Data Protection

Data protection

As of: 1 August 2019

Contents
  • Responsible
  • Overview of the processing
  • Relevant legal bases
  • Safety measures
  • Transmission and disclosure of personal data
  • Data processing in third countries
  • Use of cookies
  • Commercial and business services
  • Use of online marketplaces for e-commerce
  • payment service
  • Single-Sign-On Application
  • Communication via messenger
  • Cloud Services
  • Newsletter and width communication
  • Web analysis and optimization
  • Online marketing
  • Affiliate programs and affiliate links
  • Evaluation Platforms
  • Presence in social networks
  • Plugins and embedded functions as well as content
  • Deletion of data
  • Modification and update of the privacy policy

Responsible

Oliver Doehring

Heber Concepts GmbH, Grindelwaldweg 11, 13407 Berlin, Germany

Authorized representatives: Alexander Heber

E-mail address: mail(at)heberconcepts.com

Overview of the processing

The following summary summarizes the types of data processed and the purposes of their processing and refers to the individuals concerned.

Types of processed data

  • Inventory data (e.g., names, addresses).
  • content data (e.g., text input, photographs, videos).
  • Contact information (e.g., e-mail, phone numbers).
  • Meta / communication data (e.g., device information, IP addresses).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Contract data (for example, subject matter, term, customer category).
  • Payment details (e.g., bank details, invoices, payment history).

Categories of affected persons

  • Employees (for example, employees, applicants, former employees).
  • business and contractual partners.
  • Interested persons.
  • communication partner.
  • Customer.
  • Users (e.g., website visitors, online service users).
  • Purposes of processing
  • affiliate tracking.
  • Registration procedures.
  • Providing our online offer and user-friendliness.
  • Visit Action evaluation.
  • Office and organizational procedures.
  • Direct marketing (for example by e-mail or by post).
  • feedback (e.g., collecting feedback via the online form).
  • Interest-based and behavioral marketing.
  • Contact requests and communication.
  • Conversion measurement (measurement of the effectiveness of marketing measures).
  • Profiling (creating user profiles).
  • Remarketing.
  • Range measurement (e.g., access statistics, recurring visitor detection).
  • Safety measures.
  • Tracking (e.g., interest / behavioral profiling, use of cookies).
  • Contractual services and service.
  • Management and answering of inquiries.

Relevant legal bases

In the following, we share the legal basis of the General Data Protection Regulation (DSGVO), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations may apply in your home or country of residence.

  • Consent (Article 6 (1) (1) (a) GDPR) – The data subject has given his consent to the processing of personal data relating to him for a specific purpose or several specific purposes.
  • Performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. DSGVO) – The processing is necessary for the fulfillment of a contract of which the data subject is a party or for the implementation of pre-contractual measures Person done.
  • Legal obligation (Article 6 (1) (1) (c) GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.
  • Legitimate interests (Article 6 (1) sentence 1 lit. DSGVO) – Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject providing the protection personal data require, outweigh.

National data protection regulations in europe: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data in data processing (Bundesdatenschutzgesetz – BDSG). In particular, the BDSG contains special rules on the right of access, the right of cancellation, the right to object, the processing of special categories of personal data, processing for other purposes and for transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.

Safety measures

We will take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, the different likelihoods of occurrence and the extent to which the rights and freedoms of individuals are threatened to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as their access, input, transfer, availability and segregation. We have also set up procedures to ensure the enjoyment of data subject rights, the erasure of data and responses to the threat to data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures according to the principle of data protection, through technology design and privacy-friendly default settings.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You will recognize such encrypted connections with the prefix https: // in the address bar of your browser.

Transmission and disclosure of personal data

As part of our processing of personal information, data may be transmitted to or disclosed to other entities, companies, legally independent organizational units or individuals. To the recipients of this data may e.g. Payment institutions involved in payment transactions, IT service providers or providers of services and content incorporated into a website. In such case, we comply with the legal requirements and in particular conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Data Transfer within the Organization: We may transfer personal information to other locations within our organization or grant access to such information. If this transfer is for administrative purposes, the transfer of the data is based on our legitimate commercial and business interests or takes place if it is necessary for us to fulfill our contractual obligations or if the parties have given their consent or a legal permit.

