Privacy Policy

Information on privacy measures for yStats.com GmbH & Co. KG online services available from:

www.ystats.com

1.  Basic Information

We are delighted to have you visit our website, and we would like to thank you for your interest. In the following, we would like to inform you about how we handle your personal data when you use our web services, like our website and our online shops. The following information also relates to the use of our websites on mobile devices, e.g. smartphones or tablets. Personal data includes all data which could be used to identify you personally, or which make you identifiable via a username or identification code, such as your IP address.

This Privacy Statement explains the legal basis and the purpose for this collection or processing of your data. We would like to inform you of your rights regarding the use of your personal data. If you have any questions regarding our use of your personal data, please contact us as the responsible entity — Controller under data protection law (for contact details see Clause 2).

For security reasons and to protect the transfer of personal data and other confidential information (e.g., orders or queries sent to Controllers), these online services use SSL or TLS encryption. You can identify an encrypted connection by checking that the letters “https://” and a lock symbol appear in your browser address line.

2. Who we are (Controller for Data Privacy)

The Controller for the processing of data on our online services pursuant to the General Data Protection Regulation (Datenschutz-Grundverordnung — GDPR) is:

yStats.com GmbH & Co. KG,

represented by personally liable partners of yStats.com GmbH & Co. KG:

yStats.com GmbH represented by the managing director:

Yücel Yelken,

Behringstr. 28a,

22765 Hamburg,

Germany
Tel.: +49- (0)40- 39 90 68 50

E-Mail: info@ystats.com

Contact information for our company Data Protection Officer: DataProtection@yStats.com

3. Data collection when accessing our online services

Accessing our web pages (without registration) will result in the automatic anonymised collection of the following data on our servers:

  • masked IP address,
  • access date/ time/ time zone,
  • access status,
  • type of access,
  • type of protocol,
  • type and number of pages accessed on our site,
  • name and size of accessed files,
  • referring website,
  • web browser,
  • operating system.

The listed non-personal data is collected automatically as part of the normal operations of our internet services. The information gathered about the use of our pages is not combined with any personal information provided through the online registration form. We do not have any personal references in our usage data.

We use the above data for the purposes of troubleshooting, generating statistics and measuring website activity with the aim of improving the value and use of our services. As such, we have a legitimate interest to justify the data processing activity pursuant to Article 6 (1) (f) GDPR.

Within our company, our IT Administrator is the only person with access to this data for the purposes listed above. We work with Mondula GmbH, Behringstraße 28a, 22765 Hamburg, Germany to maintain and program our online services and have an agreement with them for the purpose of data processing.

The above data is only collected for the period of use; once the use has ended, the data shall be deleted without delay, after seven days at the latest.

We use cookies and web analysis services to obtain information as soon as your web browser accesses our website. These identifiers enable a range of our website’s service functions and are automatically transferred to the hard drive of your computer or other mobile device via your browser. This function can be deactivated in the settings of your browser. Should cookies be disabled, personalised service will be unavailable. In this case, your anonymised IP address may be transferred to the USA. For more information on the cookies and web analysis tools we use, see the “Use of cookies and tools” section below.

4. Contact

On our pages, we have provided an online form which enables you to make contact with us electronically. The form requires your name, your email address and a box for entering a message to us. We need this data to process your request. You can also choose to provide us with your postal address. Additionally, you can contact us at any time via email. Contacting us is always voluntary.

This data is solely used for the purpose of answering your request or responding to your request for contact, and the technical administration involved. This processing is lawful pursuant to Art. 6 (1) (b) GDPR, as we require the data listed above for the initiation, conduct or termination of a contractual relationship with you.

You request is logged by our internal customer service.

We do not pass on your requests to third-parties or to organisations outside of the EU.

After your request has been processed, we delete your contact information, at the latest, seven days after your request has been dealt with. This period of storage may be subject to statutory storage periods, for example, when your request is in connection with the processing of a contract or a warranty or guarantee. In this case, we store your request beyond seven days only for the purpose of complying with our legal obligations (Art. 6 (1) (c) GDPR). In this case, we delete your data on termination of the statutory storage period (Section 147 (3) Fiscal Code of Germany (Abgabeordnung – AO)), i.e. after a period of 10 years, beginning at the conclusion of the contract. We will delete your data at the end of this retention period without any request to do so on your part.

5. Data processing on registration to open a customer account and for order processing

You may register as a customer on our pages. This data is processed exclusively for the purpose of carrying out the contracts made with you for the use of our online services, or the processing of purchases. This data processing is lawful pursuant to Art. 6 (1) (b) GDPR.

If you have registered with us as a customer, we will store your most recent purchases on your customer account under “Your recent purchases” (Ihre letzten Käufe, i.e., purchase history). You can prevent the storage of your purchase history a priori by selecting “do not save purchase history” or permanently delete it after purchase using “delete purchase history”. We store your purchase history for the purposes of optimising our product range and to make the shopping experience as convenient for you as possible. It helps us to identify those products that are of regular interest for you. We therefore have a legitimate interest for this processing pursuant to Art. 6 (1) (f) GDPR.

Entry of all data is voluntary. You can also order products as a Guest, without registering for a customer account. In order to process your purchase order, we require at least the data marked with an asterisk (*) in the registration form.

Internally, this data can only be accessed by our customer service and marketing department, and the IT department for the purposes of troubleshooting and system maintenance. Our accounting department is only provided with the information required for tax reporting purposes required under law. We work with Mondula GmbH, Behringstraße 28a, 22765 Hamburg to maintain and program our online services and have an agreement with them for the purpose of data processing.

We do not pass on your requests to third-parties or to organisations outside of the EU.

You can delete your customer account at any time. You can delete your account yourself or send a message to the address above requesting deletion.

After processing a Guest contract, or deletion of your customer account, your data is locked under tax and commercial law retention periods and will be deleted after these retention periods have expired unless you expressly permit further use of your data, or we reserve the right to a legally permissible further use of data by our website, of which you shall be informed appropriately. If you are registered with us as a customer, we suppress all information on purchases older than 3 years in your purchase history, and delete it, at the latest, 10 years after the purchase date. You can grant your consent to us to show your purchase history for a period longer than 3 years for a maximum of 10 years. We delete your data at the latest after the statutory 10-year retention period (Section 147 (3) German Tax Code), i.e., after 10 years from the date the purchase was concluded. We will delete your data at the end of this retention period without any request to do so on your part.

6. Working with external service providers for order processing
6.1 Why we use external service providers for order processing

We work with the following service providers to process your order wholly or in part. These service providers support us by carrying out contracts concluded with them, such as payment processing or delivery of our products.

