Privacy Policy
§ 1 PREAMBEL
This privacy policy of fino InboxFreedom GmbH, Universitätsplatz 12, 34127 Kassel, would like to inform you as a user which personal data of yours is collected and processed by us as the responsible party in the context of the use of our websites, social networks and online platforms, in the sense of the German Data Protection Regulation.
§ 2 RESPONSIBLE PERSON AND CONTACT DATA PROTECTION OFFICER
fino InboxFreedom GmbH
Universitätsplatz 12
34127 Kassel
Telefon: +49 4550 996 9000
Telefax: +49 4550 996 9001
E-Mail: [email protected]
Represented by: Florian Christ, Björn Kahle
If you have any questions about the processing of your personal data or about data protection in general, please contact the data protection officer, who is also available to you in the event of complaints. You can reach the data protection officer via email at [email protected] or at the address given in the legal notice.
§ 3 COLLECTION AND USE OF PERSONAL DATA FOR THE TECHNICAL PROVISION OF THE WEBSITE
3.1. When you visit our website, all data is collected in accordance with the principle of data avoidance and data economy. Nevertheless, when you call up our website, data is automatically sent to our website server by the Internet browser you use (so-called log files) and stored for a maximum period of two weeks. This includes the name of the retrieved files, the date and time of the retrieval, the amount of data transferred, any error messages, if applicable, the operating system and browser software of the end device, the website from which the web offer is visited, as well as general information about the usage behavior of the website. The legal basis for the collection and processing of this data is pursuant to Art. 6 (1) (f) GDPR our legitimate interest in:
(a) the search for the cause of possible server problems
(b) the analysis of technical errors
(c) the maintenance of the website
(d) ensuring system security
(e) protection against misuse (e.g. detection and defense against hacker attacks)
(f) the pseudonymized statistical analysis of the collected data
(g) the optimization of the website.
We use the following services and service providers to operate our website: WP Engine (web hosting, data center location: Belgium), Irongate House, 22-30 Duke’s Place, London, EC3A 7LP United Kingdom.
§ 4 USE OF COOKIES
4.1. So-called cookies are used on our website.Cookies are small text files that are stored on your computer and saved by your browser. As a rule, we use session cookies, which are automatically deleted at the end of your visit or use of our application. Cookies cannot cause any damage to the end devices used and, in particular, do not contain viruses or other malware.
4.2. You can prevent the setting of cookies with the help of your browser settings, or be automatically informed before a cookie is to be set to refuse this in individual cases. In this case, however, it may be that parts of our services do not function or do not function optimally. The cookies used serve to optimize the use of our website, so that, for example, session cookies can be used to track whether you have already visited individual sub-pages of the website. These are only stored on your terminal device for a temporary period in order to improve the user-friendliness of the website. If you call up our website again, it is automatically recognized that you have already called up the website at an earlier time and which language settings and entries you have made. In this way, repeated entries can be avoided.
4.3. Different types of cookies are used on our website. On the one hand, technically necessary cookies for the display of the website, on the other hand, cookies that serve statistical and marketing purposes. For more information, please refer to the list in the Cookie Manager (information window that appears at the beginning of the website visit) and the Cookie Policy.
4.4. The legal basis for setting the technically mandatory cookies on our website is our legitimate interest according to Art. 6 (1) (f) GDPR. For cookies that are not technically mandatory, we obtain your voluntary consent, which can be revoked at any time, pursuant to Art. 6 (1) (a) GDPR via the Cookie Manager. By adjusting the setting in the Cookie Manager, you can revoke or adjust your consent to data processing based on cookies set at any time.
4.5. Unless otherwise noted, it can be assumed that no cookies are stored.
§ 5 ANALYSIS AND IMPROVEMENT OF THE WEBSITE
5.1. With the help of a range measurement or web analysis, visitor flows to our website as well as the behavior, interests and demographic data of our website visitors can be evaluated as pseudonymized data. This allows us to find out which segments require optimization. Beyond reach measurement, test procedures can be used. This allows various website versions to be tested and optimized. For this purpose, profiles of the users can be created and stored in a file (so-called cookie) or similar procedures can be used for the same purpose.