Data processing in third countries

If we process data in a third country (ie, outside the European Union (EU), the European Economic Area (EEA)) or processing in the context of the use of third party services or the disclosure or transfer of data to other persons, entities or companies takes place, this is done only in accordance with the legal requirements.

Except as expressly provided or provided by contract or by law, we process or disclose the data only in third countries with a recognized level of privacy, including those certified under the Privacy Shield, or on the basis of specific warranties, such as limited liability. contractual obligation by so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the European Commission: https://ec.europa.eu/info/law/law- topic / data-protection / international-dimension-data-protection_en).

Use of cookies

“Cookies” are small files that are stored on users’ devices Cookies can be used to store various information, such as the language settings on a website, the login status, a shopping cart or the location where a video is viewed was, belong.

Cookies are generally also used when the interests of a user or his behavior (for example, viewing specific content, use of functions, etc.) are stored on individual websites in a user profile. Such profiles serve to provide users with e.g. View content that matches your potential interests. This method is also referred to as “tracking,” that is, tracking the potential interests of users. The term “cookies” also includes other technologies that perform the same functions as cookies (for example, when user information is stored using pseudonymous online identifiers, also known as “user IDs”).

If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy.

Information about legal bases: On which legal basis we process your personal data with the help of cookies, depends on whether we ask you for a consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the informed consent. Otherwise, the data processed by means of cookies will be processed on the basis of our legitimate interests (for example, in the course of a business operation of our online offer and its improvement) or, if the use of cookies is required, in order to fulfill our contractual obligations.

Withdrawal and opposition (opt-out): Regardless of whether the processing is based on a consent or legal permission, you have at any time the possibility to revoke a given consent or to object to the processing of your data by cookie technologies (collectively referred to as ” Opt-out “).

You may initially declare your disagreement through the settings of your browser, for example by disabling the use of cookies (which may also limit the functionality of our online offer).

An objection to the use of cookies for online marketing purposes can be made through a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU page http: //www.youronlinechoices.com/ or generally explained on http://optout.aboutads.info.

Processing of cookie data on the basis of a consent: Before we process or process data within the scope of the use of cookies, we ask the users for an always revocable consent. Before consent has been given, cookies may be used that are necessary for the operation of our online offer. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.

  • Processed data types: usage data (e.g., visited web pages, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, online service users).
  • Legal basis: Consent (Article 6 (1) sentence 1 (a) GDPR), entitled interests (Article 6 (1) (1) (f) of the DSGVO). 

Commercial and business services

We process data of our contract and business partners, e.g. Customers and prospects (collectively referred to as “contractors”) in the context of contractual and comparable legal relationships and related measures and in the context of communication with the contractors (or pre-contractual), for example, to answer inquiries.

We process this data in order to fulfill our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with this information as well as the entrepreneurial organization. Within the scope of the applicable law, we only pass on the data of the contracting parties to third parties insofar as this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the contracting parties (eg to participating telecommunications, transport and other auxiliary services as well as subcontractors , Banks, tax and legal advisers, payment service providers or tax authorities). About other forms of processing, e.g. For purposes of marketing, the contracting parties are informed in the context of this privacy policy.

What data is required for the above purposes, we inform the contractors or in the context of data collection, e.g. in online forms, by special markings (for example colors) or symbols (for example asterisks or the like), or in person with.

We delete the data after expiration of legal warranty and comparable obligations, ie, basically after expiration of 4 years, unless the data are stored in a customer account, eg, as long as they have to be kept for legal reasons of archiving (eg for Tax purposes usually 10 years). Data that has been disclosed to us as part of an order by the contractor, we delete according to the specifications of the contract, in principle after the end of the contract.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Onlineshop and E-Commerce: We process the data of our customers to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery, or execution.

The required information is marked as such in the context of the order or comparable purchase process and includes the information required for delivery, or provision and billing as well as contact information in order to hold any consultation.