We share your personal data with these service providers only for the purposes of carrying out our contractual obligations to you. This may be for the purposes of processing your payments, or for the purposes of delivering your goods, and we only share the data that is strictly required for that purpose. For payment processing, you can select the nature of payment and the payment service provider yourself. This sharing of data is lawful pursuant to Art. 6 (1) (b) GDPR. Individual service providers are only provided with the data required to provide the service for which they have been contracted. All services providers are obliged to handle your data confidentially.

6.2   Processing of payments by payment services provider

6.2.1    Paypal

Using PayPal, credit card via PayPal, direct debit via PayPal or — where available — “Purchase on account” or “Pay by Instalment” via PayPal we provide your order information to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) for the purposes of processing your payment.

PayPal reserves the right to carry out credit checks for the credit card via PayPal, or – where available – “Purchase on account” or “Pay by Instalment” via PayPal. For this purpose, your payment data may be passed on to credit agencies as PayPal has a legitimate interest in determining your ability to pay in accordance with Art. 6 (1) (f) GDPR. PayPal uses the result of the credit check to determine the statistical probability of non-payment depending on the payment method selected. The credit check may contain probability values (score values), which, where included in the credit check, are based on a scientifically recognised, mathematical-statistical procedure. Among other data, address data are taken into account when calculating the score values. For further information data protection law including the use of credit agencies, please refer to the PayPal data protection information: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

You may object to this processing of your data at any time by contacting PayPal. However, PayPal may still be entitled to process your personal data where this is necessary for processing your payment under the purchase contract.

7. Use of your data for advertising purposes (product recommendations to existing customers/ newsletter / blog subscription)
7.1 Recommending products to existing customers

If you have ordered products from us and provided your email address, we allow ourselves under the law to send you product recommendations for similar products which could be of interest to you, where you have not objected this use during the purchase process. This form of contact will only occur for the purpose of sending product recommendations via email to you as an existing customer. In this, we are pursuing our legitimate interest in sending personalised direct advertising to existing customers. This is consistent with our legitimate interest in direct advertising to existing customers under Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) German Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb – UWG). If you have initially objected to this use of your email address, we will not send this information to you via email. You may withdraw your consent to the use of your email address to receive such messages from us at any time and with future effect. After receipt of your withdrawal of consent, we will cease the use of your email address for this purpose without delay.

7.2 Newsletter / Blog subscription

You can register for our email newsletter on our website. Our newsletter provides regular updates on new items, interesting offers and new promotions and campaigns. To receive our newsletter, you must only provide your email address. You may also choose to provide your name, to allow us to address you personally. We use the double opt-in process for our newsletter subscription. For this purpose, we will send you a confirmation email after we have received your consent to a newsletter subscription. In this email, we will ask you to confirm your subscription via a provided link. You will only receive our newsletter after this (second) activation of the service.

7.3 Consent to newsletter / blog subscription

The address you provided for our newsletter subscription and any other data you provided such as your name will solely be used for the purposes of sending advertisements to you via electronic mail. This sending of electronic advertising is lawful pursuant to Art. 6 (1) (a) GDPR.

You can withdraw your consent to the use of your email to receive newsletters at any time with future effect by sending an email or using our online contact form, or the link provided in the email. After cancellation of this service, we will delete your email address without delay from our distribution list, unless you have expressly consented to another use of your data, or we reserve the right to use your data for lawful purposes and of which you have been informed appropriately.

Your declaration of consent will be recorded electronically for the purposes of verification. You can see your declarations of consent at any time online in your account. On registration for the newsletter we also store the IP address provided by your Internet Service Provider (ISP) as well as the date and time of your subscription to trace any potential misuse of your email address at a later date.

If you have not consented to the newsletter subscription or withdrawn said consent, you will only receive electronic mail from us in connection with the processing of orders you have placed with us.

7.4  Service providers for sending electronic advertising

Product recommendations and our newsletter are sent via email using the services provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (“MailChimp”). This service provider acts strictly on our instructions on our behalf, and for this purpose, your email address and your name where provided, will be passed on to it.

MailChimp, acting on our behalf, will only use this information for the purposes of delivery and for the statistical assessment of the newsletter. For the purposes of this assessment, the emails contain web beacons or tracking pixels. This allows us to ascertain whether a newsletter has been opened, and which links you may have clicked. Using conversion tracking, we can then also analyse whether a certain action (e.g. the purchase of a product on our online pages) has taken place after clicking the link in the newsletter. Additionally, we collect further technical information, namely the time of access, the masked IP address, browser type and operating system. This technical information is exclusively collected in an anonymised form and is not linked to your personal data or your customer account, making it impossible for us to link that information back to you. The data is only utilised for statistical analysis of our newsletter campaigns. The results of this analysis assist us in adapting our newsletter to make future offers better suit our customers’ interests. This analysis is lawful pursuant to Art. 6 (1) (f) GDPR as a legitimate interest in the optimisation and adaptation of our newsletter to better meet demand.

If you wish to reject the use of this data for analytical purposes, you must unsubscribe from the newsletter.

We have entered into a Data Processing Agreement with MailChimp for the above purpose, which obliges MailChimp to protect our customers’ data and to not disclose that data to third parties.

You can read MailChimp’s Privacy Policy here: https://mailchimp.com/legal/privacy/.

We store your email address and name if provided along with the declaration of consent for newsletter deliver for the period of your subscription, or until you withdraw your consent (cancel subscription).

There is no automated decision making or profiling.

Mailchimp is certified with the US Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

However, the European Court of Justice found that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgement of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II).

Mailchimp does offer a GDPR Data Processing Addendum for each customer that contains the standard data protection clauses (Data Processing Addendum). In addition to this, further data protection guarantees are required according to the European Court of Justice, which are currently not yet available.

8.Use of cookies and tools
8.1 What are cookies?

To improve the look of our website and to enable certain functions, we use cookies on various pages. Cookies are small text files that are stored on your device. These text files are used for the temporary storage of information. Your browser stores cookies in the form of a readable text file once you access our site. If you are registered with us, cookies help us to recognise you, your device (computer, tablet or smart phone) the next time you access one of our pages. Some cookies may contain personal data.

8.2 What cookies do we use?

According to function, we classify our cookies as Required, Functional, Analysis & Statistics, and Advertising and Marketing. Some of the cookies we use are required for you to use our web pages (so called session cookies). If you disable this cookie, our pages may not be accessed. The authentication cookie provides you with access to the log-in page. Without this cookie, you cannot register or access the log-in page. These session cookies will be deleted when you close your browser.