5.2. For this purpose, information such as website content viewed, websites accessed, browser and operating system used as well as activity and usage times may be stored. Depending on the respective consent of the user, location data may also be affected by this. For the storage of IP addresses of website users, we use an IP masking procedure, whereby the IP address is pseudonymized by shortening. In principle, no clear data (e.g. name, email address) of the visitors are stored, but pseudonyms, so that we do not know the actual identity of the users.
5.3. The legal basis for the processing of your data is Art. 6 (1) (a) GDPR, if we ask for your consent to use the respective third-party providers. Otherwise, pursuant to Art. 6 (1) (f) GDPR, our legitimate interest for efficient, user-friendly and economic services constitutes the legal basis for data processing.
(a) Types of data processed: Meta and communication data (e.g. IP address, device information), usage data (e.g. access time, web pages visited, content accessed).
(b) Data subjects: Users (e.g., users of the online services, visitors to the websites).
(c) Purpose of the processing: reach measurement, tracking, evaluation of visitor actions, target group oriented marketing, profiling.
(d) Legal basis of processing: Art. 6 (1) (f) GDPR (our legitimate interest) and Art. 6 (1) (a) GDPR (consent).
5.4. The external service or service provider Google Analytics is used to analyze and optimize the website. The use of Google Analytics data allows us to improve our online offering and to carry out targeted marketing measures based on the interests of our users.
Google Analytics: We use Google Analytics as a universal analytics for online marketing and web analysis. Universal Analytics is a method of user analysis based on a pseudonymous user ID, so that a pseudonymous user profile is created consisting of information from the use of different end devices (so-called cross-device tracking).
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Website: https://support.google.com/analytics/answer/2790010?hl=en&ref_topic=6010376) https://marketingplatform.google.com/about/analytics/
Privacy policy: https://policies.google.com/privacy?hl=en
Opt-out / objection option: https://tools.google.com/dlpage/gaoptout?hl=en
§ 6 ONLINE MARKETING
6.1. In the context of online marketing, we process your personal data. The measures of online marketing include in particular the marketing of advertising space, the mapping of advertising content according to user interests and the determination of their effectiveness. For this purpose, profiles of the users are created and stored in a file (so-called cookie) or similar procedures are used for the same purpose.
6.2. The content of the user profiles may include information such as websites accessed, website content viewed, social networks used, browser and operating system used or usage times. Depending on the respective consent of the user, location data may also be affected by this. For the storage of IP addresses of website users, we use an IP masking procedure, whereby the IP address is pseudonymized by shortening. In principle, no clear data (e.g. name, email address) of the visitors are stored, but pseudonyms, so that we do not know the actual identity of the users.
6.3. The aforementioned data of the user profiles are stored in the cookies or by comparable procedures. In principle, the cookies can also be used, read, analyzed or stored at a later time on other websites with the same procedure for online marketing.
6.4. If you as a user of our website are also a member of a social network that uses the same procedures for online marketing and links your profile with the above-mentioned information, your clear data can be assigned to the user profile. Regulations deviating from this can be made by the user directly with the provider of the social network, e.g. by consent during the registration process.
6.5. In general, only aggregate information is made available to us in order to assess the success of our promotional ads. By means of conversion measurement, we can analyze which marketing measure has led to a conversion, i.e. to the conclusion of a contract. For other purposes, no conversion measurement takes place.
6.6. The legal basis for the processing of your data is Art. 6 (1) (a) GDPR, if we ask for your consent to use the respective third-party providers. Otherwise, pursuant to Art. 6 (1) (f) GDPR, our legitimate interest for efficient, user-friendly and economic services constitutes the legal basis for data processing.
(a) Types of data processed: Meta and communication data (e.g. IP address, device information), usage data (e.g. access time, websites visited, content accessed), location data.
(b) Data subjects: Users (e.g. users of online services, visitors to websites), customers, employees, interested parties, communication partners).
(c) Purpose of the processing: evaluation of visitor actions, tracking, targeted marketing, profiling, remarketing, measurement of conversion and reach, cross-device tracking, targeting, click tracking.
