact
There are various different ways you can get in touch with us – using a contact form, by email, by telephone or fax or by post.
We will use the data we collect when you do so only for the purpose of communicating with you. Depending on the way you choose to make contact with us these data will be your email address, your first name and surname, your telephone number, the date and time of your enquiry and the nature of your enquiry, as well as details of the contract if your enquiry with us is to do with entering into a contract or performing a contract.
We normally base our processing of your data on Article 6(1) (f) of the GDPR. Our legitimate interest is in the effective processing of enquiries made to us and if applicable the initiation or processing of business relationships. If your aim in getting in touch with us is to enter into a contract, or if you get in touch with us to make an enquiry to do with an existing contract with us, the legal basis for processing your personal data is Article 6(1) (b) of the GDPR.
When your data are no longer needed for processing your enquiry because the matter has been dealt with and your issue has been cleared up, your data will be routinely erased by us unless this is prevented by any statutory periods of safekeeping or legitimate interests in continued safekeeping of your data.
D. Data processing when you order a ticket or a voucher or make group enquiries and reserva-tions
If you are ordering a ticket or a voucher or making a group enquiry or a reservation, we will collect the mandatory data required for processing or initiating the relevant contract in question. These are
- title,
- first name and surname,
- telephone number and email address,
- address for billing and dispatch,
- if applicable name and address of voucher recipients,
- Payment information,
- if applicable your enquiry.
The legal basis for processing your data is Article 6(1) (b) of the GDPR; if you are not personally a party to the contract, however, we base the processing on Article 6(1) (f) of the GDPR. Our legitimate interest in this instance is the initiation or processing of business relationships.
We are supported in this data processing by our partnerLogByte GmbH, Christian-Kremp-Str. 12, 35578 Wetzlar. This company, with which we have signed a contractual processing agreement, has access to data from ticket and voucher orders.
To protect our contact forms we use Google reCAPTCHA, so as to be certain that they are being filled in by human beings and not in an abusive way by automated processing. The provider of reCAPTCHA is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When details are inputted via reCAPTCHA Google receives the IP address and data such as the duration of the user’s stay on the website or mouse movements made by the user. The data thus gathered are collected in the background. The attention of visitors to the website is not drawn to the fact that their data are being analysed. Google’s Privacy Policy applies. You can find out more about Google’s Privacy Policy athttps://policies.google.com/privacyand https://www.google.com/recaptcha/intro/android.html. You can download a browser plugin to prevent Google using your data for marketing purposes here:https://support.google.com/ads/answer/7395996?hl=de.
The legal basis for the storage of the tool for collecting this information is section 25(1) of the Protection of Data in Telecommunications and Telemedia Act [TTDSG, Telekommunikations-Telemedien-Datenschutz-Gesetz] in conjunction with Article 7 of the GDPR. Your data are processed on the basis of your consent in accordance with Article 6(1) (a) of the GDPR in conjunction with Article 7 of the GDPR . Your consent may be withdrawn at any time via our cookie banner.
E. Data processing when conducting marketing with existing customers, customer feedback
If you have purchased a ticket online, we will also use your contact data to send you emails with information that may be relevant for you about our products and services (“existing customer marketing”). This may include in particular new products, promotions and offers, our customer feedback and other surveys.
The legal basis for this data processing is Article 6(1) (f) of the GDPR in conjunction with section 7(3) of the Law Against Unfair Competition [UWG, Gesetz gegen den unlauteren Wettbewerb], under which data processing is permissible for the purpose of safeguarding legitimate interests insofar as this concerns the storage and continued use of the data of marketing purposes.
We are supported in our customer feedback by the service providerReviewPro(Shiji Information Technology Spain, S.A, Passeig de Gràcia, 17, planta 6, 08007 Barcelona).
You may object at any time to the use of your data for marketing purposes by using a relevant link in the emails or by writing an email to widerruf@tv-turm.deor a letter to our above address, without incurring any more than the transmission charges according to the basic tariff.
F. Competition
We also process your personal data if you take part in a competition. If we have entered into a competition contract with you, which is the case if you accept the conditions of entry and take part in the competition, we will process your data for the purpose of performing the competition contract pursuant to Article 6(1) (b) of the GDPR.
In the case of conventional competitions, we process the mandatory details necessary for the performance of the contract. These are
- title,
- first name and surname,
- address
- telephone number and email address,
- age (to ascertain that you are over 18).