  • Processed data types: inventory data (eg names, addresses), payment data (eg bank details, invoices, payment history), contact data (eg e-mail, telephone numbers), contract data (eg subject of contract, duration, customer category), usage data (eg visited websites, interest in Content, access times), meta / communication data (eg device information, IP addresses).
  • Affected persons: prospective customers, business and contractual partners, customers.
  • Purposes of processing: contractual services and services, contact requests and communications, office and organizational procedures, administration and response to inquiries, security measures.
  • Legal basis: fulfillment of contract and pre-contractual inquiries (Article 6 (1) sentence 1 lit. DSGVO), legal obligation (Article 6 (1) sentence 1 (c) GDPR), legitimate interests (Article 6 para 1 p. 1 DSGVO).

Use of online marketplaces for e-commerce

We offer our services on online platforms operated by other service providers. In this context, in addition to our privacy policy, the privacy notices of the respective platforms. This applies in particular with regard to the methods used on the platforms for range measurement and interest-based marketing.

  • Processed data types: inventory data (eg names, addresses), payment data (eg bank details, invoices, payment history), contact data (eg e-mail, telephone numbers), contract data (eg subject of contract, duration, customer category), usage data (eg visited websites, interest in Content, access times), meta / communication data (eg device information, IP addresses).
  • Affected Persons: Customers.
  • Purposes of processing: contractual services and service.
  • Legal basis: fulfillment of the contract and pre-contractual inquiries (Article 6 (1) sentence 1 (b) GDPR), entitled interests (Article 6 (1) sentence 1 (f) of the DSGVO).

SimplyBook.me ltd.

Reg.No .: HE387490

VAT No .: 10387490F

E-mail: support(at)simplybook.me

Address: 4 Riga Feraiou street

Omega Business Center,

3095 Limassol, Cyprus

payment service

In the context of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer the persons concerned efficient and secure payment options and use besides banks and credit institutions other payment service providers (collectively “payment service providers”).

The data processed by the payment service providers includes inventory data, such as the name and the address, bank data, e.g. Account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, summary and recipient-related information. The information is required to complete the transactions. However, the data entered will only be processed and stored by the payment service providers. That is, we do not receive any account or credit card related information, but only information with confirmation or negative disclosure of the payment. The data may be transmitted by the payment service providers to credit reporting agencies. This transmission aims at the identity and credit check. For this we refer to the terms and conditions and the privacy policy of the payment service providers.

For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites or transaction applications apply. We also refer to these for further information and assertion of rights of revocation, information and other data subjects.

Single-Sign-On Application

As a “single-sign-on” or “single sign-on sign-on” or “authentication” are referred to procedures that allow users using a user account with a provider of single-sign-on method (eg A prerequisite for single sign-on authentication is that the users are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose are already registered with the single sign-on provider and confirm the single-sign-on registration via the button.

 

Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user under this user ID is logged in to the respective single sign-on provider and an ID that we can not use for other purposes (so-called “user handle Whether or not we are provided with additional data depends solely on the single sign-on method used, on the selected data releases as part of the authentication, and also on what data users are using in the privacy or other settings of the user account for the single Depending on the single sign-on provider and the choice of users, different data may be available, usually the e-mail address and the user name. Sign-on procedure entered password at the single sign-on provider is neither visible to us, nor is it stored by us.

Users are kindly requested to note that their information may be automatically reconciled with their single sign-on user account, but this is not always possible or actual. Change e.g. users’ e-mail addresses, they must manually change them in their user account with us.

The single sign-on registration we can, if agreed with the users, in the context of or before the contract use, as far as the users were asked to process it within the framework of a consent and set otherwise based on the legitimate interests of us and the Users’ interests in an effective and secure logon system.

If users decide once again to no longer want to use the link of their user account with the single sign-on provider for the single sign-on procedure, they must cancel this connection within their user account with the single sign-on provider. If users want to delete their data from us, they must cancel their registration with us.

  • Processed data types: inventory data (e.g., names, addresses), contact information (e.g., e-mail, telephone numbers).
  • Affected Persons: Users (e.g., website visitors, online service users).
  • Purposes of processing: contractual services and service, registration procedure.
  • Legal basis: Consent (Article 6 (1) sentence 1 letter a DSGVO), performance of the contract and pre-contractual inquiries (Article 6 (1) sentence 1 (b) GDPR), entitled interests (Article 6 (1) Page 1 lit., DSGVO).