(d) Legal basis of processing: Art. 6 (1) (f) GDPR (our legitimate interest) and Art. 6 (1) (a) GDPR (consent).
(e) Security measures: IP masking
(f) Opt-out / objection option: more detailed information can be found in the data protection notices of the respective providers. In principle, you can deactivate cookies in the settings of your browser. However, we would like to point out that this may limit the function of our offer, which is why we recommend the following opt-out options:
Europe: https://www.youronlinechoices.eu
USA: https://www.aboutads.info/choices
Canada: https://www.youradchoices.ca/choices
Cross-territory: https://optout.aboutads.info
6.7. The following services and service providers are used:
(a) Google Analytics: We use Google Analytics as a universal analytics for online marketing and web analysis. Universal Analytics is a method of user analysis based on a pseudonymous user ID, so that a pseudonymous user profile is created consisting of information from the use of different end devices (so-called cross-device tracking).
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Website: https://support.google.com/analytics/answer/2790010?hl=en&ref_topic=6010376) https://marketingplatform.google.com/about/analytics/
Privacy policy: https://policies.google.com/privacy?hl=en
Opt-Out / Widerspruchsmöglichkeit: https://tools.google.com/dlpage/gaoptout?hl=en
§ 7 CONTACT
7.1. If you wish to contact us (e.g. via email, contact form, telephone, social media, chat), your information and personal data will be transmitted to us and processed by us in order to answer the inquiry or to be able to carry out requested measures. To contact us by email, we require a valid email address and your name. For the use of the contact form, we require your name, email address and telephone number. All additional information is provided voluntarily and is not mandatory. The processing of your data is based on your consent or for the establishment, implementation and execution of contractual relations with us pursuant to Art. 6 (1) (a), (b) GDPR and exclusively in order to process, manage and respond to your request including pre-contractual measures. including pre-contractual measures. The deletion of the data takes place automatically as soon as your request is completed and there are no further reasons for storage (e.g. subsequent cooperation).
7.2. For the contact form we use the following Elementor plug-in for WordPress:
(a) Elementor Ltd, Mesada st. 7, Tel Aviv, Israel. Elementor is a locally installed plugin. No data transfer to third parties takes place here. The applicable privacy policy of Elementor is available at https://elementor.com/terms/privacy-policy/.
§ 8 COMMUNICATION VIA EMAIL, MAIL OR TELEPHONE FOR ADVERTISING PURPOSES
8.1. If necessary, we process personal data for advertising purposes. The promotional communication takes place via various channels (e.g. email, mail or telephone). Types of data processed: contact data (such as e-mail address, telephone number), inventory data (such as name, address).
• Data subjects: Communication partner
• Purpose of processing: Direct marketing
• Legal basis: Consent (Art. 6 (1)(a) GDPR), Legitimate interests (Art. 6 (1)(f) GDPR).
8.2. The recipient may revoke any consent given or object to promotional communication at any time.
8.3. Data required to prove consent may be stored by us for up to three years after revocation or objection on the basis of our legitimate interest before we delete it. Processing of this data will only take place for the purpose of a possible defense against a claim. In case of a confirmed consent, an individual deletion request is possible at any time.
§ 9 NEWSLETTER
9.1. We offer you a free newsletter in which we inform you about current events. If you would like to subscribe to the newsletter, you must provide a valid email address. Optionally, you can provide us with your first and last name to receive a personalized newsletter. Further data will not be collected. The newsletter will only be sent after your consent according to Art. 6 (1) (a) GDPR or based on a legal permission.
9.2. Your consent to receive the newsletter is given via a double opt-in process, i.e. after submitting the registration form, you will receive an email confirming your registration. The registration to our newsletter becomes effective when you have clicked on the link in the confirmation email. If the confirmation does not take place, your registration data will be automatically deleted within 30 days. To meet legal requirements, a logging of the newsletter registration and changes to your personal data takes place at ActiveCampaign. This includes saving the IP address as well as the time of registration and confirmation.
9.3. You can revoke the granted consent at any time with effect for the future and thus cancel the newsletter subscription. After your cancellation, your personal data will be deleted as well as your consent to the newsletter dispatch. For this purpose, please use the provided “unsubscribe” link at the end of each newsletter.
