Privacy Policy
Version 2.0 from 31.07.2024
I. General Information
1. Preliminary Remarks
We, art24 World AG, operate the art trading platform art24.world ("Platform"). The purpose of this privacy policy is to explain how we collect and process personal data in our company.
You may only provide us with personal data of third parties if you are authorized to do so and the personal data is correct. We ask you to ensure that the persons concerned are aware of this privacy declaration.
We may amend this privacy policy at any time and without prior notice. The current version published on our platform applies at all times.
2. Responsible Party for Data Protection Matters
Responsibility for the content of this privacy policy and for the data processing described lies with
art24 World AG
Riedstrasse 1
6343 Rotkreuz
privacy@art24.world
Tel.: +41 43 499 50 30
3. EU Data Protection Representative
For natural persons with a simple residence in countries of the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as well as for the country-specific supervisory authorities provided for in the GDPR, we designate the following person as EU data protection representative in accordance with Art. 27 GDPR:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
info@datenschutzpartner.eu
https://datenschutzpartner.eu
4. Terminology
For a better understanding, we will first clarify the most important terms used below. In this regard, we adhere to the definitions of the Swiss Data Protection Act.
· Personal data (GDPR: personal data): all information relating to an identified or identifiable natural person.
· Data subjects: natural persons about whom data is processed.
· Processing (GDPR: processing): any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification, disclosure, archiving, erasure or destruction of data.
· Responsible party: private individual or federal body that decides, alone or together with others, on the purposes and means of the processing.
· Processor (GDPR: processor): private person or federal body that processes personal data on behalf of the responsible party.
5. Legal Basis for Data Processing
This Privacy Policy complies with the requirements of the Swiss Federal Act on Data Protection ("FADP") and the associated Ordinance ("DPO") as well as the General Data Protection Regulation of the European Union ("GDPR"). The type and scope of the applicable legislation depends on the individual case. Foreign data protection law is only applied insofar as this is mandatory under the applicable law and only for the data processing processes and persons affected.
We comply with the applicable data protection regulations when processing personal data.
The processing of personal data must not unlawfully violate the personality of the persons concerned. For this reason, such data processing must comply with the processing principles of data protection law and/or must be legitimized by a justification. We are particularly legitimized to process personal data if the processing:
· is based on a legal basis
The processing of personal data may be required or legitimized by law.
· is necessary for the fulfilment of a contract with the data subject or for pre-contractual measures
The essential part of the processing of personal data takes place in the context of the fulfilment of contractual obligations (e.g. provision of our services and services via our platform)
· is necessary to safeguard our legitimate interests or those of a third party.
A legitimate interest on our part exists in particular if the processing of personal data takes place within the scope of the purposes mentioned below in Section 8, as well as the disclosure of data in accordance with Section 10 and the associated objectives.
· is based on consent
If the processing of personal data is based on your consent, we will inform you of this separately and transparently. You can revoke your consent at any time with effect for the future using the functions provided for this purpose (e.g. the unsubscribe link for newsletters) or by notifying us in writing (see contact points in Section 2 above). After receiving your cancellation, we will cease the data processing concerned unless we can base the processing on another justification.
· is necessary to comply with national and international legal regulations.
6. Categories of Personal Data
Depending on the services you use and the respective relationship between you and us, we process the following categories of personal data in particular:
· Master data: e.g: Title, surname, first name, gender, date of birth, age, address and contact details such as address, telephone numbers, e-mail addresses, language, nationality, profession, user names, financial information.
· Contract data: e.g. information relating to the initiation, conclusion, processing, administration and termination of contracts between you and us, information in connection with job applications (see also Section 16 below), history of interactions, financial and payment information such as creditworthiness, information in connection with the enforcement of claims, bank details, the information and data stored by you as a user in your user account.
· Communication data: e.g. master data, contract data, content exchanged via the respective communication channel, type, time and, if applicable, location of the communication that took place, marginal data, etc.
· Behavioural data: e.g. information on attending events and participating in competitions, information on the use of and behaviour on our websites and applications (see also Section 14 below), information on the use of our infrastructure (platform, electronic communication channels, etc.).
· Registration data: e.g. certain offers and services can only be used after registration (e.g. login area on our website, newsletter dispatch, competitions, etc.). As part of the use of the respective offer or service, we in turn collect certain behavioral data.
