Privacy Policy

This privacy policy clarifies the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) on our website and connected webpages, functions and content, as well as any external online presence, such as our social media profile (hereinafter collectively referred to as “website”). With regard to the used terminology, such as “personal data” or the “processing” thereof, we refer you to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Party responsible:

Name/Co: HQLabs GmbH

Street No.: Colonnaden 41

Postcode, place, country: 20354 Hamburg, Deutschland

Commercial register No.: HRB Hamburg 122 405

Directors: Daniel Tobias Hagenau, Nils Lukas Czernig, Lucas Alexander Bauche

Telephone number: 040 88215330

E-mail address: [email protected]

Data protection officer:

PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 München
[email protected]

Types of processed data:

☒ Inventory data (e.g., names, addresses).

☒ Contact information (e.g., email, phone numbers).

☒ Content data (e.g., text entries, photographs, videos).

☒ Usage data (e.g., visited webpages, interest in content, access time).

☒ Meta-/communication data (e.g., device information, IP addresses).

Processing of specific categories of data (Art. 9(1) GDPR):

☐ No special categories of data will be processed.

☒ In principle, no special categories of data will be processed, unless they are processed by users, e.g. entries in online forms.

☐ The following special categories will be processed:

Categories of data subjects included in the processing:

☒ Clients / interested parties / suppliers.

☒ Visitors and users of the website.

Hereinafter, data subjects are also collectively referred to as “users”.

Purpose of processing:

☒ Making the website, its content, and functions available.

☒ Providing contractual services, service, and client care.

☒ Answering contact enquiries and communicating with users.

☒ Marketing, advertising, and market research.

As of: 24/05/2018

1.          Relevant legal basis

In accordance with Art. 13 of the GDPR, we inform you of the legal basis of our data processing. In case the legal basis is not specified in the privacy policy, the following applies: the legal basis for obtaining consent is Art. 6(1) lit. a and Art. 7 of the GDPR, the legal basis for processing our service performance and execution of contractual measures, as well as the answering of enquiries is Art. 6(1) lit. b of the GDPR, the legal basis for processing the fulfilment our legal obligations is Art. 6(1) lit. c of the GDPR, and the legal basis for processing the protection of our legitimate interests is Art. 6(1) lit. f of the GDPR. In the event that vital interests of a data subject or any other natural person requires the processing of personal data, Art. 6(1) lit. d of the GDPR serves as the legal basis.

2.          Changes and updates to the privacy policy

We kindly request you to regularly inform yourself about the contents of our privacy policy. We will adjust the privacy policy as soon as the changes we make to the data processing, necessitates it. We will inform you as soon as your cooperation (e.g. consent) or any other individual information becomes necessary.

3.          Safety measures

3.1.      In accordance with Art. 32 of the GDPR, we consider the latest technology, implementation costs, the processing type, scope, circumstances and objectives, as well as the probability of occurrence and the severity of the risks for the rights and freedom of natural persons, appropriate technical and organisational measures, to ensure a level of protection appropriate to the risk; In particular, measures include the protection of confidentiality, integrity and availability of data by surveillance of physical access to the data, as well as its related access, entry, transfer, protection of availability and its disconnection. Furthermore, we have put in place a procedure which ensures awareness of the rights of concerned parties, deletion of data and responds to threats to the data. Additionally, we take the protection of personal data into account during development; more specifically, we consider selection of hardware, software, and procedures according to the principle of data protection by technology design and by privacy-friendly default settings(Art. 25 GDPR).

3.2.       Specifically, the safety measures include encrypted transfer of data between your browser and our server.

4.          Working together with processors and third parties

4.1.       If, in the context of processing, we reveal data to other persons and companies (processors or third parties), provide them with it or otherwise grant them access to the data, it is only done on the basis of legal permission (e.g., if transfer of data to a third party, such as payment service providers, is necessary according to Art. 6(1) lit. b of the GDPR to fulfil the contract), you have provided consent, a legal obligation stipulates this, or is only done on the basis of our legitimate interests (e.g., assignment of agents, webhosts, etc.).

4.2.       Provided that we entrust third parties with the processing of data on the basis of a so-called “data processing contract”, it is done on the basis of Art. 28 of the GDPR.

