We, edding International GmbH (hereinafter referred to as “edding”), have written this privacy statement to inform you about the personal data we collect when you interact with our website, how these data are used and your options for influencing the way we collect, store and process data (hereinafter also referred to as “use”).
1. Responsibility and contact
The controller responsible for the use of personal data within the terms of the General Data Protection Regulation (hereinafter referred to as “GDPR”) is edding International GmbH, Bookkoppel 7, 22926 Ahrensburg, Germany, telephone +49 (0)4102 808-0, firstname.lastname@example.org.
The company’s data protection officer, Frau Jennifer Jähn-Nguyen, datenschutz nord GmbH, Standort Hamburg, Sechslingspforte 2, 22087 Hamburg, can be reached via the contact details above.
If you would like to view or update personal data, or have questions about privacy in relation to our website, please email email@example.com or write to us at the above address.
2. Use of personal data
Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.1 Collection with your cooperation
We collect and store your personal data when you use this website if you provide us with such data voluntarily. We use such personal data without specific consent solely for the purpose of dealing with your request or question. You are free to choose whether to provide us with your data for the stated purposes. If the nature of your request or question permits, you can also interact with us anonymously, or by using a pseudonym. We will always obtain your express consent to use your personal data for other purposes (in particular for advertising).
In principle, we will only store your data for the length of time required to deal with your request or question. Data required for internal administrative purposes, in particular for commercial purposes and in order to defend legal claims, will not be erased until such data are no longer required for the purpose in question (legal basis is Art. 6 (1f) GDPR), but until that time will be barred from being used for any other purpose.
2.1.1 Email enquiries
If you send us an email, we will store your email address and any personal information that the message contains (legal basis is Art. 6 (1f) GDPR). We only do this in order to be able to deal with your enquiry, and we will erase the data in question once the data are no longer required. You may also assert your rights as a data subject (see point 5) at any time with regard to the processing of data; in particular, you can object to the corresponding processing of data.
2.1.2 Enquiries using the contact form
If you have contacted us using the contact form and have agreed the declaration of consent shown below, we will use your personal data as follows:
In order to process the form, the personal data you have entered in the corresponding entry fields of the contact form will be collected and stored.
Depending on the matter in question, this shall include the following personal data in particular:
- email address
- telephone number
Furthermore, you can compose a message to edding in the area of the contact form provided for this. If you enter any personal data as part of your message, these data will also be collected and stored.
These personal data are used exclusively in order to deal with your enquiry and are stored in the event that you have further questions. The enquiry may be forwarded by email to the relevant individual(s) within the company in order for us to be able to respond to your enquiry.
If you fill in the contact form or send an email to express interest in specific or general goods or services offered by edding, we will use the data you have provided so that we may advise you and, where necessary, send you information about these goods or services.
We use your personal data for the stated purposes on the basis of your consent (legal basis is Art. 6 (1a) GDPR). Furthermore, we store your IP address and the time at which you gave your consent to document the fact that you have given your consent.
On the website www.edding.com, edding provides a newsletter that contains news about products, services and promotions. We will use your personal data as follows if you subscribe to the newsletter and if you have consented to receiving the newsletter when you register:
When you subscribe to the newsletter, we will store your email address. Futhermore, you are able to submit your title, forename, surname and date of birth. The same applies to your interests. We use these data for internal statistical purposes and in order to personalise your newsletter.
We use what is known as the "double opt-in process" when you sign up for our newsletter. After you have signed up for our newsletter, we will send an email to the email address you have provided and will ask you to confirm that you have asked to receive the newsletter. If you confirm your subscription, the newsletter will be sent to your email address until further notice. If, on the other hand, you do not confirm your subscription, your registration will be automatically deleted after 48 hours.
We use your personal data for the stated purposes on the basis of your consent (legal basis is Art. 6 (1a) GDPR). Furthermore, when you sign up for and confirm your newsletter subscription, we store your IP address and the time at which you gave your consent to document the fact that you have given your consent.
We use MailChimp, a service of the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter "MailChimp"), to structure the remaining content, distribute our newsletter and to analyse the response. We have concluded a data processing agreement with MailChimp for this purpose. This agreement ensures that MailChimp processes your personal data exclusively according to our instructions and in accordance with current data protection law. MailChimp is licensed under the EU-US Privacy Shield and therefore guarantees a level of data protection which corresponds to the standards of European laws on the protection of personal data.
If you sign up our newsletter, your email address and other personal data that you have given us in order to personalise the newsletter will therefore be stored on MailChimp's servers in the USA. MailChimp uses this information to send out our newsletters and to analyse user behaviour once the newsletter is received. MailChimp collects technical information when analysing use, in particular with regard to the browser used, the IP address and the time of download. MailChimp establishes whether and when a newsletter or the links it contains are opened. This information is used exclusively to make a better assessment of the expectations of the newsletter recipient and to adapt the content accordingly. In addition, it is also possible for MailChimp to use these data to optimise or improve its own services (for example, making newsletter distribution more efficient), by recording the language settings, location data or time zones. At no time will MailChimp write to you for its own ends using your personal data, or pass your data on to third parties.
The legal basis on which the newsletter is distributed is the consent for which provision is made in Art. 6 (1a) GDPR. We therefore use the services of MailChimp as our processor on the basis of the statutory consent given in accordance with Art. 6 (1f) GDPR. Our legitimate interest lies in the centrally coordinated offer of a legally compliant and interest-specific newsletter by a professional provider. If you no longer wish to receive the newsletter, you may cancel at any time (Art. 21 GDPR), or withdraw your consent (Art. 7 (3) GDPR) and thereby unsubscribe from the newsletter. To do so, click on the link that can be found in each newsletter. You will then be taken through the subscription cancellation process. Alternatively, you can cancel the newsletter by sending an email to firstname.lastname@example.org.