Which data we need for the performance of the contract depends on the type of competition. Mandatory details will be identified as such.
In the case of online competitions, we additionally collect your IP address and the date and time when you enter. You may find additional separate information with these competitions with a link to this online Privacy Policy.
G. Payment methods and payment service providers
We offer the usual payment methods in the online area of our Online Ticket Shop (e.g. credit card, giropay, etc.) For this, we work together with various payment service providers from whom we receive your payment data or to whom we transfer your payment data.
It is not possible to make payment and process the contract without these payment data and payment service providers. The legal basis for this data processing is Article 6(1) (b) of the GDPR.
You can find details of the payment service providers we use below:
- for payment using giropay:giropay GmbH
An der Welle 4
60322 Frankfurt am Main
(https://www.giropay.de/agb/index.html);
- for payment using Apple Pay:
Apple Inc., Apple Distribution International
Hollyhill Industrial Estate
Hollyhill, Cork, Irland
(https://www.apple.com/de/legal/privacy/data/de/apple-pay/)
- for payment using Google Pay:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4, Irland
(https://safety.google/intl/de_de/pay/)
- for payment by credit card:
BS PAYONE GmbH
Lyoner Straße 9
D-60528 Frankfurt/Main
(https://www.payone.com/DE-de/dsgvo)
- in the Online Ticket Shop:
The Online Ticket Shop is operated by BS PAYONE GmbH with its head office in Frankfurt am Main. In co-operation with: SIX Payment Services AG, Hardturmstrasse 201, 8005 Zurich (https://www.saferpay.com/).
- at our cashiers’ kiosks and machines:
afc Rechenzentrum GmbH
Bültbek 27-29
22962 Siek
www.afc.de
H. Online presence on social media
We maintain an online presence on social media to enable us to communicate with customers and prospective customers there and provide information about our services. The data of users is normally processed by the social media providers in question for market research and advertising purposes. In this way, user profiles can be created on the basis of users’ interests. For this purpose, cookies and other identifiers are stored on the computers of the persons concerned. On the basis of these user profiles, advertising and other material is then displayed within the social media as well as on third party websites.
It is possible that in the course of operating our online presence we may have recourse to information such as statistics provided by the social media providerson the use of our online presence. These statistics are aggregated and may include in particular demographical information (such as age, gender and region) as well as data regarding interactions with our online presence (such as likes) and the postings and content posted there. They may also provide information about the interests of our users and the content and topics that are especially relevant for them. We can also use this information to adapt the design of our online presence and the activities and content we present there in order to optimise it for our audience. You can find details and links to the social media data to which we have access as operator of an online presence in the list below. The collection and processing of these statistics are generally subject to the responsibility of a joint controller.
The legal basis for this data processing is Article 6(1) (f) of the GDPR on the basis of our legitimate interest in effectively informing and communicating with our users, respectively Article 6(1) (b) of the GDPR, in order to stay in touch with our customers and provide them with information and the implementation of pre-contractual measures with prospective customers.
If you have a social media account, we may be able to see the information and media you have made publicly accessible when we access your profile. In addition, the social media may also allow us to contact you. This may be by direct messaging or in a posting. Communication via social media in this case is subject to the responsibility as controller of the social media provider as messenger and platform service.
You can find out the legal basis for data processing conducted by the social media providers in their own responsibility as controllers from the privacy policies of the relevant social media providers. Via the links provided below you can also find more information on the way each provider processes data and about how you can lodge an objection.
We would point out that the most efficient way to make data privacy enquiries is to address them to the relevant social media providers directly, as only these providers have access to the data and can take the relevant measures directly. If you contact us with your enquiry, we will pass it on to the provider of the relevant social media. Below is a list with information on the social media on which we maintain an online presence:
- Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland)
- Operation of the Facebook-Fan Page in joint responsibility as controller on the basis of an Agreement on Joint Processing of Personal Data (Page Insights Controller Addendum)
- Information about the page insights data being processed and on how to make contact with any data privacy enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
- Privacy Policy: https://www.facebook.com/about/privacy/
- Opt-out: https://www.facebook.com/settings?tab=adsandhttp://www.youronlinechoices.com.
- Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland)
- Instagram Business-Konto on the basis of an Agreement on Joint Processing of Personal Data (Page Insights Controller Addendum): https://www.facebook.com/legal/terms/page_controller_addendum
- Information about the page insights data being processed and on how to make contact with any data privacy enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
- Privacy Policy: https://help.instagram.com/519522125107875
- Opt-out (statement): https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE
- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- Privacy Policy: https://policies.google.com/privacy
- Opt-out: https://www.google.com/settings/ads.