· Technical data: e.g. IP addresses, general information on the operating system and browser, information on visits to our websites and applications (date, time, duration of visit, number of visits, content accessed), visitor source (referring website), device identifiers, access data, cookies (see also Section 15 below).
· Marketing data: e.g. information on personal preferences and interests, subscriptions and unsubscriptions to newsletters, content of marketing correspondence).
· Image and sound recordings: e.g. recordings of telephone and video conference calls (only after prior notification and, if necessary, with your consent), recordings of video surveillance systems (see also Section 18 below), recordings in connection with customer and employee events.
· Compliance data: e.g. data in connection with clarifications, assessments and measures in the area of compliance (incl. compliance incidents).
7. Origin of the Data
We collect a large proportion of personal data directly from you as the data subject. In particular, this includes master data, contract data, communication data and behavioral data. Such personal data is collected as part of the initiation and processing of business relationships and the use of our services. If you provide us with data on other persons (e.g. business partners), you must ensure that you are authorized to do so and that the data is correct. In addition, the persons concerned must be informed of this privacy policy in advance.
Furthermore, we may also collect personal data about you ourselves or automatically or derive it from existing data. This includes, in particular, behavioral, preferential and technical data.
Finally, we also receive personal data from companies in the art24 Group and from other third parties, insofar as this is permitted by law. Such third parties include, in particular, persons from your environment, service providers, business partners, insurance companies, banks, providers of online services, authorities, official bodies, courts, parties and their legal representatives in the context of legal disputes, etc. We may also collect personal data from public sources (e.g. credit agencies).
8. Purpose of the Data Processing
We process the data collected in order to fulfil our legal and contractual obligations towards you and third parties. This includes in particular the establishment, administration and processing of contractual relationships as well as the presentation and marketing of the offer on our platform.
We also process the data collected to ensure communication with you, to provide and improve the products and services you have requested, to manage your use of and access to our products, services and information, to maintain our business relationship with you, to carry out advertising and marketing measures (insofar as we are authorized to do so, e.g. with your consent), to monitor and improve the performance of our services, to enforce legal claims or defend ourselves against them, to detect illegal activities, to prevent or clarify them, to ensure compliance with laws and recommendations of national and international authorities and internal regulations ("compliance") and risk management, to generally guarantee our operations (in particular IT, website, etc.) and to ensure administrative processes (e.g. data archiving, accounting, master data maintenance, quality assurance).
9. Processing Time of Personal Data
We process your personal data for as long as we are legally obliged to do so (e.g. retention and archiving obligations) or our legitimate business interests require this, or as long as the purpose of collecting your data makes it necessary or the retention is technically required.
In certain cases, we may also store your personal data for longer - based on your consent (e.g. job applications that we have pending).
In the context of contractual relationships, data is generally stored for the duration of the contractual relationship and the statutory retention periods beyond this. This may mean that your personal data or extracts thereof must be stored for several years after the end of the contractual relationship between you and us. If your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as far as possible.
10. Disclosure of Personal Data to Third Parties
Where legally permissible and necessary, we may also pass on certain personal data to third parties as part of our business activities. Where permitted, these third parties process your personal data either on our behalf (processor), in joint responsibility with us or on their own responsibility. These include, among others:
· Group companies
· our service Providers, such as banks, insurance companies, IT providers, shipping companies, debt collection companies, credit agencies, cleaning companies, advertising service providers, event organizers, lawyers, external consultants, etc.
· Business partners, for example suppliers
· National and international authorities, offices and courts
· Other parties in the context of administrative and court proceedings
· Parties involved in corporate transactions (e.g. purchase, sale or merger of companies, business units, etc.)
· Other third parties who are necessary to fulfill the purpose of the respective data processing
Where necessary, we have concluded corresponding contracts with these third parties. If contract processors are involved, they are obliged to comply with data protection and data security regulations. Furthermore, they may only process personal data in accordance with our instructions. They also grant us comprehensive rights of inspection and control as well as rights of access, rectification and erasure.
11. Disclosure of Personal Data Abroad
We generally process and store personal data in Switzerland and the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and recipients located outside this area or process personal data outside this area, in principle in any country in the world. In particular, you must expect personal data to be disclosed to all countries in which the service providers we use and their subcontractors are located (in particular the USA).
