123 Buckingham Palace Road
Director: Arne Schubert
T+44 (0) 20 4586 8900
London & Wales
Company Reg No.: 7566684
Information on Data Protection
The protection of your privacy when using our website is very important to us. Therefore we also give you the opportunity to learn in detail when we use the data and for what purpose. So you can get an overview of how we use the information collected, here we have put together the following information. Collection of the following data, the following information will be collected by us:
- I. General Information
- 1. Introduction
- 2. Contact Details
- 3. Joint Controllers
- 4. The kind of information we hold about you
- 5. How we will use information about you
- 6. Term of Retention
- 7. Categories of Data Recipients
- 8. Transfer of Data to Third Countries
- 9. Your Rights
- II. Data Processing Via Our Website
- 10. General
- 11.Third-party links on our Website
- 12. Cookies
- 13.Consent Management Tool
- III. Contact Options and Requests
- 14. Contact Form
- 15. Chat
- 16. Reviews and Feedback
- 17. Customer Login
- 18. Newsletter
- 19. Newsletter Analysis
- 20. Service Provider
- IV. Data Processing & Transaction with Us
- 21. Placing Orders
- 22. Credit Card Payments
- 23. Payment via Paypal
- 24. Instalments
- 25. Instant Bank Transfers
- V. Marketing & Analytics
- 26. Google Tag Manager
- 27. Google Marketing Service
- 28. reCAPTCHA
- 29. Microsoft Advertising
- 30. Taboola
- 31. Facebook Pixel
- 32. LinkedIn Marketing Solutions
- VI. Data Processing via Social Media
- 33. General
- 34. Facebook and Instagram
- 35. LinkedIn
- 36. Twitter
- 37. Xing
- 38. YouTube
- 39. Comments and Direct Messages
- VII. Additional Data Processing
- 40. Data of Customers and Interested Parties
- 41. Email Marketing
- 42. Job Applications
I. General Information
1.1. Allbranded Limited is committed to protecting the privacy and security of your personal information (collectively referred to as “the Company”, "we", "us" or „our").
1.2. This Privacy Notice (“Notice”) describes how we collect and use personal information about you during and after your relationship with us in accordance with the Data Protection Act 2018 and its retained EU law version of the General Data Protection Regulation 2016 (“GDPR”).
1.3. This Notice applies to all our customers and website users located in the United Kingdom (“UK”), whether past, present or prospective and including any relevant third parties such as your permitted agents or representatives.
1.4. It is important that you read this Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. This Notice does not form part of any contract to provide services you may have with the Company from time to time.
1.5. We reserve the right to amend this Notice at any time without notice to you so, if required, please check to ensure that you are referring to the latest copy of this Notice. We may also notify you in other ways from time to time about the processing of your personal data.
2. Contact Details
2.1. Allbranded Limited of 284b Battersea Park Road, London, United Kingdom, SW11 3BT is a "data controller" for the purposes of the GDPR. This means that we are responsible for deciding how we hold and use personal information about you.
2.2. We have appointed a “Data Privacy Manager” to oversee compliance with this Notice. If you have any questions about this Notice or how we handle your personal information, please contact our Data Privacy Manager at email@example.com for further information.
2.3. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
3. Joint Controllers
3.1. Allbranded is an international organisation and may share your data with other entities within the Allbranded group. Each party shall be considered a “joint controller” for the purposes of the GDPR which means that the parties may jointly determine the purposes and means of processing your personal data.
3.2. Generally, the entities will only share personal information in connection with the management of Allbranded, in compliance with their own legal obligations, and the enforcement and administration of justice. However, each party may use your personal data for their own independent purposes where this is required or permitted by law.
3.3. Each party is responsible for its own obligations as a ‘controller’ under the GDPR but if you have any questions about how your data may be shared within the Allbranded group please contact the Data Privacy Manager.
4. The kind of information we hold about you
4.1. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are also "special categories" of more sensitive personal data which require a higher level of protection.
4.2. We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate the usage data of our website to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Notice.
