Data Privacy Policy

Data privacy policy about the processing of personal data on our website

Thank you for the interest you have shown in POLYAS. The protection of your data is important to us and we would like you to feel secure when visiting our websites. It is important that you know what data is collected and how it is used when using our online services. In this privacy statement, we (POLYAS) inform you about the processing of personal data when using our website and our products.  For the data protection statement regarding data processing when using our products, please scroll down.

1. Contact Person

The contact person and person responsible for the processing of your personal data in line with the EU General Data Protection Regulation (GDPR) is POLYAS GmbH, Marie-Calm-Straße 1-5, 34131 Kassel, Deutschland, Telephone number: +49 (0)30 88 06 01 00 0, E-Mail: info@polyas.de.

If you have any questions about data protection in connection with our products/services or the use of our website, you can contact our data protection officer at any time. Please use the above postal address or the e-mail address privacy@polyas.de (keyword: “Att. Data Protection Officer”). We expressly point out that when using this e-mail address, the content is not processed exclusively by our data protection officer. If you wish to exchange confidential information, please first use this e-mail address to request direct contact details.

2. Data processing on our Website

2.1. Accessing our website / access data

Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data include:

  • The IP-Address of the relevant appliance,
  • The date and time the site was accessed,
  • The address of the relevant web-page and site,
  • Information about the browser and operating system being used to access the website,
  • Online-Identifiers (e.g. Device ID, Session-ID).

The processing of access data is necessary to enable our website to be accessed and ensures the long-term functionality and security of our systems. Access data is temporarily stored in internal log files in order to provide statistical information on the usage of our website. The legal basis is Art. 6 (1) (b) GDPR, provided that the page is accessed in the course of initiating or executing a contract, and otherwise Art. 6 (1) (f) GDPR due to our legitimate interest of the long-term functionality and security of our systems.

All information stored in the log files does not allow any direct inference to your person. We store IP addresses in a shortened, anonymised form only.

2.2 Contact

You have different ways to get in contact with us, including a web-based contact form. In this regard, we only process data with the sole purpose of contacting with you. The legal basis is Art. 6 Para. 1 Sent. 1 lit. b GDPR. The data collected from us during this communication will be automatically deleted after your request has been processed fully, unless we need your request for the fulfilment of contractual or legal obligations.

In individual countries, we work together with distribution partners to whom we, among other things, submit your contact details, so that they can submit a country-specific offer for the use of our products on our behalf. The legal basis for this data processing is Art. 6 Para. 1 Sent. 1 lit. b, f GDPR.

2.3. Registration

You have the option of registering for our login area so that you can use the full functionality of our website. We have highlighted the data you are required to provide by marking them as compulsory fields. Registration is not possible without this data. If you personally become a contractual partner, the legal basis of the processing is Art. 6 (1) (b) GDPR. If you register on behalf of an organization and the organization becomes a contractual partner, the legal basis of the processing is Art. 6 (1) (f) GDPR.

When you register, you will also receive information about us and our products by e-mail. The legal basis for this data processing is the aforementioned legitimate interest in accordance with article 6 (1) (f) GDPR. You can at any time object to or unsubscribe from these e-mails at no charge. Every mail contains an appropriate unsubscribe link. A message to us would also be sufficient for this.

2.4. Online course registration

Register for our online course and find out more about the POLYAS online voting system. Your registration data will be used solely for communicating with you and organizing the online course above. The legal basis is Article 6(1)(b) of the GDPR. The data collected by us in the registration form will be automatically deleted after your inquiry has been fully resolved unless a record of your inquiry is needed to meet contractual or legal obligations.

3. Payment service provider

3.1. PayPal

When using our products, one of the payment service providers we use is PayPal. The provider of this payment service is PayPal (Europe) S.à.rl; Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.

If you choose to pay through PayPal, data about you that is required for the payment process will automatically be transmitted to PayPal. This data is usually the following: Name, address, company, e-mail address, telephone number, IP address.

PayPal may transmit this data to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may pass on personal data to affiliated companies and service providers or subcontractors to the extent necessary to fulfill its contractual obligations or to process the data on its behalf.

The transmission of your data to PayPal is based on the requirements of Art. 6 Paragraph 1 b) GDPR, since the processing of the data is necessary for payment through PayPal and thus for the fulfillment of the contract.