By taking appropriate measures, we ensure compliance with the legal requirements. Specifically, there is an adequacy decision by the competent authority. In the absence of such a decision, the transfer of personal data takes place on the basis of suitable guarantees (in particular standard contractual clauses approved by the European Commission and the Federal Data Protection and Information Commissioner [FDPIC]) or there are exceptions for certain situations (contract processing, law enforcement abroad, etc.) or we obtain your expressed consent.
12. Data Security
To secure your data, we maintain technical and organizational security measures in accordance with the current state of technology.
Communication via our platform is encrypted using the SSL/TLS encryption protocol. However, we would like to point out that even encrypted data transmission on the Internet always involves security risks. Complete protection of data against access by third parties cannot be guaranteed.
13. Your Rights as a Data Subject
Insofar as the requirements of the applicable data protection law are met and no statutory exceptions apply, you have the following rights in connection with the processing of your personal data:
· to request information about whether and, if so, which personal data we process about you
· to have incorrect or incomplete personal data corrected
· the deletion or anonymization of your personal data
· for data portability
· to withdraw your consent to the processing of your personal data with effect for the future
· to object to the processing of your personal data (in particular with regard to direct marketing).
Please note that these rights may be restricted or excluded in individual cases (e.g. to protect third parties or business secrets).
To assert your rights as a data subject or if you have any questions about this privacy policy and the processing procedures described therein, you can contact the above-mentioned data protection officer (Section 2) or the EU data protection representative (section 3) at any time.
If you believe that your data has been processed unlawfully, we would be grateful if you could contact us directly. Alternatively, you can lodge a complaint with the supervisory authority responsible for you. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). A list of the authorities in the EEA can be found here.
II. Supplementary Information in Connection with Selected Data Processing
14. Data Processing in Connection with the Use of our Platform
14.1. Cookies
The Cookiebot software is used for the acceptance ("consent") of cookies. Cookiebot is integrated via the following source code:
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="adc67a23-522b-4807-b62e-b28e7fbe2b0a" type="text/javascript" async=""></script>
14.2. Contact Form
You have the option of using a contact form to get in touch with us. The collection and transmission of the following data is possible:
· Name
· E-mail address
· Telephone number
· Message
We have marked the mandatory entries (*). The provision of personal data in other fields or in the context of other forms of contact (e.g. by e-mail, telephone) is voluntary.
Within the scope of the GDPR, this data is processed for the purpose of initiating or fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or based on our legitimate interest in processing the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or based on your consent (Art. 6 para. 1 lit. a GDPR).
14.3. Platform Hosting Provider
We host our platform with a Swiss hosting provider with its registered office and server location in Switzerland (VSHN AG). Each time you visit our platform, the hosting provider automatically collects and stores information (server log files) that your browser transmits. This includes the name and URL of the retrieved file, date and time, data volume, web browser and web browser version, operating system, the domain name of your internet provider, the so-called referrer URL (the page from which you accessed our website) and the IP address. This usage data is used to recognize technical problems, to ensure security and to statistically evaluate the use of our platform and thus also to further development of our offer.
We process the aforementioned data for the following purposes:
· ensuring a smooth connection to the platform,
· Ensuring a comfortable use of our platform,
· analyzing system security and stability and
· for other administrative purposes and in the event of any unlawful use of our platform or our services.
Within the scope of application of the GDPR, this data is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in accordance with the purposes listed above or your consent (Art. 6 para. 1 lit. a GDPR).
14.4. User Data
You can register on our platform ("user") in order to use additional functions on the platform. The current GTC apply, which can be accessed at https://art24.world/en/legal/terms. The mandatory information requested during registration must be provided in full. Otherwise, registration will not be possible. We will use the e-mail address provided by you during registration to inform you of important changes, such as changes to the scope of the offer or technically necessary changes.
We process personal data of the user and, if applicable, also of the user's employees, bodies or third parties involved for all purposes associated with the fulfilment of the contract.
Users may process and use personal data of other users that they lawfully collect in the course of using the platform exclusively for the provision of their pre-contractual and contractual services. Without the expressed consent of the user concerned, they are prohibited in particular from disclosing this data to third parties (e.g. for marketing purposes). The user explicitly declares that consent has been given for the processing of personal data as described above and that the legal requirements for transmission to and processing by us are met.
Within the scope of application of the GDPR, this data is processed either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) or based on your consent (Art. 6 para. 1 lit. a GDPR).