Deployed services and service providers:

Communication via messenger

We use messenger services for the purpose of communication and therefore ask you to observe the following notes on the functionality of the messenger, the encryption, the use of the metadata of the communication and your contradictions.

You can also contact us in alternative ways, e.g. via phone or e-mail. Please use the contact options communicated to you or the contact options specified within our on-line offer.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted end-to-end. This means that the content of the messages is not visible, even by the messenger providers themselves. You should always use a recent version of Encrypted Messenger to ensure encryption of message content.

 

However, we also point out to our communication partners that messenger providers are not able to see the content, but can find out that and when communication partners communicate with us, as well as technical information about the device used by the communication partners and, depending on the settings of their device, also location information ( so-called metadata) are processed.

Notes on legal foundations: If we ask communication partners for their permission to communicate with them via messenger, the legal basis of our processing of their data is their consent. By the way, if we do not ask for your consent and you By contacting us, we use Messenger as a contractual measure in relation to our contractual partners and as part of contracting, and in the case of other interested parties and communication partners based on our legitimate interests in fast and efficient communication and fulfillment of our communications partner needs the communication via Messengern. Furthermore, we point out that we do not transmit the contact information communicated to us for the first time without your consent.

Revocation, opposition and deletion: You can revoke your consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we will delete the messages according to our general deletion policy (ie, as described above, after the end of contractual relationships, in the context of archiving specifications, etc.) and otherwise, as soon as we can assume that we have answered any information from the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with statutory retention requirements.

Reservation by other means of communication: Finally, we would like to point out that, for security reasons, we reserve the right not to answer inquiries via Messenger. This is the case when e.g. Contractual privacy of special secrecy require or an answer over the messenger the formal requirements does not suffice. In such cases, we refer you to more adequate communication channels.

Skype: Skype end-to-end encryption requires activation (unless enabled by default).

  • Processed data types: contact data (eg e-mail, telephone numbers), usage data (eg visited websites, interest in content, access times), meta / communication data (eg device information, IP addresses), content data (eg text input, photographs, videos ).
  • Affected persons: communication partners.
  • Purposes of processing: contact requests and communication, direct marketing (for example by e-mail or by post).
  • Legal basis: Consent (Article 6 (1) sentence 1 (a) GDPR), entitled interests (Article 6 (1) (1) (f) of the DSGVO).

Deployed services and service providers:

Cloud services

We use software services accessible via the Internet and running on their vendors’ servers (so-called “Cloud Services”, also referred to as “Software as a Service”) for the following purposes: document storage and management, calendar management, e-mailing, spreadsheets and presentations, exchange of documents, content and information with particular recipients or publication of web pages, forms or other content and information, as well as chats and participation in audio and video conferencing.

In this context, personal data may be processed and stored on the providers’ servers, as far as they are part of communications with us or otherwise processed by us as set forth in this Privacy Policy. This data may include in particular master data and contact data of users, data on transactions, contracts, other processes and their contents. The cloud service providers also process usage data and metadata that they use for security and service optimization purposes.

If we use the cloud services for other users or publicly available websites forms o.a. Providing documents and content, providers may store cookies on users’ devices for purposes of web analytics or to remember user preferences (e.g., in the case of media control).

Notes on legal bases: If we ask for consent to the use of the cloud services, the legal basis of the processing is the consent. Furthermore, their use may be part of our (pre-) contractual services, provided that the use of the cloud services has been agreed within this framework. Otherwise, users’ data will be processed based on our legitimate interests (i.e., interest in efficient and secure administrative and collaboration processes)

  • Processed data types: inventory data (eg names, addresses), contact data (eg e-mail, telephone numbers), content data (eg text input, photographs, videos), usage data (eg visited websites, interest in content, access times), meta- / communication data ( eg device information, IP addresses).
  • Affected persons: Customers, employees (for example, employees, applicants, former employees), prospects, communication partners.
  • Purposes of Processing: Office and Organizational Procedures.
  • Legal basis: Consent (Article 6 (1) sentence 1 letter a DSGVO), performance of the contract and pre-contractual inquiries (Article 6 (1) sentence 1 (b) GDPR), entitled interests (Article 6 (1) Page 1 lit., DSGVO).