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland)
- Privacy Policy: https://twitter.com/de/privacy
- Opt-out: https://twitter.com/personalization.
- Pinterest(Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland)
- Privacy Policy: https://policy.pinterest.com/de/privacy-policy
- Notification settings: https://help.pinterest.com/de/article/edit-notification-settings
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
- Operation of LinkedIn corporate site in joint responsibility as controller on the basis of an Agreement on Joint Processing of Personal Data(Page Insights Controller Addendum)
- Information about the page insights data being processed and on how to make contact with any data privacy enquiries: https://legal.linkedin.com/pages-joint-controller-addendum
- Privacy Policy: https://www.linkedin.com/legal/privacy-policy
- Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Xing/Kununu (XING SE, Dammtorstrasse 30, 20354 Hamburg)
- Privacy Policy / opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
I. Tools we use on the website
1. Technologies we use
This website uses various services and applications (together called “tools“) which are provided either by ourselves or by third parties. These include in particular tools which use technologies for storing information on your end device or for accessing it.
- Cookies: Information stored on your end device consisting essentially of a cookie name, a value, the storing domain and an expiry date. Session cookies are deleted at the end of the session, while persistent cookies are deleted at the set expiry time. Cookies may also be removed manually.
- Web Storage (Local Storage/ Session Storage): Information stored on your end device consisting of a name and a value. Information in Session Storage is deleted at the end of the session, while information in Local Storage has no expiry time and can in principle remain stored if no removal mechanism has been configured, such as storage of Local Storage with expiry time setting. Information in Local and Session Storage may also be removed manually.
- JavaScript: Programming code embedded or accessed on the website which sets for instance cookies or Web Storage or actively collects information from your end device on your user behaviour when visiting the website. JavaScript may also be used for “active fingerprinting“ and for creating user profiles. JavaScript can be blocked in your browser settings, but most services will then no longer work.
- Pixels: Tiny graphics automatically loaded by a service to allow website users to be recognised on their return by automatically transmitting the usual access data (essentially IP address and information about browser, operating system, language, fonts, addresses accessed and time of access) and, for instance, to identify the opening of an email or a visit to a website. This means that Pixels can be used for “passive fingerprinting“ and creating user profiles. You can prevent Pixels by blocking images for instance in emails, but this will greatly limit their display.
Fingerprints are created using these technologies as well as just by setting up a connection to a site. These are user profiles which work without cookies or Web Storage but can still recognise returning visitors. Fingerprints created due to a connection set-up cannot be completely prevented manually.
Most browsers are configured as standard to accept cookies, run scripts and display graphics. You can, however, generally change your browser settings to refuse all or certain cookies or to block scripts and graphics. If you completely block the storing of cookies, the display of graphics and the running of scripts, our services will probably not work properly or at all.
Below is a list of the tools we use by category, including especially information about the providers of the tools, the storage period of cookies and information in Local Storage and Session Storage and the transfer of data to third parties. We also explain when we will ask for your voluntary consent for the use of the tools and how you can withdraw this consent.
2. Legal basis and withdrawal of consent
2.1. Legal basis
We use tools necessary for operating the website on the basis of our legitimate interest pursuant to Article 6(1) (f) of the GDPR in order to provide the basic functioning of our website. In certain cases, these tools may also be necessary for the performance of a contract or for implementing pre-contractual measures; in this case, processing is on the basis of Article 6(1) (b) of the GDPR. Accessing and storing information on your end device is an absolute requirement in such cases and this is on the basis of the laws implementing the ePrivacy Directive in the EU Member States; in Germany, this is section 25(2) of the Protection of Data in Telecommunications and Telemedia Act.
We use all other non-essential (optional) tools which provide additional functions on the basis of your consent pursuant to Article 6(1) (a) of the GDPR. Accessing and storing information on your end device is an absolute requirement in such cases and this is on the basis of the laws implementing the ePrivacy Directive in the EU Member States; in Germany, this is section 25(1) of the Protection of Data in Telecommunications and Telemedia Act. We will only process your data using these tools if we have obtained your consent beforehand.
We refer to Part A (Data transfer to third countries), including with regard to the risks which may be involved, for instances where we need to transfer your personal data to third countries. We will inform you if standard contractual clauses or other guarantees have been entered into for the use of certain tools. If you have given your consent to the use of certain tools, we will transfer the data processed using these tools to third countries (also) on the basis of this consent pursuant to Article 49(1) (a) of the GDPR.
