Falkensteg GmbH privacy information

Date: 2 July 2019

1. Introduction

We take the protection of your personal data very seriously. We have created this privacy policy to inform you about what personal information we collect, how it is processed and for what purposes. We always handle your personal data in accordance with statutory data-protection regulations and the provisions of this privacy policy.

2. Controller

Falkensteg GmbH
Cecilienallee 54-55
40474 Düsseldorf
Germany
Phone: +49 211 547663 0
falkensteg@falkensteg.com

3. Data protection officer

Dr. Christian Schmoll
Legal counsel – IT law specialist
Kaiserplatz 2
80803 Munich
schmoll@dp.institute

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Visiting the website

Every time our website is visited, our system automatically collects data and information from the system of the computer requesting access. In order for the pages to be displayed in your browser, the IP address of the device you are using must be processed. Furthermore, additional information about the browser used on your device is processed.

Every time our website is visited, our system automatically collects data and information from the system of the computer requesting access. In order for the pages to be displayed in your browser, the IP address of the device you are using must be processed. Furthermore, additional information about the browser used on your device is processed.

The following data is logged for this Purpose:

  • IP address of the computer accessing the website
  • Operating system of the computer accessing the website
  • Browser version of the computer accessing the website
  • Name of the file retrieved
  • Date and time at which access was requested
  • Amount of data transferred
  • Referring URL

This data is erased on a regular basis. Our website is hosted by a processor pursuant to GDPR Article 28.

The legal basis for this data processing is GDPR Article 6(1)(f). Our overriding legitimate interest is in operating this website and realising our objective of protecting the confidentiality, integrity and availability of the data.

5. Contact and client database

If you contact us to enquire about information or a service, the information you provide will be stored to enable our response to the enquiry. We require the information requested in the contact form on the website so that we can process your enquiry, address you correctly and provide you with an answer.

Enquiries are saved in our customer relationship management system. This data may be used by us for direct-marketing campaigns. You may object at any time to this data being used for direct marketing. Details of your right to object are provided below in the “Right to object” section.

Our customer relationship management system is regularly reviewed to establish whether data can be erased. If data is no longer required within our relationship with an existing or prospective client or if the client’s interests conflict with and override our own, we will erase the relevant data as long as this does not contravene any statutory retention obligations.

Our customer relationship management system is regularly reviewed to establish whether data can be erased. If data is no longer required within our relationship with an existing or prospective client or if the client’s interests conflict with and override our own, we will erase the relevant data as long as this does not contravene any statutory retention obligations.

6. Performance of service (clients and suppliers)

We process the data of our clients and suppliers to help us deliver our contractual services. Where appropriate, we process user data (such as the contact’s first name, last name and address), contact data (such as the email address and telephone number), contractual data (such as the contract’s subject matter and term), payment data and data collected and/or required to help us perform the service.

The legal basis for this data storage and processing is the performance of a contract or the taking of steps prior to entering into a contract pursuant to GDPR Article 6(1)(b).

7. Cookies

Our website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other forms of information storage. They store information connected to the specific device that has been used. Cookies contain a distinctive character string that enables unique identification of the browser each time our website is accessed. They also contain information about their origin and storage expiry date. However, this does not provide us with direct information about your identity.

We use cookies to make our website more user-friendly.

The first type of cookies we use are session cookies, which are only stored for the duration of the relevant visit to our website (e.g. to save the contents of your shopping basket). Each session cookie contains a randomly generated, unique identification number known as a session ID. Session cookies are automatically deleted after the visitor leaves our website.

We also use temporary cookies (first-party cookies), which we save on your device for a given period of time. If you visit our website again, it will automatically recognise that you have already visited us and will identify which information you have provided and settings you have selected so that you do not have to reconfigure them.

We also use cookies for other purposes, such as web analytics. These cookies are also each automatically deleted after a set period of time. The use of these cookies is explained in greater detail below.

You can prevent cookies from being set by selecting the appropriate settings in your browser. However, please note that this may limit your ability to use our website. Cookies do not install or launch any programs or other applications on your computer.

You can object to the use of cookies for reach measurement and marketing purposes by using the Network Advertising Initiative’s deactivation page (http://optout.networkadvertising.org/), the US website (http://www.aboutads.info/choices), the European website (http://www.youronlinechoices.com/uk/your-ad-choices/) or by clicking the button below:

Cookie settings

Withdraw cookie consent

The legal basis for the processing of personal data using cookies is GDPR Article 6(1)(f). Our overriding legitimate interest is in conducting, analysing and optimising our website and interactions with Clients.

8. Google Analytics

We use web analytics services on our website or sections of our website to find out how it is used by visitors and to optimise the website as a whole, including its presentation.

