Privacy Policy

1. General information and principles of data processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data, so-called personal data, when using our website is important to us.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your email address, but also your IP address.

Data for which no reference to your person can be established, for example through anonymization, is not personal data. Processing (e.g. collection, storage, retrieval, consultation, use, transmission, erasure or destruction) in accordance with Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be complied with.

Here you will find information on how we handle your personal data when you visit our website. In order to provide the functions and services of our website, it is necessary for us to collect personal data about you.

We also explain to you the type and scope of the respective data processing, the purpose and the corresponding legal basis and the respective storage period.

This privacy policy applies only to this website. It does not apply to other websites to which we merely refer via a hyperlink. We cannot accept any responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please refer directly to these websites for information on how these companies handle your personal data.

2. Responsible body

Responsible for the processing of personal data on this website is (see imprint): Pei Yu, Kollwitzstrasse 76, 10435 Berlin, Germany, +49 015170868259, hello@justmee-nails.com.

3. Provision and use of the website/ server log files

a) Type and scope of data processing

If you use this website without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect technically necessary data via server log files, which are automatically transmitted to our server, e.g:

● IP address

● Date and time of the request

● Name and URL of the retrieved file

● Website from which the access is made (referrer URL)

● Access status/HTTP status code

● Browser type

● Language and version of the browser software

● Operating system

b) Purpose and legal basis

This processing is technically necessary in order to display our website to you. We also use the data to ensure the security and stability of our website.

The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR. The processing of the aforementioned data is necessary for the provision of a website and thus serves to safeguard a legitimate interest of our company.

c) Storage period

As soon as the aforementioned personal data is no longer required to display the website, it will be deleted. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object to this aspect. Further storage may take place in individual cases if this is required by law.

4. Use of cookies

a) Type, scope and purpose of data processing

We use cookies. Cookies are small files that are sent by us to the browser of your end device and stored there when you visit our website.

Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, on the other hand, enable us to perform various analyses. For example, some cookies can recognize the browser you are using when you visit our website again and transmit various information to us. We use cookies to facilitate and improve the use of our website. Among other things, cookies enable us to make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. However, cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. Various types of cookies are used on our website, the type and function of which are explained below.

Temporary cookies/session cookies

Our website uses so-called temporary cookies or session cookies, which are automatically deleted as soon as you close your browser. This type of cookie makes it possible to record your session ID. As a result, various requests from your browser can be assigned to a common session and it is possible to recognize your end device on subsequent website visits.

Permanent cookies

So-called permanent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and can transmit information. The respective storage period differs depending on the cookie. You can delete permanent cookies yourself via your browser settings.

Third-party cookies

We use analytical cookies to monitor anonymized user behavior on our website.

We also use advertising cookies. These cookies can be used to track user behavior for advertising and targeted marketing purposes.

Social media cookies make it possible to establish a connection to your social networks and to share content from our website within your networks.

Configuration of the browser settings

Most web browsers are preset to accept cookies automatically. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may then no longer be able to use all the functions of our website.

You can also use your browser settings to delete cookies already stored in your browser. It is also possible to set your browser to notify you before cookies are stored. As the various browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the corresponding configuration options.

Deactivating the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you will have to deactivate it again.

b) Legal basis

Due to the purposes of use described, the legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice ("cookie banner") provided by us on the website, the legal basis is additionally Art. 6 para. 1 lit. a) GDPR.

c) Storage period

As soon as the data transmitted to us via the cookies is no longer required for the purposes described above, this information is deleted. Further storage may take place in individual cases if this is required by law.

5. Data collection for the implementation of pre-contractual measures and for contract fulfillment

a) Type and scope of data processing

We collect personal data about you in the pre-contractual area and when the contract is concluded. This concerns, for example, your first and last name, address, e-mail address, telephone number or bank details.

b) Purpose and legal basis of data processing

We collect and process this data exclusively for the purpose of executing the contract or fulfilling pre-contractual obligations.

The legal basis for this is Art. 6 para. 1 lit. b) GDPR. If you have also given your consent, the additional legal basis is Art. 6 para. 1 lit. a) GDPR.

c) Storage period

The data will be deleted as soon as it is no longer required for the purpose of its processing.

In addition, there may be statutory retention obligations, for example commercial or tax retention obligations under the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, we will block or delete your data at the end of these retention obligations.