5.          Transfers to third countries

If we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or if it occurs in the context of using third party services or disclosure, or rather during data transfer to a third party, it is only done to fulfil (pre-) contractual obligations, on the basis of your consent, because of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permission, we only process or allow the data to be processed in a third country in the event of special requirements of Art. 44 et seq. of the GDPR. I.e. processing will be done on the basis of special guarantees, such as the officially recognised assessment of a data protection level that matches that of the EU (e.g., “Privacy Shield” for the USA) or in compliance with officially recognised special contractual obligations(so-called “standard contractual clauses”), for instance.

6.          Rights of affected persons

6.1.       You have the right to request confirmation on whether or not the respective data is being processed and the right to request information about this data, as well as further information and a copy of the data according to Art. 15 of the GDPR.

6.2.       According to Art. 16 of the GDPR, you have the right to request the completion of your data or the correction of data concerning you that is incorrect.

6.3.       In accordance with Art. 17 of the GDPR, you have the right to request that relevant data is immediately deleted or alternatively, in accordance with Art. 18 of the GDPR, the right to request a limitation on the processing of data.

6.4.       In accordance with Art. 20 of the GDPR, you have the right to request that you receive data relating to you, which you have provided us with, and to request that such information be sent to other responsible persons.

6.5.       Furthermore, according to Art. 77 of the GDPR, you have the right to file a complaint to the responsible supervisory body.

7.          Right of withdrawal

According to Art. 7(3) of the GDPR, you have the right to withdraw issued consent with effect for the future.

8.          Right of objection

According to Art 21. of the GDPR, you have the right to object to any future processing relating to you at any time. The objection can be filed against processing for direct marketing purposes specifically.

9.          Cookies and right of objection for direct marketing purposes

You can read about our Cookie conditions here separately:  Cookie Policy

10.        Deleting data

10.1.    The data we process, is deleted or is limited in its processing in accordance with Art. 17 and 18 of the GDPR. Unless explicitly stated in this privacy policy, data stored with us will be deleted, as soon as it is no longer required for its intended purpose and no legal storage obligations prohibit the deletion. If the data is not deleted, because it is necessary for other and legally permissible purposes, its processing will be limited. I.e. the data is blocked and not processed for other purposes. This applies to data which must be stored for reasons relating to commercial law or tax law.

10.2.    Germany: According to legal requirements, the data is stored for 6 years in accordance with § 257(1) HGB (trading books, inventories, opening balance sheets, financial statements, business letters, accounting documents, etc.), as well as for 10 years in accordance with § 147(1) AO (books, records, reports, accounting documents, business and commercial letters, for the taxation of relevant documents, etc.).

11.        Provision of contractual services

11.1.    In accordance with Art. 6(1) lit. b of the GDPR, we process inventory data (e.g., names and addresses, as well as users’ contact information ), contract data (e.g., used services, names of contacts, payment information) for the purpose of fulfilling our contractual obligations and services. The entries, which have been marked as obligatory in the online forms, are necessary for the conclusion of the contract.

11.2.    Users have the option to create a demo account, allowing them to test our web-based agency software. As part of the registration, the mandatory information required will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user accounts, their data, with respect to the user account, will be deleted, depending on whether or not its storage is necessary for reasons relating to commercial law or tax law according to Art. 6(1) lit. c of the GDPR. It is the responsibility of the users to save their own data during the successful termination before the expiration of the contract. We have the right to irretrievably delete all user data stored during the contract period.

11.3.    During registration and renewed logins, as well as during the use of our online services, the IP address and the time of the respective user action are stored. Storing is done on the basis of our legitimate interests, and also to protect users from abuse and unauthorised use. Transferring data to third parties generally does not occur, unless it is necessary for the persecution of our claims or there is a legal obligation to do so in accordance with Art. 6(1) lit. c of the GDPR.

11.4.    We process usage data (e.g., visited webpages from our website, interest in our products) and content data (e.g., entries in contact forms or user profiles) for advertising purposes in a user profile, e.g., to show users product information, based on the services they have used previously.

11.5.   The deletion takes place after the expiration of legal warranty and similar obligations. The necessity of storing data is reviewed every three years; in the event of compulsory data archiving, deletion takes place after its expiration (at the end of the commercial (6 years) and fiscal (10 years) storage obligation); client account information remains until its deletion.

12.        Contact

12.1.    When contacting us (via contact form or e-mail), user information concerning the contact enquiry process and its execution are processed.

12.2.    User information can be saved in our Client-Relationship-Management System (“CRM System”) or in a similar body for enquiries.

