Data Protection Declaration
This Data Protection Declaration informs you of the type, the extent and the purpose of the processing of personal information (also “data”) within our online services, and the webpages, the functions as well as the external online presences, such as for example our Social Media profile (hereafter combined as “online services”) connected with it. In regard to the terms used here, such as for example “processing” or “responsible parties”, we refer you to the definitions in Art. 4 of the General Data Protection Regulation (hereafter GDPR).
Responsible party
Holger Rummel / Planet Lingua
Gallasstraße 13
90768 Fürth
Germany
office(at)planet-lingua.de
Holger Rummel
Imprint: https://planet-lingua.de/uebersetzungen-nuernberg-impressum
Types of data processed:
– Personal information (for example, names, addresses)
– Contact details (for example, email addresses, telephone numbers)
– Content information (for example, text entries, photographs, videos)
– Details of use (for example, websites visited, interest in their content, times of access)
– Meta-/Communication data (for example, device information, IP addresses)
Categories of persons concerned
Viewers and users of our online services (hereafter also summarized as “users”.)
Purpose of data processing
– Making the online services, its functions and content, available
– Responding to enquiries from, and communicating with, our users
– Security measures
– Internet Audience Measurement (IAM)
Terminology used
“Personal information” is all information that refers to an identified or identifiable natural person (hereafter “person concerned”); a natural person is considered identifiable who directly or indirectly can be identified, in particular by means of inclusion in a form of identification such as a name, an ID number, an address or a form of online recognition (for example, a cookie), or can be identified using one or more particular characteristics that are an expression of the physical, physiological, genetic, psychological, socio-economic, cultural or social identity of this natural person.
“Processing” is every process carried out, with or without the help of automated methods, or every such set of operations done in connection with personal information. The term is broad and encompasses practically every contact with data.
“Pseudonymisation” is the processing of personal information in such a way that personal data can no longer be attributed to a specific concerned person without the addition of additional information, in so far as this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal information cannot be attributed to an identified or identifiable natural person.
“Profiling” is every type of automated processing of personal information that consists of this personal information being used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the professional achievements, socio-economic status, health, personal preferences, interests, reliability, behavior, location, or change of location of this natural person.
As “responsible party” is termed the natural or juristic person, government office, facility or other instance which alone or together with others decides the purpose and the means of processing personal information.
“Data processor” is a natural or juristic person, government office, facility or other instance which processes personal information at the request of the party responsible.
Relevant legal basis
In accordance with Art. 13 of the GDPR, we are informing you of the legal basis of our data processing policies. If the legal basis is not provided in the Data Protection Declaration, the following is valid: the legal basis for obtaining consent is Art.6, para. 1, lit. a, and Art.7 GDPR; the legal basis for data processing in order to provide our services and to carry out the terms of our contract, as well as responding to enquiries is Art. 6, para.1, lit. b GDPR; the legal basis for processing in order to carry out our legal responsibilities is Art. 6, para.1, lit. c GDPR; and the legal basis for data processing in order to safeguard our legitimate interests is Art. 6, para.1, lit. f GDPR. In the case that vital interests of the person concerned, or those of another natural person, make processing of personal information necessary, Art. 6, para. 1, lit. d GDPR serves as a legal basis.
Security measures
According to Art. 32 GDPR, we take appropriate technological and organisational measures to ensure a level of protection commensurate with the varying probability and level of risk to the rights and liberties of natural persons, taking into consideration the technological state of the art, implementation costs and the extent, the conditions, and the purpose of the processing.
The measures include in particular ensuring confidentiality, integrity and availability of the data by means of control of physical access to the data, as well as the relevant access, input, transfer, the securing of its availability and its division. Further, we have put measures into place that ensure the rights of persons concerned, deletion of data and a reaction to any threat to the data. In addition we take the protection of personal information into consideration as early as the development and the choice of hardware, software, as well as methods, corresponding to the principles of data protection by means of technological design and data protection-friendly settings (Art. 25, GDPR).
Collaboration with data processing companies and third parties
If in the context of our data processing we reveal data to other people and companies (data processing companies or third parties), transfer these to them or allow them access to the data, this only happens on the basis of legal consent that you have given (for example, if the transfer of data to third parties, such as an online billing service, according to Art.. 6, para. 1, lit. b GDPR is necessary in order to fulfill the requirements of a contract), a legal requirement stipulates this, or on the basis of our legitimate interests (for example, in the use of a duly accredited agent, webhosts, etc.).
