DATA PROTECTION
AT UBIRCH

Below we would like to inform you about our privacy policy. Here you will find information about the collection and use of personal data when using our website. We observe the applicable data protection law for Germany. You can retrieve this statement at any time on our website. We expressly point out that the transmission of data on the Internet (for example in the case of communication by e-mail) has security gaps and can not be completely protected against access by third parties. The use of the contact details of our imprint for commercial advertising is expressly not desired, unless we had previously given our written consent or there is already a business relationship. The provider and all persons named on this website hereby object to any commercial use and disclosure of their data.

Privacy Policy

www.ubirch.com

In the course of using this website, personal data (hereinafter referred to as "personal data" or "data") will be processed by us as the data controller and stored for the period required to fulfill the specified purposes and legal obligations. In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.

According to Art 4 No 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject" or "User”).

1. Name And Contact Details of The Controller And The Data Protection Officer

This Privacy Policy applies to the data processing on the website www.ubirch.com by the controller in accordance with Art. 4 No. 7 GDPR:

ubirch GmbH

Im Mediapark 5   

50670 Cologne, Germany

E-mail: datenschutz(at)ubirch.com

(hereinafter "ubirch", "we" or "us").

Our data protection officer can be contacted at the above address “Attn: Data Protection Officer” or via e-mail to datenschutz(at)ubirch.com.

You can contact our data protection officer directly at any time with questions regarding data protection law or your rights as data subject.

2. Processing of Personal Data And Purposes of Processing

a) Web Hosting

For the provision of this website, we use the web hosting service of one4vision GmbH, Talstraße 34-42, 66119 Saarbrücken (hereinafter "one4vision"). The provision of a website requires the commissioning of a web hosting service. The use of one4vision takes place in accordance with Art. 6 para. 1 lit. f GDPR due to our legitimate interest in keeping our offer on this website ready. In connection with the hosting, one4vision processes personal data on behalf of us, which is generated during the use of the website.

Our advertising agency zuk. AG, Bobinethöfe 14, Halle 6, 54293 Trier, has concluded an order processing contract with one4vision. Through this contract, the service provider assures that it processes the data on behalf in accordance with the General Data Protection Regulation and ensures the protection of the rights of the data subject.

b) Visiting The Website

You can visit our website without having to disclose any information about your identity. The browser used on your terminal device only automatically sends information to the server of our website (including date and time of access; time zone difference to Greenwich Mean Time (GMT); name and URL of the page accessed; access status/HTTP status code; amount of data transferred in each case; browser type, language and version; operating system and its interface; previously visited website (referrer URL)). This information is stored for seven days.

This also includes the IP address of your terminal device. This is temporarily stored in a so-called log file and automatically deleted after 7 days:

The processing of the IP address is carried out for technical and administrative purposes of connection establishment and stability, in order to ensure the security and functionality of our website and to be able to prosecute any illegal attacks on our website and systems if necessary.

The legal basis for the processing of the IP address is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the aforementioned security interest and the necessity of a trouble-free provision of our website.

We cannot draw any direct conclusions about your identity from the processing of the IP address in the log file.

c) Contact

We offer you the option to send general inquiries to us via the contact form provided online or to the contact e-mail provided. In this context, we process the personal data received.

In the context of the contact form, the e-mail address is mandatory information in order to be able to reply to your inquiry. You can enter your title, first name and last name voluntarily. However, without knowing your title and name, we cannot address you personally when answering.

The data processing is carried out in the context of answering the contact request on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

The personal data collected in connection with the use of the contact form will be deleted if your inquiry has been completely and fully answered and the deletion does not conflict with any legal retention obligations. The same applies to inquiries through the contact e-mail.

d) Chat Tool

We use a chat tool on our website in order to be able to contact interested parties and potential customers directly, quickly and easily. For the chat tool, we rely on the service "Userlike", a service by Userlike UG, Probsteigasse 44-46, 50670 Cologne (hereinafter "Userlike"). We have concluded an order processing agreement with Userlike.

By selecting via the consent management tool (see section 4c) or by manually activating the chat tool by clicking on it, the chat tool will load. For the functionality of the chat tool, a cookie is set (see section 4a). In addition, we have installed the chat tool in a data protection-friendly manner, i.e. no further personal data is collected and processed via the activated data protection mode.