12.3.    Based on our legitimate interests (efficient and swift processing of user enquiries), we use the CRM System “Pipedrive”, of provider Pipedrive Inc. For this purpose, we have concluded a contract with Pipedrive with so-called standard contractual clauses, in which Pipedrive commits itself to only processing user data in accordance with our instructions and in compliance with the data protection level of the EU. Additionally, Help Scout is certified under the Privacy Shield agreement and through this, provides a guarantee to comply with European data protection law.

12.4.    We delete enquiries when they are no longer necessary. We review the necessity every two years; enquiries from clients who possess a client account are stored permanently and for the deletion, we refer to the client account information. In the event of compulsory data archiving, deletion takes place after its expiration (at the end of the commercial (6 years) and fiscal (10 years) storage obligation).

13.        Comments and posts

13.1.    If users leave comments or other posts, their IP addresses will be saved for 7 days on the basis of our legitimate interests within the meaning of Art. 6(1) lit. f of the GDPR.

13.2.    This is for our safety, in case someone leaves comments or a post including unlawful content (insults, illegal political propaganda, etc.). In such a case, we could be prosecuted for the comment or post and would therefore be interested in the identity of the author.

14.       Collection of access data and log files

14.1.    On the basis of our legitimate interests within the meaning of Art. 6(1) lit. f of the GDPR, we collect data from each access to the server hosting this service (so-called server log files). Among the access data are the name of the accessed webpage, file, date and time of access, volume of data transferred, report on successful access, browser type and version, the user’s operating system, referrer URL (the previous page you visited), IP address and the enquiring provider.

14.2.    For security reasons (e.g., to investigate abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data that requires further retention for evidential purposes are excluded from deletion until the final clarification of the incident.

15.       Online presence on social media

15.1.    We maintain an online presence on social networks and platforms, in order to communicate with clients, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, terms, conditions and data processing guidelines apply to their respective operators.

15.2.    Unless stated otherwise in our privacy policy, we process user data, provided they communicate with us on social networks and platforms, e.g., by posting within our online presence or by sending us a message.

16.       Google Analytics

16.1.    On the basis of our legitimate interests (i.e., interest in analysis, optimisation and economic operation of our website in the meaning of Art. 6(1) lit. f of the GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by a cookie about the use of the website by users, is generally transferred to and stored on a Google server in the USA.

16.2.    Google is certified under the Privacy Shield agreement and through this, provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

16.3.    Google will use this information on our behalf, to evaluate the use of our website by users, to create reports on the activities on this website and to provide us with other services related to the use of this website and the internet. In doing so, pseudonymous user profiles can be created using processed data.

16.4.    We use Google Analytics to display advertisements, that appear within Google’s and its affiliate advertising services, only to those users who have shown interest in our website or who have specific characteristics (e.g., an interest in certain subjects or products, which are determined by webpages visited by the user), which we provide to Google (so-called “Remarketing-“ or “Google-Analytics-Audiences”). With the help of Remarketing Audiences, we can also assure you that our advertisements correspond to the users and do not come across as irritating.

16.5.    We only use Google Analytics with active IP-anonymisation. This means that the IP address of users is shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

16.6.    The IP address transmitted from the user’s browser is not placed together with other Google data. Users can prevent storage of cookies by using an appropriate setting in their browser software; moreover, the collection of data generated by the cookie and data related to its use of the website to Google, as well as data processing by Google, can be prevented if you download and install the browser plugin made available through the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

16.7.    Further information about data usage by Google, possibilities concerning settings and objections, can be found on the following Google webpages:https://www.google.com/intl/de/policies/privacy/partners(“data usage by Google in your use of websites or apps of our partners”), https://policies.google.com/technologies/ads(“data usage for advertising purposes”), https://adssettings.google.com/authenticated(“managing information that Google uses to show you adverts”).

17.       Google Re/Marketing Services

17.1.    On the basis of our legitimate interests (i.e., interest in analysis, optimisation and economic operation of our website in the meaning of Art. 6(1) lit. f of the GDPR), we use the marketing and remarketing services (“Google Marketing Services” for short) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

17.2.    Google is certified under the Privacy Shield agreement and through this, provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

17.3.    Google Marketing Services allow us to better target advertisements for and on our website, so that we only present users with advertisements that may match their interests. If, for example, auser is shown advertisements for products he/she is interested in on other webpages, it is known as “remarketing”. For these purposes, when accessing our or other webpages, which Google Marketing Services are active on, a Google code is carried out and so-called (re)marketing tags (invisible charts or a code, also known as “web beacons”) are embedded into the webpage. In this way, an individual cookie, i.e. a small file is saved (instead of cookies, similar technology can also be used). Cookies can be set by different domains, such as google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com, among others. This file notes which webpages the user visited, what content he/she is interested in and what offers he/she has clicked on, as well as technical information about the browser and the operating system, referring webpages, visit time and other information on the use of the website. It also captures the IP address of the users, and in doing so, we (in the context of Google Analytics) inform you that the IP address of users is shortened within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address is not placed together with user data on other Google sites. The above information can also be linked with such information from other sources by Google. If the user subsequently visits other webpages, he/she may be shown advertisements tailored to him/her, according to his/her interests.