If we ask third parties to process data on the basis of a so-called “job processing contract”, then this takes place according to Art. 28 GDPR.
Data transfer to “third countries”
If we process data in a “third country” (that is, one outside of the European Union [EU] or the European Economic Area [EEA]) or do this in the context of the use of services of third parties, or the disclosure as well as transferal of data to third persons takes place, this only happens if it is done in order to fulfill our statutory duties, with your consent, on the basis of a legal requirement or on the basis of our legitimate interests. Subject to legal or statutory consent, we process data, or allow it to be processed, in a “third country” only when there are exceptional circumstances such as those stated in Art. 44, ff GDPR. This means that processing takes place for examples on the basis of special guarantees, such as the officially recognised level of data protection corresponding to that of the EU (for example, in the USA through the “Privacy Shield” agreement) or adhering to officially recognized statutory requirements (so-called “Standard Statutory Clauses”.)
Rights of the persons concerned
You have the right to request confirmation of whether the data concerned is processed and information regarding this data, as well as further information and copies of the data, in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the entirety of the data relating to you or the correction of incorrect information relating to you.
In accordance with Art. 17 GDPR you have the right to request that relevant data are immediately deleted as well as, alternatively, according to Art. 18 GDPR, to request a limitation of the data being processed.
You have the right to request that you be given the data concerning you that you have made available to us according to Art. 20 GDPR, and that it be transferred to another instance.
In addition you have the right according to Art. 77 GDPR to submit a complaint to the relevant regulatory authority.
Right of cancellation
You have the right to cancel your consent, given according to Art. 7, para. 3 GDPR, with an effect on future actions.
Right of appeal
At any time you can appeal the future processing of data concerning you according to Art. 21 GDPR. The appeal can in particular be entered against its use for purposes of direct advertising.
Cookies and the right of appeal in the case of direct advertising
“Cookies” are understood to be small data bases stored on users’ computers. Various types of information can be stored within cookies. Primarily, a cookie serves to store information relating to a user (as well as the device on which the cookie is stored) during and also after a visit to an online service. Those cookies are called “temporary cookies”, or “session cookies” or “transient cookies” that are deleted after the user leaves an online service and closes his or her browser. In a cookie of this kind the contents of a shopping basket for an online shop, or log-in details, be stored, for example. “Permanent” or “persistent” cookies are those that are stored even after the user’s browser is closed. For example, a user’s log-in details can be stored, if the user returns to the site after a number of days. In addition, the particular interests of the user can be stored in a cookie of this kind, one that can be used for purposes of Internet Audience Measurement evaluation or marketing. “Third-party cookies” are those offered by vendors other than those responsible for that particular online service (on the other hand, if it is only cookies belonging to that online service, then one speaks of “first-party cookies”).
We use temporary and permanent cookies, and clarify this here in the context of our Data Protection Declaration.
In the case that users do not want cookies to be stored on their computers, they are advised to deactivate the relevant option in their browser preferences. Cookies that are stored can be deleted from the browser, using preferences. The exclusion of cookies can lead to a limited function of the online service.
A general objection to the use of cookies for purposes of online marketing can be made using a variety of services, above all in the case of tracking, using the American website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechices.com. In addition, the storage of cookies can be achieved by means of their de-activation in the browser options. Please be aware that in that case, not all functions of the online service can be utilized.
Origin, deletion, blocking
You have the right at any time to obtain free information regarding your stored personal information, its source and its recipients, including the purposes of processing, as well as the right to correct, block or delete this data. In this regard, as well as for any other enquiries relating to the topic of personal data, you can contact us at any time at the address contained in the Imprint section of our website.
Deletion of data
The data processed by us according to Art. 17 and 18 of the GDPR are deleted or restricted in its use. If this is not specifically made clear in the context of our Data Protection Declaration, data stored by us are deleted as soon as they no longer fulfill their original purpose and there is no legal requirement to preserve them. If the data are not deleted because they are needed for other, legally permissible purposes, their processing is limited. That means, the data are restricted and not used for other purposes. This is true for information that for example must be stored for business or tax purposes.