You can read PayPal’s privacy policy under https://www.paypal.com/eu/webapps/mpp/ua/privacy-full.

3.2. PAYONE

We process payments with the service provider PAYONE GmbH, Lyoner Str. 9, 60528 Frankfurt am Main, Germany (“PAYONE”). Your payment data will be collected and processed directly by PAYONE and is not saved by us.

Depending on the payment method, the IBAN, card number, check digit and other transaction data (e.g. date/time of transaction, payment amount) are processed during payment. Your data will only be transmitted to PAYONE if this is necessary for payment processing. The legal basis for this is Art. 6 (1) (b) GDPR.

PAYONE may, under certain circumstances, transfer your data to third parties, including credit agencies, for the purpose of checking creditworthiness.

Further information on data processing at PAYONE can be found in PAYONE’s data protection information at https://a.storyblok.com/f/64176/x/c90fa8e6ef/payone-information-zu-datenverarbeitung-gemass-art-14-dsgvo-0220-1.pdf and under https://www.payone.com/DE-de/dsgvo.

4. Newsletter

You have the possibility to subscribe to our newsletter in which we will regularly inform you about the latest news from POLYAS.

For our newsletter subscriptions, we use the so-called Double Opt-In procedure. In this way we will only send you newsletters once you have confirmed your subscription by clicking on the link that is sent to the email address that you have provided. This confirms that you want to subscribe to the newsletter and that you are the owner of the email address. If you choose to confirm your e-mail address, we will save your e-mail address, the time of registration, and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose storing this data is to send you the newsletter and to confirm your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. You may also send a letter (email or by post) to the address listed in the newsletter to unsubscribe. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR.

We use commercially available technologies in our newsletters to measure our subscribers’ interactions with our newsletters (e.g. opening the email, clicked links). We use this data in pseudonymised form for general statistical analysis and optimisation as well as for the further development of our content and customer communications. This is done with the help of small graphics which are imbedded in the newsletter (so called Pixels). The collected data is pseudonymised and not linked to your personal data. The Legal basis for this is our aforementioned legitimate interest acc. Art. 6 Para. 1 Sent. 1 lit. f GDPR.

Our newsletter is aimed to share relevant information with our customers and to better understand our readers are interested in. If you do not wish us to analyse the usage behaviour, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. You can unsubscribe from our newsletter at any time, for example at the bottom of every newsletter you will find an “unsubscribe” link. Alternatively, you can contact us via the aforementioned contacted details.

5. Cookies

This website uses cookies and other technologies (collectively “tools”) that are offered either by us or by third parties. A cookie is a small text file stored on your device by your browser. Cookies are not used to run programs or load viruses onto your computer. The main purpose of our cookies is offer you a service that meets your needs and saves your time.

5.1. Use of Cookies

We use certain tools to provide the basic functions of our website (“necessary tools”). Without these tools, we would be unable to provide our service. For this reason we use the necessary tools without direct consent on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR or to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 (1) (b) GDPR.

We use our own cookies, in particular for login authentication and to identify your session on our web server. Our aim is to allow you to use our website more conveniently and individually. These services are based on our legitimate interests in helping you to use our website more conveniently and individually, and to save your time. The legal basis for this is Art. 6 (1) (f) GDPR.

We also use the Real Cookie Banner plug-in – this asks website visitors for their consent to set cookies and process personal data. For this purpose, each website visitor is assigned a UUID (pseudonymous identification of the user), which is valid until the cookie for storing consent expires. Cookies are used to test whether cookies can be set, to store references to the documented consent, to store which services from which service groups the visitor has consented to, and, if consent, according to Transparency & Consent Framework (TCF) to store consents in TCF partners, purposes, special purposes, functions and special functions. As part of the obligation to provide information under the GDPR, the consent collected is fully documented. In addition to the services and service groups to which the visitor has consented and, if consent is obtained in accordance with the TCF standard, which TCF partners, purposes and functions the visitor has consented to, this includes all settings of the cookie banner at the time of consent also the technical circumstances (e.g. size of the viewing area when giving consent) and the user interactions (e.g. clicking on buttons) that led to consent. Consent is collected once per language.