14.5. Payments
We may offer products and/or services that are subject to a charge (in particular user subscriptions). In this case, we may use third-party services for payment processing. The use of your personal data and your payment data by these third-party providers is governed by their privacy policy.
14.5.1. Datatrans
We use the services of Datatrans. The provider is Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland ("Datatrans"). Datatrans adheres to the standards defined by PCI-DSS, which are managed by the PCI Security Standards Council. PCI-DSS requirements help to ensure the secure handling of payment information.
When paying via Datatrans, your payment data will be forwarded from our platform to Datatrans via an interface to their e-payment platform in order to process the payment. You can find more information on how Datatrans handles your personal data in their privacy policy: https://www.datatrans.ch/en/privacy-policy/.
Within the scope of the GDPR, your data is transmitted to Datatrans on the basis of contract processing (Art. 6 para. 1 lit. b GDPR) and on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the use of reliable and secure payment processes.
14.6. Newsletter
On our platform, we offer you the opportunity to subscribe to our newsletter, which we use to inform you about offers, products and information in regular intervals.
In order to send you a personalized newsletter, we require your first and last name, e-mail address and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. This data is used exclusively for sending the newsletter. You are free to provide us with further information on a voluntary basis. This personal data will not be passed on to third parties outside our company or group.
We use the so-called double opt-in procedure to register for the newsletter. After registering, you will receive an e-mail in which we ask you to confirm your registration. Subscriptions to the newsletter are logged. This includes storing the time of registration and confirmation as well as the IP address. Any changes to your stored data are also logged.
You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time. There is a corresponding link in every newsletter.
We use the services of mailXpert, by the provider mailXpert GmbH, Schulstrasse 37, 8050 Zurich, Switzerland, to process, send and analyse the newsletter. You can find the privacy policy of mailXpert GmbH here: https://www.mailxpert.ch/datenschutz.
Within the scope of the GDPR, the processing of the data collected as part of your newsletter order is based on your consent (Art. 6 para. 1 lit. a GDPR). We use the services of mailXpert GmbH on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR).
14.7. Links to Other Websites
Our platform contains hyperlinks to third-party websites that are not operated or controlled by us. We are not responsible for their content or data protection practices..
14.8. Google Inc.
14.8.1. General Information
Our platform uses functions and services of Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
In addition to the following explanations, you will find further information on data protection at Google in the Google data protection declaration: https://policies.google.com/privacy?hl=en.
Within the scope of application of the GDPR, this data is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in an appealing website and in increasing our reach or based on your consent (Art. 6 para. 1 lit. a GDPR).
14.8.2. Services Used by Google
Our platform uses functions of the web analytics service Google Analytics, Google Tag Manager, Google AdSense and Google Ads. We also use Google Maps to embed maps, Google Fonts to use fonts and Google reCAPTCHAto protect our platform from spam and misuse.
Google Analytics uses cookies that enable your use of the platform to be analyzed. The information generated by cookies about your use of our platform will be transmitted to and stored by Google on servers in the United States. You can prevent the collection of your data by Google Analytics by clicking on the following link: https://tools.google.com/dlpage/gaoptout?hl=en. An opt-out cookie is set to prevent the collection of your data on future visits to this platform.
Google Tag Manager is a solution with which we can manage website tags via an interface. Google Tag Manager is a cookie-free domain that does not collect any personal data. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Google AdSense uses cookies and web beacons (invisible graphics). With the help of web beacons, Google can analyze information (e.g. visitor traffic, clicks) on these pages. The information generated by cookies and web beacons about your use of our platform (including your IP address) and delivery of advertising formats is transmitted to Google servers (possibly also in the USA) and stored there. This information may be passed on by Google to contractual partners of Google.
We also use the Google Ads advertising tool to promote our platform. For this purpose, we use Google's "Conversion Tracking" analysis service on our platform. If you have accessed our platform via a Google advert, a cookie will be stored on your computer. These so-called "conversion cookies" lose their validity after 30 days and are not used to identify you personally. If you visit certain pages of our platform and the cookie has not yet expired, we and Google can recognize that you as a user have clicked on one of our ads placed on Google and have been redirected to our platform. The information collected with the help of conversion cookies is used by Google to compile visit statistics for our platform. These statistics tell us the total number of users who have clicked on our advert and which pages of our platform were subsequently accessed by the respective user. However, we do not receive any information with which users can be personally identified. You can prevent the installation of conversion cookies by adjusting your browser settings accordingly, for example by using a browser setting that generally deactivates the automatic setting of cookies or specifically blocks only cookies from the domain "googleadservices.com".