Other cookies remain on your device and allow us and our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a certain period of time, which differs from cookie to cookie. For advertising purposes, we use a retargeting cookie which allows us to show you interesting offers, even outside of our web pages. For more information, see the following overview of cookies used.

8.3 What is the purpose and the legal basis for using cookies?

Most of the cookies we use do not store any information that can identify you personally or that makes you identifiable. Rather, these cookies provide us with general and anonymised information regarding the use of our websites, the pages that are visited, the browsers and operating systems used and the cities our visitors are located. We only collect masked IP addresses which make it impossible to recognise individual users or be assigned to any one individual.

Some of these cookies make the ordering process easier, by saving specific website settings (e.g. noting the content(s) of a virtual shopping basket for a subsequent visit to the website). Where our cookies do process personal data, this processing is done in accordance with Art. 6 (1) (b) GDPR to fulfil our contract with you.

Any cookies we collect are for the purposes of gathering information for improving the functioning and content of our online services. These functional cookies serve a legitimate interest (Art. 6 (1) (f) GDPR) as they enable the technical adaptation of our service and make it easier for you to use our pages. We also use cookies to measure the success of our online marketing. Using statistical data, we can also identify disruptions and understand cost calculations for advertising media. We only understand this processing when you have granted us consent for the use of these cookies for analysis and statistics or for advertising and marketing (Art. 6 (1) (a) GDPR). You may withdraw your consent at any time with future effect. The processing of your data remains lawful until your consent is withdrawn.

Click here  to review or change your Cookie settings for our website.

8.4 How to disable cookies

You can set your browser to inform you about the setting of cookies and whether you wish to accept cookies individually, or to accept specific kinds of cookies, or to disable all cookies. Each browser is different in the way it administers its cookie settings. The Help menu of your browser provides information on how to change your cookie settings. You can find this information for your browser using the links below:

Alternatively, the Digital Advertising Alliance provide information on cookies and settings at www.aboutads.info.

8.5 Do we use cookies from third parties?

We sometimes work with web partners who help us to make our web pages more interesting for you. For this purpose, when you access some of our pages online, cookies from our partner companies may also be stored in your device (Third-party Cookies). This section provides more information regarding the use of these kinds of cookies, their scope, and the data they collect.

We use some cookies or tools because they are necessary for us to provide you with our online services. In this case, the legal basis for the processing is the user agreement concluded with you (Art. 6 Para. 1 Letter b GDPR) or our legitimate interest, provided that no conflicting interests are discernible, and no contradiction exists (Art. 6 Para. 1 Letter f GDPR). We use all other cookies exclusively on the basis of your consent (Art. 6 para. 1 letter a GDPR).

The third-party cookies used by us partially lead to data processing in the USA. In this case, too, we only use cookies with your consent (Art. 6 para. 1 letter a GDPR). Although these providers (e.g. Google, Facebook) have undertaken to comply with the data protection provisions of the EU-US data protection shield, the legal framework governing the transatlantic transmission of data which the European Commission and the United States have agreed (COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176)). These providers are also registered with the “Privacy Shield” Program of the U.S. Department of Commerce. However, the European Court of Justice has declared this agreement invalid and found that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgment of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II). US legislation gives various security authorities unlimited powers of surveillance, including the use of surveillance programmes that enable the mass collection and analysis of data. US providers are obliged under national law to grant the security authorities access to the data processed by them, even if the data is processed by a foreign company. If consent is granted, there is a risk that the data collected via cookies will become part of the mass surveillance in the USA. There is no legal remedy or efficient legal proceedings available in the USA against such surveillance.

8.6  Cookie overview

Below is an overview of the cookies used by us:

Type of CookieCookie

NameDescriptionDurationRequired Cookies    ???Saves your consent/rejection of optional cookies??? paypalplus_session_v2Paypal: This cookie is set when the PayPal payment method is selected and is required for this payment method.Session woocommerce_cart_hash, woocommerce_items_in_cartWoocommerce: Necessary for the shopping cart functionality on the website to remember the selected products.Session wp_woocommerce_session_xxxWoocommerce: One time per customer code to allow storing and retrieving the shopping cart in the database.2 days wordpress_logged_in_xxxWordPress: Cookie for logged in users to save the user session.14 days wordpress_sec_xxxWordPress: Cookie for logged-in users to recognize the user’s language so that the website is displayed in the correct language.14 days wordpress_test_cookieWordPress: Checks if the browser accepts cookies.SessionFunction    woocommerce_recently_viewedWoocommerce: This cookie is responsible for the functioning of the WooCommerce widget that displays the last viewed products.SessionAnalysis & Statistics    _gaGoogle analysis tool, that provides website and app operators with insight on their interactions with users, compiles website use statistics.2 years _gidGoogle Cookie: This cookie is used to collect user behaviour for each user.1 day mailchimp_landing_siteMailchimp: This cookies is used for general ecommerce customer tracking to log which page the user visited when they entered our website.2 months hubspotutkHubspot: This cookie tracks the ID of a visitor. This cookie is passed to HubSpot software when a form is submitted and is used when de-duplicating contacts. It contains an opaque GUID to represent the current visitor.2 years     __hssc

Hubspot: This cookie is used to determine if the HubSpot software needs to increment the session count and timestamps in the __hstc cookie.

It contains the domain, the number of page views (viewCount, increases with each page view [pageView] in a session), and the session start timestamp.

1 hour     __hssrcHubspot: Whenever the HubSpot software changes the session cookie, this cookie is also set. This determines whether the visitor has restarted the browser.Session __hstcHubspot: This cookie contains the domain, the user token (utk), the first timestamp (of the first visit), the last timestamp (of the last visit), the current timestamp (for this visit) and the session number (increases with each subsequent session).13 monthsuncategorized    PHPSESSID  

8.7 Web analysis services

8.7.1    Google Analytics (cookie name: _ga, _gid)

We use online services provided by the web analysis service Google Analytics. Google Analytics is a service offered in the EU and EEA by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies that are stored on your computer to analyse the use of our online web presence.

The information collected by the cookie regarding your use of our online web presence (including your masked IP address) is transferred to and stored in a Google server in the USA. Google uses this information to evaluate the use of our website to prepare reports about the activities in our online presence and provide us with additional services associated with that use. The IP address provided by your browser as part of the Google Analytics service is not added to any other Google data.

We use Google Analytics in our online presence for web analysis purposes exclusively with an add-on that provides an “anonymise IP” function. This setting ensures that Google Analytics erases the last part of your IP address. This anonymisation of your IP address removes any direct trace of you personally. When using this feature, Google masks your IP address within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transferring that information outside of the EU. The full IP address will only be sent to a Google server for masking in the USA in exceptional cases. In this way, we do not receive data that provides us with a way to identify you personally.

