Data protection declaration for our social media presences

Thank you for your interest in our social media presences. We attach great importance to the protection of your privacy in the processing of personal data as well as the security of all business data and take this into account in our business processes. Pursuant to judgement C-210/16 of the ECJ, we are responsible under data protection law as the operator of our fan page hosted by Facebook together with Facebook for the processing of the personal data collected when our Facebook Fan Page is visited. As it cannot be ruled out that the grounds for the judgement also apply to other social media presences, in the following we provide you with general information on how your data is handled when you visit our social media presences.

 

Our contact details as the controller pursuant to Art. 4 Para. 7 EU General Data Protection Regulation (GDPR) are:

effective GmbH
L13, 3-4
68161 Mannheim
Germany
Managing Director: Hermann Bareis
Telephone: +49 621 17893 0
E-mail: mannheim@effective-world.com

 

Our Data Protection Officer can be contacted at dataprotection@effective-world.com or our postal address, please add “The Data Protection Officer” to the address.

 

As a general rule, social networks analyse your user behaviour comprehensively when you visit their website or a website with specific plug-ins (e.g. Like buttons or advertising banners of the respective social network). Because our social media presences are also hosted on the websites of the respective social networks, when you visit them numerous processing operations of relevance for data protection are triggered.

If you have a user account in a social network and are logged into this account when you visit our presence in this social network, all of your data collected will be assigned to your existing account. We therefore recommend that you regularly log out after using a social network; however, it is possible that your personal data might also be collected even if you are not logged in or do not have an account with the respective social network. In this case, data is collected for example by cookies which are stored on your device or by collecting your IP address.

The social networks store the data collected about you as a usage profile and can use this for the purpose of advertising, market research and/or to design the website to meet the needs of users. Such an analysis is done in particular (including for users who are not logged in) to provide appropriate advertising and in order to inform other users of the social network of your activities. If you have an account with the respective social network, the advertising tailored to your interests can be displayed on all devices on which you are or were logged in. You have the right to object to the creation of these user profiles, whereby you have to contact the operator of the respective social network in order to exercise this right.

We have only a very limited or no influence over the data collected about you by the social networks when you visit our social media presences and the data processing operations performed by them. We also do not know the full extent of the data collected, the purpose of the processing or the retention periods. You can find details on this where applicable in the terms of use and data protection policies of the respective social networks.

 

§ Section 1 Your rights

 

(1) We clarify below your rights as a data subject pursuant to Art. 15 GDPR. You can exercise these rights at any time and contact the relevant controller responsible for the respective data processing directly for this reason. Please note that, despite our joint responsibility with the operators of the social networks, we do not have full influence over the data processing operations of the social networks. Our ability to influence depends largely on the company policy of the respective provider.

(2) Right to information
You have the right to request from us information about whether and what data concerning yourself is processed. This also includes information about the purpose of the processing, where applicable on recipients to whom data is disclosed, the planned retention period, where applicable information on the origin of this data, if we have not collected this from you. You also have the right to a copy of your personal data stored by us.

(3) Right to correction
You have the right to ask for incorrect data stored concerning yourself to be corrected. This also includes the right to ask for the completion of incomplete personal data.

(4) Right to erasure
You have the right to ask for incorrect data stored concerning yourself to be erased. If data concerning yourself has been published, the obligation in the context of the “right to be forgotten” pursuant to Art. 17 Para. 2 GDPR also includes, taking into account available technology and the cost of implementation, all links to this data and all copies and replications concerning this data and forwarding your deletion request to further controllers responsible for the processing of this published personal data.

(5) Right to limitation of processing
You have the right to ask for the limitation of the processing of data stored concerning yourself. After this, any processing of this data will only be possible with your consent or for a few statutory purposes.

(6) Right to object to the processing
If the processing of your personal data is based on the balancing of interests, you can object to the processing. This is the case if the processing in particular is not required for the performance of a contract with you. When you exercise a right to make such an objection, we ask that you explain the reasons why your personal data should not be processed.

(7) Right to withdraw consent required under data protection law
If you have given consent for your data to be processed, you can withdraw this at any time. Any such withdrawal will affect the permissibility of the processing of your personal data after you have given the controller notice of the withdrawal.

(8) Right to data portability
You have the right to receive data you have provided the controller concerning yourself in a structured, common and machine-readable format for the purpose of transfer to another controller. This also includes, upon your request and taking into account the available technical possibilities, the direct transfer from one controller to another.

(9) Right to complain to a supervisory authority
You have the right to complain at any time to a supervisory authority about the processing of data concerning yourself.

 

§ Section 2 Processing of personal data by effective

 

(1) We operate our social media presences in order to create awareness of our services and products and to make contact with you as a visitor and user of our social media presences.