2.2. Obtaining your consent
We use the Borlabs cookie plugin of Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (the “Borlabs Cookie Banner”) on our website to inform you about the cookies and other technologies we use on our website and to obtain, manage and document any consent we may need from you for the processing of your personal data by these technologies.
This is necessary pursuant to Article 6(1) (c) of the GDPR for meeting our legal obligation pursuant to Article 7(1) of the GDPR to demonstrate that you have consented to the processing of your personal data.
When you visit our website, the Borlabs server stores a borlabs cookie (storage period 1 year) containing information about the cookie duration and version, information about your device and browser and information about your consent behaviour. This does not involve transfer of your personal data to Borlabs. The data is erased after one year.
2.3. Withdrawing your consent or changing your selection
You may withdraw your consent for certain tools at any time. To do so, just click on the following link: consent-settings.
3. Necessary tools
We use certain tools to enable the basic functioning of our website (“necessary tools”). Without these tools we would not be able to provide our services. For this reason, necessary tools are used without consent. The legal basis for necessary tools is the necessity for pursuing our legitimate interests pursuant to Article 6(1) (f) of the GDPR or for performing a contract or implementing pre-contractual measures pursuant to Article 6(1) (b) of the GDPR. In such cases, accessing and storing information on your end device is absolutely necessary and is on the basis of the laws implementing the ePrivacy Directive in the EU Member States; in Germany, this is section 25(2) of the Protection of Data in Telecommunications and Telemedia Act.
For the eventuality that your personal data are transferred to the USA or another third country, we additionally refer to Part A (Data transfer to third countries) with regard to the information being shared.
3.1. Our own tools
We use our own necessary tools which access information on your end device or store information on your end device, especially to store your language settings.
We use the following cookies for this purpose:
Cookie name | Function | Domain | Storage period |
wp-wpml_current_language | This cookie stores your selected language setting. | tv-turm.de | Session |
wpml_browser_redirect_test | This cookie checks whether cookies may be placed. | tv-turm.de | Session |
_icl_visitor_lang_js | This cookie stores the referred language. | tv-turm.de | 3 days |
3.2. Google Tag Manager
Our website uses Google TagManager, a service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for everyone else by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”).
The Google Tag Manager is used exclusively to manage website tools by adding WebsiteTags. A tag is an element that is placed in the source code of our website to execute a tool by using, for instance, scripts. If these are optional tools, they are tracked by Google Tag Manager only with your consent. GoogleTagManager uses JavaScript and on principle does not need to use cookies.
The legal basis is Article 6(1) (f) of the GDPR, based on our legitimate interest in creating and managing multiple tags on our website in an uncomplicated manner.
To guarantee stability and functionality when using Google Tag Manager, Google collects information about what tags are set up on our website. Google Tag Manager does not, however, store as a matter of principle any personal data beyond the mere setting up of the connection; in particular it does not store data on user behaviour or sites visited.
We have signed a contractual processing agreement with Google Ireland Limited. For the eventuality that personal data are transferred to the USA, Google Ireland Limited and Google LLChave agreed standard contractual clauses (Implementing Decision (EU) 2021/914, ModuleThree) pursuant to Article 46(2) (c) of the GDPR.
You can find out more about this in the information provided by Google about their Tag Manager: https://support.google.com/tagmanager/answer/6102821.
4. Analytical tools
To improve our website, we use optional tools for statistical recording and analysis of general user behaviour on the basis of access data (“analytical tools”). We also use analytical services to evaluate the use of our various marketing channels.
The legal basis for the analytical tools is your consent under Article 6(1) (a) of the GDPR. Access to and storage of information on your end device is then on the basis of the laws implementing the ePrivacy Directive in the EU Member States; in Germany, this is section 25(1) of the Protection of Data in Telecommunications and Telemedia Act. For details of how you can withdraw your consent see 2.3. (“Withdrawing your consent or changing your selection”).
In the eventuality that your personal data are transferred to the USA or other third countries, your consent also explicitly covers this data transfer (Article 49(1) (a) of the GDPR). For information about the risks involved, please see Part A (“Data transfer to third countries”).
4.1. Google Analytics
Our website usesGoogle Analytics, a service provided for persons from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for everyone else by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together „Google”).