We also use the Universal Analytics function with Google Analytics. Universal Analytics allows us to analyse the use of our online services across devices (e.g. access via a laptop and then later from a tablet). As a user, you will be given a pseudonymous User ID on registration, when you access our site from another device. This is how the system recognises your User ID when you access our site from another device. We do not allocate any names to the User ID. We do not provide Google with any personal data. Privacy measures such as IP masking and Browser Add-ons are not restricted by the use of the Universal Analytics function.

You can prevent the installation of cookies using the settings in your browser software. You can also prevent the collection and processing of the data created by the use of cookies and related to your use of our online services (including your IP address) by Google by downloading and installing the browser plugin available at: https://support.google.com/analytics/answer/181881?hl=en

This will prevent all future collection of data by Google Analytics within our web pages. This opt-out cookie only works in this browser and only for this domain.

If you undertake any of the above cookie deactivation measures, you may not be able to use all the functions of our website to their full extent.

For more information regarding how Google Analytics deals with user information, please refer to Google’s Privacy Statement: https://policies.google.com/privacy?hl=en

8.8 Retargeting / Remarketing / Referral Advertising

8.8.1    Google Ad Manager

Google Ad Manager is a platform for displaying all advertising formats. This service is operated in the EU, the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4., Ireland and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The Ad Manager uses cookies to show you advertising that may be relevant to you. It does this by assigning a pseudonymous identification number (ID) to your browser, to check which advertisements are being displayed in your browser, and which have been viewed. The cookies do not contain any personal information. The use of Ad Manager allows Google and its partner websites only to control the display of advertisements based on previous visits to our online product range or other websites on the internet.

Google Ad Manager allows us to design advertisements that are interactive, dynamic, and in a range of formats (e.g., video or individual), and to administer and evaluate them. Ad Manager cookies allow Google to recognise your browser. We receive the information that someone clicked on an advertisement and was sent to our site. For our part, we do not collect or process any personal data in those advertising measures. Google only provides us with statistical valuations on our campaigns. Using these valuations, we can see which of our advertising measures are the most successful. We do not receive any further data on the use of our advertising, and we are not able to identify the user on the basis of this information.

The information generated by the cookies is sent to a Google server in the USA and stored and used for evaluation. Google is only permitted to share this information with third parties when required by law or under the framework of a data processing commission. Google will not under any circumstances combine this data with other data collected by Google.

You can prevent Ad Manager from collecting data by:

If you undertake any of the above cookie deactivation measures, you may not be able to use all the functions of our website to their full extent.

8.8.2    Google Tag Manager

We use Google Tag Manager in our online services for the purpose of providing a personalised, interesting, and locally relevant online advertising. This service is operated in the EU, the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4., Ireland and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager allows us to administer website tags using a single interface. Although we use cookies for this, we do not collect any personal data. The Tag Manager was specially developed for retailers and is a system with which elements (tags) from Google and other providers can be marked and administered. In this way, data may be sent to cookies or other tools. Tags can be used for conversion tracking, web site analysis, and other purposes.

More information on Google Tag Manager is available at: https://www.google.com/analytics/terms/tag-manager/

Further information and the Google Privacy Policy are available at: http://www.google.com/policies/technologies/ads/ and https://policies.google.com/privacy?gl=en&hl=en.

8.8.3    Google Ads Remarketing

Our online services use the Google Ads remarketing function, which allows to advertise our online services in Google search results and on third-party websites. This service is operated in the EU, the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4., Ireland and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have embedded a pixel (a snippet of code, also known as a remarketing tag) in our online presence, which Google uses to set a cookie in the browser of your end device. This cookie allows us to show you advertising based on your interests. It does this by generating a pseudonymous cookie ID and analysing the web pages you have visited.

Further data processing only occurs if you have consented to Google linking your web and app browsing history with your Google account and using information from your Google account to personalise the advertisements you see on the internet. Information on the integration of user consent is available at: http://www.google.com/about/company/user-consent-policy.html

If you are logged into Google during a visit to our website, Google will use your data together with Google Analytics data to compile and define target group lists for cross-device remarketing. Google will temporarily link your personal data with data from Google Analytics to form target groups. More information is available at: https://policies.google.com/technologies/ads?hl=en und https://support.google.com/google-ads/answer/7664943?hl=en&ref_topic=3122875.

You can permanently deactivate cookies for interest-based advertising by downloading and installing the plugin for your browser available fromhttps://support.google.com/ads/answer/7395996.

Alternatively, the Digital Advertising Alliance provide information on cookies and settings at www.aboutads.info. You can set your browser to inform you about the setting of cookies and whether you wish to accept cookies individually, or to accept specific kinds of cookies, or to disable all cookies. You can also set your browser to automatically delete cookies at the end of each session.

8.8.4    Use of Google Ads Conversion Tracking

Our online services use the online advertising program “Google Ads” and the conversion tracking it provides. Conversion tracking is a free tool from Google which measures interaction or transactions related to our advertising. For example, using the tool, we can evaluate whether users subscribe to our newsletter or how often clicks on our advertisements have led to activity on our web pages (e.g., registration). That way, we can identify which actions should be evaluated (i.e., conversions).

Technically, conversion tracking works via the conversion tracking code (the “tag”) integrated into our online services. Click rate data for our advertisements is collected using cookies.

Conversion tracking is set as a cookie when you, as a user, click on an advertisement displayed on Google. Normally, this cookie becomes invalid after 30 days, and is only used for anonymised identification. If you visit specific pages within our online presence as a user before the cookie becomes invalid, we and Google can tell that you originally clicked on an advertisement and were thus re-directed to our online services.

Google shares specific (customer specific) cookies with us as an Ads customer. As an Ads customer, we cannot track individuals using the cookies on our website. Instead, we receive statistical analyses from Google on the information that Google collected using the conversion cookies. This only tells us the number of users who clicked on our Ads advertisements and who were directed to our pages marked with conversion tracking tags. This statistical analysis does not contain any information that could identify you as an individual.

If you do not wish to participate in conversion tracking or wish to permanently disable personalisation cookies, you can use the settings in your internet browser. Alternatively, you can also download and install the plug-in for your browser available at: http://www.google.com/settings/ads/plugin?hl=en. Your user behaviour will then not be recorded in the conversion tracking statistics. Deactivating conversion tracking or cookies for personalised advertising may result however in limitations to the functioning of our online services.