We use Google Maps on our platform to embed maps. By using Google Maps, data is transferred to Google and may also be stored on Google servers in the USA.
Our platform uses so-called Web Fonts provided by Google for the standardized display of fonts. The Google fonts are installed locally. There is no connection to Google servers. Further information on Google Web Fonts can be found at: https://developers.google.com/fonts/faq.
We also use the Google service reCAPTCHA on our platform. The associated query serves the purpose of distinguishing whether entries (e.g. in the contact form) are made by a human or by automated, machine processing. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area (see also section 10.8.4 "IP anonymization" below). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information to analyze your use of the service. According to Google, the IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data. By activating the query, you consent to this processing of your data, which means that the data processing is based on your consent.
14.8.3. IP Anonymization
We have activated the "IP anonymization" function on our platform. This means that your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and truncated there. Google uses this information to analyze your use of the platform, to compile reports on platform activities and to provide us with further services associated with platform use and Internet use. According to Google, the IP address transmitted by your browser will not be merged with other Google data.
14.8.4. Browser Plugin
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of our platform to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the platform (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en
15. Cloud Service Providers Used by Us
Below we would like to inform you about the most important cloud service providers we use:
· Microsoft 365 (incl. Exchange, SharePoint, Teams, OneDrive): The provider of these services is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft"). According to Microsoft, data is stored exclusively on servers located in Switzerland (see here). In addition to the information provided here, you will find further information on data protection in the Microsoft Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement.
· Microsoft Azure: The provider of these services is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft"). We use this service to convert images into augmented reality content. In addition to the information provided here, you can find further information on data protection in the Microsoft Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement.
· ASPSMS: The provider is VADIAN.NET AG, Katharinengasse 10, 9000 St. Gallen, Switzerland ("ASPSMS"). We use the ASPSMS services to implement two-factor authentication using mTAN. In addition to the information provided here, you will find further information on data protection in the ASPSMS privacy policy: https://www.aspsms.com/en/privacy/.
· Sentry: The provider is Functional Software, Inc, 132 Hawthorne St, San Francisco, USA ("Sentry"). We use Sentry to log software errors. In addition to the information provided here, you will find further information on data protection in the Sentry privacy policy: https://sentry.io/privacy/.
Within the scope of the GDPR, the involvement of these cloud service providers is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the operation of a modern and secure IT infrastructure.
16. Processing of Personal Data of Applicants
We accept applications by post, e-mail or contact form. We may also work with external partners (e.g. job portals and recruitment agencies) as part of the recruitment process. In this case, please also note the data protection notices of these partners. We treat your data as strictly confidential. Your personal data will only be passed on within our company or group to persons who are responsible for processing your application.
We process the personal data sent to us as part of your application and the personal data collected during the application process, insofar as this is necessary for the decision on the conclusion and implementation of an employment contract. This includes:
· Master data (surname, first name, address, contact details, date of birth, marital status, etc.)
· Information on your educational, professional and personal qualifications
· Information that we have collected as part of the application process (e.g. as part of assessments)
· Further information that you have transmitted to us in connection with your application.
We process your personal data in this regard for as long as this is necessary for the decision on your application. They will be deleted a maximum of six months after the end of the application process, unless longer storage is legally required or permitted or you have not consented to longer storage.
If an employment relationship is established following the application process, your application documents will be transferred to your personnel file.
Within the scope of the GDPR, this data is processed either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or based on your consent (Art. 6 para. 1 lit. a GDPR).
17. Processing of Personal Data in the Context of Interaction With Our Social Media Channels
17.1. General Information
We maintain the publicly accessible profiles in social networks listed below. You will find linked graphics to the respective networks on our platform. By clicking on a corresponding graphic, you will be forwarded to the selected social network. After forwarding, the network collects and processes your information within the following framework.
When you visit our profiles on social networks, personal data may be collected about you. For example, if you are logged into your social network accounts and visit our profile at the same time, the portal operator may be able to assign this visit to your user account. Furthermore, even if you have logged out of your account or if you do not have an account with the respective portal, your personal data may be collected. Such data can be collected, for example, by setting cookies or web beacons. Based on the data collected in this way, the portal operators can create user profiles and show you interest-based advertising. Further information on this can be found in the respective data protection declarations of the portal operators.