According to legal standards in Germany, storage is maintained in particular for 10 years according to §§ 147, para. 1 AO, 257, para. 1, nos. 1 and 4, Business Law Book (for books, notes, reports, accounting documents, account books, tax documents, etc.) and for 6 years according to § 257, para. 1, nos. 2 and 3, para. 4, Business Law Book (for business correspondence).
According to legal standards in Austria, storage is maintained for 7 years according to § 132, para. 1, Federal Tax Code (for bookkeeping documents, receipts/invoices, accounts, receipts, business documents, records of income and expenditures, etc.), for 22 years in connection with property, and for 10 years for documents in connection with work done online; telecommunications, radio and television services provided for non-commercial instances in member states of the EU and for those used by the Mini-One-Stop-Shop (MOSS) services.
Akismet Anti-Spam Screening
Our online service makes use of the Akismet service, provided by Automattic, Inc, 60 29th Street, # 343, San Francisco, CA 94110, USA. It is used on the basis of our legitimate interests in the sense of Art. 6, para.1, lit. f GDPR. With the help of this service, comments provided by real people are differentiated from Spam comments. For that purpose all comments are sent to a server in the USA, where they are analysed and stored for four days for purposes of comparison. If a comment is deemed to be Spam, the information is stored for longer than this period. Included in these details are the name provided, the email address, the IP address, the contents of the comment, the referrer, details on the browser used as well as the computer system and the time of the entry.
Further information on the collection and the use of data by Akismet can be found in the data protection information provided by Automattic: https://automattic.com/privacy.
Users are welcome to use pseudonyms, or to not enter a name or an email address. You can prevent the transfer of data completely by not using our comment system. That would be regrettable, but unfortunately we don’t know of any other alternatives that work as effectively.
Setting up contact
When setting up contact with us (for example by using the contact form, by email, by telephone or on Social Media) the user’s details needed for responding to the enquiry and for its resolution are processed according to Art. 6, para.1 lit. b GDPR. The user’s details can be stored in a customer relationship management system (“CRMS”) or a comparable enquiry system.
We delete the enquiries if they are no longer necessary to us. We evaluate their necessity every two years; in addition, legal requirements regarding storage are adhered to.
Newsletter
With the following information we are informing you about the content of our newsletter as well as our registration, sending and statistical evaluation methods, as well as your right to appeal. When you set up a subscription to our newsletter, you declare yourself to be in agreement with the methods described herein.
Content of the newsletter: we only send newsletters, emails and other electronic messages containing promotional information (hereafter “newsletter”) with the recipient’s permission or legal consent. If in the context of registration for the newsletter its content is described concretely, this determines whether the user consents to it or not. In addition, our newsletters contain information about us and our services.
Double opt-in and record keeping: registration for our newsletter takes place by a so-called double opt-in method, that is, following registration you receive an email, in which you are asked to confirm your registration. This confirmation is necessary in order that no one can register with a false email address. The registrations for the newsletter are logged, in order to be able to show that the process of registration has followed legal requirements. This includes storage of the time of registration and the time of confirmation, as well as the IP address. Any changes to your data stored with the shipping service are recorded as well.
Registration details: in order to register for our newsletter you only have to provide your email address. It would be best if we could offer you a name for you to use in order to be addressed personally in the newsletter.
Sending the newsletter and the performance evaluation connected with it take place on the basis of the consent of the recipient according to Art. 6, para.1, lit a, Art. 7 GDPR in connection with § 7, para.2, no. 3 of the Act Against Unfair Competition (2004) or, if consent is not required, on the basis of our legitimate interests regarding direct marketing according to Art. 6, para.1, lit. f GDPR in connection with § 7 para.3 of the Act Against Unfair Competition.
Keeping a log of the registration process takes place on the basis of our legitimate interests according to Art. 6, para.1, lit. f GDPR. Our interest is focused on maintaining a user-friendly as well as a secure newsletter system that serves our business interests and meets the expectations of our users and in addition, permits us to demonstrate proof of consent.