Google Analytics uses JavaScript and Pixel to read information from your end device and cookies to store information on your end device. This is done to analyse your user behaviour and improve our website. We will use the information gained to analyse your use of our website and to collate reports on website activities for the website operators. The data collected in this connection may be transferred by Google to a server in the USA and stored there.
We have made the following settings for Google Analytics to protect the privacy of your data:
- IP anonymisation (abbreviation of IP address before analysis);
- automatic erasure of old logs / limitation of storage period;
- deactivated marketing function (including Target Group RemarketingbyGA Audience);
- deactivated Remarketing;
- deactivated tracking across multiple devices and sites;
- deactivated data release to other Google products and services, Benchmarking, Technical Support, Account Manager.
The following data are processed by Google Analytics:
- IP address;
- referrerURL (previously visited site);
- accessed sites (date, time, URL, title, length of stay);
- downloaded data;
- clicked links to other websites;
- if applicable, meeting of certain targets (Conversions);
- technical information: operating system; browsertype, version and language; device type and brand, model and resolution;
- approximate location (country and if applicable city, based on anonymised IP address).
We have signed a contractual processing agreement with Google Ireland Limited regarding the use of Google Analytics. For the eventuality that personal data are transferred to the USA, Google Ireland Limited and Google LLC have agreed standard contractual clauses (Implementing Decision (EU) 2021/914, Module Three) pursuant to Article 46(2) (c) of the GDPR.
You can find out more about this in the Google Privacy Policy here: https://support.google.com/analytics/answer/6004245.
You can see details of which cookies are placed by Google Analytics and how long they are stored for on the Cookie banner under Cookie details.
4.2. Hotjar
Our website uses Hotjar, a web analytics service by Hotjar Ltd., Elia Zammit Street 3, St Julians STJ 1000, Malta (“Hotjar”).
Hotjar uses JavaScript, cookies and information in Local Storage to create Heat Maps. Heat Maps display statistics about mouse movements and clicks on our site as graphics to analyse our website with regard to your user behaviour. This allows us to see the functions on our website that are frequently used and so to continually improve the site. However, your IP address will be abbreviated before the use statistics are analysed, so that your identity will not be directly recognisable. As well as mouse movements and clicks, information about your operating system, browser, incoming and outgoing links and localisation as well as the resolution and type of your device will be analysed for statistical purposes. This information is pseudonymised and will not be transferred to third parties either by us or by Hotjar. Data provided by you in form fields on our website will be blanked out and not collected by Hotjar.
You can find out more about this in the Hotjar Privacy Policy here: https://www.hotjar.com/privacy/.
4.3. Google Optimize
Our website uses Google Optimize, a service provided for persons from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for everyone else by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).
Google is used to run various different variants of our website and its content (e.g. different positions of elements, different colours, fonts, buttons, text lengths, paragraphs, headings, graphics, images) and to analyse their impact and differences (e.g. decrease in bounce rate or increase in duration of visits) with regard to user behaviour (known as A/B tests). This helps us to improve our website and make it more attractive for our users. This may also involve using data and analyses from Google Analytics to assess the success or failure of a test. Google Optimize uses cookies and scripts.
The following data are processed by Google Analytics:
- User ID (for the duration of participation in the A/B test);
- IP address (which is subsequently anonymised);
- Referrer URL (previously visited site);
- Accessed sites (date, time, URL, title, length of stay);
- Downloaded data;
- Clicked links to other websites;
- Technical information: operating system; browser type, version and language; device type and brand, model and resolution;
- Approximate location (country and if applicable city, based on anonymised IP address).
We have signed a contractual processing agreement with Google Ireland Limited regarding the use of Google Optimize. Data collected in this connection may be transmitted by Google to a server in the USA and stored there. For the eventuality that personal data are transferred to the USA, Google Ireland Limited and Google LLC have agreed standard contractual clauses (Implementing Decision (EU) 2021/914, Module Three) pursuant to Article 46(2) (c) of the GDPR. In addition, we obtain your express consent pursuant to Article 49(1) (a) of the GDPR for the transmission of your personal data to third countries.
You can find out more about Google Optimize at https://support.google.com/optimize/answer/6197440?hl=en.
5. Marketing-Tools
We also use optional tools for marketing purposes (“marketing tools”). Some of the access data collected when you use our website is used to create user profiles, which in particular store details of the advertisements you have looked at or clicked on and, based on this, classify these into advertising categories, interests and preferences. Analysing and evaluating these access data enables us to show you personalised advertising in line with your actual interests and requirements on our website and on the websites of other providers. For this purpose, we analyse your user behaviour so that we can recognise you when you visit other sites and can address you personally on the basis of your use of our site (retargeting).