17.4.    User data is pseudonymously processed within the context of Google Marketing Services. I.e., Google does not save or process names or email addresses of users, for example, but does process the relevant cookie-related data within pseudonymous user profiles. I.e., from Google’s perspective, the advertisements are not managed and displayed for one specifically identified individual, but for the cookie owner, regardless of who that cookie owner is. This does not apply, when a user has explicitly given Google permission to process data without pseudonymisation. Information about the user, gathered by Google Marketing Services, is transmitted to Google and stored on Google servers in the USA.

17.5.    The online advertising platform “Google AdWords” is one of the Google Marketing Services we use. In the case of Google AdWords, every advertiser receives a different “conversion cookie”. Consequently, cookies cannot be traced through the websites of advertisers. The information obtained through the cookie is used to generate conversion statistics for advertisers, who have opted for conversion tracking. Advertisers will learn the total sum of users, who have clicked on their advertisement and were redirected to a conversion tracking tag page. However, they do not obtain any information with which they could personally identify users.

17.6.    We can embed third-party advertisements based on “DoubleClick” by Google Marketing Services. DoubleClick uses cookies, allowing for the placement of advertisements by Google and its partner websites on the basis of users’ visits to this website or other websites on the internet.

17.7.    We can embed third-party advertisements based on “AdSense” by Google Marketing Services. AdSense uses cookies, allowing for the placement of advertisements by Google and its partner websites on the basis of visits by users on this website or other websites on the internet.

17.8.    We can also make use of the “Google Optimizer” service. Google Optimizer allows us to retrace how the different changes affect a website (e.g., changes to input fields, designs, etc.), in the context of so-called “A/B Testing”. For the purpose of such a test, cookies are stored on users’ devices. In doing so, only pseudonymous user data is processed.

17.9.    Furthermore, we can use “Google Tag Manager” to embed and manage the Google Analytics and marketing services on our website.

17.10.  Additional information about data usage for marketing purposes by Google, can be found on the summary page: https://policies.google.com/technologies/ads; Google’s privacy policy is available here: https://policies.google.com/privacy.

17.11.  If you wish to opt out of the interest-based advertising by Google Marketing Services, you can use the settings and Opt-out options: https://adssettings.google.com/authenticated.

18.       Facebook, Custom Audiences and Facebook Marketing Services

18.1.    Due to our legitimate interest in interest in analysis, optimisation and economic operation of our website and for these purposes, we use the so-called “Facebook pixel”, of social network Facebook, established by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 , USA, or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland operated (“Facebook”).

18.2.    Facebook is certified under the Privacy Shield agreement and through this, provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

18.3.    Facebook Pixel makes it possible for Facebook to arrange visitors of our website into target groups for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display Facebook ads only to those users who have shown interest in our website or who have specific characteristics (e.g., an interest in certain subjects or products, which are determined by webpages visited by the user), which we provide to Facebook (so-called “custom audiences”). With the help of Facebook pixel, we can also assure you that our advertisements correspond to the users and do not come across as irritating. Additionally, with the help of Facebook pixel we can retrace the effectiveness of Facebook advertisements for statistical and marketing research purposes, which will allow us to see if users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion).

18.4.    The processing of data through Facebook is part of Facebook’s data policy. Accordingly, general information on how to display Facebook ads in Facebook’s data policy: https://www.facebook.com/policy.php. Special information and details about Facebook Pixel and its functionality can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.

18.5.    You have the right to object to the collection (using Facebook pixel) and use of your data for the purpose of displaying Facebook ads. To set which types of advertisements you see on Facebook, you can visit the webpage designated by Facebook and follow the instructions on usage-based advertising settings there: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

18.6.    You can object to the implementation of cookies, which are used to measure reach and used for advertising purposes, by visiting the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/). 