Cancellation/withdrawal –You can cancel our newsletter at any time, that is, withdraw your consent for receiving it. You can find a cancellation link at the end of every newsletter. We can store cancelled email addresses for up to three years on the basis of our legitimate interests, before we delete them, in order to demonstrate that a consent that was given in the past. The processing of this data is limited to purposes of a possible defense against claims. An individual application for deletion is possible at any time, if at the same time confirmation is given of a consent in the past.
Newsletter – MailChimp
The newsletter is sent by means of the email service “MailChimp”, a newsletter
marketing platform offered by the American company Rocket Science Group LLC., 675 Ponce de Leon Avenue NE, #5000, Atlanta, Ga. 30308 USA. The privacy policies of the email service are available for viewing here at https://www.mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a/ MailChimp is certified under the Privacy Shield agreement and provides in that way a guarantee that European standards of data protection are adhered to (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The email service is used in connection with our legitimate interests according to Art. 6, para.1, lit. f GDPR and a job processing contract according to Art.28, para. 3, p.1 GDPR.
The email service can use the recipient’s data in a pseudonymous form, that is, without allocation to a user, in order to optimize or improve its own services, for example for technical optimization of its shipment and the presentation of the newsletter, or for statistical purposes. The email service does not use the data of our newsletter recipients to contact them itself, however, or to pass the information on to third parties.
Hosting and email marketing services
The hosting services used by us serve to make the following services available: infrastructure and platform services, computing capacity, storage space and data bank services, email marketing services, security services as well as technical support services, which we use for the purposes of carrying out our online service.
In doing so we, as well as our hosting platform, process inventory data, contact data, content data, contract data, usage data and meta- and communications data from clients, potential clients, and visitors to this online services on the basis of our legitimate interests in providing an efficient and secure online service in accordance with Art. 6, para.1, lit. f GDPR in connection with Art. 28 GDPR (setting up a job processing contact).
Collection of access data and log files
We, as well as our hosting service, collect information on every access to the server on which this service is located on the basis of our legitimate interests in the sense of Art. 6, para.1, lit. f GDPR (so-called server log files). The access data include names of the websites entered, data bases, date, and time of access, amount of data transferred, a record of successful access, browser type including version, the user’s operating system, the referrer’s URL (the website visited previously), IP address and the provider making the enquiry.
For reasons of security (for example, in order to investigate cases of abuse or fraud) log file information is stored for a maximum of 7 days and then deleted afterward. Information needed for purposes of providing evidence are exempted from deletion until the individual case has been ultimately clarified.
Google Analytics
On the basis of our legitimate interests (that is, interests in the analysis, optimisation and business practices of our online service in the sense of Art. 6, para.1, lit.f GDPR) we make use of Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information generated by cookies regarding use of our online services by users is as a rule transferred to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and provides for that reason a guarantee that European data protection laws are adhered to. (https://www.privacyshield.gov/participant?id=a2zt00000001L5AAI&status=Active).
Google will use this information on our behalf in order to analyse the use of our online service by users, in order to generate reports on the activity within this online service and in order to provide us with other services related to the use of this online service and the use of the internet. During this process pseudonymous user profiles can be created using the data processed.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is abbreviated by Google within the member countries of the European Union or other countries within the European Economic Area. Only in exceptional cases is the complete IP address transferred to a Google server in the USA and abbreviated there.
The IP address provided by the user’s browser is not added to any other Google data. Users can prevent the storage of cookies by means of setting a particular preference on the software of their browser; in addition users can prevent capture by Google of the information generated by a cookie and related to their use of our online services, as well as the processing of this data by Google, by downloading and installing the plug-in available over the following link: http://tools.google/dlpage/gaoptout?hl=de.
You can find further information on the use of data by Google as well as set-up and appeal opportunities in Google’s privacy declaration (https://policies.google.com/technologies/ads) as well as in preferences regarding the use of pop-ups by Google (https://adssettings.google.com/authenticated). [ga_optout]
The users’ personal information is deleted after 26 months or made anonymous.
Google AdWords and conversion measurement
On the basis of our legitimate interests (that is, interests in the analysis, optimization and business practices of our online service in the sense of Art. 6, para.1, lit.f GDPR), we make use of the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”).