If you participate in one of our competitions on our Website or Social Media Accounts, we process personal data of the participants on the organization of the competition. This includes, depending on the individual case and on the type of platform used, as far as necessary, in particular the following data:
- First and last name,
- Your account name of the respective social media platform,
- E-mail Address,
- Date of birth,
- Postal Address,
- Telephone Number,
- Competition entry.
To the extent necessary, your data may be passed on to our cooperation partners in the implementation of the competition and to shipping service providers in compliance with applicable data protection law.
Insofar as the winner or winners are announced on the websites / social media channels of the organizer after the conclusion of the competition, this is done based on Art. 6 (1) f) GDPR. Our overriding legitimate interest is to communicate the successful completion of the sweepstakes to the community in a promotional manner. You can object to this at any time by sending an informal message to edding (Art. 21 GDPR).
We will delete your data if it is no longer required for the aforementioned purposes and we are not legally obliged or entitled to continue storing the data, in particular for verification purposes in connection with participation in the competition. In this case, we will block the data for all other purposes and restrict access rights accordingly.
2.1.5 Video conference systems
Hereinafter we would like to inform you which video conference systems we and/or the respective edding subsidiary (edding AG, edding International GmbH, edding Vertrieb GmbH) use to communicate with business partners and customers (e.g. to hold video conferences, online seminars, and workshops; hereinafter referred to as “video conference”) and which personal data are processed by the respective edding subsidiary as the responsible data controller and by the respective provider of the video conference system used.
One of the following video conference systems (hereinafter referred to as “providers”) are used to hold video conferences:
Microsoft Teams – A service of the provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (“Microsoft”).
For more information on the purpose and extent of data collection and processing through Microsoft, please see Microsoft’s privacy statement at https://privacy.microsoft.com/de-de/privacystatement and, for Microsoft Teams specifically, at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.
If your usual place of residence is in the European Economic Area or Switzerland, Microsoft Ireland Operations Ltd. (The Atrium Building Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18, Ireland) is the data controller responsible for your personal data.
Cisco Meeting Service – A service of the provider Cisco Systems, Inc., 170 West Tasman Drive San Jose, CA 95134-1706 USA (“Cisco”).
Cisco Meeting Service is operated on servers of edding AG, Bookkoppel 7, 22926 Ahrensburg, Germany.
For general information about data processing by Cisco, please see Cisco’s privacy statement at https://www.cisco.com/c/de_de/about/legal/privacy-full.html and at https://trustportal.cisco.com. You can find a comprehensive overview of Cisco’s data security measures and official certifications at https://trustportal.cisco.com.
You can check the invitation that was sent to you to see which video conference system the respective edding subsidiary will use to hold the respective video conference.
In order to use the respective video conference system and download the required software, it is regularly necessary to access the respective provider’s website. Once you access the respective provider’s website, the respective provider is responsible for data processing as the operator of the website. As an alternative to downloading, the providers offer apps where you have to enter the respective meeting ID, usually along with other access data, to access the video conference. If you don’t want to or cannot use both the app and the software of the respective provider, the providers also offer the basic functions of the respective video conference system as a browser version. You can also find the browser version on the website of the respective provider.
Depending on the provider, using a video conference system will entail the processing of different personal data. The extent of the personal data processed will depend on which personal data you provide or transmit before or during participation in a video conference.
The below personal data may be subject to processing when using the video conference system of the respective provider:
- User information: First name, family name (required for participation in online seminars and workshops), phone number (optional), email address, password, profile data such as the username (optional);
- Meeting metadata: Topic, description (optional), participants’ IP addresses, device/hardware information;
- Where the video conference is recorded (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of online seminar chat;
- Where participants dial in per phone: Incoming and outgoing phone number, country, start and stop time; other connection details may be stored, such as the device’s IP address;
- Text, audio, and video data: Participants in video conferences can use features for chatting, asking questions, or conducting surveys. If you use these features, the text you input is subject to processing in order for it to be displayed during the video conference and logged (where online seminars or workshops are recorded). In order to display video and reproduce audio, the personal data transmitted by your terminal device’s microphone and/or camera during the video conference are processed. You can always turn off or mute your microphone or camera yourself from within the respective video conference system
In order to participate in an online seminar or workshop and dial in using a video conference system, it is required that you provide your name. The use of a pseudonym is possible when participating in video conferences, except in the case of online seminars and workshops, if you are identifiable as a valid participant by some other means. In some cases, it might also be necessary that you create a user account with the respective provider. In such cases, your customer data will be also used by the respective provider for their own purposes.
To protect your personal data when using video conference systems, data processing agreements that comply with the requirements of Art. 28 GDPR have been concluded with the respective provider. As it cannot be precluded, especially when using Microsoft Teams, that using the provider’s service might entail your personal data being transferred to a third country (especially the USA), EU standard contractual clauses (SCCs) were concluded to ensure a level of data protection acceptable in the EU (Art. 46 Para. 2 c) GDPR). In accordance with these SCCs, Microsoft is obligated to comply with European data protection law and ensure an appropriate level of data protection.
The legal basis for data processing in the framework of holding online seminars and workshops is Art. 6 Para. 1 b) GDPR, since it is necessary to process data in order to effect the contractual relationship.
For all other video conferences, the legal basis for data processing is the legitimate interest (Art. 6 Para. 1 f) GDPR) of being able to offer you a suitable alternative for holding personal meetings as well as of simplifying and improving the means of communication. The provision of personal data to providers as the data processor is based on our legitimate interest in the economic and technical advantages involved in the use of specialized data processors (Art. 6 Para. 1 f) GDPR). In cases where data processing is based on legitimate interest (Art. 6 Para. 1 f) GDPR), you may object at any time to a video conference being held by means of the respective provider (Art. 21 GPDR). However, please note that in such cases, the respective edding subsidiary may not be able to initiate the video conference due to a lack of technical options.