9.4. The newsletter dispatch and the storage of your contact data is carried out by the newsletter dispatch platform “ActiveCampaign” of the US provider ActiveCampaign, LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602, USA. On the server of ActiveCampaign in the USA, the email address of the newsletter recipient as well as other data described above are stored. ActiveCampaign uses this data on our behalf for sending and evaluating the newsletter. In addition, ActiveCampaign may use the data to improve and optimize its own service. To protect your data, we have concluded a data processing agreement with ActiveCampaign. Through this agreement, ActiveCampaign undertakes to protect your data, to process the data on our behalf in accordance with the data protection regulations and not to pass it on to third parties. You can find information about ActiveCampaign’s data protection policy at https://www.activecampaign.com/legal/terms-of-service. In addition, the newsletter contains a pixel-sized file (so-called “web beacon”). This is retrieved from the ActiveCampaign server when the newsletter is opened, whereby technical information (e.g. Internet browser, operating system, IP address, timestamp) is collected. This data is used to improve the technology of the service. In addition, an analysis can be made as to whether and when a newsletter was opened by the recipient and which links contained therein were clicked. Conclusions about individual recipients are possible through this information, but neither in our nor in ActiveCampaign’s interest and only serve to analyze reading habits and to adapt the newsletter content.
9.5. It is possible that you will be redirected to ActiveCampaign’s website when you receive the newsletter, for example, if you click on the link in our newsletter to access the newsletter online. In addition, you can make a correction to your data (e.g. email address). In these cases, we would like to point out that ActiveCampaign uses cookies on its websites and thus your personal data may be processed by ActiveCampaign itself and its partners and service providers. We have no influence on this.
§ 10 ENCRYPTED TRANSMISSION OF PERSONAL DATA
All data traffic between your browser or terminal device and the server used by this service is encrypted. For this purpose, a modern transmission method, TLS protocol (Transport Layer Security protocol), is used. This ensures that all data is transmitted in encrypted form and is protected from manipulation and unauthorized access by third parties during transmission.
§ 11 RIGHTS OF THE PERSONS CONCERNED
We guarantee your right to informational self-determination and the protection of your personal rights when using our offers. You can request information about your stored data free of charge at any time in accordance with Art. 15 GDPR. In addition, you can, under certain conditions, claim the rights from Art. 16 to 18 and 21 GDPR against us: Correction or deletion of your stored data, restriction of the processing of your stored data, objection to the processing of your stored data, right of revocation of a once granted consent to the collection, processing and use of your personal data with effect for the future as well as your right to data portability. For this purpose, please use the contact options given in the imprint. You have the right to lodge a complaint with a supervisory authority at any time if you are of the opinion that the processing of your personal data has been carried out unlawfully.
§ 12 SOCIAL NETWORKS AND ONLINE PLATFORMS
12.1. We are represented on various social networks and online platforms in order to be able to present our offer and information about it to a large number of interested parties.
12.2. The networks and online platforms used by us are globally operating social media, so that it cannot be ruled out that your personal data will only be processed within the EU. For the protection of your data, the transfer to third countries only takes place in accordance with Art. 44 et seq. GDPR.
12.3. We would like to draw your attention to the fact that the operators of the respective platform may process your personal data and combine them into user profiles. This can happen regardless of whether you are registered with the respective platform or not. If you have a user account with the social network concerned, the data provided by us will be evaluated and assigned to your person. This is done for the purpose of target group-oriented marketing. You can find more detailed information about this in the privacy policy of the respective social medium and in the following information. If you wish to make use of your data subject rights, please contact the respective operator of the online platform. In principle, we do not have access to the personal data processed by the operators. Excluded from this are data such as name, user ID, profile picture, age (group), gender, language, country, friends or followers list, your followers list. This data is only provided to the extent that you have given your consent or the social network settings you have made allow it. The purpose of processing the personal data provided is to share your opinion on the linked social media and to optimize our presence and reach on the online platforms. The processing is based on our legitimate interest in a possible coverage of our products and public relations essentially.