Use of conversion tracking may result in Google processing your data on servers located in the USA. The principles of the EU-US Privacy Shield apply.

More information on Google’s privacy terms and conditions are available at: https://policies.google.com/privacy?hl-en-US

8.8.5    CRM Hubspot

We use the marketing and CRM service Hubspot by HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA, on our website.

This service enables us to provide email marketing, social media publishing & reporting, re-porting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.

The following data may be collected and processed by Hubspot for the purpose of marketing measures and promotional communication with you:

  • Browser type
  • Navigation information
  • Referral URL
  • Performance data
  • Information about how often the application is used
  • Mobile apps data
  • HubSpot subscription service credentials
  • Files that are displayed on site
  • Domain names
  • Pages viewed
  • Aggregated usage
  • Operating system version
  • Internet service provider
  • IP address
  • Device identifier
  • Duration of visit
  • Where the application was downloaded from
  • Operating system
  • Events that occur within the application
  • Access times
  • Clickstream data
  • Device model and version

Hubspot is certified under the EU-US Privacy Shield, but this does not provide an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active

We have entered into an order processing agreement and the EU standard contractual clauses with Hubspot. These contracts can be viewed at: https://legal.hubspot.com/dpa.

Your data will only be transferred to Hubspot with your consent (Art. 6 para. 1 letter a GDPR).

The data will be deleted when you delete your customer account with us. This period of storage may be subject to statutory storage periods, for example, when your request is in connection with the processing of a contract or a warranty or guarantee. In this case, we store your request beyond the deletion of your account only for the purpose of complying with our legal obligations (Art. 6 (1) (c) GDPR). In this case, we delete your data on termination of the statutory storage period (Section 147 (3) Fiscal Code of Germany (Abgabeordnung – AO)), i.e. after a period of 10 years, beginning at the conclusion of the contract. We will delete your data at the end of this retention period without any request to do so on your part.

You can find more information on the processing of user data at Hubspot in the privacy policy: https://legal.hubspot.com/privacy-policy

8.8.6    Woocommerce

For the online store of our website we use the software Woocommerce by WooCommerce Ireland Ltd, Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland. This company is a subsidiary of WooCommerce, Inc., 60 29th Street #343, San Francisco, CA 94110, USA, whose parent company is Automattic Inc. at the same location (“Woocommerce”).

Woocommerce is a local WordPress plugin and your data is only stored on the server of our website. However, a data transfer to the provider Automattic Inc. in the USA cannot be completely ruled out, especially in the event of a problem being resolved. Nevertheless, we ensure that such a data transfer does not take place.

We use your data exclusively to offer you our services in the online store. The legal basis for the data collection is the contract concluded with you via the online store (Art. 6 para. 1 letter b GDPR). This involves the following personal data:

  • Products that have been ordered
  • Time of the order
  • Name, e-mail address and telephone number provided by the customer
  • Billing address (and optionally: delivery address) provided by the customer
  • An indication of the payment method used by the customer.

The data will be deleted when you delete your customer account with us. This storage period may be opposed by legal retention periods. In this case, we store your data beyond the deletion of your account only for the purpose of complying with our legal obligations (Art. 6 (1) (c) GDPR). In this case, we delete your data on termination of the statutory storage period (Section 147 (3) Fiscal Code of Germany (Abgabeordnung – AO)), i.e. after a period of 10 years, beginning at the conclusion of the contract. We will delete your data at the end of this retention period without any request to do so on your part.

Automattic Inc. is certified under the EU-US Privacy Shield, but this does not provide an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active

WooCommerce Ireland Ltd. has entered into a contract with the affiliated US companies WooCommerce, Inc. and Automattic, Inc. in accordance with the EU’s standard contractual clauses.

The privacy policy of Automattic Inc. can be found here: https://automattic.com/privacy/ and https://automattic.com/de/privacy/ respectively.

Further information on data protection at WooCommerce can be found here: https://woocommerce.com/de-de/posts/the-gdpr-and-you-the-woocommerce-store-owner/ and https://woocommerce.com/de-de/blog/getting-ready-for-gdpr/

9.  Integration of social media and other services

On our website we refer to our profiles in social networks. You can only access these profiles via our online offer if you give your consent to access our profiles (Art. 6 para. 1 letter a GDPR). These social network providers (e.g. Google, Facebook) have undertaken to comply with the data protection provisions of the EU-US data protection shield, the legal framework governing the transatlantic transmission of data which the European Commission and the United States have agreed (COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176)). These providers are also registered with the “Privacy Shield” Program of the U.S. Department of Commerce. However, the European Court of Justice has declared this agreement invalid and found that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgment of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II). US legislation gives various security authorities unlimited powers of surveillance, including the use of surveillance programmes that enable the mass collection and analysis of data. US providers are obliged under national law to grant the security authorities access to the data processed by them, even if the data is processed by a foreign company. If consent is granted, there is a risk that the data collected through social media and other services will become part of the mass surveillance in the USA. There is no legal remedy or efficient legal proceedings available in the USA against such surveillance.

9.1 Integration of YouTube videos

We have integrated YouTube videos into our web pages that can be played on YouTube directly from our web pages. This uses the “expanded privacy mode” which only allows YouTube access to your data when you play the video. The transmission of your data to YouTube will therefore only take place with your consent (Art. 6 para. 1 letter a GDPR).

YouTube is a service operated in the EU, the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4., Ireland and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We have integrated YouTube on our website in a way, that only results in your data being provided to Google, when you give your consent, using the consent declaration that we have provided.

Once you have given your consent, or if you have browsed to a video on YouTube itself (e.g., in our YouTube channel), your data may be sent to a Google server in the USA and stored there. Google uses this data to evaluate your use of our videos on YouTube, to create anonymised reports about the videos watched and to offer video-use related services to us. We have an agreement with Google between our respective Controllers (Art. 26 GDPR) for the use of our YouTube channel. In it, we have committed ourselves to informing you about the processing of data when using our YouTube channel.

More information on data protection for the Google service “YouTube” is available in the provider’s Privacy Statement at: https://policies.google.com/privacy?hl=en&gl=en

9.2 Social media presence and use of social media icons on our pages

We do not use social plug-ins as active buttons on our website. We only use icons to refer to our presence in the following social networks:

  • Facebook: Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
  • Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland;
  • Pinterest: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland..
  • YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  • LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
  • Slideshare / Scribd: Scribd Inc., 460 Bryant Street, #100, San Francisco, CA, 94107-2594, USA

We only display the social media icons on our pages, and they are not activated. To ensure your privacy, we have implemented a solution which only sends the address of our servers to these services and not your IP address should you click and activate a social media plug-in.