Your personal data subject to processing are deleted as soon as they are no longer required in order for the respective provider to render and hold the video conference or ensure its services or as soon as you have given us your consent to process your data (e.g. to send you a newsletter or to record and publish a seminar).
2.1.6 Holding online seminars and workshops
18.104.22.168 Registering for online seminars and workshops
You can register via email for online seminars and workshops (hereinafter referred to as “seminars”). It is necessary for the respective edding subsidiary holding the seminar (edding AG, edding International GmbH, edding Vertrieb GmbH) to process the below personal data to this end:
- Your first name and family name,
- Your email address,
- Information on the seminar in question, and
- Other personal data in your email.
It is unfortunately not possible to register for a seminar without providing these data. Your personal data are subject to processing in order to provide you with all the information you need prior to the seminar, to register you for the seminar, and finally in order to hold the seminar itself. Thus, the legal basis for processing your personal data is the initiation and/or execution of a contractual relationship (Art. 6 Para. 1 b) GDPR).
Your personal data are deleted as soon as they are no longer required to hold the seminar and provided there is no legal justification or obligation for us to continue processing your personal data. If there is, in addition to your participation in the seminar, already a contractual relationship in place between you and the respective edding subsidiary holding the seminar or you have given your consent to the respective subsidiary to process your data (e.g. to send you a newsletter), your personal data will be processed for this purpose even after the seminar has concluded.
22.214.171.124 Holding and recording seminars
One of the video conference systems listed under 2.1.5 is used to hold seminars. The processing steps related to your personal data described there thus also apply to the use of video conference systems to hold seminars.
- Recording seminars using the video conference system
In some cases, seminars are recorded by means of the dedicated function offered by the respective video conference system.
If a seminar is recorded and the recording thereof is intended for subsequent publication on websites such as social media (YouTube, Facebook, Instagram, Twitter, etc.) of the edding Group (currently: edding AG, v.D. Ledermann & Co. GmbH, edding Benelux B.V., EDDING (U.K.) LTD., edding France SAS, edding Hellas Ltd., edding Ofis ve Kirtasiye Ürünleri Tic. Ltd., edding Argentina S.A., edding Colombia S.A.S., edding Mexico S. de. R.L. de C.V.), your personal data (above all, the name you provided as well as the information listed under “Where the video conference is recorded” and “Text, video, and audio data”) will be processed exclusively with your consent as per Art. 6 Para. 1 a) GDPR. Your consent will be sought during the registration process for the seminar (see 126.96.36.199 for more). You may revoke your consent at any time with future effect by writing to our data protection officer e.g. by mail to the address listed under 1 or per email to email@example.com.
- Recording a seminar in the studio
In some cases, edding also records seminars in the studio for subsequent publication.
In such cases, the personal data that participants provide through the respective video conference system are not recorded.
Any chat messages that you send to us during the seminar are not recorded. The same applies to video and/or audio data. Participation in edding seminars does not require the use of your camera and microphone, so you therefore should not use them at that time. However, under no circumstances will the camera team in the studio record your video data. Should you wish to use the audio system (e.g. to ask a question), it is not necessary to mention your personal data; moreover, the question you asked will be cut from the recording and thus not published.
2.2 Collection of data without your cooperation
We collect and use personal data generated automatically by your visit to our website in order to provide our services. The authoritative legal basis for this analysis of user behaviour is section 15 (3) of the German Telemedia Act [Telemediengesetz] and Art. 6 (1f) GDPR. Our legitimate interest lies in offering a user-friendly service, optimising our product to meet our customers’ expectations, for example by tracking how users reach our website, the content that is of interest when they do and how much time is spent viewing it. We can then offer products that correspond more specifically to interests on this basis.
2.2.1 Log files and (session) cookies
Whenever you visit our website, our server temporarily notes your computer’s IP address, the client’s file request (filename and URL) and the http status code, as well as the website from which you have visited us, in what are known as log files. We store your IP address for seven days to highlight abuse (spam, virus, worms, etc.) and to identify and rectify problems.
Furthermore, our website uses “cookies” in several places, designed to make our products more user-friendly and efficient. Cookies are small text files which do not contain any personal data. These are placed on your computer and stored by your browser. These data are not combined with other data sources. Most of the cookies we use are “session cookies” and are deleted once you finish browsing.
Cookies do not damage your computer per se and do not contain viruses. You can set your browser so that it does not accept cookies at all or so the cookies are deleted at the end of your browser session. Please note that you may not be able to use all of our website’s functions if you do so.
2.2.2. Google Tracking and Marketing Tools
Our Website uses tracking and marketing tools by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ('Google').
If you are normally resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller for your data.
If you consented expressly to the data processing described in sections 188.8.131.52 - 184.108.40.206 (Art. 6 (1) a) GDPR), Google will generate the information its services require using cookies. This data is normally sent to one of Google's servers in the USA and saved there. To guarantee an EU-equivalent level of data protection, we have concluded EU standard contract clauses with Google EU (Art. 46 (2) c) GDPR) under which Google agrees to comply with European data protection standards.
There are a number of ways you can stop cookies being used, as follows:
• By setting your browser software accordingly: in particular, suppressing third party cookies means you will not receive any third party ads. But please note you may not then be able to use all the functionalities we offer in full;
• By installing the plug-in Google provides at https://www.google.com/settings/ads/plugin;
• By deactivating the interest-related ads of providers who belong to the About Ads campaign via http://www.aboutads.info/choices. This setting will then be deleted when you delete your cookies.