The legal basis for the marketing tools is your consent under Article 6(1) (a) of the GDPR. Access to and storage of information on your end device is then on the basis of the laws implementing the ePrivacy Directive in the EU Member States; in Germany, this is section 25(1) of the Protection of Data in Telecommunications and Telemedia Act. For details of how you can withdraw your consent see 2.3. (“Withdrawing your consent or changing your selection”).
In the eventuality that your personal data are transferred to the USA or other third countries, your consent also explicitly covers this data transfer (Article 49(1) (a) of the GDPR). For information about the risks involved, please see Part A (“Data transfer to third countries”).
In the next section we explain the tools and the providers used for them in more detail. The data that are collected may in particular include:
- the IP address of the device;
- the information from a cookie and inLocal or Session Storage;
- the device identification of mobile devices (e.g. device ID, advertising ID);
- referrerURL (previously visited site);
- accessed sites (date, time, URL, title, length of stay);
- downloaded data;
- clicked links to other websites;
- if applicable, meeting of certain targets (Conversions);
- technical information: operating system; browser type, version and language; device type and brand, model and resolution;
- approximate location (country and if applicable city, based on anonymised IP address).
However, the data collected will be stored exclusively in a pseudonymised form so that you cannot be directly identified.
5.1. Meta-Pixel (formerly Facebook Pixel)
For marketing purposes, our website uses the Meta business tool Meta Pixel by the social media network Meta, a service provided for persons outside the USA and Canada by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
We use Meta Pixel, a snippet of JavaScript code that allows us to track visitor activity on our website. This tracking is called ‘Conversion Tracking’.
For this purpose, Meta Pixel collects and processes the following information (called ‘Event Data’):
- information on visitor actions and activity on our website (e.g. searching for and displaying a product or purchasing a product);
- specific Pixel information such as the Pixel ID and the Meta cookie;
- information on buttons clicked on by website visitors;
- information contained in HTTP headers such as IP address, information on the web browser, the location of the page and the referrer;
- information on the status of deactivation / restriction of advertisement tracking.
Some of these Event Data are stored as information on your end device. In addition, cookies are used via Meta Pixel, to store information on the end device you are using.
The Event Data collected using Meta Pixel are used for addressing a target group (targeting) for our advertisements and to improve our delivery of advertisements, for personalising functions and content and for improving Meta products and making them secure.
For this purpose, Event Data are collected on our website using Meta Pixel and transmitted to Meta. These Event Data are collected and transmitted by us and Meta as joint controllers within the meaning of Article 26 of the GDPR. We have signed an agreement with Meta on processing as joint controllers, which sets out the distribution of duties under data protection law between Meta and ourselves. Among other things, we and Meta have agreed in this Agreement that we are responsible for providing you under Articles 13 and 14 of the GDPR with all information on the joint processing of your personal data and that Meta is responsible for facilitating your rights as a data subject under Articles 15 to 20 of the GDPR with regard to your personal data stored by Meta following joint processing. Facebook Ireland is the sole controller with responsibility for processing transmitted data subsequently to transmission. You may access the agreement we have signed with Meta here.
You can find out more about how Meta processes personal data, including the basis in law used by Meta, and the possibilities for exercising your rights against Meta in the Meta Privacy Policy.
5.2. TikTok Pixel
For marketing purposes our website uses the TikTok advertiser tool ‘TikTok Pixel’ by the social media network TikTok, a service provided for users in the European Economic Area and Switzerland by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin DO2 T380, Ireland.
We use TikTok Pixel, which is a snippet of JavaScript code, to track visitor activity on our website. Similarly to Meta Pixel, TikTok Pixel collects and processes information for this purpose about website visitors or the end devices they are using (Event Data). The Event Data collected using TikTok Pixel are used for targeting our advertisements and improving our delivery of advertisements and for personalised advertising.
For this purpose, the Event Data collected on our website using TikTok Pixel are transmitted to TikTok. Some of these Event Data are stored as information on your end device. In addition, cookies are used via TikTok Pixel to store information on the end device you are using.