Deployed services and service providers:

Newsletter and communication

We send out newsletters, e-mails and other electronic notifications (hereinafter referred to as “newsletter”) only with the consent of the recipient or a legal permission.Where in the context of an application to the newsletter whose contents are specifically described, they are for the consent of the users authoritative. Incidentally, our newsletter contains information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name for personal address in the newsletter, or other information as required for the purpose of the newsletter.

Double-Opt-In-Procedure: Registration for our newsletter is basically done in a so-called Double-Opt-In-Procedure. This means that after signing up you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. Registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes saving the login and confirmation times as well as the IP address. Likewise, changes to your data stored with the shipping service provider will be logged.

Deletion and Limitation of Processing: We may save the e-mail addresses discharged for up to three years on the basis of our legitimate interests, before we delete them, in order to be able to provide evidence of a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed. In the case of obligations to permanently observe contradictions, we reserve the sole purpose of storing the e-mail address for this purpose in a blacklist.

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. Insofar as we commission a service provider with the dispatch of e-mails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

Legal notice: The distribution of the newsletter is based on the consent of the recipient or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and insofar as this is legally required, e.g. in the case of existing customer advertising. Insofar as we entrust a service provider with the sending of e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests in order to prove that it has been performed in accordance with the law.

contents:

Our newsletter refers exclusively to the communication of own products and the communication of changes in the terms and conditions.

  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), meta / communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, interest in content, access times).
  • Special data categories: Health data (Article 9 (1) DGSVO).
  • Affected persons: communication partners.
  • Purposes of processing: direct marketing (e.g., by e-mail or post), contact requests and communication.
  • Legal basis: Consent (Article 6 (1) sentence 1 (a) GDPR), entitled interests (Article 6 (1) (1) (f) of the DSGVO).
  • Opt-out: You may terminate the receipt of our newsletter at any time, ie. Revoke your consent, or object to further reception. You can find a link to cancel the newsletter either at the end of each newsletter or else you can use one of the above-mentioned contact options, preferrably e-mail.

Deployed services and service providers:

Web analysis and optimization

The web analysis (also called “range measurement”) is used to evaluate the flow of visitors to our online offer and can behavior, interests or demographic information about the visitors, such. the age or gender, as pseudonymous values include. With the help of range analysis we can e.g. recognize when our online offer or its features or content are used most frequently or are invited to reuse. Likewise, we can understand which areas need optimization.

In addition to web analytics, we can also use test methods, e.g. to test and optimize different versions of our online offer or its components.

For these purposes, so-called user profiles can be created and saved in a file (so-called “cookie”) or similar methods with the same purpose can be used. To this information can e.g. content viewed, web pages visited and elements used there, and technical information such as the browser used, the computer system used, and times of use. If users have consented to the collection of their location data, these can also be processed depending on the provider.

It also stores the IP addresses of the users. However, we use an IP masking method (i.e., pseudonymization by truncating the IP address) to protect users. In general, in the context of web analysis, A / B-testing and optimization, no clear data of the users (such as e-mail addresses or names) are stored, but pseudonyms. That is, we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is the consent. Otherwise, users’ data will be processed based on our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

 

  • Processed data types: usage data (e.g., visited web pages, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, online service users).
  • Purposes of processing: range measurement (e.g., access statistics, recurring visitor detection), tracking (e.g., interest / behavioral profiling, use of cookies), visit action reporting, profiling (user profiling).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Article 6 (1) sentence 1 (a) GDPR), entitled interests (Article 6 (1) (1) (f) of the DSGVO).

Deployed services and service providers:

  • Jetpack (WordPress Stats): Jetpack provides analysis capabilities for WordPress software. Service Provider: Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110, USA; Website: https://automattic.com; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://automattic.com/privacy, Cookies Policy: https://jetpack.com/support/cookies.