5.2. Third-party cookies for functional purposes

We use tools to improve the user experience on our website and to offer you more functions (“functional tools”). Although these are not absolutely necessary for the basic functioning of the website, they can provide users with considerable advantages, in particular with regard to user-friendliness and the provision of additional communication or presentation channels. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. To withdraw your consent, see section 11: “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”).

5.2.1. Google Fonts

Our website uses the Google Fonts service, which is provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043 , USA (collectively “Google”).

When you access a page, your browser loads the required fonts to display texts correctly and in an attractive manner. For this purpose, your browser must connect to the Google servers. This tells Google that our website was accessed from your IP address. According to Google, these invocations run separately from other Google services that require user authentication. There is no merging with other data. No cookies are saved.

The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Google Fonts provides a uniform and appealing presentation of our online presence through the maintenance-free and efficient use of fonts, which also accounts for any licensing restrictions for local integrations.

The server to which a connection is established may be located in the USA. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”). We have a data processing agreement with Google as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

Further information about Google Fonts is available at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/

5.2.2. Google Custom Search

Our website uses the Google Custom Search service, which is provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043 , USA (collectively “Google”). The tool enables a full text search for the content of our website. When you use the search function, the search terms and other data, such as your IP address, are transmitted to Google. The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. The server to which a connection is established may be located in the USA. In this respect, reference is made to the above.

5.3. Cookies for statistical and analytical purposes

In order to improve our website, we use tools for statistical recording and analysis of general usage behavior based on access data (“analysis tools”). We also use analysis services to evaluate the use of our various marketing channels.

Unless otherwise stated, the legal basis for the analysis tools is your consent in accordance with Art. 6 (1) (a) GDPR. To withdraw your consent, see section 11: “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”).

5.3.1 Google Analytics 4

Our website uses the Google Analytics 4 service (“Google Analytics”), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons located in Europe, the Middle East and Africa (EMEA) and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”) for all other persons.

Google Analytics uses JavaScript and Pixel to read information on your terminal device as well as cookies to store information on your terminal device. This is used to analyze your usage behavior and to improve our website. We will process the obtained information to evaluate your usage of the website and to compile reports on website activities for the website operators. The data generated in this context can be transferred by Google to a server in the USA for the evaluation and can be stored there.

As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and data enrichment. This is performed in particular for forecast metrics on the future behavior of visitors based on structured event data, such as forecast turnover, purchase probability and churn probability. The forecast metrics can also be used for forecast target groups. You can find more information about this at: https://support.google.com/analytics/answer/9846734. In addition, Google Analytics 4 models conversions in case no sufficient data is available for optimization of evaluation and reports. You can find more information about this at: https://support.google.com/analytics/answer/10710245. The data evaluations are performed automatically with the help of artificial intelligence or on the basis of specific individually defined criteria. You can find more information about this at: https://support.google.com/analytics/answer/9443595.

We have made the following data protection settings for Google Analytics:

  • IP anonymization (shortening of the IP address before evaluation);
  • Automatic deletion of old visit logs by limiting the storage period to 2 months;
  • No reset of the retention period for new activity;
  • Disabled cross-device and cross-page tracking (Google Signals);
  • Disabled data sharing to other Google products and services, benchmarking, technical support, account manager.

The following data is processed by Google Analytics:

  • IP address;
  • User ID, Google ID (Google Signals) and/or Device ID;
  • Referrer URL (previously visited page);
  • Pages viewed (date, time, URL, title, length of stay);
  • Downloaded files;
  • Clicked links to other websites;
  • If applicable, achievement of specific goals (conversions);
  • Technical information: operating system; browser type, version and language; device type, brand, model and resolution;
  • Approximate location (country and city, if applicable, based on anonymized IP address).

Google Analytics sets the following cookies for the specified purpose with the respective storage period:

  • “_ga” (2 years), “_gid” (24 hours): recognition and differentiation of visitors by a user ID;
  • “_ga_[GA-ID]” (2 years): retention of the information of the current session;
  • “_gac_gb_[GA-ID]” (90 days): storage of campaign-related information and, if applicable, linking with Google Ads Conversion Tracking;
  • “IDE” (13 months), if applicable: recognition and differentiation of visitors through a user ID, recording of interaction with advertising, playing out of personalized advertising.