We use Google Analytics with IP anonymisation. Google Analytics is a web analytics service provided by Google Ireland Limited. Cookies are set as part of Google Analytics. During the IP anonymisation process, the IP addresses collected from Google users are truncated within the European Economic Area before they are transferred to the United States. Only in exceptional cases is the full IP address transferred to Google in the United States and truncated there. The IP addresses transferred are not merged with other Google data.

You can prevent cookies from being stored by selecting the appropriate settings in your browser. You can also prevent Google from receiving and processing the cookie-generated data about your use of our online services by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en. This uses JavaScript to notify Google Analytics that data and information about website visits are not to be transferred to Google Analytics.

When Google Analytics is used, personal data is transferred to a third country outside the EU. Google has obtained Privacy Shield certification, which you can view here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are appropriate safeguards for the transfer of data pursuant to GDPR Article 46.

The legal basis for this data processing using Google Analytics is GDPR Article 6(1)(f). Our legitimate interest is in analysing, optimising and efficiently conducting our website and client interactions.

9. Social media buttons

Our website contains integrated buttons from the social-media networks Xing and LinkedIn. These can be identified by the logo of each Network.

If you click on one of these social media buttons, you will be redirected to our pages on the relevant social-media network. In this case, the provider of the social-media platform in question will be informed that your browser has accessed the relevant page on our website, even if you do not have a profile on that social media network or are not logged into it. This information (including your IP address) will be transferred from your browser directly to a server belonging to the relevant provider. If you click on a social-media button and are either already logged into the relevant social-media network or subsequently log in on the relevant social-media network’s page, the information transferred may be matched with your account on the social-media network.

Please refer to the privacy policies of the respective social-media platform providers for information about the purpose and scope of data collection and processing by the relevant social-media platform providers, provider identification, contact options and your data protection rights and associated settings options.

The social-media networks’ privacy policies can be found over the following links:

  • https://www.linkedin.com/legal/privacy-policy?_l=en_UK
  • https://privacy.xing.com/en/privacy-policy

The legal basis for the integration and use of these social-media buttons is GDPR Article 6(1)(f). Our overriding legitimate interest is in marketing our services and our Website.

10. The legal basis for the integration and use of these social-media buttons is GDPR Article 6(1)(f). Our overriding legitimate interest is in marketing our services and our Website.

We maintain publicly accessible profiles on the social-media networks Xing and LinkedIn (hereinafter referred to as “social-media pages” or “fan pages”).

If you visit one of our social-media pages and are logged into the respective social-media network, the provider of that social-media platform may analyse your usage patterns, match the collected information with your account on the social-media network and add this to information on the platform. Even if you are not logged in or do not have an account on the social-media network, the provider of the social-media platform may collect data about you, such as your IP address or data obtained via a cookie.

Operators of social-media platforms may use this data to profile users. This user profiling may then be used to show you interest-based advertisements on the social-media network’s sites and other Websites.

If you visit one of our social-media pages, we share responsibility with the provider of the social-media platform for the collection and processing of your personal data on that platform. For information about the collection and processing of your personal data on such platforms, please read the social-media networks’ privacy policies. We do not have any further information on these subjects. The social-media networks’ privacy policies can be found over the following links:

  • https://www.linkedin.com/legal/privacy-policy?_l=en_UK
  • https://privacy.xing.com/en/privacy-policy

If so requested, we will be happy at any time to provide you with information about the appropriate safeguards for the transfer of data to third countries pursuant to GDPR Article 46.

You can exercise your data subject rights pursuant to GDPR Chapter 3 (rights to access, rectification, erasure, restriction of processing, data portability, etc.) through both us and the provider of the relevant social-media platform. On this point, please note that our ability to take action on the processing of personal data and observance of the rights of data subjects on our social-media pages is limited to the options provided to us by the relevant platform provider.

The legal basis for our use of social-media pages is GDPR Article 6(1)(f). Our overriding legitimate interest is in presenting and marketing our products and services on the Internet.

11. Fonts

To display our website’s content correctly with attractive graphics on a range of different browsers, we use font libraries on this website. Accessing font libraries automatically triggers a connection to the library operator, notifying the operator that the typeface required for our website has been accessed from your IP address.

You can prevent the use of such libraries and associated transfers of data by installing a JavaScript blocker (e.g. www.noscript.net).

We use the fonts.com font library operated by Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA, 01801, United States.

Accessing the font library automatically triggers a connection to the library operator. Monotype only collects information about the monthly number of page views and not any personal data. For details about data collection by Monotype, please visit https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/

The legal basis for this data processing is GDPR Article 6(1)(f). Our overriding legitimate interest is in optimising and efficiently conducting our website and the customer interactions occurring through it.