If you click on an icon on our pages, this indicates your consent to connect with these third parties via a separate tab in your browser, and allows these third-parties to follow your visit to our pages. If you are a member of a social network, you can share the content of our web pages with other members of that social media network by clicking the button.

Your data may be processed outside of the EU if you are a member of a social network or when you visit or call up one of our social media pages. This may carry risks, for example, by making it harder for you to enforce your rights.

When you call up a social work, cookies are generally set to collect data on your user behaviour which is then stored in your end device. As long as you have a user account on any network, and are logged in, your user behaviour can be saved to your user account. The social networks may use this user behaviour information for market research and advertising purposes. This may result in your being advertisements both inside and outside of your social networks. We have no influence over this.

We have no influence over the personal data collected and stored by social networks. We receive evaluations of user behaviour from the social media sites listed above and may use this to send relevant advertising to users. If users interact with our social media pages and are logged into a user account, we can also recognise the user profile and see the content of comments or postings on our page. The processing of this data is carried out in joint responsibility with the provider of the social network in question. We have concluded an agreement with the individual providers of our social media pages on joint responsibility for the evaluation of data collected in connection with our social media pages (Art. 26 GDPR). In it, we have committed ourselves to providing you with this privacy information. More information is available from the privacy policies of the individual social networks. You may also exercise the rights to which you are entitled against us. However, as the social network provider stores and evaluates your data, they are able to more comprehensively fulfil your rights.

9.3 Facebook fanpage

Description of purpose and legal basis of data processing

In addition to our company website, we also operate a Facebook page (“Fanpage”). This can be found at https://de-de.facebook.com/ystats/. We use this page to introduce our company, provide information on our products and services, and to communicate with customers and interested parties.

We only process personal data when you interact with our Facebook page, e.g. if you leave a comment, click a Like button or send us a message. This use is lawful pursuant to either your consent (Art. 6 (1) (a) GDPR) or due to our legitimate interest in providing tailored marketing to our customers (Art. 6 (1) (f) GDPR). This includes for example, showing our current range, you send us a query in relation to a contract, or if you like or comment on one of our posts, or if you upload content to our Facebook page.

Analysis of user activity

We analyse all access and interactions on our Facebook page. Facebook creates user profiles for this purpose, but only provides us with anonymised data in this regard. This involves aggregate data which provides us with insights of how users interact with our Facebook page.

Use of the data by Facebook:

When using and accessing our Facebook page, your personal data is processed by both the Ireland based company, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, as well as the USA based Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 (hereinafter referred to as “Facebook”). In addition to the processing described above, Facebook processes your personal data for analysis and advertising purposes, including personalised advertising. To the extent of our knowledge, Facebook also uses cookies that are stored in your end device (also across end devices). This allows Facebook to use targeted advertising within its own platform, as well as on third-party sites. Facebook creates identifiable user profiles on the basis of valid consent pursuant to Art. 6 (1) (a) GDPR. For more information, see the Facebook privacy policy: https://www.facebook.com/about/privacy/.

Facebook only transfers user data to countries which have been granted an Adequacy Decision by the European Commission pursuant to Art. 45 GDPR or based on guarantees offered pursuant to Art. 46 GDPR. Facebook Inc. and all its affiliated companies are certified under the EU-US Privacy Shield but this alone does not provide an appropriate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Withdrawal of consent and right to object

You may revoke your consent at any time with future effect. The legality of any processing that has occurred prior to the revocation of your consent remains unaffected. You may delete a comment or uploaded material yourself at any time.

Facebook offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://www.facebook.com/policies/cookies/ and for registered users at https://www.facebook.com/settings?tab=ads.

9.4

We operate a social media presence on https://twitter.com/ystats, which we use to present photographs and posts related to our company, provide information on our services, and to communicate with customers. When using or accessing our Twitter page, user data are also processed by the USA based company Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 , USA (hereinafter referred to as “Twitter”). Twitter also offers a system for distributing advertising on Twitter at https://ads.twitter.com/.

We analyse all access and interactions on our Twitter page. Twitter creates user profiles for this purpose, but only provides us with anonymised data under https://analytics.twitter.com/. This involves aggregate data which provides us with insights of how users interact with our Twitter page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with Twitter to provide this insight service. For this reason, we have concluded an agreement between our respective Controllers.

Our Twitter page can be accessed whether or not you have a Twitter user account. We only process personal data when you interact with our Twitter page, e.g. if you leave a comment, click a Like button or send us a message. We do not provide these data to third parties. More information on privacy and data protection at Twitter: https://twitter.com/privacy.

Within the EU, this data processing is lawful as per your consent (Art. 6 (1) (a) GDPR). Twitter users may withdraw consent for publishing their comment or Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.

Twitter offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://twitter.com/personalization.

Twitter users can influence the extent to which their user behaviour may be recorded on our Twitter page at https://twitter.com/personalization. You can also personalise the relevant settings.

You can also use the settings in your browser to prevent the processing of your data using Twitter cookies.

Twitter Inc. participates in the EU-US Privacy Shield but this alone does not provide an appropriate level of data protection:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

9.5 Pinterest

We operate a social media presence on https://www.pinterest.de/ystats/, which we use to present pins (photographs, links, and text) provide information on our services, and to communicate with customers. Pinterest is a service operated in the EU by Pinterest Europe Ldt., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, in the USA by Pinterest Inc., 505 Brannan Street, Suite 900, San Francisco, CA 94107,USA (hereinafter referred to as “Pinterest”). Pinterest also offers a system for distributing advertising on Pinterest at https://ads.pinterest.com/ .

We analyse all access and interactions on our Pinterest page. Pinterest creates user profiles for this purpose, but only provides us with anonymised data in this regard under https://analytics.pinterest.com/, known as Audience Insights. This involves aggregate data which provides us with insights of how users interact with our Pinterest page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with Pinterest to provide this Audience Insights service. For this reason, we have concluded an agreement between our respective Controllers.

Our Pinterest page can be accessed whether or not you have a Pinterest user account. We only process personal data when you interact with our Pinterest page, e.g. if you leave a comment, click a Like button, re-pin our pin, or send us a message. We do not provide these data to third parties. The Pinterest data protection provisions apply: https://policy.pinterest.com/privacy-policy.

Within the EU, this data processing is lawful as per your consent (Art. 6 (1) (a) GDPR). Pinterest users may withdraw consent on publishing their comment, Like, or pin at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.

Pinterest offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://www.pinterest.com/settings/privacy/ .