19.       Facebook Social Plugins

19.1.    On the basis of our legitimate interests (i.e., interest in analysis, optimisation and economic operation of our website in the meaning of Art. 6(1) lit. f of the GDPR), we use Social Plugins (“Plugins”) of social network Facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interactional elements or content (e.g., videos, charts or written posts) and can be recognised by one of the Facebook logos (a white “f” on a blue tile, the term “Like” or a “thumbs up”- symbol) or are labelled “Facebook Social Plugin”. The list and the look of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

19.2.    Facebook is certified under the Privacy Shield agreement and through this, provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

19.3.    If a user accesses a function of the website, which contains such a plugin, his/her device will establish a direct connection with the Facebook servers. Facebook transmits the contents of the plugin to the user’s device directly and connects it to the website. In doing so, usage profiles (of users) can be created with the processed data. We therefore have no influence on the amount of data Facebook collects using this plugin and thus inform users according to our knowledge.

19.4.    By integrating plugins, Facebook obtains the information, that a user has visited the corresponding page of the website. If the user is logged into Facebook, Facebook can assign the visit to his/her Facebook account. If users interact with plugins, for instance by clicking the Like button or by writing a comment, this information will be transmitted from their device to Facebook and stored there. Even if a user is not a member of Facebook, the possibility still exists that Facebook will learn his/her IP address and store it. According to Facebook, only anonymised IP addresses are saved in Germany.

19.5.    The purpose and scope of data collection and any additional processing and use of data by Facebook, as well as the rights concerning this matter and configuration options concerning users’ privacy protection, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

19.6.    If a user is a member of Facebook and does not want Facebook to collect data about him-/herself via the website and link it to the member data stored on Facebook, he/she must log out of Facebook and delete his/her cookies, before using the website. Additional settings and disagreement options on the use of data for promotional purposes, can be found within the Facebook profile settings: https://www.facebook.com/settings?tab=adsor on the US site http://www.aboutads.info/choices/or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

20. Jetpack (WordPress Stats)

20.1.    On the basis of our legitimate interests (i.e., interest in analysis, optimisation and economic operation of our website in the meaning of Art. 6(1) lit. f of the GDPR), we use the Jetpack plugin (the subfunction of “WordPress Stats” in this case), which is a tool used for statistical analysis of user access, provided Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses so-called “cookies”, which are text files stored on your computer that allow for the analysis of website usage.

20.2.    Automattic is certified under the Privacy Shield agreement and through this, provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).

20.3.    The information generated by a cookie about your use of this website, is stored on a server in the USA. In doing so, usage profiles (of users) can be created with the processed data; these being used for analysis only and not for advertising purposes. For more information, please refer to Automattic’s privacy policy: https://automattic.com/privacy/and the details on Jetpack cookies: https://jetpack.com/support/cookies/.

21.       Newsletter

21.1.    The following details inform you about the contents of our newsletter, as well as the registration, distribution, and statistical analysis procedures and your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.

21.2.    Contents of the newsletter: we send newsletters, emails and other electronic notifications including promotional information (hereinafter referred to as “newsletter”) only with the consent of the recipient or with legal permission. Within the scope of subscribing to a newsletter, of which the contents have been specifically described, they are binding for the consent of users. Additionally, our newsletter contains information about our products, offers, promotions and our company.

21.3.    Double Opt-in and logging: subscribing to our newsletter is done using a so-called double opt-in procedure. I.e., after subscribing, you will receive an email in which you are asked to confirm your subscription. This confirmation is necessary, so that nobody can subscribe using external email addresses. Subscriptions to the newsletter will be logged, in order to be able to prove that the subscription process is carried out according to legal requirements. This includes storing of subscription and confirmation times, as well as the IP address. Likewise, changes to your data stored by the shipping service provider are logged.

21.4.    Shipping service provider: Shipping of the newsletter is done via “MailChimp”, a newsletter shipping program by US based provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The shipping service provider’s data protection regulations can be read here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and through this, provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). 

21.5.    Furthermore, the shipping service provider may, according to its own information, use the data in a pseudonymous form, i.e. without allocating it to a user, for the optimisation or improvement of its own services, e.g. for the technical optimisation of shipping and the presentation of the newsletter or for statistical purposes, to determine which countries recipients come from. However, the shipping service provider does not use the data of our newsletter recipients to write them down or to pass them on to third parties.