To find out more about data protection when using Google Analytics, go to support.google.com/analytics/answer/2838718. To find out more about protecting your data when using Google services, you can also visit:
220.127.116.11. Google Analytics
We use Google Analytics on our Website. Google Analytics saves cookies in your web browser for 26 months since you last visited and records the data below amongst others when you visit our Website, sends it to one of Google's servers in the USA and saves it there:
• Browser type/version
• The operating system you are using
• Referrer URL (last site you visited)
• Accessing computer's host name (IP address)
• Time server request made
• Achieving 'website targets' (e.g. contact requests)
• What you do on sites (e.g. clicks, scrolling and dwell time)
• Roughly where you are (city, state)
• Technical information like browsers, Internet providers, terminal and screen resolution
• Where you came from (i.e. via what website and/or ad you came to us).
Google does not merge the IP address your browser sent with any other data, however. We have also extended Google Analytics on this Website to include the code 'anonymiseIP'. This guarantees your IP address will be marked. Only in exceptional cases will the full IP be sent to one of Google's servers in the USA and abbreviated there.
The cookies Google Analytics uses also contains a randomly generated user ID by which you can be recognised when you visit Websites in future. The information the cookies generate is saved along with the randomly generated user ID, which makes it possible to analyse pseudo user profiles. This user-related data is deleted automatically after 540 days. Other data remains saved in aggregated form indefinitely.
Google uses the information obtained by using cookies to analyse how you use our Website, compile Website activity reports and provide us with Website usage and Internet-related services, so we can improve our offer and design it to be more interesting for you as the user. We also get information on how our site is working, such as detecting navigation problems.
Google may also use the information obtained for its own purposes, which is why we do not use Google's services on our Website unless you consent to this when processing your personal data (legal basis is Art. 6 (1) a) GDPR). Once you have given your consent, of course, you can withdraw it anytime as stated in section 2.2.2 going forward. You are also given an opt-out cookie here which you can install to prevent Google recording data, which is particularly helpful in case the deactivation add-on does not work and/or on mobile devices. If you use different browsers/peripherals to use our Website, you must repeat these steps with all the browsers and devices you use.
To find out more about data protection when using Google Analytics, go to https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376. To find out more about protecting your data when using Google services, you can also visit:
18.104.22.168. Google Ads Conversion
We use Google Ads Conversion to use ads ('Google Ad') to draw attention to our attractive offers on external Websites. We use ad campaign data to see how successful individual ad campaigns are. This is because we have an interest in showing you ads you will find interesting, designing our Website to make it more interesting for you and calculate fair ad costs.
Google provides these ad resources via so-called 'ad servers'. For this, we use ad server cookies to measure certain success parameters such as fading in ads or clicks by users. If you reach our Website via a Google ad, Google Ads saves a cookie on your device. These cookies are normally valid for 540 days and should not be used to identify you personally.
This cookie is generally used to save analyses:
• Unique cookie ID
• Number of ad impressions per placement (frequency)
• Last impression (relevant to post-view conversions) and
• Optout information (flag showing user does not want to be contacted any more)
Google uses these cookies to recognise your browser. If you visit certain pages on an Ads customer's website and the cookie saved on your computer has not run out, Google and we can recognise that you have clicked on the ad and been forwarded to this page. Each Ads client is assigned a different cookie, so cookies cannot be traced via Ads clients' websites.
We do not collect or process any personal data in these ads ourselves. Google merely provides us with statistical analyses, which we can use to see which of the ads we use is particularly effective. We do not get any other data from using Ads, and cannot identify users from this information in particular.
If you have consented to the data being processed as described (Art. 6 (1) a) GDPR), your browser will make a direct connection with Google's server based on the marketing tools used. We have no control over how much data Google collects using this tool or how it is then used, and we can therefore only tell you what we ourselves know: incorporating Ads Conversion tells Google you have called up the part of our Internet presence concerned or clicked on one of our ads. If you have registered with a Google service, Google can attribute the visit to your account. Even if you are not registered with Google and/or have not logged in, Google may record and store your IP address.
22.214.171.124. Google Ads Remarketing
We also use the Google Ads Remarketing function if you've consent to this expressly (Art. 6 (1) a) GDPR). We can use the Remarketing function to present those using our Website on other websites within the Google Ads network (in Google Search or on YouTube, 'Google Ads' or on other websites) with ad displays based on their interests. We do this by analysing how you interact as a user of our Website, e.g. what offers you were interested in so we can show you ads directed at other sites even after you visited our Website. To enable us to analyse this, Google saves cookies on your device if you visit Google services or websites in the Google Display network. These cookies expire after no more than 540 days (this applies only to cookies set via this website). These cookies can be used to identify your browser you used to visit the website concerned: they are used only to identify the web browser on a given terminal, not to identify anyone.
2.2.3. Google Tag Manager
This Website uses Google Tag Manager, a solution we can use to manage website tags via an interface. The tool itself (which implements the tags) is a cookie-less domain and does not record any personal data. The tool serves to trigger other tags, such as (cf. Google Analytics section 2.2.2 below) which record data themselves in some cases. Google Tag Manager does not access this data. If you deactivate at domain or cookie level, these continue for all tracking tags implemented using Google Tag Manager.
2.2.4. Facebook Pixel
To continue analysing and optimising our offer and operate it economically, we also use Facebook Pixel by social network Facebook which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ('Facebook').
To ensure we protect our data to EU level, we have concluded EU standard contract clauses with Facebook (Art. 46 (2) c) GDPR) whereby Facebook agrees to meet European data protection rules.
Facebook Pixel is tied to our Website indirectly via Facebook and can save a cookie on your device provided you have consented to this expressly (Art. 6 (1) a) GDPR). If you then log into Facebook or visit Facebook while you are logged in, visiting our online offer is noted in your profile. Data collected about you is anonymous as far as we are concerned, we cannot tell who you are; but Facebook saves and processes this data, so it can be linked to the user profile concerned and Facebook can use it for its own market research and advertising purposes. If we send Facebook data for comparison purposes, this will be encrypted locally on the browser and only then sent to Facebook via a secure https connection. The only reason we do this is comparing with the data Facebook encrypts.