Pinterest users can influence the extent to which their user behaviour on our Pinterest page may be recorded at https://www.pinterest.com/settings/privacy/.

You can also use the settings in your browser to prevent the processing of your data using Pinterest cookies.

9.6 LinkedIn

We operate a social media presence at https://www.linkedin.com/company/ystats, where we present photos and posts about our company, provide information on our services, publish job advertisements and communicate with customers. When using and accessing our LinkedIn site, your personal data is processed by both LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, based in Ireland, and LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, based in the USA (hereinafter “LinkedIn”).

In addition to the processing described above, LinkedIn processes your personal data for analysis and advertising purposes, including personalised advertising.

We analyse all access and interactions on our LinkedIn page. LinkedIn creates user profiles for this purpose, but only provides us with anonymised data in this regard. This involves aggregated data which provides us with insights of how users interact with our LinkedIn page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with LinkedIn to provide this insight service. For this reason, we have concluded an agreement with Facebook between our respective Controllers (Art. 26 GDPR).

Our LinkedIn page can be accessed whether or not you have an LinkedIn user account. We only process personal data when you interact with our LinkedIn page, e.g. if you leave a comment, click a Like button or send us a message. We do not provide this data to other third parties. The LinkedIn Terms of Use are available at: https://ch.linkedin.com/legal/user-agreement?trk=hb_ft_userag

This use is lawful pursuant to either your consent (Art. 6 (1) (a) GDPR) or due to our legitimate interest in providing tailored marketing to our customers (Art. 6 (1) (f) GDPR). LinkedIn users may withdraw consent on publishing their comment or Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.

LinkedIn offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy.

LinkedIn users can influence the extent to which their user behaviour may be recorded on our LinkedIn page at https://www.linkedin.com/psettings/advertisin.

You can also use the settings in your browser to prevent the processing your data using LinkedIn cookies.

To the best of our knowledge, LinkedIn only transfers user data to countries which have been granted an Adequacy Decision by the European Commission pursuant to Art. 45 GDPR or based on guarantees offered pursuant to Art. 46 GDPR. The LinkedIn Corporation and all its affiliated companies are certified under the EU-US Privacy Shield but this alone does not provide an appropriate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

9.7  Xing

We operate a social media presence at https://www.xing.com/pages/ystats-comgmbh-co-kg, where we present photos and posts about our company, provide information about our services, publish job advertisements and communicate with customers. When using and accessing our Xing site, your personal data is also processed by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereafter “Xing”). Xing enables a system in which Xing distributes advertising via its network.

We analyse all access and interactions on our Xing page. Xing creates user profiles for this purpose, but only provides us with anonymised data in this regard. This involves aggregated data which provides us with insights of how users interact with our Xing page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with Xing to provide this insight service. For this reason, we have concluded an agreement with Facebook between our respective Controllers (Art. 26 GDPR).

Our Xing page can be accessed whether or not you have an Xing user account. We only process personal data when you interact with our Xing page, e.g. if you leave a comment, click a Like button or send us a message. We do not provide this data to other third parties. The Xing Terms of Use are available at:  https://www.xing.com/terms are also applicable.

This use is lawful pursuant to either your consent (Art. 6 (1) (a) GDPR) or due to our legitimate interest in providing tailored marketing to our customers (Art. 6 (1) (f) GDPR). Xing users may withdraw consent on publishing their comment or Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.

Xing offers the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://privacy.xing.com/de/datenschutzerklaerung/druckversion.

Xing users can influence the extent to which their user behaviour may be recorded on our Xing page at https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/determination-of-statistics/tracking-in-embedded-external-content and https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/measurement-and-optimisation-of-advertising.

You can also use the settings in your browser to prevent the processing your data using Xing cookies.

To the best of our knowledge, Xing uses service providers located in the USA to provide its services. The European Court of Justice has determined that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgment of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II).

There is a risk that regulatory authorities will access and evaluate that data on a mass scale. There are no legal remedies or efficient legal proceedings available in the USA against such surveillance.

9.8 SlideShare

We operate a social media presence at https://www.slideshare.net/ystats, which we use to present presentations, documents and infographics about our company and our services. When using and accessing our SlideShare page, user data is also processed by Scribd Inc., 460 Bryant Street, #100, San Francisco, CA, 94107-2594, USA (hereinafter “SlideShare”).

We analyze all access and interactions on our SlideShare page (SlideShare Analytics). For this purpose, SlideShare creates usage profiles, but only provides us with anonymous data, so-called visitor and subscriber statistics. These are aggregated data that provide us with information about how users’ interaction with our SlideShare site. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with SlideShare. For this reason, we have concluded an agreement between our respective Controllers

You can access our SlideShare page regardless of whether or not you have a user account with SlideShare. In doing so, we process your personal data when you interact with our SlideShare page, e.g. click a Like button. We do not share the data with other third parties. The terms of use of SlideShare at: https://de.slideshare.net/terms are also applicable.

The legal basis for this data processing is, depending on the nature of your activity, your consent (Art. 6 para. 1 letter a GDPR). Users of SlideShare can withdraw consent on publishing their Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.

The European Court of Justice has determined that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgment of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II). In addition to the standard contractual clauses further data protection guarantees are required, which are not yet currently available.

There is a risk that regulatory authorities will access and evaluate that data on a mass scale. There are no legal remedies or efficient legal proceedings available in the USA against such surveillance.

SlideShare’s privacy policy can be found at: https://de.slideshare.net/privacy

SlideShare also uses Google Analytics and Google Analytics Demographics and Interest Reporting to collect information about visitor behavior and visitor demographics for some of its services and to develop website content. This analytics data is not tied to any personal information. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can disable the collection and processing of data by Google generated by the use of the Services at http://tools.google.com/dlpage/gaoptout.

9.9 Scribd

We operate a social media site at http://www.scribd.com/yStats_com, through which we present documents / PDF files relating to our company and our services. When using and accessing our Scribd page, user data is also processed by Scribd Inc., 460 Bryant Street, #100, San Francisco, CA, 94107-2594, USA (hereinafter “Scribd”).

We analyze all access and interactions on our Scribd page (Scribd Analytics). For this purpose, Scribd creates usage profiles, but only provides us with anonymous data, so-called visitor and subscriber statistics. These are aggregated data that provide us with information about how users’ interaction with our Scribd site. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with Scribd. For this reason, we have concluded an agreement between our respective Controllers

You can access our Scribd page regardless of whether or not you have a user account with Scribd. In doing so, we process your personal data when you interact with our Scribd page, e.g. click a Like button. We do not share the data with other third parties. The terms of use of Scribd at: https://de.Scribd.net/terms are also applicable.