4.3. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
5. How we will use information about you
5.1. We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
5.1.1. Where we need to perform the contract we have entered into with you.
5.1.2. Where we need to comply with a legal obligation.
5.1.3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
5.1.4. Where we have obtained your consent.
5.2. We may also use your personal information in the following situations, which are likely to be rare:
5.2.1. Where we need to protect your interests (or someone else's interests).
5.2.2. Where it is needed for official purposes.
5.3. Details of our most common uses of your personal data and the legal grounds which allow us to do so are set out further below.
6. Term of Retention
6.1. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
6.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
6.3. Details of retention periods for different aspects of your personal information are available on request from the Data Privacy Manager, but generally, we store accounting data for 10 years and keep personal data deriving from our business correspondence and contracts for 6 years.
6.4. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
7. Categories of Data Recipients
7.1. We may have to share your data with third parties. We will only share your Personal Data with third parties where required by law, where it is necessary to administer your relationship with us or where we have another legitimate interest in doing so.
7.2. “Third parties" includes third-party service providers such as our contractors, suppliers and designated agents. We may also need to share your personal information with a regulator or to otherwise comply with the law.
7.3. Most commonly, we will need to share your data with the third party processors who help service our business including: the hosting, maintenance and support of our IT systems; customer and order management; order processing; book keeping and billing; marketing measures; the destruction of files; data carriers; postal and delivery services; financial and banking services; tax and auditing and compliance with our legal obligations generally.
7.4. Any third parties in the UK and the EU are subject to the provisions of the GDPR or similar regulations in relation to your personal data. They are required to take appropriate security measures to protect your personal information and we do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
8. Transfer of Data to Third Countries
8.1. Allbranded is an international organisation and so your data may be transferred outside the UK. The GDPR restricts data transfers to countries outside the UK and EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. We transfer personal data originating in one country across borders when we transmit, send, view or access that data in or to a different country.
8.2. We will only transfer Personal Data outside the UK if one of the following conditions applies:
8.2.1. the UK Government and/or European Commission (as applicable) has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects' rights and freedoms;
8.2.2. appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism;
8.2.3. you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
8.2.4. the transfer is necessary for one of the other reasons set out in the GDPR including the performance of your contract with us, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.
8.3. Please contact the Data Privacy Manager if you want further information about when we may transfer your information outside the UK and the specific mechanisms used by us to ensure the protection of your personal data.
9. Your Rights
9.1. Under certain circumstances, by law you have the right to:
9.1.1. Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
9.1.2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
9.1.3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
9.1.4. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
9.1.5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
9.1.6. Request the transfer of your personal information to another party.
9.2. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Privacy Manager in writing using the details set out above.
9.3. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
9.4. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
9.5. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Privacy Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
II. Data Processing Via Our Website
10.1. We automatically collect personal information about you when you interact with our website and online applications. This includes data about your equipment, browsing actions and patterns.
10.2. This data may include internet protocol (IP) addresses, your login data, browser type and version, time zone setting and GPS based location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website or other online applications and any other information obtained through electronic means.
10.3. We collect this personal data by using cookies, server logs and other similar technologies, as almost all websites and online applications do, to help provide you with the best experience we can. Further information on how your personal data is processed when using our website can be found below.
11. Third-party links on our Website
11.1. Our website may include links to third-party websites, plug-ins and applications from our partners, members, advertisers or affiliates. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
11.2. Similarly, if you take up any offers or promotions with our affiliates, any information we provide to those third parties may be passed on to their own suppliers. We are not responsible for personal data that is used by such third parties in their capacity as independent or joint ‘data controllers’.
11.3. When you leave our website or otherwise engage with third-parties, we would urge you to read the privacy notice of every website you visit to ensure you are fully informed of all data processing activities connected with the services you receive from us.
11.4. Please note our website and online applications are not intended for children and we do not knowingly collect data relating to children.
12.2. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. We use the following cookies:
12.2.1. Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
12.2.2. Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
12.2.3. Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
12.2.4. Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
12.3. Please note that third party cookie providers may also use these cookies for their own purposes over which we have no control. These third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third party cookies are likely to be analytical cookies or performance cookies or targeting cookies.