However, depending on the course of the conversation, personal data (e.g. name and contact details) may be collected via the chat. The nature of this data depends on your request. The purpose of processing this data is to provide you with a quick and efficient means of contact and thus to improve our customer service.

The legal basis for the processing is your consent according to Art. 6 para. 1 lit. a GDPR given via the consent management tool or by starting the chat tool and your consent according to Sec. 25 para. 1 TTDSG. Further personal data provided by you during the use of the chat tool will be processed on the basis of Art. 6 para. 1 lit. b GDPR if your contact request is aimed at concluding a contract and the processing is necessary for the implementation of pre-contractual measures. Otherwise, as responding to contact requests is in our legitimate interest, Art. 6 para. 1 lit. f GDPR is the legal basis.

We store the personal data for a maximum of 90 days.

For more information, please refer to the privacy policy of Userlike.

e) Customer Login

On our website you have the possibility to access the Ubirch-Console and the contents contained therein under "Login". As part of the registration process, you are required to provide your first and last name, an e-mail address, and a password.

The legal basis for the data processing is the contractual relationship concluded between Ubirch and you via the completed registration, Art. 6 para. 1 lit. b GDPR.

The processed personal data will be stored for the duration of the contractual relationship and deleted after expiry of statutory retention obligations.

f) Service Area

Our customers have the possibility on our website to use the "Service Area" within the service of Ubirch. The personal data of the Customer or the Customer's employees already stored at Ubirch can be used for registration and login. Only a password must be assigned by the customer or the customer's employee.

The legal basis for the data processing is the contractual relationship concluded between Ubirch and the customer, Art. 6 para. 1 lit. b GDPR.

The processed personal data is stored for the duration of the contractual relationship and deleted after the expiry of statutory retention obligations.

g) Webinars

You can register via our website for various webinars that we offer on our range of services. To participate in the webinars, we generally require the following data from you via the registration:

  • First and last name,
  • e-mail address.

We need this data to send you the access data for the webinars and to identify you. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR for the fulfillment of the contract concluded with you or your given consent, Art. 6 para. 1 lit. a GDPR.

For our webinars, we use the ClickMeeting service of ClickMeeting Sp. z o.o. (limited liability company under Polish law) (hereinafter "ClickMeeting") with its registered office at Arkonska 6/A4, 80-387 Gdansk, Poland. Website: https://clickmeeting.com/; Privacy Policy: https://clickmeeting.com/legal. We have concluded a data processing contract with ClickMeeting. Through this contract, the service provider assures that it processes the data in accordance with the General Data Protection Regulation and ensures the protection of the rights of the data subject.

h) Contacting Us After Webinars

If you would like to view the recording of one of our webinars, by submitting the corresponding form (mandatory data are name, e-mail address and name of the company), you simultaneously consent to being contacted by us for business purposes by e-mail (Art. 6 para. 1 lit. a GDPR). The personal data will be stored by us for two years.

You also have the option of leaving your contact information (name, e-mail address, company name and optionally telephone number) via a form if you would like Ubirch to contact you promptly. The legal basis is Art. 6 para. 1 lit. b GDPR if your request to contact us is aimed at concluding a contract and the processing is necessary to carry out pre-contractual measures. Otherwise, Art. 6 para. 1 lit. f GDPR is the legal basis, as responding to contact requests is in our legitimate interest. The personal data will be stored by us for six months.

Both forms load by selection via the consent management tool (see item 4c) or manual activation through clicking-on on our website. A cookie (see number 4a) is set for the functionality of the chat tool. The legal basis for the processing is your consent according to Art. 6 para. 1 lit. a GDPR given via the consent management tool or by manually activating the form and your consent according to Section 25 para. 1 TTDSG.

To manage the contact data, we use the CRM system solution of the provider Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia (hereinafter "Pipedrive"). We have concluded an order processing contract with Pipedrive. Through this contract, the service provider assures that it processes the data in accordance with the General Data Protection Regulation and ensures the protection of the rights of the data subject. You can find Pipedrive's privacy policy here.

i) Applications

Current job advertisements are posted on our website (under the "Jobs" tab). For this purpose, we use a widget by the provider JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen, Switzerland (hereinafter "Join"). Details on data processing via the widget can be found under section 6b. If you apply to us, your applicant data will be processed solely for the purpose of carrying out the application process. The legal basis is Sec. 26 para. 1 German Data Protection Act (BDSG).