(a) Types of data processed (depending on setting and online platform): Master data (e.g., name, user ID), contact data (e.g., email address, phone number), metadata (e.g., cookie data, device ID, network, connection), content data (e.g., comments), usage data (e.g., usage activity, usage time).
(b) Data subject: user of the online platform or social network or the owner of the device used to run the service
(c) Purpose of the processing: measurement of reach, tracking, reporting, public relations / outreach.
(d) Legal basis of processing: Art. 6 (1) (f) GDPR (our legitimate interest or that of third parties (e.g. provider of the online platform) and Art. 6 (1) (a) GDPR (if you have a user account with a social network and have consented to the transfer of data to third parties).
12.4. We use third-party services and external service providers as well as online platforms to distribute our offers and content and within the framework of our Internet presence. In this regard, you will receive detailed information on the processing of your personal data below. Depending on the respective provider and various factors (e.g. your privacy settings, activity), the specific processing of your personal data varies.
(a) Facebook
Website: https://www.facebook.com/
Privacy policy of the provider: https://www.facebook.com/help/568137493302217
Responsible entity: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Together with Meta Platforms Ireland Limited, we are responsible for the processing of your personal data collected, stored and used in connection with the use of the service and your visit to the website. At https://www.facebook.com/legal/terms/page_controller_addendum you can view the agreement on the joint processing of your personal data pursuant to Art. 26 GDPR. Furthermore, you can find the privacy policy for the Facebook pages at https://www.facebook.com/legal/terms/information_about_page_insights_data.
(b) Xing
Website: https://www.xing.com/
Privacy policy of the provider: https://privacy.xing.com/en/privacy-policy
Responsible party: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
(c) Twitter
Website: https://twitter.com/
Privacy policy of the provider https://twitter.com/en/privacy
Verantwortliche Stelle: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
(d) LinkedIn
Webseite: https://linkedin.com/
Privacy policy of the provider: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
Responsible entity: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
§ 13 OTHER LINKS TO EXTERNAL PROVIDERS
Insofar as links are provided to websites of other providers, this data protection declaration does not apply to their content. What data the operators of these sites may collect is beyond our knowledge and our sphere of influence.
§ 14 WEBINARS VIA „MICROSOFT TEAMS“
14.1. The tool “Microsoft Teams” is used to conduct webinars. “Microsoft Teams” is a service of Microsoft Corporation.
14.2. We are the responsible party for data processing directly related to the implementation of webinars. Note: If you access the “Microsoft Teams” website, the “Microsoft Teams” provider is responsible for data processing. However, calling up the Internet page is only necessary for the use of “Microsoft Teams” in order to download the software for the use of “Microsoft Teams”. If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service will then also be provided via the “Microsoft Teams” website.
14.3. When using “Microsoft Teams”, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in a webinar. The following personal data are subject to processing:
a) User details: e.g. display name (“Display name”), e-mail address if applicable, profile picture (optional), preferred language.
b) Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
c) If dialing in by phone: information on incoming and outgoing phone number, country, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
d) Text, audio and video data: You may have the opportunity to use the chat function in a webinar. To this extent, the text entries you make are processed in order to display them in the webinar. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.
14.4. The webinars are not recorded or stored. Depending on the type of implementation, chats and the opportunity for discussion may also be used. It is your decision to participate in these ways. Storage/recording is not provided. Automated decision-making within the meaning of Art. 22 GDPR is not used.
14.5. Insofar as the webinars are carried out in the context of contractual relationships, Art. 6 (1) (b) GDPR is the legal basis for data processing. Otherwise, your consent pursuant to Art. 6 (1) (a) GDPR is the legal basis of the processing.
14.6. Personal data processed in connection with participation in webinars will generally not be disclosed to third parties unless it is intended for disclosure. Please note that content from webinars, as well as from face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended for disclosure. Other recipients: The provider of “Microsoft Teams” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with “Microsoft Teams”.
14.7. Data processing outside the European Union (EU) does not take place in principle, as we have limited our storage location to data centers in the European Union. However, we cannot exclude the routing of data via internet servers that are located outside the EU. This may be the case in particular if participants in webinars are located in a third country. However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.
Kassel, 26.09.2023