Google is certified under the Privacy Shield agreement and provides for that reason a guarantee that European data protection laws are adhered to. (https://www.privacyshield.gov/participant?id=a2zt00000001L5AAI&status=Active)
We use the online marketing method, Google AdWords, in order to place advertisements in the Google advertising network (for example, in search results, in videos, on websites, etc.) so they can be shown to users who have a presumed interest in the ads. This enables us to show ads for and within our online services in a more direct way, to show users ads that are of interest to them. In the case that a user is shown an ad for products that he has shown an interest in on previous sites, one speaks here of “remarketing”. To this end, when calling up our website and others on which Google is active, a Google code is immediately sent out and so-called “remarketing tags” (invisible pictures or codes, also known as “web beacons”) are integrated into the site. With their help an individual cookie, that is a small data base, is stored on the user’s device. (Instead of cookies, comparable technologies can be used.) In this data base information is stored regarding which websites the user visits, what type of content he is interested in, and which offers the user has clicked on, as well as technical information on the browser and operating system, referring websites, time of access as well as other details regarding use of our online service.
In addition we have obtained an individual “conversion cookie”. The information gathered with the help of the cookie helps Google to put together conversion statistics. We only find out the anonymous, total number of the users that have clicked on our offers and which was sent to a site provided with a cookie-tracking tag. We do not receive information that allows us to identify the users personally.
The users’ data are processed in connection with the Google advertising network pseudonymously, that is, Google stores and processes no names or email addresses of the users, for example, but rather processes the relevant cookie-related data within pseudonymous user profiles. This means that from the point of view of Google, the ads are not managed and shown for a specifically identified person, but rather for the owner of the cookie, independent of who this cookie-owner is. This is no longer valid if a user has expressly permitted Google to process data without pseudonymisation. The information gathered regarding users is sent to Google and stored on Google servers in the USA.
You can find further information on the use of data by Google as well as set-up and appeal opportunities in Google’s data protection declaration (https://policies.google.com/technologies/ads) as well as in preferences regarding the use of pop-ups by Google (https://adssettings.google.com/authenticated.
Google DoubleClick
On the basis of our legitimate interests (that is, interests in the analysis, optimization and business practices of our online service in the sense of Art. 6, para.1, lit.f GDPR), we make use of the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”).
Google is certified under the Privacy Shield agreement and provides for that reason a guarantee that European data protection laws are adhered to. (https://www.privacyshield.gov/participant?id=a2zt00000001L5AAI&status=Active)
We use the online marketing method Google DoubleClick to place advertisements in the Google advertising network (for example, in search results, in videos, on websites, etc.). DoubleClick has the advantage that ads are shown in real-time in conjunction with the presumed interests of the user. This enables us to show ads for and within our online services in a more direct way, to show users ads that are of interest to them. In the case that a user is shown an ad for products that he has shown an interest in on previous sites, one speaks here of “remarketing”. To this end, when calling up our website and others on which Google is active, a Google code is immediately sent out and so-called “remarketing tags” (invisible pictures or codes, also known as “web beacons”) are integrated into the site. With their help an individual cookie, that is a small data base, is stored on the user’s device. (Instead of cookies, comparable technologies can be used.) In this data base is stored information on which websites the user visits, what type of content he is interested in, and which offers the user has clicked on, as well as technical information on the browser and operating system, referring websites, time of access as well as other details regarding use of our online service.
The IP address of the users is also captured, whereby within the member countries of the European Union or other countries within the European Economic Area these are abbreviated, and only in exceptional cases is the complete IP address transferred to a Google server in the USA and abbreviated there.
The user’s data are processed in connection with the Google advertising network pseudonymously, that is, Google stores and processes for example no names or email addresses of the users, but rather processes the relevant cookie-related data within pseudonymous user profiles. This means that from the point of view of Google, the ads are not managed and shown for a specifically identified person, but rather for the owner of the cookie, independent of who this cookie-owner is. This is no longer valid if a user has expressly permitted Google to process data without a pseudonymisation. The information gathered regarding users is sent to Google and stored on Google servers in the USA.
You can find further information on the use of data by Google as well as set-up and appeal opportunities in Google’s data protection declaration (https://policies.google.com/technologies/ads) as well as in the preferences regarding the use of pop-ups by Google (https://adssettings.google.com/authenticated.
Prepared with “Datenschutz-Generator.de” by Dr. Thomas Schwenke, Attorney