6. Order form

An order form is available on our website, which can be used for electronic pre-orders.

a) Type and scope of data processing

Our data collection is limited to the following data:

● First and last name

● Phone number

● E-mail address

● Account details

● Name of the product

b) Purpose and legal basis

The purpose of data processing is to enable us to process your order properly.

The legal basis for this is Art. 6 para. 1 lit. b) GDPR. The processing of the data serves the fulfillment of a contract or is necessary for the implementation of a pre-contractual measure, which has taken place at the request of the data subject

c) Storage period

The data will be deleted as soon as it is no longer required for the purpose for which it was processed.

In addition, there may be statutory retention obligations, for example commercial or tax retention obligations under the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, we will block or delete your data at the end of these retention obligations.

7. Registration option

a) Type and scope of data processing

You can register on our website. When you register, we collect and store the data you enter in the input mask (e.g. surname, first name, e-mail address). This data is not passed on to third parties.

b) Purpose and legal basis of data processing

Your registration is required for the use of certain content and services on our website or for the fulfillment of a contract or for the implementation of pre-contractual measures. After registration, you are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database.

In the case of consent, the legal basis for processing is Art. 6 para. 1 lit. a)
GDPR. If your registration serves to prepare the conclusion of a contract, Art. 6 para. 1 lit. b) GDPR is an additional legal basis.

c) Storage period

The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

8. Data transmission

We only pass on your personal data to third parties if:

a) you have given your express consent to this in accordance with Art. 6 para. 1 lit. a) GDPR.

b) this is permitted by law and required under Art. 6 (1) (b) GDPR to fulfill a contractual relationship with you or to carry out pre-contractual measures.

c) there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c) GDPR.

We are legally obliged to transmit data to state authorities, e.g. tax authorities, social security institutions, health insurance funds, supervisory authorities and law enforcement agencies.

d) the disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is necessary to safeguard legitimate company interests, as well as for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

e) in accordance with Art. 28 GDPR, we use external service providers, so-called processors, who have been obliged to handle your data with care.

We use such service providers in the following areas:

● IT

● Logistics

● Telecommunications

When transferring data to external bodies in third countries, i.e. outside the EU or the EEA, we ensure that these bodies treat your personal data with the same care as within the EU or the EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we ensure the careful handling of personal data through contractual agreements or other suitable guarantees.

9. Application option
a) Type and scope of data processing

You can apply for a job on our website or by e-mail. When you apply, we collect and store the data that you enter in the input mask or that you send us by e-mail.

b) Purpose and legal basis
We only process your data for the purpose of processing your application.
Your data will not be passed on to third parties. The legal basis for the processing is Art. 88 para. 1 GDPR in conjunction with. § Section 26 BDSG and additionally Art. 6 para. 1 lit. b) GDPR.

If you give us your consent to include in our applicant pool, the legal basis is Art. 6 (1) (a) GDPR.

c) Storage period

If we are unable to offer you a position, we will store your data for a maximum of six months after the end of the application process in accordance with Section 61b (1) ArbGG in conjunction with Section 15 AGG. § 15 AGG. The start of the period is the receipt of the rejection letter.

If you have given us your consent to include you in our applicant pool, we will store your data for a maximum of two years.

d) Data transfer

Your data will only be received by the departments involved in the decision (responsible HR or specialist departments, management, works council).

We are also obliged to transmit your data to public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office, social security institutions, etc.).

Other data recipients may be those bodies for which you have given us your consent to transfer data.

10. Comment function

a) Type and scope of data processing

You can comment on posts on our website. If you comment on a post, we collect and store the data you enter in the input mask. In addition to the comments you leave, details of the time you entered the comment and any user name (pseudonym) you have chosen will also be stored and published. The IP address assigned by the data subject's Internet service provider (ISP) is also stored. This information is not passed on to third parties.

b) Purpose and legal basis

The data transmitted by you (e.g. the IP address) is used for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content through a comment.

This collected personal data will not be passed on to third parties unless such a transfer is required by law or serves the legal defense of the controller.

The legal basis for the processing of personal data transmitted when using the comment function is, if and insofar as you have given your consent, Art. 6 para. 1 lit. a) GDPR. You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Another legal basis is Art. 6 para. 1 lit. f) GDPR.