Using the Facebook Pixel, Facebook can also select visitors to our Website as its target group for ads ('Facebook Ads'): so we set the Facebook Pixel settings so they show only the Facebook Ads we send to Facebook users who have also shown an interest in our online offer or show certain features, such as being interested in certain subjects or products according to the websites they have visited, which we send to Facebook ('custom audiences'). We also use the Facebook pixel to ensure our Facebook Ads reflect what users could be interested in and are not annoying. We can also use the Facebook Pixel to check how effective Facebook ads are for statistical and market research purposes by seeing whether users visit our Website after clicking on a Facebook ad ('conversion').
We also use the add-on 'extended comparison' function when using the Facebook Pixel, sending encrypted data creating target groups ('custom audiences' or 'lookalike audiences').
We only use the Facebook Pixel on our Website if you consent to your personal data being processed in this way (Art. 6 (1) a) GDPR). You can of course withdraw extended consent going forward at any time: if you withdraw it, your data can still be processed lawfully until you do so.
To find out more about how Facebook collects and uses data, what your rights are here and how you can protect your privacy, see Facebook's data protection notices at https://www.facebook.com/about/privacy/.
Alternatively, you can disable the Custom Audiences remarketing function at https://www.facebook.com/settings/?tab=ads#_=. (You need to be registered with Facebook to be able to do this.)
To set what kinds of ads can be shown you in Facebook, you can call up the page Facebook created and follow the instructions on setting use-based advertising there. These settings are platform-neutral: that is, they are used for all hardware such as desktop computers or mobile devices. You can also object to using cookies which serve to measure range and are used for advertising purposes via the network advertising initiative's deactivation page, US website aboutads.info or European website youronlinechoices.com.
2.2.5. Embedding Videos via YouTube
We embed YouTube videos in our online offer; these are saved at www.youtube.com and can be played direct from our Website. YouTube is provided by a third party which is not affiliated with us, YouTube LLC, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube's embed function in 'extended data protection mode', which according to YouTube’s information does not store any user information until a video starts being played.
Even if users are not logged in, YouTube saves your data amongst other things to collect video statistics, make itself user-friendlier and suppress abuse.
To find out more about what YouTube collects and processes data and to what extent, see their data protection statement. This also tells you more about your rights and settings available to protect your privacy: https://www.google.de/intl/de/policies/privacy.
Google also processes your personal data in the USA, so we have signed standard EU contract clauses to ensure a reasonable level of data protection.
We use Sleeknote to show email newsletter sign-up pop-ups. Sleeknote is a service provided by Sleeknote ApS, Jens Baggesens Vej 90A, 8200 Aarhus.
We collect the following data:
• Submitted data: This is the data you collect with Sleeknote, for example, name and email fields on a SleekBox. This will in many cases be personal data.
• Analytics data: This is data you passively gather using Sleeknote, you can compare it to what you would gather with a service like Google Analytics. Below is a list of data you will be collecting with Sleeknote in regards to Analytics and what you could be collecting in the various SleekBoxes or SleekBars.
• Submitted Data via Sleeknote: Using Sleeknote you can collect various personal data. Often this will include but not be limited to: Email, Name, Address, Phone number, Gender, IP address.
• Analytics Data: Using Sleeknote you are gathering analytics data that consists of Time of visit, Geolocation of visitor, Browser language, Pages visited, Website referrer, User agent, Returning visitor and Device. Sleeknote specific data: SleekBoxes and SleekBars shown, SleekBoxes and SleekBars engaged (Newsletter signup or links clicked), SleekBoxes and SleekBars closed and Links clicked.
To supplement the description as it comes from Cookiebot (tooling we use for this):
Purpose: Used to generate statistical data on how visitors use the website / sleeknote.
Expiration Time: Session
Type: Pixel Tracker
Purpose: Functional cookie that allows pop-ups to be displayed.
Expiration Term: Persistent
For displaying your Instagram content on our website and for the organization of usage rights, we use the user-generated content management tool "Squarelovin" from our partner, Anchor Media GmbH, Budapester Str. 47, 20359 Hamburg ("Squarelovin").
The processing, i.e. the integration of user-generated Squarelovin content, is based on the agreement for the use of user-generated content (Art. 6 (1) b) GDPR). The use of Squarelovin is based on our overriding legitimate interest (Art. 6 (1) f) GDPR) to use a professional service provider for the implementation and presentation of the content. With regard to the cookies delivered by Squarelovin for analysis and statistical purposes, the processing is based on consent pursuant to Art. 6 (1) a) GDPR. We obtain your consent via our cookie consent tool. Such consent is voluntary and can be revoked at any time with effect for the future.
We will delete the relevant data once the purpose has ceased to exist. With regard to this data processing, you can also assert your data subject rights at any time (see section 6), in particular object to the corresponding data processing.
2.2.8. Microsoft Advertising
We use the Microsoft Advertising service on our website, which is provided and operated by Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft").
If you have your habitual residence in the European Economic Area or Switzerland, Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521) is the responsible for your data.
In order to use Microsoft's services, we have implemented a so-called Universal Event Tracking (UET) tag from Microsoft on our website. This is a code which, in conjunction with a cookie, can be used to collect and store information about the use of our website. Microsoft collects and processes personal data via the cookie, from which usage profiles are created for us using pseudonyms. In this way, we can learn more about the user behavior of the users of our website with the help of Microsoft. When Microsoft provides its services, data is also transferred to Microsoft servers in the USA, which is why we have concluded EU standard contractual clauses with Microsoft that oblige Microsoft to guarantee an appropriate level of data protection.