12.4. You can block cookies by activating the setting on your browser that allows you to refuse the placement of all or some cookies. However, please note that if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website. The cookie settings for each browser are different. To find out more on how to manage and delete cookies for the most common browsers, please see the following:
12.4.2. Internet Explorer: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
12.4.3. Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
12.4.4. Safari: https://www.apple.com/legal/privacy/en-ww/cookies/
12.4.5. Opera: http://help.opera.com/Windows/10.20/en/cookies.html
13. Consent Management Tool
13.1. We use the consent management tool "Usercentrics" from Usercentrics GmbH (Germany/EU) to enable our website users to give consent to certain data processing activities, to revoke that consent or to object to certain data processing activities. This consent management tool also helps us to provide proof of your declarations of consent.
13.2. We process log data in order to record your declarations of consent and prove that consent was granted. We process this data to comply with the legal obligations of the Company under the GDPR and further information on this may be found in the settings of the consent management tool.
III. Contact Options and Requests
14. Contact Form
14.1. Our website contains contact forms which you may use to send us a message. The transfer of data by this means is encrypted (recognisable by the "https" in the address line of the browser). Alternatively, you may send us a message using our contact email address.
14.2. All data fields marked as mandatory on our forms are required to process your request and failure to provide any mandatory data may mean that we cannot process your request. The provision of any further data is voluntary.
14.3. We process this data for the purpose of answering your requests and the legal basis which allows us to do so may be the performance of the contract we are trying to enter into with you and/or otherwise in pursuit of our legitimate interests in responding to your request.
15.1. We also use the live chat service “Userlike” on our website from Userlike UG (Germany/EU).
15.2. You can use the live chat like a contact form to chat with our employees, almost in real time. If no employees are immediately available, the answer will be provided by a chat bot until an employee becomes available.
15.4. When using the service, we will ask for your name and email address and, depending on the course of the conversation, additional personal data may be provided by you.
15.5. The history of the live chat is saved for one year and may be recalled using cookies that recognise past visitors. The purpose of this is to avoid you having to provide extensive explanations about the history of your request and to ensure the constant quality control of our live chat service.
15.6. We will only process your data in connection with our live chat services where you have given us your consent to do so.
16. Reviews and Feedback
16.1. We use Trustpilot, a service of Trustpilot A/S (Denmark/EU), to offer our customers the opportunity to rate our services.
16.2. If you, as a customer, have made use of our services, we will ask for your consent to send you a rating request and, if given, you will receive a rating request with a link to a rating page.
16.3. In order to ensure that you have actually used our services, we transmit certain data to Trustpilot (including your name, email address and reference number) which is used solely to verify the authenticity and address of the user and for no other purposes.
16.4. You must open a customer account with Trustpilot in order to submit a review. Trustpilot is responsible for any data collected as part of their registration process and any subsequent use of that data.
16.5. We also integrate the Trustpilot widget into our website to display our current review status. This content is retrieved from Trustpilot’s servers using your IP address and Trustpilot will receive a notification that you have looked at our website.
16.6. This information may be stored as a cookie and is used by Trustpilot to recognise which online offers have been looked at by you. The information may then be saved in a user profile and used for advertising or market research purposes.
16.7. We will only use your data in connection with Trustpilot’s widget or review services where you have given us your consent to do so and further information as to how Trustpilot may use your data may be found here: https://support.trustpilot.com/hc/en-us/sections/360003853673--Data-privacy-for-reviewers
17. Customer Login
17.1. You have the option of creating a customer account on our website and logging in to your account when using our website.
17.2. To do this, you must first register as a customer and complete the information specified in the registration form. The provision of any data marked as mandatory is required to complete the registration and failure to provide any mandatory data may mean that we cannot register your account.
17.3. We process data in relation to our customer accounts for the purposes of entering into or performing our contract with you but may use this data for other purposes where the law permits us to do so.
18.1. We offer the option of registering for newsletters so you can keep regularly updated on our latest news and offers.
18.2. A valid email address is required to register for our newsletters, and to verify the e-mail address, you will first receive a registration e-mail which you must confirm via a link (a.k.a. double opt-in consent). If you subscribe to our newsletters, we will process personal data such as your email address and your name on the basis of this consent.