These Event Data are collected and transmitted by us and TikTok as joint controllers within the meaning of Article 26 of the GDPR. We have signed an agreement with TikTok on processing as joint controllers, which sets out the distribution of duties under data protection law between TikTok and ourselves. Among other things, we and TikTok have agreed in this Agreement that we are responsible for providing you under Articles 13 and 14 of the GDPR with all information on the joint processing of your personal data and that TikTok is responsible for facilitating your rights as a data subject under Articles 15 to 20 of the GDPR with regard to your personal data stored by TikTok following joint processing. You may access the agreement we have signed with TikTok here. TikTok is the sole controller with responsibility for processing transmitted data subsequently to transmission.
You can find out more about how TikTok processes personal data, including the basis in law used by TikTok, and the possibilities for exercising your rights against TikTok in the TikTok Privacy Policy.
5.3 Google Ads Conversion Tracking and Ads Remarketing (formerly AdWords)
Our website uses Google Ads, a service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for everyone else by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”).
With Google Ads, customer actions defined by us (such as clicking on an advertisement, accessing pages or downloads) are collected and analysed using GoogleAdsConversionTracking. We use GoogleAdsRemarketing to enable us to show you individualised advertising messages for our products on partner websites of Google.
For this, the services use cookies, JavaScript, Pixel and other technologies. Google also processes data for improving and developing its own products and services, for aggregated statistical analysis of conversions and for improving the quality and precision of conversions. The data collected in this connection may be transferred by Google to a server in the USA for evaluation and stored there.
If you use your Google account, Google may, depending on the settings in your Google account, link your web and app browser history with your Google account and use information from your Google account to personalise ads. If you do not want this attribution to your Google account, you will need to log out of Google before accessing our website.
If you have not given your consent to the use of Google Ads, Google will only show you general advertisements, which have not been selected on the basis of the information collected about you on this website. As well as being able to withdraw your consent, you may also deactivate personalised ads in the Google advertising settings.
You can find out more about this in Google’s information about the use of data and Privacy Policy.
5.4 LinkedIn Insight Tag
Our website uses the service LinkedIn Insight Tag by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). This enables us to collect and analyse statistical data about your visit and how you use our website, which in turn enables us to show you offerings, recommendations and advertising on LinkedIn based on your interests and which may be relevant to you (Retargeting). The effectiveness of advertisements is also analysed within this context (Conversion Tracking). For this purpose, LinkedIn uses cookies, Pixel and JavaScript.
If you are logged into LinkedIn while you are using our website, LinkedIn may link the information collected with your membership account and use it for the targeted placing of advertising on LinkedIn. You can see your privacy settings on LinkedIn at https://www.linkedin.com/psettings/enhanced-advertising.
We have signed a contractual processing agreement with LinkedIn regarding the use of Google Optimize. Data collected in this connection may be transmitted by LinkedIn to a server in the USA and stored there. For the eventuality that personal data are transferred to the USA, we have agreed standard contractual clauses with LinkedIn (Implementing Decision (EU) 2021/914, Module Two) pursuant to Article 46(2) (c) of the GDPR. In addition, we obtain your express consent pursuant to Article 49(1) (a) of the GDPR for the transmission of your personal data to third countries.
For more information we refer you to the LinkedIn Privacy Policy at https://www.linkedin.com/legal/privacy-policy. You can find out more details about cookies at https://www.linkedin.com/legal/l/cookie-table.
5.5 Pinterest Tag
Our website uses Pinterest Tag, a service by the social network Pinterest, which is provided for persons from the European Economic Area by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, and for users from the USA by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA (together “Pinterest”).
We use the Pinterest Tag to analyse general use of our website and to track the effectiveness of Pinterest advertising and our advertising campaigns (Conversion Tracking). We also use the Pinterest Tag to make target group allocations and show you personalised advertising based on your interest in our products (Retargeting). For this purpose, Pinterest processes data which the service collects from cookies, web beacons and similar storage technologies on our website. The data collected in this connection may be transmitted for analysis to a server in the USA and stored there.
If you are a member of Pinterest and have permitted Pinterest to do so in your account’s privacy settings, Pinterest may also link the information collected about your visit to us with your membership account and use it for the targeted placing of Pinterest Ads. You may see and edit the privacy settings, especially for personalisation, in your Pinterest profile at any time at https://help.pinterest.com/en/article/edit-personalization-settings.
If you have not agreed to the use of the Pinterest Tag, Pinterest will only show general Pinterest Ads which have not been selected on the basis of information collected about you.