If you apply in response to a job advertisement, your application data will be processed by Join on our behalf in accordance with our instructions. We have concluded the required data protection agreement with Join for order data processing, in which Join is obligated to process the data in accordance with the principles of the GDPR and exclusively on the basis of our instructions.

We store your data until completion of the respective application process. The deletion of the data transmitted by you will generally take place after six months if your application is rejected. Among other things, this is to comply with our duty of proof under the German Equality Act (AGG). This does not apply if you have expressly consented to longer storage in accordance with Art. 6 para. 1 lit. a GDPR.

For detailed information on data processing, please refer to the application-specific privacy policy provided during the application process.

3. Disclosure of Personal Data to Third Parties

a) Disclosure of Personal Data to Third Parties

Your personal data will only be passed on to third parties if

  • you have given your express consent thereto in accordance with Art. 6 Para. 1 lit. a GDPR,
  • insofar as this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR,
  • in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para 1 lit. c GDPR, or
  • insofar as this is legally permissible and necessary in accordance with Art. 6 para. 1 lit. f GDPR to protect our interests or those of third parties.

The transferred data may be used by the third party exclusively for the stated purposes.

b) Transfer of Personal Data to Third Countries

A transfer of personal data to a third country or an international organization, only takes place if we inform you about it and the prerequisites of Artt. 44 et seq. GDPR are fulfilled.

A third country is a state outside the European Economic Area (EEA), in which the GDPR is not directly applicable. A third country is considered unsafe if the EU Commission has not issued an adequacy decision for that country pursuant to Art. 45 para. 1 GDPR confirming that adequate protection for personal data exists in that country.

The USA is a so-called unsafe third country. This means that the USA does not offer a level of data protection comparable to that in the EU. The following risks exist when personal data is transferred to the USA: There is a risk that US authorities may gain access to personal data on the basis of the PRISM and UPSTREAM surveillance programs based on Section 702 of FISA (Foreign Intelligence Surveillance Act), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective legal protection against these accesses in the USA or the EU.

We inform you in this Privacy Policy when and how we transfer personal data to the USA or other unsafe third countries. We only transfer your personal data if

  • sufficient guarantees are provided by the recipient in accordance with Art. 46 GDPR for the protection of the personal data,
  • you have expressly consented to the transfer, after which we have informed you of the risks, in accordance with Art. 49 para. 1 lit. a GDPR,
  • the transfer is necessary for the performance of contractual obligations between you and us
  • or another exception from Art. 49 GDPR applies.

Guarantees according to Art. 46 DSGVO can be so-called Standard Contractual Clauses. In these Standard Contractual Clauses, the recipient assures to protect the data sufficiently and thus to ensure a level of protection comparable to the GDPR.

4) Cookies and similar functions

We use so-called cookies and similar functions on our website to make our website technically available and to statistically record and evaluate the use of our website for the purpose of optimization (see under section 5).

We always base the basic use of cookies and similar functions on your consent in accordance with Sec. 25 para. 1 TTDSG if it involves the storage of information in your terminal device or access to information in your terminal device as defined by the TTDSG. According to Sec. 25 para. 2 No. 2 TTDSG, such consent is not necessary only if the storage of information in the end user's terminal equipment or the access to information already stored in the end user's terminal equipment is absolutely necessary in order for the provider of a telemedia service to provide a telemedia service expressly requested by the user. This includes the aforementioned cookies for technically necessary purposes.

We base the processing of your data by the cookies and similar functions used for the aforementioned technically necessary purposes on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, which is to be regarded as legitimate within the meaning of the aforementioned provision.

In addition, we set cookies and similar functions and process the data through them only on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.

You can revoke your consent or adjust your settings at any time with effect for the future via our  consent management tool.

a) Cookies

Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, trojans or other malware. In the cookie, information is stored in connection with the specific end device used in each case. This does not mean, however, that we gain direct knowledge of your identity.

The use of cookies serves on the one hand to make our offer technically available to you. For example, we use so-called session cookies to recognize that you already visited individual pages of our website and to recognize whether you are already logged into your user account, as well as to offer services that you requested. These are automatically deleted after you leave our website. These cookies are considered technically necessary. We may therefore set them without your prior consent. The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests in the technical provision of our offer in accordance with Art. 6 para. 1 lit. f GDPR.