(2) We, as the operator of the social media presences, have no interest in the collection and processing of your individual personal data for analysis or marketing purposes. Beyond the data collected by the operator of the respective social network, we do not collect any further personal data ourselves.

(3) The operation of our social media presences including the processing of the personal data of users takes place on the basis of our legitimate interests of interacting with and providing users and visitors with information in a timely and supportive manner pursuant to Art. 6 Para. 1 Letter f. GDPR.

(4) The data collected directly by us via the respective social media presence will be deleted from our systems as soon as the purpose for its storage no longer exists, you ask us to delete it, withdraw your consent for its storage or the purpose for the data storage no longer exists. Stored cookies remain on your device until you delete them. Mandatory statutory regulations, in particular retention periods, remain unaffected.

We do not have any influence over the length of time your data is stored by the operators of the social networks for their own purposes. For details concerning this, please contact the operators of the social networks direct.

 

The social networks in detail

 

Facebook

 

We have a social media presence on Facebook. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook’s data policy includes further information about data processing: https://www.facebook.com/about/privacy/

Opt-out options can be set at https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.

Facebook Inc., the parent company of Facebook Ireland Ltd., is certified under the EU-U.S. Privacy Shield and therefore has a commitment to comply with European data protection regulations. Further information on Facebook’s Privacy Shield status can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

The transfer and further processing of personal data of users in third countries such as the USA, and the associated potential risks for users cannot be ruled out by us as the operator of the page.

 

Processing of personal data with joint responsibility of Facebook and effective

 

(1) Via the “Insights”, of the Facebook page, statistical data is available to us in a range of categories. These statistics are generated and provided by Facebook. We, as the operator of the page, have no influence over how the statistics are generated and displayed. We cannot turn off this function and prevent the generation and processing of the data.

(2) For a selectable period of time and for the categories fans, subscribers, reached persons and interacting persons, Facebook provides us with the following data relating to our Facebook page:

 

Total number of:

  • Page views
  • “Likes”
  • Page activities
  • Post interactions
  • (Post) reaches
  • Video views
  • Comments
  • Shared content
  • Replies
  • Percentage of men and women
  • Origin by country and town
  • Language
  • Clicks on route planner
  • Clicks on telephone numbers

Data is also provided about the Facebook groups linked with our Facebook page.

 

(3) Due to the constant development of Facebook, the availability and processing of data changes, for further details Facebook’s Data Policy is referred to.

(4) We use this data available in aggregated form to make our posts and activities on our Facebook page more attractive for users. For example, we use the allocations by age and gender to ensure that users are addressed appropriately and the preferred visitor times of users to optimise the timing of our posts. Information about the types of devices used by visitors help us to customise the appearance of posts. In accordance with the Facebook terms of service, which every user has agreed to when setting up their Facebook profile, we can identify subscribers and fans of the page and view their profiles and other information shared by them.

 

Agreement of Facebook and effective concerning joint responsibility

 

(1) We have concluded with Facebook in the “Page Insights Controller Addendum” to the existing contractual agreements with Facebook required by GDPR Art. 26 Paras. 1 and 2, who is responsible for what data protection obligations. According to this, Facebook assumes primary responsibility pursuant to GDPR for the processing of Insights data and all obligations under GDPR concerning the processing of Insights data (among others Art. 12 and 13 GDPR, Art. 15 to 22 GDPR and Art. 32 to 34 GDPR). The “Page Insights Controller Addendum” can be viewed at https://www.facebook.com/legal/terms/page_controller_addendum.

 

LinkedIn

 

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

LinkedIn uses advertising cookies. If you would like to deactivate LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

LinkedIn’s privacy policy includes further information about data processing:
https://www.linkedin.com/legal/privacy-policy

LinkedIn Corporation, the parent company of LinkedIn Ireland Unlimited, is certified under the EU-U.S. Privacy Shield and therefore has a commitment to comply with European data protection regulations. Further information on LinkedIn’s Privacy Shield status can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

The transfer and further processing of personal data of users in third countries such as the USA, and the associated potential risks for users cannot be ruled out by us as the operator of the page.

 

YouTube

 

We have a profile on YouTube. The provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

Google’s privacy policy includes further information about data processing:
https://policies.google.com/privacy?hl=de&gl=de

Google LLC, the parent company of Google Ireland Ltd., is certified under the EU-U.S. Privacy Shield and therefore has a commitment to comply with European data protection regulations. Further information on Google’s Privacy Shield status can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The transfer and further processing of personal data of users in third countries such as the USA, and the associated potential risks for users cannot be ruled out by us as the operator of the page.

 

Date: 04.11.2019