18.3. You may revoke your consent for continued processing at any time via the "Unsubscribe" link in our newsletters or by contacting us directly. Please note that the legality of any data processed prior to any revocation of consent will be unaffected.
18.4. We will save your IP address and the date/time of your registration when signing up for our newsletters. This is necessary to prove that consent was obtained and we process this data to comply with our legal obligations under the GDPR.
19. Newsletter Analysis
19.1. Please note we may also analyse the reading behaviour and the opening rates of our newsletters. For this purpose, pseudonymised usage data is collected and processed by us which we do not merge with your e-mail address or your IP address.
19.4. This data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect any of this data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Notice, and in particular, for the purpose of serving our legitimate interests in optimising our newsletters. You may object to this at any time by using one of the contact methods set out in this Notice.
20. Service Provider
20.1. We use the service provider Mailchimp from the Rocket Science Group to manage subscribers and send the newsletter. We will therefore transmit your email address to Mailchimp.
20.2. The processing takes place on our behalf and serves our legitimate interest in the optimization and economic sending of our newsletter. If you do not want your data to be processed by Mailchimp, you should not subscribe to or unsubscribe from the newsletter.
IV. Data Processing & Transactions with Us
21. Placing Orders
21.1. Should you order a product via our website, we will process your personal data exclusively for the purpose of performing our contract with you or to be able to provide you with the product you have ordered, save where you have placed an order on behalf of your company, where we will process your data on the basis of our legitimate interests in performing our contract with your company.
21.2. All data fields marked as mandatory on our order forms are required to process your request and failure to provide any mandatory data may mean that we cannot process your order. The provision of any further data is voluntary
21.3. Please note, in order to be able to deliver our products to you, we will transmit certain contact details concerning your order to our suppliers and/our shipping providers.
22. Credit Card Payments
22.1. You have the option of paying by credit card when placing an order with us. Please note that your relevant payment service provider shall be responsible for collecting and processing your payment information and we do not control these third-party providers and are not responsible for their privacy statements or their use of your data.
23. Payment via Paypal
23.1. You may also pay via PayPal. Please note that any relevant payment information is collected and processed by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (Luxembourg/EU) independently of us.
23.2. PayPal forwards the address data you have stored with your PayPal account to us, which we then process exclusively for the purpose of processing your contract, except where you have placed an order on behalf of your company, where we will process your data on the basis of our legitimate interests in performing our contract with your company.
23.3. Further information on PayPal’s privacy terms may be found at: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.
24.1. We also offer the option of payment by invoice and instalments in co-operation with payolution GmbH (Austria/EU).
24.2. To use this service, payolution must carry out an identity and credit check against you, and to facilitate this process, we will collect further data from you (such as your date of birth, your gender and your telephone number) and transmit this information to payolution.
24.3. We process this data for the exclusive purpose of performing our contract for services with you and you should please visit payolution’s general terms and conditions for further detail on their terms for paying by invoice and instalment.
24.4. Further information on how payolution may use your data can be found at. https://www.unzer.com/en/datenschutz.
25. Instant Bank Transfers
25.1. Payments may also be made by instant bank transfer in co-operation with Sofort GmbH (Germany/EU), a company of the Klarna Group.
25.2. If you use this service, Sofort GmbH will send us confirmation that a transfer order has been successfully placed for your order. This includes the data from the transfer form (name, account number, bank code, reference, transfer amount) as well as the date (with a timestamp) and the transaction identifier selected by us (e.g. order number).
25.3. In the case of SEPA transfers and if, depending on your bank, BIC and IBAN are required to facilitate a transfer via your online banking account, the confirmation forwarded to us will also contain the relevant BIC and IBAN numbers. Sofort GmbH does not transmit any further personal data to us.
25.4. We process this data for the purpose of performing your contract with us, except where you have placed an order on behalf of your company, where we will process your data on the basis of our legitimate interests in performing our contract with your company.
25.5. Further information on Sofort GmbH’s privacy terms may be found at: https://www.klarna.com/uk/privacy
V. Marketing & Analytics
26. Google Tag Manager
26.1. We use the Google Tag Manager from Google Ireland Limited (Ireland/EU) to manage our website tags via an interface.