Microsoft will only set a cookie on your end device if you have given your express consent for this (legal basis Art. 6 (1) a) DSGVO) and have accessed our website via a Microsoft ad (e.g. via Bing).
In this case, we receive mainly statistical information about which keyword or ad users used to come to us, what users click on our website, how many users visit our website via Microsoft Ads and how long users stay on our website. The information collected is stored for a maximum of 180 days.
Microsoft also uses the data for its own purposes, e.g. to optimize its own advertising and other services. If you have a Microsoft account, the collected data can also be linked to your account. Thus, Microsoft may recognize and store your IP address. In addition, Microsoft may be able to track your usage behavior across multiple electronic devices through cross-device tracking, which enables Microsoft to display personalized advertising on or within Microsoft websites and apps.
If you do not want Microsoft to process information about your user behavior as described above, you can refuse the necessary setting of a cookie, for example, via browser settings that allow you to generally disable the setting of cookies, manage cookies, or delete cookies that have been set. You can also prevent Microsoft from collecting your data by means of cookies by declaring your objection under the following link.
You can find more information about data protection and the cookies used by Microsoft on the Microsoft website.
2.2.9. TikTok Pixel
For further analysis and optimization and for the economic operation of our offer, we also use "TikTok Pixel" of the social network TikTok, which is operated by Beijing ByteDance Technology Co Ltd (hereinafter "TikTok").
TikTok Pixel is directly integrated by TikTok on our website and can store a cookie on your device, provided that you have given your express consent for this (Art. 6 para. 1 a) DSGVO). If you subsequently log in to TikTok or visit TikTok while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about your identity. However, the data is stored and processed by TikTok so that a connection to the respective user profile is possible and can be used by TikTok and for its own market research and advertising purposes. If we should transmit data to TikTok for matching purposes, it will be encrypted locally on the browser and only then sent to TikTok via a secured https connection. This is done for the sole purpose of matching data that is also encrypted by TikTok.
With the help of the TikTok pixel, it is also possible for TikTok to determine the visitors to our website as a target group for the display of advertisements (so-called "TikTok ads"). Accordingly, we use the TikTok pixel to display the TikTok ads placed by us only to those TikTok users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g., interest in certain topics or products determined based on the websites visited) that we transmit to TikTok. With the help of the TikTok pixel, we also want to ensure that our TikTok ads correspond to the potential interest of the users and are not a nuisance. The TikTok Pixel also allows us to track the effectiveness of the TikTok Ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a TikTok Ad (known as a "conversion").
We only use TikTok pixels on our website if you consent to this processing of your personal data (Art. 6 para. 1 a) DSGVO). You can, of course, revoke your consent at any time for the future. The revocation does not affect the lawfulness of the processing (until the revocation).
2.3. Social media platforms
We use the youtube.com website to post our own videos and make them publicly available. YouTube is provided by a third party which is not affiliated with us, YouTube LLC, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Some of the Websites we offer contain links to what we offer on YouTube. If you follow a link to YouTube, we point out that YouTube saves its users' data (e.g. personal information and IP addresses) according to its own guidelines for using data and uses it for business purposes. We have no control over how YouTube collects data or how it processes it; nor do we know how much data it collects, what it processes it for or how long it saves it for. So we cannot rule out the possibility that data will be disclosed, including to third parties outside the EU. You can see YouTube's data protection statement at https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_de_eu.pdf.
YouTube collects personal data to analyse how users behave, and provides some of this data to YouTube channel operators like edding in anonymised form. This involves demographic data such as age, sex, place of residence, country or mother tongue without reference to any identifiable persons, so edding cannot identify anyone who visits our YouTube channel.
It also provides edding with statistics on where calls to our YouTube channel come from, what kind of terminal it is accessed from or what pages are called up. As this channel's operator, YouTube also sends edding statistics data ('Insights'), which cannot be used to trace the users concerned. Nor can we link this statistics data we receive with our subscribers' profile data: we can only specify the categories of data and visitors YouTube uses when analysing the data it collects and provides as anonymised statistics. The only reason edding uses this data is to analyse user behaviour so we can match our YouTube channel and what we offer better to users' needs and interests.
We use your data YouTube sends us on the basis of our legitimate interest (Art. 6 (1) f) GDPR).
We only get anonymised information and statistics, even if you are registered with YouTube when you visit our YouTube channel; but we must point out that, if you go to our YouTube channel directly, YouTube could theoretically trace who you are e.g. by reading out logfiles (such as IP addresses) or by setting cookies.
If visitors subscribe to our YouTube channel, YouTube adds a list of all subscribers to this channel to your profile, and sends edding this list; but this list contains only data in the public domain, i.e. information you voluntarily make available to other YouTube Users via your YouTube settings. What these are specifically is something you decide in your YouTube settings yourself. You can also use your Google settings (https://myaccount.google.com/u/1/privacycheckup/1/0?hl=de) to review your privacy.
To find out more about the individual settings available, go to https://policies.google.com/technologies/product-privacy?hl=de&gl=de.
We can also trace comments on our YouTube channels to individual users.
We process this data for the purpose above under Art. 6 (1) a) GDPR based on your voluntary consent and registering with YouTube.
We also operate a Facebook page to present our company on this platform, provide information there and contact you when you visit and use our Facebook page. As the operator of this Facebook page, we are joint controller with the platform operator Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
When you visit our Facebook page, the controller processes your personal data under a joint controllers' agreement under Art. 26 GDPR which you can see here: https://www.facebook.com/legal/terms/page_controller_addendum.
We tell you what data this involves and how it is processed below.