21.6.    Subscription date: To subscribe to the newsletter, you only need to specify your email address.

21.7.    Measurement of success – The newsletters contain a so-called “web beacon”, i.e. a file the size of a pixel, which is activated by the server of the shipping service provider when the newsletter is opened. When activated, technical information, such as information about the browser and your system, as well as IP address and activation time are gathered. This information is used for the technical improvement of services on the basis of technical data, target audiences, and their reading behaviour on the basis of their activation locations (which can be determined with the help of the IP address), or access times. The statistical information also includes confirmation, on whether or not the newsletters were opened, when they were opened, and which links were clicked on. For technical reasons, this information may be disclosed to the individual newsletter recipients. However, it is neither our ambition, nor that of the shipping service providers, to observe individual users. The analyses allow us to discover the reading habits of our users and adapt our content to them or allow us to send different content tailored to the interests of our users.

21.8.    Germany: the shipping of newsletters and the measurement of success is done on the basis of the recipients’ consent according to Art. 6(1) lit. a, Art. 7 of the GDPR in conjunction with § 7(2) No. 3 of the UWG, or on the basis of legal permission according to § 7(3) of the UWG.

21.9.    Logging of the subscription procedure is done on the basis of our legitimate interests according to Art. 6(1) lit. f of the GDPR and serves as proof of consent to the receipt of the newsletter.

21.10.  Cancellation/Revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. A link to the cancellation can be found at the bottom of every newsletter. If users were only subscribed to the newsletter and have cancelled their subscription, their personal data will be deleted.

22.       Embedding services and content from third parties

On the basis of our legitimate interests (i.e., interest in analysis, optimisation and economic operation of our website in the meaning of Art. 6(1) lit. f of the GDPR), we use content or service offered by third party providers, to implement their content and services, such as videos and fonts (hereinafter collectively referred to as “content”). This would require the third party providers of this content, to see the IP address of users, as content cannot be sent to the browser without the IP address. For this reason, the IP address is necessary for the presentation of this content. We try to only use content of providers who solely use the IP address for the delivery of content. Third party providers can also use so-called pixel tags (invisible charts, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow for the analysis of information, such as visitor traffic to pages of this website. Furthermore, the pseudonymous information can be stored in cookies on the user’s device and can additionally include technical information about the browser and the operating system, referring webpages, visit time and other information on the use of our website, and can also be connected to such information from other sources.

22.2.    The following description offers an overview of third party providers as well as their content, along with links to their privacy policies, which contain further references to the processing of data and the (in some cases already mentioned) objection possibilities (so-called Opt-out):

  • External fonts by Google, LLC., https://www.google.com/fonts(“Google Fonts”). The embedding of Google Fonts is done by accessing a server at Google (generally in the USA).

Privacy policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated.

  • Maps provided by the “Google Maps” service of third party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Privacy policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated/.

  • Videos of the “YouTube” platform by third party providerGoogle LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Privacy policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated.

  • On our website, we use the marketing functions (so-called “LinkedIn Insight Tag”) of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For every visit to a webpage of ours, that contains LinkedIn functions, a connection is made to the LinkedIn servers. LinkedIn is then informed, that you have visited our webpages with your IP address. By means of the LinkedIn Insight Tag, we can analyse the success of our campaigns within LinkedIn or determine target audiences, based on the interaction of users with our website. If you are registered on LinkedIn, it is possible for LinkedIn to relate your interactions on our website with your user account. Even if you click LinkedIn’s “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to relate your visit to our website and your user account. LinkedIn is certified under the Privacy Shield agreement and through this, provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

Privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

  • In order to improve user experience on our applications, we use the Intercom service by Intercom Inc. to communicate via email and for live chats. We pass on inventory data (email, name, company name), as well as user data on the basis of our legitimate interests (i.e., interest in analysis, optimisation and economic operation of our website in the meaning of Art. 6(1) lit. f of the GDPR).
  • Intercom is certified under the Privacy Shield agreement and through this, provides a guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000TNQvAAO&status=Active
  • We will conclude contracts with Intercom using so-called standard contractual clauses, in which Intercom commits itself to only processing user data in accordance with our instructions and in compliance with the data protection level of the EU.
  • On the basis of Art. 6(1) lit. f of the GDPR, we use the service provider TYPEFORM S.L., with headquarters in Carrer Bac de Roda 163, 08018 Barcelona, for the collection of user answers. Typeform is a tool used to simplify client communication and to create surveys.
  • This page uses the tracking tool known as “Segment”; a web analysis service by Segment.io, Inc., 101 15th St, San Francisco, CA 94103, USA. It allows for the transmission of information about website use to a server of Mixpanel Inc., which is then stored there. The tracking tools described in this privacy policy are summarised by this tool and made available to HQLabs GmbH.