26.2. The Google Tag Manager is a cookie-free domain that does not collect or store any personal data. However, Google Tag Manager may trigger other tags which in turn may collect data without accessing the respective data themselves. If a deactivation is made at domain or cookie level, this remains in effect for all tracking tags that are implemented within Google Tag Manager.
27. Google Marketing Service
27.1. We also use the Google Analytics service of Google Ireland Limited (Ireland/EU) to tailor our website to your needs and continuously optimize it. The service uses online identifiers (including cookies), IP addresses, device identifiers and information about your interaction with our website.
27.2. Google will use this information on our behalf to evaluate the use of our website, to compile reports on the activities within our website and to provide us with other services related to the use of our website and the internet. In doing so, user profiles can be created from the processed data, which we may link to data that we have received via our contact forms.
27.3. We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google.
27.4. We also use the Google Universal Analytics and Google Analytics 4 variants which enable us to assign usage data from different devices and from different sessions to a unique user ID. This enables us to put individual user actions into context and analyse them.
27.5. We use the Google Ads Conversions marketing service to place ads that are relevant to users in the Google advertising network (e.g. in search results or on other websites), improve reports on campaign performance and prevent users from being shown ads multiple times.
27.6. Each Ads customer saves a different conversion cookie on your device. These cookies cannot be tracked across the websites of different Ads customers and are used to record which advertisements are displayed in which browser to prevent the same campaign from being displayed multiple times. In addition, these cookie IDs can be used to record what are known as conversions (i.e. whether a user sees an advertisement and later visits the advertiser's website and purchases something there).
27.7. Through Remarketing we can appeal to users who have already interacted with our website. Our ads are delivered when this target group visits a Google website or a website within the Google advertising network. For these purposes, when our website is called up, Google executes a code and so-called (re) marketing tags are integrated into the website.
27.8. The cookies for the above processes can be set by various domains including google.com, doubleclick.net, googlesyndication.com or googleadservices.com. These cookie files record which websites users have visited, which content they are interested in and which offers have been used as well as technical information on your browser and operating system, referring websites, visiting times and other information on the use of our website. All user data is only processed as pseudonymous data and does not contain any information with which we can personally identify users. The displayed advertisements are therefore not displayed specifically to a person but to the owner of the relevant cookie.
27.9. Further information on these processing activities, the technologies used, and the storage periods of data may be found in the settings of our consent management tool and we will only process your personal information for this purpose if you have given us your consent to do so.
27.10. Please note, in the case of all of Google’s services, we cannot rule out the transmission of data to Google Inc. in the USA where this is permitted by law. For further information on Google’s privacy terms, please visit their data protection information at https://www.google.com/policies/privacy.
28.1. On this website, we are using the reCAPTCHA tool provided by Google Ireland Limited (Irland/EU). This tool is used for all contact forms in order to protect the website from spam and abuse. For this integration, processing your IP address is technically necessary for a connection to the servers of reCAPTCHA to be established and for the content to be sent to your browser. Therefore, your IP address is processed by reCAPTCHA on our behalf and is replaced by a hash value immediately after collection. For further information on privacy at reCAPTCHA, please refer to the reCAPTCHA privacy information: https://www.google.com/policies/privacy.
28.2. We use this service for security reasons in order to check whether form entries are made by a natural person. This way, automated access attempts and attacks can be detected and blocked off. We are required by law to take technically and commercially reasonable measures to ensure the security of our website. The legal basis is sec. 6 I c GDPR in conjunction with sec. 32 GDPR. and par. 13 sec. 7 German Teleservices Act.
28.3. You can prevent this data processing at any time via your browser settings or certain browser extensions. One such extension is the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.
29. Microsoft Advertising
29.1. We also use the “Microsoft Advertising” service from Microsoft Ireland Operations Limited (Ireland/EU) on our website.
29.2. Microsoft Advertising is an online marketing service that uses a Universal Event Tracking tool (UET) to help us target advertisements using the Microsoft Bing and Yahoo search engines by using cookies.
29.3. Personal data is processed in the form of online identifiers (including cookies), IP addresses, device identifiers and information about device and browser settings.