The legal basis for this data processing is, depending on the nature of your activity, your consent (Art. 6 para. 1 letter a GDPR). Users of Scribd can withdraw consent on publishing their Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.

The European Court of Justice has determined that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgment of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II). In addition to the standard contractual clauses further data protection guarantees are required, which are not yet currently available.

There is a risk that regulatory authorities will access and evaluate that data on a mass scale. There are no legal remedies or efficient legal proceedings available in the USA against such surveillance.

Scribd’s privacy policy can be found at: https://support.scribd.com/hc/de/articles/210129366-Datenschutzrichtlinie

Scribd also uses Google Analytics and Google Analytics Demographics and Interest Reporting to collect information about visitor behavior and visitor demographics for some of its services and to develop website content. This analytics data is not tied to any personal information. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can disable the collection and processing of data by Google generated by the use of the Services at http://tools.google.com/dlpage/gaoptout.

9.10 Zendesk

We use a chat widget by Zendesk Inc., 989 Market St, San Francisco, CA 94103, USA (“Zendesk”) to process user requests quickly and efficiently. We only use this service with your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time with effect for the future, e.g. by e-mail. The revocation does not affect the lawfulness of the processing carried out until then on the basis of the consent.

After giving your consent, you can use the chat like a contact form to chat with our employees in real time. When starting the chat, the following personal data may be processed:

  • Date and time of the call,
  • browser type/version,
  • IP address,
  • operating system used,
  • URL of the previously visited website,
  • amount of data sent.
  • As well as: Name und E-Mail-Adresse.

The data you voluntarily enter there will be processed by us in accordance with Art. 6 (1) p. 1 lit. b GDPR for the purpose of responding to the inquiry in the context of contract processing.

Depending on the course of the conversation with our employees, further personal data may be collected during the chat that you provide to us. The nature of this data depends largely on your inquiry or the problem you describe to us. The purpose of processing this data is to provide you with a quick and efficient way to contact us and thus improve our customer service.

We store your data only until the completion of your request. After that, your data will be deleted.

For more information, please see Zendesk’s privacy policy: https://www.zendesk.de/company/agreements-and-terms/privacy-policy/

Zendesk is certified with the US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active

However, the European Court of Justice found that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgement of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II).

Zendesk offers a GDPR Data Processing Addendum for each customer that includes the standard data protection clauses (Data Processing Addendum). In addition to this, further data protection guarantees are required according to the case law of the European Court of Justice, which are currently not yet available.

10. Your rights as a data subject

Please read the following information about your rights as a data subject regarding the processing of your personal data.

10.1 The right of access

You have the right to request a confirmation whether your personal data is being processed. Should this be the case, you have the right to be informed of the personal data that has been collected, stored or processed, as well as to the following information:

  • the processing purpose,
  • the recipients or categories of recipients to whom this data has been disclosed or will be disclosed,
  • the duration of storage or the criteria for determining that duration,
  • your additional rights (see below),
  • if the personal data has not been collected from you, all available information regarding its source,
  • the existence of automated decision-making, including profiling, and where existent, further relevant information.

You have the right to be informed of the appropriate safeguards available pursuant to Art. 46 GDPR against the transfer of your data to a third country or international organisation.

10.2 The right to rectification

You have the right to request the correction without delay of incorrect or incomplete personal data.

10.3 Right to erasure (right to be forgotten)

You have the right to request that we delete all your personal data without delay. We are obliged to delete your personal data without delay where one of the following grounds applies:

  • Your personal data are no longer required for the purpose for which they were collected or otherwise processed.
  • You are withdrawing your consent and there are no other legal grounds for processing that data.
  • You are filing an objection (see below) to the data processing.
  • Your personal data were unlawfully processed.
  • The deletion of your personal data is necessary to fulfil an obligation under EU law or the law of the Member States.
  • A child has provided consent to the collection of personal data.
10.4 Right to restriction of processing:

You have the right to request a restriction of our data processing when one of the following conditions is met:

  • you are contesting the accuracy of the personal data,
  • the data processing is unlawful, but you do not agree to the deletion of the personal data, instead requesting a restriction of its use,
  • we no longer need the personal data for the purposes of processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing (see below) and it is not yet clear whether our legitimate interest will prevail.
10.5 Right to notification

If you have exercised your right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom your personal data has been disclosed of this rectification, erasure of the data or restriction of the data processing unless this proves impossible or requires a disproportionate effort. You have the right to be informed of those recipients.

10.6  Right to data portability

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without interference on our part provided that:

  • the processing is based on consent granted pursuant to Art. 6 (1) (a) GDPR or Art.9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and
  • the processing is carried our using automated methods.

In exercising this right, you may request that personal data related to you be transferred directly from us to another controller insofar as this is technically feasible, and does not infringe on the freedoms and rights of any other person. The right to data portability does not apply to the processing of personal data required for fulfilling a task carried out in the public interest or in the exercise of an official authority invested in the controller.

10.7 Right to object

You have the right, based on grounds relating to your particular personal situation to object at any time to the processing of your personal data, unless it is based on one of the following grounds:

  • the processing of your personal data by us is required for the fulfilment of a task that lies in the public interest or in the exercise of public authority that has been delegated to us; or
  • the processing is necessary to safeguard our legitimate interest or the legitimate interest of a third-party, in so far as your interests or basic rights require that protection of your personal data prevail.

The right to object also applies to profiling based on these processes.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing purposes. This also applies to profiling insofar as it is associated with such direct marketing.

You also have the right, on grounds arising from your particular personal situation, to object to the processing of your personal data undertaken by us for scientific or historical research purposes or for statistical purposes, unless such processing is necessary for the performance of a task in the public interest.

10.8 Right to withdraw consent and data protection law

You may revoke your consent at any time with future effect. The revocation may be simply sent to us at any time, e.g., an informal email. Processing of your data which occurred prior to the withdrawal of consent is not affected.

10.9 Right of appeal to the supervisory authority

Do you think that the processing of your personal data was illegal? Then you have the right to lodge a complaint with a supervisory authority, particularly in your country of residence or country of work, or at the location the alleged breach took place. If you are in doubt, contact the agency responsible for us at Hamburg Commissioner for Data Protection and Freedom of Information (Ludwig-Erhard-Str 22, 7 OG, 20459 Hamburg, Tel.: 040 428 544040, Fax: 040 / 428 54 – 4000, E-Mail: mailbox@datenschutz.hamburg.de,). Other administrative or judicial remedies are not affected by the exercise of these rights.

Last updated: December 2021

© yStats.com GmbH & Co. KG