For more information on Google Analytics 4 cookies, please visit: https://support.google.com/analytics/answer/11397207?hl=de.

The legal basis for this data processing is your consent in accordance with Art. 6 (1) lit. a DSGVO (the General Data Protection Regulation). Access to and storage of information on the terminal device is then based on the implementation laws of the ePrivacy Directive of the EU member States, in Germany according to Sect. 25 (1) TTDSG (the German Telecommunications-Telemedia Data Protection Act).

We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded the standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 (2) lit. c DSGVO. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 (1) lit. a DSGVO.

For more information, please see Google’s Data Security Policy: https://support.google.com/analytics/answer/6004245.

5.3.2. Visual Website Optimizer (VWO)

Our website uses Visual Website Optimizer (“VWO”), a web analysis service from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (“Wingify”).

Wingify uses cookies that make it possible to analyze the use of our website. These cookies generate information about usage behavior on this website and save your anonymized IP address. The data is then transferred to Wingify’s servers in India and stored there. Wingify use this information on our behalf to analyze how you use the website and, based on this, to improve our website. If the cookies do not expire at the end of the session, they are available for a maximum of 100 days (further information can be found here: https://vwo.com/knowledge/cookies-used-by-vwo/).

For the use of VWO we have a data processing agreement with Wingify as well as standard contractual clauses in the event that personal data is transferred to India or other third countries. Further information on data protection can be found here: https://vwo.com/terms-conditions/ and here: https://vwo.com/privacy-policy/

5.3.3. Pendo

Our website uses tools from Pendo.io, Inc., 150 Fayetteville St., Raleigh, NC 27601, USA (“Pendo”) to collect feedback from our users, determine which product areas and functions are used the most, and to analyze how customers use our application. It helps us to identify ways to improve the user experience, direct users to relevant features, and customize our products.

Pendo Feedback helps us to ask our users for and analyze their feedback.

Pendo Insights allows us to statistically evaluate how users work with our voting configurator. For this purpose, user behavior (e.g. clicks and interactions with the configurator) is evaluated in order to understand how our product is used and can be improved. Usage is aggregated and analyzed as anonymous statistics that do not allow any inferences about the individual user.

We also use Pendo Guidance to integrate tooltips into the voting configurator, which aim to simplify user interactions.

Pendo uses a unique identifier for each user to collect feedback, evaluate site usage, and display tooltips. When using Pendo, POLYAS only uses user Ids that are hashed. This means that Pendo can recognize users without knowing the plain-text user ID.

Information on the cookies used by Pendo is available here: https://support.pendo.io/hc/en-us/articles/360041032971-Agent-cookies-and-local-storage. Personal data is stored for a maximum of three years.

We have a data processing agreement with Pendo as well as standard contractual clauses in the event that personal data is transferred to third countries such as the USA.

More information about Pendo is available here: https://www.pendo.io/legal/privacy-policy/

5.3.4. Mouseflow
Our website uses tools from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark to better track usage patterns on our website. The tools record mouse movements, track where people click most frequently on the website, and track website visitor movements across different subpages. This knowledge helps us to design the website for ease of use and so that relevant information is easily found.
For this purpose the following data is used: A unique identifier that provides information on whether a visitor is a first-time visitor, click path, content viewed, abbreviated IP address and (if possible) location, mouse movements including scrolling activities, operating system and browser used, pages visited, usage data, length of stay on a page, device type, and language settings.
Mouseflow uses two cookies. One recognizes whether you have visited the site previously (mf_user) and another is only saved during your visit (a session cookie). The session cookie is deleted after your visit or at the latest when you close your browser. The mf_user cookie has a storage period of three months.
The legal basis for this is your consent according to Art. 6 (1) (a) GDPR, which you submit via the cookie banner. You can withdraw your consent at any time (see below). In addition, Mouseflow offers the possibility to declare an opt-out for the tracking of this company on all websites: https://mouseflow.com/opt-out/
You can find more information about the provider here: https://mouseflow.com/gdpr/

5.3.5. Google Tag Manager

Our website uses the Google Tag Manager service, which is provided for persons from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (collectively “Google”).