The purpose and scope of the data collection and the further processing and use of the data by the respective social network as well as your rights in this regard and setting options to protect your privacy can be found in the relevant data protection provisions of the respective social network.
Within the scope of the GDPR, social networks are used in the interest of an appealing presentation of our online offers, to increase our reach and to advertise our services (in particular job placement). This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with effect for the future.
17.2. Facebook Fan Page
We use functions of the Facebook fan page service. These functions are offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. As the operator of the Facebook fan page, we and the operator of the social network Facebook are joint data controllers.
We have entered into agreements with Facebook that set out, among other things, the terms of use for the Facebook fan page. These terms are mainly based on the Facebook terms of use: https://www.facebook.com/terms.php.
Visit the Facebook Privacy Policy https://www.facebook.com/policy.php, for more information on how Facebook manages personal data or contact Facebook at https://www.facebook.com/help/contact/540977946302970.
17.2.1. Facebook Pixel
We use Facebook's visitor action pixel to measure conversions. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
With the help of this service, the behavior of platform visitors can be tracked after they have been redirected to our platform by clicking on a Facebook ad. The purpose of this measure is to evaluate the effectiveness of Facebook ads for statistical and market research purposes and to be able to optimize future advertising and marketing measures on this basis.
You can use this link to object to receive customized advertising: www.facebook.com/settings?tab=ads.
The data collected is anonymous for us as the operator of the platform, which means that we cannot draw any conclusions about the identity of the user. However, the data is transferred to Facebook and processed. In particular, Facebook can assign this data to the respective user profile and use the data for its own advertising purposes. This may also be the case if you are not logged in to Facebook. We have no influence on the scope and further use of the data by Facebook. Visit the Facebook Privacy Policy https://www.facebook.com/policy.php for more information on how Facebook manages personal data or contact Facebook via https://www.facebook.com/help/contact/540977946302970.
17.3. LinkedIn
We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. You can find more information on how LinkedIn handles your personal data in their privacy policy: https://www.linkedin.com/legal/privacy-policy.
LinkedIn uses advertising cookies. If you wish to deactivate them, please follow this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
17.4. Instagram
We use the functions of the Instagram service. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
If you have an Instagram account, you can interact with us via Instagram. As part of this interaction, we process the personal data you provide.
You can find more information about data protection on Instagram here: https://instagram.com/about/legal/privacy/.
17.5. YouTube
We maintain a profile on YouTube and can also use it to embed videos on our website or our apps. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode, which, according to YouTube, only initiates the storage of user information when the video is played. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode.
As soon as you start a YouTube video on our website or in our apps, a connection is established to YouTube's servers (possibly also in the USA). In this context, YouTube learns which of our pages you have visited. If you are logged into your YouTube account, you also allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about you. According to YouTube, this serves, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior.
It is possible that further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.
We have concluded a contract with Google for order processing. You can find more information here: https://www.youtube.com/t/terms_dataprocessing.
For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=en-GB.
17.6. Google Business Profile
We use Google Business Profile from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
When you visit and interact with our Google Business Profile entry, Google also records your IP address and other information that is collected in the form of cookies on your end device. This information is collected for statistical purposes. The data collected about you in this context is processed by Google and may also be transferred to the USA.
Further information can be found in the Google privacy policy: https://policies.google.com/privacy?hl=en-GB.
18. Processing of Personal Data in the Context of Video Surveillance
We monitor part of our company premises by means of video surveillance. The monitored areas are labelled accordingly.
Video surveillance is used for the following purposes:
· Protection of our visitors and employees
· Protection of our infrastructure
· Preservation of evidence
· Exercising our domiciliary rights
· Clarification of criminal offences
Video recordings of office premises are generally deleted after 30 days, video recordings of other areas are generally deleted after 90 days. Longer storage only takes place if this is necessary for the enforcement of legal claims or the prosecution of criminal offences.
We may use external service providers to carry out video surveillance. Under certain circumstances, the video recordings may also be viewed by external security personnel. In the event of suspicion of a criminal offence, for the enforcement of civil law claims and if there is a legal obligation, the video recordings may be transmitted to the competent authorities (e.g. law enforcement authorities).