Online marketing

We process personal data for the purpose of online marketing, including in particular the presentation of advertising and other content (collectively referred to as “content”) based on potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar methods are used by means of which the information relevant to the presentation of the aforementioned contents to the user is stored. To this information can e.g. content viewed, websites visited, online networks used, as well as communication partners and technical information, such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, they can also be processed.

It also stores the IP addresses of the users. However, we use IP masking techniques (i.e., pseudonymization by truncating the IP address) to protect users. In general, the online marketing process does not store user clear data (such as e-mail addresses or names), but pseudonyms. That is, we as well as the providers of online marketing methods do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or similar procedures. These cookies can later generally also on other websites that use the same online marketing method, read and analyzed for purposes of displaying content as well as be supplemented with other data and stored on the server of the online marketing process provider.

By way of exception, clear data can be assigned to the profiles. This is the case when users are e.g. Members of a social network whose online marketing process we use and the network connects the profiles of users in the aforementioned information. We kindly ask you to note that users have additional agreements with the providers, e.g. by consent in the context of registration.

In principle, we only have access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can examine which of our online marketing methods led to a so-called conversion, i. for example, to a contract with us. The conversion measurement is used solely to analyze the success of our marketing efforts.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is the consent. Otherwise, users’ data will be processed based on our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

 

  • Processed data types: usage data (e.g., visited web pages, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, online service users), prospects.
  • Purposes of processing: tracking (eg interest / behavioral profiling, use of cookies), remarketing, visitor action evaluation, interest and behavioral marketing, profiling (profiling (user profiling), conversion measurement (measurement of marketing effectiveness), reach measurement (eg access statistics, detection returning visitor).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Article 6 (1) sentence 1 (a) GDPR), entitled interests (Article 6 (1) (1) (f) of the DSGVO).
  • Opposition possibility (opt-out): We refer to the privacy policy of the respective provider and the contradiction possibilities stated to the offerers (so-called “Opt-Out”). Unless an explicit opt-out option has been specified, there is the possibility that you disable cookies in the settings of your browser. However, this can restrict functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Territorial: http://optout.aboutads.info.

Deployed services and service providers:

  • Google Analytics: online marketing and web analytics; Service Providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring data protection level when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out plug-in: http://tools.google.com/dlpage/gaoptout?hl=en, ad insertion settings: https://adssettings.google.com/authenticated.

Affiliate programs and affiliate links

In our online offering, we include so-called affiliate links or other references (which may include, for example, discount codes) to third-party offers and services (collectively referred to as “affiliate links”). If users follow the affiliate links, or subsequently accept the offers, we may receive commission or other benefits from these third parties (collectively referred to as “commission”).

In order to be able to track whether the users have taken advantage of the offers of an affiliate link that we have used, it is necessary that the respective third party providers learn that the users have followed an affiliate link used within our online offer. The assignment of affiliate links to the respective deal or other action (e.g., purchases) is solely for the purpose of commission billing and is waived as soon as it is no longer required for the purpose.

For the purposes of the aforementioned association of affiliate links, the affiliate links may be supplemented with particular values that are part of the link or otherwise, e.g. in a cookie, can be stored. The values may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online user ID.

 

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is the consent. Furthermore, their use may form part of our (pre-) contractual services, provided that the use of the third-party providers has been agreed within this framework. Otherwise, users’ data will be processed based on our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: contract data (e.g., subject matter, term, customer category), usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, online service users).
  • Purposes of Processing: Affiliate Tracking.
  • Legal basis: Consent (Article 6 (1) sentence 1 letter a DSGVO), performance of the contract and pre-contractual inquiries (Article 6 (1) sentence 1 (b) GDPR), entitled interests (Article 6 (1) Page 1 lit., DSGVO).

Legendarios de Guajirito

Zulueta no. 658 e / Gloria y Apodaca, Habana Vieja. Cuba

Bernardo Falcon Tosar

evaluation platforms

We participate in evaluation procedures to evaluate, optimize and promote our services. If Users rate us through the participating rating platforms or procedures or otherwise provide feedback, the Company’s terms and conditions and privacy notices also apply. As a rule, the evaluation also requires registration with the respective providers.