This collection and transmission of activity data within the scope of the Pinterest Tag is carried out by us and Pinterest as joint controllers within the meaning of Article 26 of the GDPR. We have signed an agreement with Pinterest concerning this processing as joint controllers. This agreement defines the division between us and Pinterest of the duties under data protection law. In this agreement, we and Pinterest have agreed, among other things, that we are responsible for providing you pursuant to Articles 13 and 14 of the GDPR with all information about our joint processing of your personal data and that Pinterest is responsible for facilitating the exercise of rights of data subjects pursuant to Articles 15 to 20 of the GDPR. You may download the agreement between us and Pinterest at https://business.pinterest.com/de/pinterest-advertising-services-agreement/germany/. Pinterest is responsible as sole controller for the processing of activity data subsequent to their transmission.
You can find more information in the Pinterest Privacy Policy at https://policy.pinterest.com/en/privacy-policy. In addition, you can find out more about the Pinterest Tag at https://help.pinterest.com/en/business/article/pinterest-tag-parameters-and-cookies.
6. External media
We also use services to improve your experience of using our website and to enable us to offer your more functions. While these are not absolutely essential for the basic functions of our website, they do contribute to user-friendliness and allow the provision of more functions. These include the embedding of external content such as videos and maps.
The legal basis for this is your consent under Article 6(1) (a) of the GDPR, which you give yourself using the consent banner or in the relevant tool by allowing its use separately via a banner placed above it (overlay). In these cases, access to and storing information on your end device is subject to consent and is on the basis of the laws implementing the ePrivacy Directive in the EU Member States; in Germany, this is section 25(1) of the Protection of Data in Telecommunications and Telemedia Act.
For details of how you can withdraw your consent see 2.3. (“Withdrawing your consent or changing your selection”). In the eventuality that your personal data are transferred to the USA or other third countries, your consent also explicitly covers this data transfer (Article 49(1) (a) of the GDPR). For information about the risks involved, please see Part A (“Data transfer to third countries”).
6.1. YouTube videos
We have embedded videos in our website which are stored by YouTube and can be played from our website. YouTube is a multi-media service of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”), provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for everyone else by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”).Information such as cookies, Local Storage and Session Storage can be stored on your end device, and JavaScript may be run, accessing information on your end device when you use this service. We have activated the YouTube Privacy-Enhanced Mode. This means, according to YouTube’s own documentation, that Google receives less user information and does not personalise video recommendations or advertising. Cookies are no longer stored. Information is still placed, however, in the Local Storage and Session Storage of your end device, especially your device ID and other information regarding the playing of the video, which can be accessed by Google.
The legal basis for this data processing is your consent under Article 6(1) (a) of the GDPR. Access to and storage of information on your end device is then on the basis of the laws implementing the ePrivacy Directive in the EU Member States; in Germany, this is section 25(1) of the Protection of Data in Telecommunications and Telemedia Act. The transfer of your data to the USA and other third countries is on the basis of your express consent pursuant to Article 49(1) (a) of the GDPR.
When you visit our website, YouTube and Google are informed that you have accessed the relevant sub-page of our website. This happens regardless of whether you are logged into YouTube or Google or not. YouTube and Google use these for the purposes of advertising and market research and for tailoring their services to the needs of users. If you access YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google may moreover connect this event with those profiles. If you do not want this attribution to happen, you will need to log out of Google before accessing our website.
As well as being able to withdraw your consent, you may also deactivate personalised ads in the Google advertising settings. If you do so, Google will only display non-individualised advertisements: https://adssettings.google.com/notarget.
You can also find out more about this in the Google Privacy Policy, which also applies for YouTube: https://policies.google.com/privacy.
6.2. Google Maps
Our website uses Google Maps, a map service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for everyone else by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”).
So that the Google Maps material used by us can be embedded and displayed by your web browser, your web browser must open a connection to a Google server, which may be in the USA, when you access our website.
Google is informed by the embedding of the map material that a page on our website has been accessed by the IP address of your device. If you access Google Maps on our website while you are logged into your Google profile, Google may moreover connect this event with your Google profile. If you do not want this attribution to your Google profile to happen, you will need to log out of Google before accessing our contact page. Google stores your data and uses them for the purposes of advertising and market research and for personalised display of Google Maps.
You can find out more about this in the Google Policy and the additional terms of use for Google Maps.
You can see details of which cookies are placed by Google Maps and how long they are stored for on the Cookie banner under Cookie details.
Last amended: November 2022