On the other hand, we use cookies as part of our offer to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you and to offer further services. These cookies enable us to automatically recognize that you already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time and are only set on the basis of your consent.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

b) Pixel

We use pixel tags (also called tracking pixels, beacon trackers) as part of our online service. Pixels are small graphics that are integrated into the HTML code of our pages. The pixel tag itself does not store or change any information on your end device, so pixels do not cause any damage to your end device and do not contain viruses, trojans or other malware.

The pixels send your IP address, the referrer URL of the website visited, the time at which the pixel was viewed, the browser used, and previously set cookie information to a web server. This enables us to perform reach measurements and other statistical evaluations, which serve to optimize our platform and our service.

c) Consent Management with CookieFirst

To manage consents for the use of cookies and similar technologies, we use the consent management service of Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018DH, Amsterdam, The Netherlands, (hereinafter "CookieFirst" and "consent management tool") on our website. In this context, the date and time of the visit, browser information, consent information, device information, opt-in and opt-out data, and the anonymized IP address of the requesting device are processed. The legal basis for this is Art. 6 para. 1 lit. c GDPR. The use of the CookieFirst tool serves to obtain and manage their legally required consent to data processing and is to be regarded as fulfillment of the legal obligation within the meaning of the aforementioned provision. They can revoke their consent for the future or adjust their settings at any time, also using the same tool.

You can access the consent management tool at any time via the link in the Privacy Policy as well as the button with the fingerprint icon at the bottom right of your browser display.

d) Google Tag Manager

On our website, the Google Tag Manager of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google") is used. We use Google Tag Manager to manage the tools about which we provide information in this Privacy Policy. We list details regarding these tools separately in this statement.

The Tag Manager itself (implements the tags) provides for the triggering of other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.

More information about Google Tag Manager can be found here.

5. Web Analysis Or Tracking With Google Analytics

We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland (hereinafter: "Google"). In this context, pseudonymous usage profiles are created.

The information generated by the behavior-based tracking about the use of our website (e.g. dwell time, leaving the domain, other interactions on the website, etc.) is usually transferred by Google to servers of Google LLC in the USA and processed there.

Google Analytics is used within the scope of your consent, according to Art. 6 para. 1 lit. a GDPR, Sec. 25 para. 1 TTDSG, in the analysis and optimization of our online service and the economically reasonable operation of this website. Therefore, Google processes the information on our behalf in order to evaluate the use of the website, to compile reports on the website activities and to provide us with further services related to the use of the website and internet for the purposes of market research and demand-oriented design of these internet pages.

We have concluded an order processing agreement with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.

The IP address processed by Google Analytics is automatically shortened. In the process, the last three digits of your IP address are replaced by a "0", which prevents assignment.

If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process the data on behalf.

The data collected using Google Analytics will not be shared with Google to the extent permitted by the data sharing settings.

The collected user data is automatically deleted after 14 months.

The behavior-based tracking performed by Google Analytics and the information generated by it about the use of our website are transmitted by Google to servers of Google LLC in the USA and processed there. The transmitted data are only pseudonyms, identifying your name is not possible.

In addition, we will only transfer your data if you expressly consent to this processing by Google. In this case, you also consent to the transfer of your data to the USA in accordance with Art. 49 para. 1 lit. a GDPR, knowing the risks described in Section 4.

You can revoke your consent for the future at any time via the consent management tool.

Google has concluded EU standard contractual clauses with Google LLC in the USA. In this way, Google ensures that a level of protection comparable to that in the EU exists for the transfer of personal data to third countries (see also section 4 on data transfer to the USA).

For more information on data protection in connection with Google Analytics, see for example the Google Analytics Help. Information on how data is used by Google that is transmitted to Google via the integration of the services, as well as regarding your settings options for personalized advertising and data collection, can be found here. General information on data processing by Google can be found in the Google privacy policy.

6. targeting and marketing

a) Google Ads

We use Google Ads of Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland (hereinafter: "Google"). The service enables us to design, statistically record, optimize and show advertising content according to demand.

Google Ads uses cookies and pixel tags if you accessed our website via a Google Ad. These cookies lose their validity after 30 days. If you visit certain pages of our website and the cookie did not yet expire, Google and we can recognize that you clicked on the ad and were redirected to this page.