In order to ensure that the valuer has actually used our services, we will, with the consent of the customer, provide the necessary data relating to the customer and the service used to the respective rating platform (including name, email address and Order number or article number). These data are used solely to verify the authenticity of the user.

  • Processed data types: contract data (e.g., subject matter, term, customer category), usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
  • Affected individuals: customers, users (e.g., website visitors, online service users).
  • Purposes of processing: feedback (e.g., gathering feedback via online form), coverage measurement (e.g., access statistics, recurring visitor detection), visit action reporting, interest-based and behavioral marketing, profiling (creating user profiles).
  • Legal basis: Consent (Article 6 (1) sentence 1 (a) GDPR), entitled interests (Article 6 (1) (1) (f) of the DSGVO).

Deployed services and service providers:

  • Trustpilot: ratings and widget; Service Provider: Trustpilot A / S, Pilestræde 58, 5, 1112 Copenhagen, Denmark; Website: https://de.trustpilot.com; Privacy Policy: https://en.legal.trustpilot.com/end-user-privacy-terms.
  • Yelp: reviews, recommendations, and widgets; Service Provider: Yelp Inc., 140 New Montgomery Street, 9th Floor, San Francisco, CA 94105, USA; Website: https://www.yelp.de; Privacy Policy: https://www.yelp.com/tos/privacy_policy; Opposition possibility (opt-out): https://www.yelp.com/tos/privacy_en_us_20190329#third-parties.

Presence in social networks

We maintain online presence within social networks to communicate with or provide information about our users.

We point out that data of the users outside the area of the European Union can be processed. This may result in risks to users because, e.g. the enforcement of user rights could be made more difficult. With respect to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we point out that they are committed to respecting EU privacy standards.

Furthermore, the data of the users within social networks is usually processed for market research and advertising purposes. Thus, e.g. Based on the user behavior and the resulting interests of users usage profiles are created. The usage profiles may in turn be used to e.g. To place advertisements inside and outside the networks that are allegedly in the interests of users. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the possibilities of opting out (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.

  • Processed data types: inventory data (eg names, addresses), contact data (eg e-mail, telephone numbers), content data (eg text input, photographs, videos), usage data (eg visited websites, interest in content, access times), meta- / communication data ( eg device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, online service users).
  • Purposes of processing: contact requests and communication, tracking (e.g., interest / behavioral profiling, use of cookies), remarketing, reach measurement (e.g., access statistics, recurring visitor detection).
  • Legal basis: legitimate interests (Article 6 (1) sentence 1 (f) of the DSGVO).

Deployed services and service providers:

  • Instagram: social network; Service Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: http://instagram.com/about/legal/privacy.
  • Facebook: social network; Service Providers: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, Parent Companies: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield (ensuring privacy levels when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-Out: Advertisement Settings: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy policy for Facebook pages: https://www.facebook.com/legal/ terms / information_about_page_insights_data.
  • LinkedIn: social network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (ensuring privacy levels when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opposition possibility (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Pinterest: social network; Service Provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; Website: https://www.pinterest.com; Privacy Policy: https://about.pinterest.com/en/privacy-policy; Opposition possibility (opt-out): https://about.pinterest.com/en/privacy-policy.
  • Twitter: social network; Service Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/privacy, (Settings) https://twitter.com/personalization; Privacy Shield (ensuring privacy levels when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
  • YouTube: social network; Service Providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring data protection level when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-Out: https://adssettings.google.com/authenticated.

Plugins and embedded functions as well as content

We incorporate functionality and content into our online offering sourced from their respective vendors’ servers (hereafter referred to as “third party vendors”), such as graphics, videos, social media buttons, and posts (hereafter referred to as “third party”) uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We endeavor to use only those content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and the operating system, websites to be referenced, time of visit, and other information regarding the use of our online offer.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is the consent. Otherwise, users’ data will be processed based on our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: usage data (eg websites visited, interest in content, access times), meta / communication data (eg device information, IP addresses), contact data (eg e-mail, telephone numbers), content data (eg text input, photographs, videos ), Stock data (eg names, addresses).
  • Affected persons: Users (e.g., website visitors, online service users), communication partners.
  • Purposes of processing: Provision of our online offer and user-friendliness, tracking (eg interest / behavioral profiling, use of cookies), feedback (eg collecting feedback via online form), contractual services and service, contact requests and communication, direct marketing (eg E-mail or post), interest-based and behavioral marketing, profiling (profiling), security measures, administration and response to inquiries.
  • Legal basis: Consent (Article 6 (1) sentence 1 (a) DSGVO), entitled interests (Article 6 (1) sentence 1 lit. DSGVO), performance of the contract and pre-contractual inquiries (Article 6 (1) Page 1 lit. b DSGVO).