29.4. Microsoft Advertising collects data via the UET that we can use to track target groups based on remarketing lists. To do this, a cookie is stored on the device used when visiting our website. Microsoft Advertising can then recognise that our website has been visited and that an advertisement will be displayed when Microsoft Bing or Yahoo is used later.
29.5. The information is also used to generate conversion statistics (i.e. to record how many users have come to our website after clicking on an ad). This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information with which users may be personally identified.
29.6. In some cases, Microsoft may collect data that is stored on the device you are using and/or place cookies to store additional information your device. This will only take place if you have given your consent for Microsoft to do so.
29.7. Further information on the Microsoft’s processing activities, the technologies used, and the storage periods for data may be found in the settings of our consent management tool and on Microsoft Bing Ads’ privacy terms via the following link: https://privacy.microsoft.com/en-us/privacystatement.
31. Facebook Pixel
31.1. We use Facebook Pixel on our website, a business tool from Facebook Ireland Limited (Ireland/EU).
31.2.1. Information about the actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
31.2.2. Specific pixel information such as the pixel ID and the Facebook cookie;
31.2.3. Information on buttons that were clicked on by visitors to the website;
31.2.4. Information contained in the HTTP header, such as IP addresses, information about the web browser, the location of the page and the referrer;
31.2.5. Information on the status of the deactivation/ restriction of ad tracking.
31.4. Tracked conversions appear in the dashboard of our Facebook Ad Manager and Facebook Analytics. We can use the tracked conversions there to measure the effectiveness of our ads, to set custom audiences for targeting ads, for dynamic ad campaigns and to analyse the effectiveness of the conversion funnels on our website. The functions we use via Facebook Pixel are set out in more detail below.
Processing of event data for advertising purposes
31.5. The event data collected via Facebook Pixel is used to target our advertisements and to improve the delivery of advertisements, to personalise functions and content, and to improve and secure Facebook products.
31.6. For this purpose, event data is collected from our website using Facebook Pixel and transmitted to Facebook Ireland. This only takes place if you have provided your prior consent.
31.7. Such collection and transmission of event data is carried out by us and Facebook Ireland with joint responsibility. We have entered into an agreement with Facebook Ireland dealing with our joint processing activities in which the distribution of data protection obligations between us and Facebook Ireland is stipulated. In this agreement, we and Facebook Ireland have agreed, among other things, that:
31.7.1. we are responsible for informing you in accordance with our transparency obligations under the GDPR about the joint processing of personal data;
31.7.2. Facebook Ireland is responsible for enabling the rights of our data subjects pursuant to the GDPR where any personal data is stored by Facebook Ireland.
31.8. You may access the agreement between us and Facebook Ireland via https://www.facebook.com/legal/controller_addendum
31.9. Facebook Ireland is solely responsible for any subsequent processing of the transmitted event data and for more information on how Facebook Ireland processes personal data, including the legal basis based upon which Facebook Ireland operates and how you may exercise your rights against Facebook Ireland, please see Facebook Ireland's privacy terms at: https://www.facebook.com/about/privacy.
Processing of event data for analytical purposes
31.10. We have also commissioned Facebook Ireland to prepare reports on the impact of our advertising campaigns and other online content based on the event data collected via Facebook Pixel (campaign reports) and to generate analyses and insights into users and their use of our website, products and services (analyses). For this purpose, we transmit personal data contained in the event data to Facebook Ireland which is then processed by Facebook Ireland (as our processor) in order to provide us with campaign reports and analyses.
31.11. The processing of personal data for the purpose of preparing analyses and campaign reports is only facilitated if you have provided prior consent.
31.12. Please note, in the case of all of Facebook’s services, we cannot rule out the transmission of data to Facebook Inc. in the USA where permitted by law. Please contact the Data Privacy Manager for further information on the mechanisms that may permit the transfer of data to third countries, and for further information on Facebook’s own privacy terms, please visit their data protection statements at https://www.facebook.com/about/privacy.