The information generated by the cookies and pixel tags about your use of this website, such as click behavior on texts and products or interactions with videos, is generally transferred by Google to servers of Google LLC in the USA and processed there.

Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. As a Google Ads customer, we learn the total number of users who clicked on an ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that allows us to identify you personally.

If you do not wish to participate in the tracking process by Google, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the "www.googleadservices.com" domain. You can find more information here.

In addition, based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and your consent pursuant to Sec. 25 para. 1 TTDSG, we use the Google Ads remarketing pixel, which collects and analyzes information about your use of this website. This enables us to address you on other websites with content relevant to you. According to Google, the data collected during remarketing is not merged with personal data that may be stored by Google. In addition, Google pseudonymizes this data. Remarketing data based on tags is stored for 30 days. You can revoke or adjust your consent at any time, with effect for the future.

The information generated by the cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there. The USA are a so-called unsafe third country (see also section 3b). This means that there is no adequacy decision by the European Commission for the USA. Google relies on Standard Contractual Clauses approved by the EU Commission for the transfer as a guarantee of a level of data protection comparable to the EU. We also transfer data to Google only with your consent.

For more information on how Google uses data transmitted to Google via the integration of the Services and regarding your settings options for personalized advertising and data collection, please see here. General information on data processing by Google can be found in the Google privacy policy.

b) Join widget

We use a widget from Join to display current job offers (for data processing for applications, see section 2i).

Cookies are set through the Join widget (see section 4). The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and Sec. 25 para. 1 TTDSG by giving your consent via the consent management tool. Without your consent, the job ads cannot be displayed via the Join widget.

We have concluded the required data protection agreement with Join for order data processing, in which Join is obligated to process the data in accordance with the principles of the GDPR and exclusively in accordance with our instructions.

You can find Join's privacy policy here.

7. embedded videos

a) YouTube

We use components (videos) of the company YouTube, LLC. 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter "YouTube"), a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"), on our Internet pages. The legal basis for the data processing is your consent given via the consent management tool pursuant to Art. 6 para. 1 lit. a GDPR.

Here, we use the "extended data protection mode" provided by YouTube.

If you gave your consent, when you call up a page of this website that has an embedded YouTube video, a connection is established to the YouTube servers and the content is displayed on the website by notifying your browser.

According to YouTube's information, in "extended data protection mode" your data – in particular which of our websites you have visited as well as device-specific information including the IP address – is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.

If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Google transmits the information to Google servers in the USA. The transmitted data are only pseudonyms, identifying your name is not possible. We have concluded an order processing agreement with Google, incorporating the EU Standard Contractual Clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 3b on data transfer to the USA).

Further information on data protection in connection with YouTube can be found in Google's privacy policy.

b) Vimeo

We use components (videos) of Vimeo LLC. headquartered at 555 West 18th Street, New York City, New York 10011 on our website. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR given via the consent management tool.

If you give your consent and call up a page on this website that contains one or more video clips from Vimeo, a direct connection is established between your browser and a Vimeo server in the USA. In doing so, the information that you have visited this page with your IP address is transmitted directly from your browser to the Vimeo server and stored there. Through interactions with the Vimeo plugins (e.g. clicking, start.) the information caused by the interaction is transmitted to Vimeo and stored there.

If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your membership data stored with Vimeo, you must log out of Vimeo before visiting this website.

The information generated by Vimeo about the use of our website is transmitted to Vimeo servers in the USA and processed there. The transmitted data are only pseudonyms, an inference to your name is not possible. We have concluded a contract with Vimeo incorporating the EU Standard Contractual Clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 3b for data transfer to the USA).

The privacy policy for Vimeo with more detailed information on the collection and use of your data by Vimeo, your rights in this regard and the settings options for protecting your privacy can be found at https://vimeo.com/privacy.