Google Tag Manager is a tag management system that can be used to integrate and manage scripts and tracking pixels on websites and apps, which in turn may collect data. Google Tag Manager does not access this data. We use this script from Google to optimize our landing pages.

We have concluded an order processing agreement with Google. Processing is carried out on the basis of consent in accordance with Article 6 Paragraph 1 Letter a GDPR; consent can be revoked at any time.

Further information can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245.

5.4. Cookies for marketing purposes

We also use tools for advertising purposes (“Marketing Tools”). Some of the access data generated when using our website is used for interest-related advertising. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that meets your actual interests and needs, on our website and on the websites of other providers.

The legal basis for the marketing tools is your consent in accordance with Art. 6 (1) (a) GDPR. To withdraw your consent, see section 11 “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”).

In the following section we would like to explain these technologies and the providers used for them in more detail. The data collected can include in particular:

  • the IP address of the device;
  • the identification number of a cookie;
  • the device ID of mobile devices;
  • referrer URL (previously visited page);
  • pages accessed (date, time, URL, title, length of stay);
  • downloaded files;
  • clicked links to other websites;
  • successful conversions, if applicable;
  • Technical information: Operating system; browser type, version and language; device type, brand, model and resolution;
  • approximate location (country and possibly city).

However, the data collected is only stored under a pseudonym, so that the person’s identity cannot be inferred.

5.4.1. Microsoft Advertising (formerly Bing Ads)

Our website uses Microsoft Advertising, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft uses cookies and similar technologies to present advertisements that are relevant to you.

For the use of Microsoft Advertising we have a data processing agreement as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

You can also prevent the collection of data generated by the cookies and relating to your use of the website by Microsoft, as well as the processing of this data by Microsoft, by deactivating the personalized ads at Microsoft Advertising or in the settings for ads.

Further information on this is available in Microsoft’s privacy statement at: https://privacy.microsoft.com/en-us/privacystatement.

5.5. External media

5.5.1. Social plugins and the Shariff protection tool

​Our website uses so-called “social plugins”. We currently use integrated buttons from namely Facebook, Twitter, Xing and LinkedIn. We do not collect personal data through the use of these “Social Plugins”. In order to prevent information being transmitted without your knowledge, in particular to the USA, we use “Shariff”. This ensures that when you visit our website, no personal data is forwarded to the providers of these Social Plugins. In line with our obligations to inform you under Article 13 of the GDPR, we would like you to know that data can only be transmitted to the service provider and stored there once you click on any of the social plugins.

Unless otherwise stated, the legal basis for this is your consent according to Art. 6 (1) (a) GDPR, which you submit via the cookie banner. To withdraw your consent, see section 11: “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 6 (“Data transfer to third countries”).

For data protection reasons, no personal data is initially passed on to the social network when you visit our website. The plug-in is only activated after you have given your consent, so allowing your browser to contact the social network directly. The solution we use for this is named Shariff.

In addition to revoking your consent, you as a Facebook member also have the option under advertising preferences to deactivate advertising based on social interactions. Further information on this is available in Facebook’s data policy statement at: https://www.facebook.com/about/privacy/.

5.5.2. Embedded Vimeo videos

We embed the video player services of Vimeo, Inc., 555 West 18th Street (New York), New York 10011 (www.vimeo.com) on our websites and applications. The videos are embedded as iFrames on our pages. When you follow the links to these pages, a connection between your browser (on your device) and the servers of Vimeo is established. In this process, such data as your IP address from the device you used when visiting the page (and some of your activities) may be processed under certain circumstances. By clicking on the video and interacting with the video player service, further information about you may be processed by Vimeo, e.g. to evaluate your viewed videos or your interests. 

Vimeo uses so-called web tracking methods on its own pages and within the video player service. These take place regardless of whether you are logged in or registered with Vimeo. Unfortunately, we cannot influence the web tracking methods of Vimeo and its affiliated services.
Please be aware of this: It cannot be ruled out that Vimeo uses your profile data to evaluate your approximate location, interests, videos viewed, etc. We have no influence on the processing of your data by Vimeo and the integrated services.
Please also refer to the privacy policy of Vimeo
 at https://vimeo.com/privacy.