We collect personal data ourselves if you message us, for example (username and any personal data which appears in your message). We store and use this data solely to answer your concerns and/or contact you and the technical administration involved. The reason we can process your data by law is that we have a legitimate interest in answering your concerns (legal basis is Art. 6 (1) f) GDPR). We delete your data once we finish dealing with your concerns unless we are bound to retain it by law. We assume we have finished dealing with them once the circumstances indicate the matter in question has been finally clarified.
We also analyse calls and interactions on our Facebook page. With this in mind, Facebook produces user profiles and provides us with anonymous-only data by way of page insights ('page insights'): https://www.facebook.com/business/a/page/page-insights.
This is aggregated data we can use to find out how people interact with our page. Page insights may be based on personal data collected when people visit our page and/or interact with it and its content. We do this to assert our overriding legitimate interest balancing all interests together in optimising how we present our offer and communicating more effectively with customers and interested parties (legal basis is Art. 6(1) f) GDPR).
Please note, when you call up and use our Facebook page, Facebook processes your personal data too. When it comes to processing insights data, edding and Facebook are joint controllers. How Facebook uses insights data from when people visit Facebook pages for its own purposes, how far activities on Facebook pages are assigned to individual users, how long Facebook saves this data and whether data from visiting a Facebook page is disclosed to third parties is Facebook's responsibility.
In respect of data processing on our Facebook page, you can assert your rights not just against edding but against Facebook too. To find out more, see Facebook's data processing guidelines at http://de-de.facebook.com/about/privacy.
For Facebook's complete data guidelines, go to https://de-de.facebook.com/full_data_use_policy.
Facebook also offers its members ways to object to data being processed in certain ways; you can find notes on this and optout options at https://www.facebook.com/settings?tab=ads.
To contact Facebook's data protection officer, you can use their online contact form at www.facebook.com/help/contact/540977946302970.
The regulatory authority for Facebook Ireland Ltd. is the Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois R32 AP23, Ireland (https://www.dataprotection.ie).
We use Instagram's technical platform and services to offer our products. The Instagram service is one of the Facebook products provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ('Facebook'). We are jointly responsible with Facebook as this Instagram page's operator. When people visit our Instagram page, those responsible process their personal data. As this page's controller, we have made agreements with Facebook which govern the terms for using the Instagram page. Instagram's terms and conditions of use apply (https://help.instagram.com/581066165581870) and the other conditions and guidelines listed at the end there.
We will now tell you what data is involved and how it is processed.
We must point out expressly that Facebook saves its users' data, such as personal information, IP addresses, etc.) and may also use it for business purposes. To find out more about how Facebook processes your data, see its date protection guidelines at https://dede.facebook.com/policy.php.
We have no control over how Facebook collects data and then processes it, and we cannot tell to what extent or where Facebook's data is saved or for how long, how far it complies with existing obligations to delete, how it analyses and makes links with this data or who it sends it to. If you would like to avoid Facebook processing personal data you send us, please contact us by other means than via Instagram.
We only collect and use our users' personal data in principle insofar as this is necessary or reasonable to providing the functioning Instagram company page and/or an Instagram linked website and for our content and services, such as being involved in campaigns, competitions etc. published via Instagram.
You can contact us via our Instagram page either by writing to us privately or by putting a comment under a picture. You can ask us about edding, our Instagram page or anything else. When you contact us, you will give us your username, tell us what you are writing about and possibly other personal data. We will only use this data to answer your queries and/or get in touch with you and the technical administration that involves.
The law allows us to process your data on the grounds that we have a legitimate interest in answering your concerns (legal basis is Art. 6 (1) f) GDPR). We delete your data once we finish dealing with your concerns unless we are bound to retain it by law. We assume we have finished dealing with them once circumstances indicate the matter in question has been finally clarified.
We can also see if you have liked/shared our Instagram pages/posts/comments, depending on how you have set your user privacy settings at Instagram. We can also attribute comments on our Instagram pages to you as an Instagram user. The legal basis for the processing is Art. 6 (1) f) GDPR, as we have a legitimate interest in communicating and interacting with you via Instagram.
So what kind of personal data is collected about you and how much when you visit an Instagram page also depends on what you can do and is something you can influence.
You can always visit our Instagram page without leaving any comments or clicking on 'Like'. Please note, you can only use Instagram's interactive functions if you register. Facebook can also process data on this.
Facebook's Insights function also provides us with statistical data on who visits our Instagram page. This is aggregated data we can use to find out how people interact with our page. Page Insights may be based on personal data collected when people visit our page and/or interact with it and its content. We can use this function to analyse our site better and tailor it to our users' interests. We have a legitimate interest under Art. 6 (1) f) GDPR in operating our Instagram page and using Insights to market ourselves effectively via a much-used platform. To find out more about the 'Insights' function see https://www.facebook.com/iq/tools-resources/audience-insights/.
To contact Facebook's data protection officer, you can use Facebook's online contact form at https://www.facebook.com/help/contact/540977946302970.
The regulatory authority for Facebook Ireland Ltd. is the Data Protection Commission, 21 Fritzwilliam Square South, Dublin 2, D02 RD28, Ireland (https://www.dataprotection.ie/en/contact/how-contact-us).
We also operate a company profile on the Pinterest platform. Pinterest is a service by Pinterest Europe Ltd., Palmerstone House, 2nd Floor, Fenian Street, Dublin 2, Ireland ('Pinterest').
We must point out that you use Pinterest and its functions at your own responsibility. This applies to the interactive functions in particular. Alternatively, you can also call up some of the information Pinterest offers on our Website.
When you visit our Pinterest page, Pinterest records your IP address and other information present as cookies on your terminal. This information is used to give us as the Pinterest page operator anonymised statistical information on how that page is used. This is demographic data such as age, sex, place of residence or country without any reference to identifiable persons. edding cannot identify anyone who visits our Pinterest profile.