8. social media profiles

We maintain social media pages or profiles on Facebook, Instagram, Twitter, YouTube and LinkedIn. As operators of these pages, the respective network operators

  • Facebook: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Facebook"),
  • Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter "Instagram"),
  • Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereinafter "Twitter"),
  • YouTube: Google LLc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter "YouTube"),
  • LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn"),

and we are joint controllers in accordance with Art. 4 No. 7 General Data Protection Regulation (GDPR)

We, as joint controllers for these pages, have entered into agreements with the network operators that regulate, among other things, the conditions for the use of pages and similar appearances. The following agreements are authoritative in each case:

When visiting our social media pages, personal data of the page visitors are processed by the responsible parties as follows.

a) Use of Insights, Analysis And Cookies

In connection with the operation of our social media pages, we use the analysis functions provided thereon to obtain statistical evaluations of the users of our social media pages.

For this purpose, cookies and similar technologies such as pixels are used by the network operators when our pages are visited, and a unique user code is created in each case. This user code can be linked to the data of such users who are registered with the network operators.

The information stored on the user code is processed by the network operators, especially when the user visits these services. Other entities, such as partners or even third parties, may also use cookies within these services to provide services to companies advertising on the platforms.

  • Facebook: In connection with the operation of our Facebook page, we use the Insights feature of Facebook to obtain statistical analysis on the users of our Facebook page. Facebook provides information on page insights and Facebook pages in its privacy policy and here. You can also find more information about Facebook's use of cookies in their cookie policy.
  • Twitter: In connection with the operation of our Twitter account, we use the analysis options of Twitter to statistically evaluate our channel and the reactions to our posts.  You can find more information about this in Twitter's privacy policy.
  • Instagram: In connection with the operation of our Instagram profile, we use the Instagram Insights function to obtain statistical evaluations of the users of our post. You can find information about Instagram Insights in Instagram's privacy notices and here.
  • YouTube: In connection with the operation of our YouTube account, we use YouTube Studio and the YouTube analytics features. By means of YouTube Studio and the analysis function, we can analyze the usage and evaluate it statistically. You can find more information in Google's privacy policy.
  • LinkedIn: In connection with the operation of our LinkedIn profile, we use LinkedIn Page Analytics. We thus receive information about the use of our content. You can find more information about the privacy of the LinkedIn platform in the privacy policy of LinkedIn.

b) Purposes of Processing

The processing of this information is intended, on the one hand, to enable the network operators to, among other things, improve their system of advertising that they distribute via their networks. On the other hand, they are intended to enable us, as the controller of the social media pages, to obtain statistics generated on the basis of visits to our social media sites. The purpose of this is to control the marketing of our activities. For example, it allows us to gain knowledge of trends in the profiles of visitors who value our social media pages or use applications of the networks in order to provide them with more relevant content and develop features that may be of greater interest to you.

In addition, to help us better understand how our social media pages can further our business goals, demographic and geographic analyses are also created and provided to us based on the information we collect. We may use this information, for example, to target interest-based advertisements. However, we do not obtain any direct knowledge of the identity of the visitor. If visitors use social media services on multiple devices, the collection and analysis can also take place across devices and, if applicable, platforms, if the visitors are registered and logged into their own profiles.

The visitor statistics created are transmitted to us exclusively in anonymized form and we have no access to the underlying data in each case.

Furthermore, we use our social media pages to communicate with our customers, interested parties and users and to inform them about our range of services. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. The processing is solely for the purpose of communicating and interacting with you.

c) Legal Basis

We operate our social media pages to present ourselves to and communicate with users of these platforms and other interested parties who visit our social media pages. The processing of the user’s personal data is based on our legitimate interests in an optimized company image and product presentation (Art. 6 para. 1 lit. f GDPR).

d) Transfer of Data

It is possible with Facebook, Twitter, YouTube and LinkedIn that some of the information collected may also be processed outside the European Union in the USA.

The USA constitute a so-called unsafe third country. A third country is considered unsafe if the EU Commission has not issued an adequacy decision for that country pursuant to Art. 45 para. 1 GDPR confirming that adequate protection for personal data exists in that country.

With the ECJ ruling of July 16, 2020 (C-311/18), the (partial) adequacy decision for the USA, the so-called Privacy Shield, was declared null and void. In the USA, no level of data protection is provided that would be comparable to that in the EU. The following risks exist when personal data is transferred to the USA. There is a risk that U.S. authorities may gain access to personal data on the basis of the PRISM and UPSTREAM surveillance programs based on Section 702 of FISA (Foreign Intelligence Surveillance Act), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens do not have effective legal protections against these accesses in the U.S. or the EU.