Deployed services and service providers:

  • AddThis: AddThis – social sharing features, AddThis uses users’ personally identifiable information to provide and execute the sharing features. In addition, AddThis may use pseudonymous information of users for marketing purposes. ; Service Provider: AddThis, 1595 Spring Hill Suite 300 Vienna, VA 22182, USA; Website: http://www.addthis.com; Privacy Policy: http://www.addthis.com/privacy; Opposition possibility (opt-out): http://www.addthis.com/privacy/opt-out.
  • Facebook social plugins: Facebook social plugins. Content such as pictures, videos or text and buttons belong, with which users can share contents of this on-line offer within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/; Service Provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield (ensuring privacy levels when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opposition possibility (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=ads.
  • Google Fonts: We incorporate the fonts (\ “Google Fonts \”) of the provider Google, whereby the data of the users are used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their consistent presentation and taking into account possible licensing restrictions for their integration. Service Providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring privacy levels when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active.
  • Google Maps: We include the maps of Google’s Google Maps service. The processed data may include, in particular, users’ IP addresses and location data, but these are not collected without their consent (usually as part of the settings of their mobile devices). Service Providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://maps.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring privacy levels when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active; Opt-out plug-in: http://tools.google.com/dlpage/gaoptout?hl=en, ad insertion settings: https://adssettings.google.com/authenticated.
  • Instagram plug-ins and buttons: Instagram plug-ins and buttons. Content such as images, videos, or text and buttons that allow users to share content from this online offering within Instagram. Service Provider: https://www.instagram.com, Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: http://instagram.com/about/legal/privacy.
  • OpenStreetMap: We include the maps of the OpenStreetMap service offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). The data of the users are used by OpenStreetMap exclusively for the purpose of displaying the map functions and for caching the selected settings. Such data may include, but are not limited to, users’ IP addresses and location data, but they are not collected without their consent (usually as part of their mobile device settings). Service Provider: OpenStreetMap Foundation (OSMF); Website: https://www.openstreetmap.de; Privacy Policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
  • • Twitter plug-ins and buttons: Twitter plug-ins and buttons. Content such as images, videos, or text and buttons that allow users to share content from this online offering within Twitter. Service Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Website: https://twitter.com/en; Privacy Policy: https://twitter.com/privacy.
  • • YouTube: videos; Service Providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring data protection level when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out plug-in: http://tools.google.com/dlpage/gaoptout?hl=en, ad insertion settings: https://adssettings.google.com/authenticated.
  • • Vimeo: Vimeo – Video Platform; Service Provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-Out: Please note that Vimeo may use Google Analytics, referring to the Privacy Policy (https://policies.google.com/privacy) and opt-out options for Google Analytics (http : //tools.google.com/dlpage/gaoptout? hl = DE) or Google’s data usage settings for marketing purposes (https://adssettings.google.com/).

Deletion of data

The data processed by us will be deleted in accordance with legal requirements as soon as their consent for processing is revoked or other authorizations cease to exist (for example, if the purpose of the processing of this data has ceased to apply or if they are not necessary for the purpose).

Unless the data is deleted because it is necessary for other and legitimate purposes, its processing is limited to these purposes. That is, the data is locked and not processed for other purposes. This applies, for example for data that must be retained for commercial or tax law reasons or that is required to be stored in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data may also be provided in the context of the individual data protection notices of this privacy policy.

Modification and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the Privacy Policy as soon as the changes to the data processing we make require it. We will notify you as soon as the changes require your participation (eg consent) or other individual notification.

Created by Lawyer Dr. med. jur. Thomas Schwenke – generator