5.5.3. Embedded YouTube videos

We embed the video player services of YouTube (Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland). Clicking on the videos results in the content from YouTube being reloaded. In this context, YouTube also receives your IP address, which is technically required to retrieve the content. We also have no influence on the further processing by YouTube. However, when embedding the videos, we made sure to activate the extended data protection mode offered by YouTube.
Please also note the privacy policy of YouTube at https://policies.google.com/privacy

6. Online presence in social networks

We maintain various online presences in social networks in order to communicate with interested parties and to inform them about our products and services:

Facebook Fanpage of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Irland („Facebook“)
Instagram Fanpage of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Irland („Instagram“)
LinkedIn company profile of LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland („LinkedIn“)
Xing company profile of XING SE, Dammtorstraße 30, 20354 Hamburg („Xing“)
Twitter profile of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland („Twitter“)
YouTube profile of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Mutterunternehmen: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („YouTube“)
Vimeo profile of Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA („Vimeo“)​

As part of the operation of our online presences on social networks, it is possible that we may access information such as statistics on the use of our online presences provided by the operator of the social network. These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country), employment-related information (e.g. job, function, industry, work experience, company size) as well as data on interaction with our online presence (e.g. likes, shares, subscriptions, viewing of images and videos) and the posts and content distributed via it. This may also provide information about users’ interests and which content and topics are particularly relevant to them. This information can also be used by us to adapt the design and our activities and content on the online presences and to optimise them for our audience. The collection and use of these statistics is subject to joint responsibility with the social network operator.

For more information on joint accountability, the nature and scope of these statistics and how to contact the social network, please see:

Facebook and Instagram: Page Insights Data Information, Page Insights Addendum Regarding the Responsible Party;
LinkedIn: Page Insights Joint Controller Addendum (the “Addendum”).

The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO, in order to stay in contact with our customers and to inform them, as well as for the implementation of pre-contractual measures with interested parties, and 6 para. 1 lit. f DSGVO, based on our legitimate interest in effective information and communication with users.

We have no influence on data that is processed by the social network under its own responsibility in accordance with the terms of use. However, we would like to point out that data about your usage behaviour may be transmitted to the operator of the social network when you visit the online presences. The operators of the social networks may process the aforementioned information to compile more detailed statistics and for their own market research and advertising purposes, over which we have no influence. For this purpose, cookies and other identifiers are stored on the computers of the persons concerned. On the basis of these usage profiles, advertisements are then placed within the social network, for example, but also on third-party websites. More information on this can be found in the data protection notices of the social networks:

Facebook
Instagram
LinkedIn
XING
Twitter
YouTube
Vimeo

Insofar as we receive your personal data when operating the online presence in the social networks, you are entitled to the rights stated in this data protection declaration. If you also wish to assert your rights against the operator of the social network, the easiest way to do this is to contact them directly. The operator knows both the details of the technical operation of the platforms and the associated data processing as well as the specific purposes of the data processing and can implement appropriate measures upon request if you make use of your rights. We will be happy to support you in asserting your rights, as far as we are able, and forward your requests to the operator of the social network.

7. Transferral of Data

Data collected by us is only transferred if:

  • you have given your express consent for us to do so according to Art. 6 Para. 1 Sent. 1 lit. a GDPR,
  • according to Art. 6 Para. 1 Sent. 1 lit. f GDPR the data is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in refraining from passing on your data,
  • we are legally required to transfer data according to Art. 6 Para. 1 Sent. 1 lit. c GDPR or
  • this is legally permissible and according to Art. 6 Para. 1 Sent. 1 lit. b GDPR is required for the execution of contractual relationships with you or for the execution of pre-contractual measures, which are carried out at your request.

Some of the data processing may be carried by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, but is not limited to, data centres that maintain our website and databases, IT service providers who maintain our systems, and consultants, distributors, and shipping service providers. If we pass on data to our service providers, they may only use the data to fulfil their tasks. Our service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational measures to protect the rights of the persons concerned and are regularly monitored by us.

Furthermore, your data may be disclosed in connection with government inquiries, court orders and legal proceedings if your data is required for prosecution or law-enforcement.

8. Data transfer to third countries

As explained in this data protection statement, we use services whose providers may be located in so-called third countries (outside the European Union or the European Economic Area) or who process personal data there, i.e. countries whose data protection level does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken the necessary precautions to ensure an appropriate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the data transfer on exceptions of Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a third country transfer is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) can gain access to the transmitted data in order to record and analyze them, and that the enforceability of your data subject rights cannot be guaranteed. If you grant your consent via the cookie banner, you will also be informed of this.