32. LinkedIn Marketing Solutions
32.1. We use the services of LinkedIn Marketing Solutions from LinkedIn Ireland Unlimited Company (Ireland/EU). In particular, we use the LinkedIn Insight Tag which is integrated on our website, and triggered by LinkedIn when you visit our website and saves a cookie on your device. This enables us to carry out the various functions described below:
Function: Conversion Tracking
32.2. LinkedIn Conversion Tracking is an analysis function supported by the LinkedIn Insight Tag which collects data on visits to our website, including the URL, referrer URL, IP address, device and browser properties (user agent) and time stamp.
32.3. The IP addresses are shortened or (if used to reach members across devices) hashed. LinkedIn does not provide us with any personally identifiable information, it only provides reports (which do not identify you) about the website target audience and ad performance. In this way we can record the effectiveness of LinkedIn’s advertisements for statistical and market research purposes.
32.4. The direct ID of any members will be removed by LinkedIn within seven days in order to pseudonymise the data. LinkedIn then deletes this remaining pseudonymised data within 180 days. This processing is carried out for the purpose of obtaining information about our website target group and reporting on the effectiveness of LinkedIn’s campaigns.
Function: Target Group Advertising
32.5. We also use the “Matched Audiences” service to target our advertising campaigns to specific target groups. Through LinkedIn Matched Audiences and associated data integrations, we can target advertising to specific target groups on the basis of data that we make available to LinkedIn (e.g. company lists, hashed contact information, device IDs or event data such as websites visited). This processing takes place for the purpose of marketing our offers via targeted advertising.
32.6. Further information on LinkedIn Marketing Solutions’ processing activities, the technologies used, and the storage periods of data may be found in the settings of our consent management tool and we will only process your personal information for this purpose if you have given us your consent to do so.
32.7. Please note, in the case of all of LinkedIn’s services, we cannot rule out the transmission of data to the USA where permitted by law. Please contact the Data Privacy Manager for further information on the mechanisms that may permit the transfer of data to third countries, and for further information on how LinkedIn handles your data, as well as your rights and setting options to protect your personal data, please visit their data protection statements at https://www.linkedin.com/legal/privacy-policy.
VI. Data Processing via Social Media
33.1. The Company employs social media to encourage the sharing of information on our business and services and holds accounts on several social media platforms including:
33.1.5. Xing; and
33.2. When visiting or interacting with profiles on social media platforms, your personal data may be processed. The information associated with your social media profiles is regularly classified as personal data. This also includes messages and statements made using such profiles. In addition, certain technical information is often automatically collected during your visit to social media profiles which may also be classified as personal data in certain circumstances.
34. Facebook and Instagram
34.1. When visiting our Facebook or Instagram pages, through which we present our Company or individual products, certain information about you is processed. Facebook Ireland Ltd (Ireland/EU – “Facebook”) is solely responsible for its processing of your personal data in this way.
34.2. Further information on the processing of personal data by Facebook may be found at https://www.facebook.com/privacy/explanation. In particular, Facebook offers the option of objecting to certain data processing activities and the relevant information and opt-out options may be found in their data policy.
34.3. Facebook also provides us with statistics and insights for our Facebook and Instagram pages in an anonymised form, by means of which we obtain information about the types of actions that people take on our page (so-called "page insights"). These page insights are created based on certain information about people who have visited our site.
34.4. Processing of personal data for this purpose is carried out by Facebook and us with joint responsibility. The processing of such data serves our legitimate interests in evaluating the types of actions taken on our site and improving our site based on this knowledge. We cannot assign the information obtained via these page insights to individual Facebook profiles that interact with our Facebook page.
34.5. As set out above, we have reached an agreement with Facebook about our joint processing obligations. Please find more detail on this and Facebook’s use of data generally here: https://www.facebook.com/privacy/explanation.
35.1. The LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is solely responsible for the processing of personal data when visiting our LinkedIn page. Further information on the processing of personal data by LinkedIn is available at https://www.linkedin.com/legal/privacy-policy.
35.2. LinkedIn also processes personal data of website users who follow, visit or otherwise deal with the Company’s LinkedIn page in order to provide us with statistics and insights in an anonymous form. This gives us information about the types of actions that people take on our site (so-called “page insights”).