12. Job applications

Job applications

When we conclude an employment contract with a job applicant, the data transferred is processed to establish the employment relationship in accordance with the relevant legal requirements. Your personal data and/or application documents will be deleted no more than three months after the end of the application process (e.g. after announcing a rejection) unless longer storage is legally required or permitted. Beyond this, we only retain your personal data if deletion is incompatible with an overriding legitimate interest, such as providing a defence against claims or preserving proof of compliance pursuant to the German General Equal Treatment Act (AGG).

The legal basis for this data storage and processing is the performance of a contract or the taking of steps prior to entering into a contract pursuant to GDPR Article 6(1)(b).

13. Age restriction

This website is not intended or designed to be used by children under sixteen years of age. We do not knowingly collect personal data from individuals under the age of sixteen.

14. Data recipients

Within our company, your data is provided to the offices or organisational units that require this data to perform their duties, which potentially includes executing contracts with you, processing data with your consent or acting in our overriding legitimate interests.

Data is only passed on to third parties within the provided legal framework. We only pass your data on to third parties if it is required for contractual purposes based on GDPR Article 6(1)(b) or for the purpose of our overriding legitimate interest in conducting our business rewardingly pursuant to GDPR Article 6(1)(f).

If we use service providers or third parties to help us provide our website and/or services, we will make appropriate legal arrangements and take technical and organisational measures accordingly to ensure that your personal data is protected.

If we use content or tools from service providers or third-party providers headquartered in a third country to help us provide our website and/or services, data will be transferred to a third country on a regular basis. Third countries are nations in which the GDPR is not directly applicable, i.e. countries outside the EU and European Economic Area. Data is only transferred to third countries if there exists an appropriate level of data protection, user consent or other legal permission, including if there is appropriate safeguarding in place pursuant to GDPR Article 46

It is possible that we may acquire or dispose of the company, parts of the company or individual assets. Personal data may be transferred in connection with such a sale, merger, reorganisation or similar event of this nature. In this case, your personal data will of course continue to be processed in accordance with this privacy policy. The legal basis for this data transfer is our overriding legitimate interest in conducting and growing our business rewardingly pursuant to GDPR Article 6(1)(f).

15. Your rights

You have the right to be provided with information free of charge about any of your personal data that is stored and about its origins, any recipients and the purpose for which it has been processed. Furthermore, you have the right to have this data rectified, suppressed or deleted; to restrict its processing and to object to its processing.

You also have the right to have data that is automatically processed by us delivered to you or to a third party in a commonly used, machine-readable Format.

To exercise your rights, please get in touch with us via the contact details listed above for the data controller.

In addition, you have the right to lodge a complaint with the relevant supervisory authority for data protection.

16. Withdrawal of consent

A number of data-processing operations are only possible with your express consent. You may withdraw your consent at any time. To do so, an informal message sent to us by email is sufficient. The lawfulness of data processing performed prior to the withdrawal of consent will remain unaffected by that withdrawal.

17. RIGHT TO OBJECT

If your data is processed for the purposes of our overriding legitimate interests (as explained in this privacy policy), you may object to this processing with effect for the future. To do so, please contact us via the contact details listed above for the data Controller.

You are normally only entitled to exercise this right to object on grounds relating to your particular situation (GDPR Article 21(1)). After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the data is being processed for the establishment, exercise or defence of legal claims.

If the data is processed for direct-marketing purposes, you may exercise your right to object at any time (GDPR Article 21(2)) and your personal data will no longer be processed for direct-marketing purposes, irrespective of the grounds for the objection.

18. Obligation to provide data

The provision of personal data is not legally or contractually required, nor are you under any obligation to provide personal data. However, it is necessary to provide certain personal information for the conclusion and performance of a contract insofar as certain information is indispensable in order to enter into and execute a contract.

19. Automated decision-making

We do not engage in automated decision-making, including for profiling purposes.

20. Retention and erasure

We adhere to the principles of privacy by design. As a result, we only retain your personal data for as long as is necessary to achieve the purposes specified in this policy or in accordance with the retention periods provided by law.

If the purpose of the storage no longer applies or if the retention period provided by law has expired, the personal data will be routinely suppressed or erased in accordance with the statutory provisions.

21. Technical and organisational data security measures

We take organisational, contractual and technical security measures in accordance with the latest industry practices to ensure compliance with the provisions of data protection law and, in turn, to protect the data we process from accidental or intentional tampering, loss, destruction or access by unauthorised parties.

Our website uses SSL encryption for security reasons and to safeguard the transfer of confidential content, such as the orders, enquiries or payment information you send to us.

22. Changes to this privacy policy

We reserve the right to amend this privacy policy from time to time to ensure that it always meets the latest legal requirements and to reflect changes to our services, such as the introduction of new services. Any subsequent website access will then be subject to the terms of the updated privacy Policy.