It also provides edding with statistics on who calls up our Pinterest profile, what kind of terminal they accessed it via or how many times our page was called up. As a Pinterest profile operator, Pinterest also sends edding anonymised statistical data ('Audience Insights'). This data cannot be traced back to the visitor, subscriber or registered user concerned (referred to together hereinafter as 'visitors'; in an individual case, only the group of persons is named whom the matter in question concerns). We can only specify what categories of data and visitors by which we want Pinterest to analyse the data it collects and provide us with as anonymised statistics. The only purpose for which edding uses this data is to analyse user behaviour so we can tailor our Pinterest profile and our offer to visitors' needs and interests better.
We use the data Pinterest provides as Audience Insights to select relevant information for our posts on Pinterest or order ads aimed at certain groups on the platform ('Promoted Pins').
We only get anonymised information and statistics if visitors to our Pinterest profile are registered with Pinterest; but we would point out that Pinterest may store this data itself as a consequence of controlling our Pinterest profile directly by reading out logfiles (such as IP addresses) or by setting cookies.
We use your data Pinterest sends us on the grounds that we have a legitimate interest (Art. 6 (1) f) GDPR) in marketing our products and constantly improving and managing our offers and products.
We cannot influence how Pinterest collects data or processes it; nor do we know how much data it actually collects, what it processes it for or how long it saves it for: so we cannot rule out that data may be passed on in anonymised statistics.
If you follow our Pinterest profile as a registered user (or 'subscribe' as Pinterest calls it), Pinterest adds your profile to a list of all subscribers to this profile. Pinterest then provides you with our pins on your pin wall. Pinterest provides edding with a list of our subscribers: but this list contains only data which is in the public domain, that is, information visitors provide of their own accord via their Pinterest settings. What these are specifically, each user decides in their Pinterest settings themselves; each user can also use their Pinterest settings (https://www.pinterest.de/settings/privacy) to set their privacy individually.
We can also assign comments on our Pinterest contributions ('pins') and what happens on the pinwall to individual users.
This data is processed for the purpose above under Art. 6 (1) a) GDPR on the grounds that you gave it voluntarily by registering with and logging into Pinterest.
To find out more about how Pinterest processes data, see their data protection guidelines at https://policy.pinterest.com/de/privacy-policy.
To contact Pinterest's data protection officer, visit: https://help.pinterest.com/de/data-protection-officer-contact-form
You can object to this data being processed specifically either by disabling your Pinterest account settings ( https://help.pinterest.com/de/articles/edit-your-settings#Web) under 'Individual Adjustment' or activating your browser's 'Do Not Track' settings at any time.
edding uses XING SE's XING technical platform and information service (XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany).
Please note, you use this XING page and its functions at your own responsibility. This applies in particular to using interactive functions like Comment, Share or Rate. Alternatively, you can also find some of the information offered via this site on our Website too.
When you visit our XING page amongst other things, XING records your IP address and other information present as cookies on your terminal. This information is used to provide us as the XING page operator with statistical information on how it is used. XING tells you more about this at https://www.xing.com/terms.
Please check carefully what personal data you share with us via XING. While you are logged into your XING account and visiting our XING profile, XING can log this to your XING profile. We must point out expressly that XING saves its users' data (e.g. personal information, IP address etc.) and may also use this for business purposes. To find out more about how XING processes data, see their data protection guidelines at https://privacy.xing.com/en/privacy-policy.
We cannot influence how XING collects data or processes it; nor can we tell how much data it actually collects, what it processes it for or how long it saves it for, how far XING complies with its obligations to delete, how it analyses and links data or to whom it forwards it. If you want to avoid XING processing personal data sent to us, please get in touch with us by some other means. XING Ltd. processes data collected about you in the course of this and may send it outside the European Union. What information XING obtains and how it uses it, it describes in general terms in its data processing guidelines, where you can also find out how to contact XING and ad setting options.
4. Forwarding of data
Some data may have to be forwarded to comply with contractual and statutory requirements:
4.1 Forwarding to external service providers
Service providers come into contact with our customers’ personal data only within the scope of data processing. There is express legal provision for this (Art. 6 (1f) GDPR in conjunction with Art. 28 GDPR) in accordance with our legitimate interest in offering our services on a more user-friendly, secure and more operationally meaningful basis.
In this case, too, edding remains responsible for protecting your data. The service provider works exclusively in line with our instructions, which we ensure through strict contractual regulations, technical and organisation measures and additional checks.
4.2 Forwarding on the basis of statutory obligations
We reserve the right to disclose your personal data if we are obliged to do so by law, or if we are asked to provide such information by officials or prosecution authorities. Beyond this, we do not pass any data on to third parties.
5. Data processing location and data security
In principle, your data are processed in Germany. In individual cases, the data may also be processed outside Germany if permitted by law. We have taken comprehensive, state-of-the-art technical and organisational safety measures in accordance with European data protection law (Art. 32 GDPR) to protect your data from unauthorised access and abuse.
6. Rights of the data subject
You can request information about the scope, origin and recipients of the stored data and the reason for which such data are stored, free of charge, at any time (Art. 15 GDPR). You can ask for incorrect data to be rectified at any time (Art. 16 GDPR). You also have the option of receiving the personal data relating to you in a structured, commonly-used and machine-readable format (Art. 20 GDPR). You can object to the use of your personal data in future (Art. 21 GDPR), request partial or complete erasure (Art. 17 GDPR), restrictions on the processing thereof or blocking (Art. 18 GDPR).
We will verify your request and comply with it, provided there is no other statutory basis for processing. We will inform you of the outcome.
No special format is required when asserting your right to information. Send an email to firstname.lastname@example.org or a letter to the above address.
You will find detailed information about this website's provider in our legal notice.