35.3. In particular, LinkedIn processes the data that you have already made available to LinkedIn on your profile such as data on your functions, country, industry, seniority, company size and employment status. LinkedIn will also process information about how you interact with our LinkedIn company page (e.g. whether you are a follower of our LinkedIn company page). LinkedIn does not forward any personal data about you as part of its page insights. We only have access to the aggregated data forming the page insights themselves.
34.4. It is also not possible for us to draw conclusions about individual members from the information on the page insights. The processing of personal data for this purpose is carried out by LinkedIn and us with joint responsibility. The processing of such data serves our legitimate interests in evaluating the types of actions taken on our LinkedIn company page and to improve our company page on the basis of this knowledge.
35.5. We have reached an agreement with LinkedIn about our joint processing obligations in which the distribution of data protection obligations between us and LinkedIn is specified. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum, and in particular, the following has been agreed between us:
35.5.1. we have agreed that LinkedIn shall be responsible for enabling you to exercise your rights under the GDPR. You may contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=uk) or contact LinkedIn using the contact details in their privacy documentation. You may also contact us using our contact details to exercise your rights in connection with the processing of personal data as part of page insights. In such cases, we will forward your request to LinkedIn.
35.5.2. we have agreed that the Irish Data Protection Commission will act as the lead supervisory authority overseeing the processing for page insights. You may always lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other regulatory authority.
36.1. Twitter Inc. (USA) is solely responsible for the processing of personal data when visiting our Twitter profile.
36.2. Further information on the processing of personal data by Twitter Inc. is available at https://twitter.com/en/privacy.
37.1. New Work SE (Germany/EU) is solely responsible for the processing of personal data when visiting our Xing profile.
37.2. Further information on the processing of personal data by New Work SE is available at https://privacy.xing.com/en/privacy-policy.
38.1. Google Ireland Limited (Ireland/EU) is solely responsible for the processing of personal data when visiting our YouTube channel.
38.2. Further information on the processing of personal data by YouTube or Google Ireland Limited may be found at https://policies.google.com/privacy.
39. Comments and Direct Messages
39.1. We also process information made available to us directly by you via our company pages on our various social media platforms. This information may include your username, contact details or a message to us.
39.2. Generally, we process this data on the basis of our legitimate interests in establishing contact with enquiring persons. However, we may also process this data on the basis of entering into a contract with you and further processing may take place if you have given us your consent or if this is otherwise necessary to comply with a legal obligation.
VII. Additional Data Processing
40. Data of Customers and Interested Parties
40.1. Please note that if you contact us directly as a customer or as an interested party, we will process your data with a view to entering into a contract with you or as otherwise permitted by law.
40.2. This regularly includes the processing of personal master data, as well as contract and payment data provided to us, and contact and communication data for our commercial customers and business partners.
40.3. We process this data for the purpose of processing your contract, except where you have placed an order on behalf of your company, where we will process your data on the basis of our legitimate interests in performing our contract with your company.
40.4. We may also process data of customers and interested parties for evaluation and marketing purposes as a legitimate interests of our business provided that such processing does not prejudice your fundamental rights and freedoms and further processing may take place if you have given us your consent or if this is otherwise necessary to comply with a legal obligation.
41. Email Marketing
41.1. You will receive marketing communications from us if you have requested information from us, purchased services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
41.2. We may use your personal information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services or products may be relevant for you.
41.3. You can ask us to stop sending you marketing messages at any time by following the ‘unsubscribe’ links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving marketing messages, we may still process your personal data, in compliance with the above rules, where this is required or permitted by law.
42. Job Applications
42.1. Should you apply to work for our company, we will only process your application data for the purpose of processing your application and for purposes related to your interest in our current or future employment vacancies.
42.2. Your application will only be processed and acknowledged by the relevant contact persons within our Company. All employees entrusted with data processing shall be obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will keep the data you provided for up to six months following a possible rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent a deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to a longer retention period.
42.3. We process this data for the purpose of considering entering into an employment contract with you or otherwise in the legitimate interests of the Company. If we keep your application data for more than six months, and you have given us your express consent to do so, we would like to point out that this consent may be freely revoked at any time. Such a revocation does not affect the legality of any processing of data before withdrawing your consent.