  • Facebook and Instagram: Facebook Ireland Ltd. transfers data to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA on the basis of Standard Contractual Clauses approved by the European Commission. We have no influence on these processing operations. We ourselves do not pass on any personal data that we receive via our Facebook page.
  • Twitter: Twitter transmits data on the basis of Standard Contractual Clauses approved by the European Commission to Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. We have no influence on this processing. We ourselves do not pass on any personal data that we receive via our presence on Twitter.
  • YouTube: YouTube transmits data to Google LLc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, on the basis of Standard Contractual Clauses approved by the European Commission. We have no influence on these processing operations. We ourselves do not pass on any personal data that we receive via our YouTube channel.
  • LinkedIn: LinkedIn transfers data to LinkedIn Corporation 1000 W Maude Ave Sunnyvale, CA, USA on the basis of Standard Contractual Clauses approved by the European Commission. We have no influence on these processing operations. We ourselves do not share any personal data that we receive through our LinkedIn profile.

e) Nature of Joint Responsibility / Assertion of Data Subject Rights.

With the agreement we have with Facebook for our Facebook presence, the operators acknowledge joint responsibility under data protection law with regard to so-called Insights data and assume essential obligations under data protection law for informing data subjects, for data security and for reporting data protection breaches. In addition, the agreement with Facebook stipulates that Facebook is the primary contact for the exercise of the data subject’s rights (Artt. 15 to 22 GDPR). This is because, as the provider of the social network, Facebook alone has direct access to the necessary information and can also immediately take any necessary measures and provide information. Should our support nevertheless be required, we can be contacted at any time.

The agreement we have concluded with LinkedIn stipulates that LinkedIn will inform us as soon as a data subject exercises his or her data protection rights (Artt. 15 to 22 GDPR). LinkedIn will assist in responding to requests for information. You can assert your data subject rights against us and LinkedIn.

The agreement we have concluded with Google regarding our YouTube channel also provides that you can assert your data protection rights against us and Google.

f) Possibilities of Objection

You are entitled to the following objection options in particular:

  • Facebook and Instagram: Users of Facebook and Instagram can influence the extent to which their user behavior may be recorded when visiting our Facebook page under the settings for advertising preferences. Further options for objection are provided by the Facebook settings or the form provided via Facebook for the right to object.
  • Twitter: Twitter processing can be partially objected to via the settings in your Twitter account. More information on this can be found here.
  • YouTube: YouTube processing can be objected to via the settings in the Google account. More information on how adjustments can be made in the privacy settings can be found here.
  • LinkedIn: The processing of LinkedIn can be objected to here. Further adjustments can be made via the objection form.

 

9. data subject rights

You have the right to:

  • pursuant to Art. 7 para. 3 GDPR, revoke your consent, once given, pursuant to the GDPR at any time vis-à-vis us. This has the consequence that we may no longer continue the data processing based on this consent for the future;
  • pursuant to Sec. 25 para. 1 TTDSG, the above also applies to your consent under the TTDSG;
  • pursuant to Art. 15 GDPR, request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data processed, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • pursuant to Art. 16 GDPR, request the correction of incorrect or incomplete personal data stored by us without undue delay;
  • pursuant to Art. 17 GDPR, request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • pursuant to Art. 18 GDPR, request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller; and
  • complain to a supervisory authority in accordance with Art. 77 GDPR. Generally, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

Information About Your Right To Object According To Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. f  GDPR (processing of data on the basis of a balance of interests); this also applies to profiling based on this provision of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If your objection is directed against processing of data for the purpose of direct marketing, we will immediately stop the processing. In this case, it is not necessary to specify a particular situation. This also applies to profiling, insofar as it is related to such direct advertising.

If you wish to exercise your right to object, an e-mail to datenschutz(at)ubirch.com will suffice.

10. Data Security

All data transmitted by you personally will be encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection, among other things, by the appended s after http (i.e. ..) in the address bar of your browser or by the lock symbol in the lower area of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11. Topicality And Change of This Privacy Policy

This Privacy Policy is currently valid as of February 2022.

Due to the further development of our website and services on it or due to changed legal requirements or such by public authority, it may become necessary to change this data protection declaration. The current data protection declaration can be viewed at any time on the website at

www.ubirch.com/data-protection

and can be printed out by you.

 


Contact us
sales@ubirch.com
+49-221-99988248