9. Storage Period

Typically, we only store personal data as long as necessary to fulfil the contractual or legal obligations to which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.

For evidence, we must retain contract information for three years from the end of the year in which the business relationship ends with you. At the earliest, any claims are barred after this legal limitation period has ended.

We sometimes have to save your data for accounting reasons. We are obliged to do so because of legal documentation obligations, which may arise from the German Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The deadlines for storing documents are two to ten years.

10. Your Rights

You have the right to request information about how we process your personal data at any time. As part of the provision of information, we will explain the data processing and provide you with an overview of the data stored about you.

If data stored on us should be incorrect or out of date, you have the right to have this information corrected.

You may also request your data to be deleted. If your data is prevented from being deleted due to legal provisions in exceptional cases, the data will be blocked, so that they are only available for these legal purposes.

You can also limit the processing of your data, such as: for example, if you believe that the information we hold is incorrect. You also have the right to have your data transferred, meaning that we will send you a digital copy of the your submitted personal data.

In addition, you have the right to object to data processing, which is based on Art. 6 Para. 1 Section. e & f GDPR. You have the right to complain to our Data Protection Authority. You can assert this right with a supervisory authority in the Member State in your place of residence, your place of work, or the place of the alleged breach. In Berlin, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße. 219, 10969 Berlin.

11. Withdrawal and withdrawal of consent

In line with Art. 7 Para. 2 GDPR, you have the right to revoke the consent you have given us at any time. As a result, we will not continue to process your data. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the withdrawal.

Your inquiries about the assertion of data protection rights and our answers to them will be stored for documentation purposes for a period of up to three years and for longer in individual cases of the assertion, exercise or defense of legal claims. The legal basis is Art. 6 (1) (f) GDPR, based on our interest in defending against any civil law claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability under Art. 5 (2) GDPR.

If you would like to exercise your right to withdraw or object, it is sufficient to send an informal message to the aforementioned contact details.

12. Data Security

AnkerWe maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as from unwanted third parties. These are adjusted according to current technologies. We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as prior knowledge of third parties. These are adjusted according to the current state of technology. To maintain the confidentiality and integrity of the information you provide on our website, this information is transmitted via https and Transport Layer Security (TLS).

Privacy policy on data processing when using our products

1. Officer and contact person

We provide our service to you as a processor as contracted by the client to implement the election (election organizer) within the meaning of Art. 28 (1) GDPR. This means that the election organizer is responsible for the personal data processed during the implementation of the election within the meaning of the GDPR. The election organizer should use their own data protection information to inform you of their contact details and those of the data protection officer and how the data processed during the election is handled.

However, you can still contact us or our data protection officer with regard to any questions about the use of data within the scope of the election. Our contact details are available here. If necessary, we will forward your inquiries to the election organizer.

2. Participation in elections

When you take part in an election, certain election data is collected. The only data to be collected is that which is necessary for you to take part in the election. These are

  • Identification data (e.g. your PIN and TAN),
  • the indication that you have voted (i.e. marked in the electoral roll),
  • and, separate from that, what or who you voted for (your ballot paper). Your ballot paper cannot be linked to the other data.

Your identification data and the information that you have voted are solely used to secure your one-time vote.

After you log in to the voting system, the POLYAS server needs to save a cookie on your computer. This session cookie contains no personal data and is not used by us in any way other than to facilitate your voting. In this way we can ensure that you can vote online with any operating system and browser. As soon as you close your browser after voting, the cookie is deleted automatically.

Of course the election itself is secret, i.e. it is impossible for the election organizer or for us to match your ballot paper and your other data at any time. The secret ballot papers are stored in encrypted form and are used solely to determine the election result.

After the election, the election organizer can request a list of who took part in the election. At no time does the election organizer have any way to find out about the voting behavior of individual voters.

The legal basis for this processing is Art. 6 (1) (b) GDPR.

State: February 2023

Changes to the data protection statement

We occasionally update this data protection statement, for example if we update our website or if there is a change to the legal or official requirements.