We have a legitimate interest in processing if the rights of third parties are violated or illegal content is posted. This is for security reasons if someone posts illegal content in comments and contributions (insults, prohibited political propaganda, etc.)

c) Storage period

The comments and the associated data (e.g. IP address) are stored and remain on our website until the commented content has been completely deleted or the comments must be deleted for legal reasons.

11. Contact form

a) Type and scope of data processing

On our website, we offer you the opportunity to contact us via a form provided. As part of the process of sending your request via the contact form, reference is made to this privacy policy to obtain your consent.

If you make use of the contact form, the following personal data will be processed by you:

- Salutation

- First name

- Surname

- Title

- Company

- Industry

- Function

- Street

- Street number

- Zip code

- Location

- Country

- E-mail address

- Phone number

- Subject

- Content of the message

b) Purpose and legal basis

The purpose of providing your e-mail address is to send you an answer to your request by e-mail. When using the contact form, your personal data will not be passed on to third parties.

The legal basis for the processing is consent pursuant to Art. 6 (1) (a) GDPR on the basis of the declaration of consent voluntarily given by you below and revocable at any time for the future:

c) Storage period

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request).

Mandatory statutory provisions - in particular retention periods in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO) - remain unaffected by this.

12. Contact options by e-mail

You can contact us by e-mail on our website.

a) Type and scope of data processing

You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account you use to contact us and any personal data you provide when contacting us.

b) Purpose and legal basis

The purpose of data processing is to enable us to respond to your request appropriately. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. There is a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request properly.

c) Storage period

The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted regularly if the purpose of the communication no longer applies and storage is no longer necessary. This may result, for example, from the processing of your request.

13. Newsletter
a) Type and scope of data processing

You can subscribe to a free regular e-mail newsletter on our website. To be able to send you the newsletter regularly, we need your e-mail address.

We use the so-called double opt-in procedure for sending newsletters.

This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters from us by clicking on a corresponding link.

This is to ensure that only you as the owner of the specified e-mail address can register for the newsletter. Your confirmation must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.

When you subscribe to the newsletter, we collect and store the data you enter in the input mask (e.g. surname, first name, e-mail address).

When you register for the newsletter, we also store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. In the confirmation e-mail sent out for control purposes (double opt in the
e-mail), we also store the date and time of the click on the confirmation link and the IP address entered by the Internet service provider (ISP).

b) Purpose and legal basis
The data collected by us when you register for the newsletter is used exclusively for the purpose of advertising by means of the newsletter.

The processing of your email address for the newsletter mailing is based on your voluntary declaration of consent, which you can revoke at any time in the future, in accordance with Art. 6 para. 1 lit. a) GDPR and Section 7 para. 2 no. 3 UWG.

In addition, the processing is based on Art. 6 para. 1 lit. f) GDPR due to our legitimate interests in documenting the proof of the required consent.

c) Storage period

Your e-mail address will be stored for as long as you have subscribed to the newsletter. After you unsubscribe from the newsletter, your e-mail address will be deleted unless you have expressly consented to further use of your data.

14. Tracking and analysis tools

Here you can find a detailed overview of the web analysis and social media tools we use:

Google Analytics

We use the tracking tool Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com ("Google") on our website.

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site.

The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

On behalf of the operator of this website, Google will use this information for the purpose of systematically evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

If individual pages of our website are called up, the following data is stored:

-three bytes of the IP address of the user's calling system (anonymised

IP address)

-The accessed web page

-The website from which the user accessed the page of our website (referral URL).

-The subpages that are called up from the page called up

-The length of stay on the website

-The frequency with which the website is accessed

We use Google Analytics with IP anonymisation activated. This ensures that the

IP addresses are shortened by the last octet (e.g. 192.168.79.***; so-called IP masking). An assignment of the shortened IP address to the calling computer or terminal device of the user is no longer possible.

The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is your consent in accordance with Art. 6 Para. 1 lit. a) DS-GVO.

We delete the stored data as soon as it is no longer required for our recording purposes. In our case, the storage period is a maximum of 24 months.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de 

More information on the terms of use of Google Analytics:

www.google.com/analytics/terms/de.html 

More information on the data protection of Google Analytics:

https://support.google.com/analytics/answer/6004245?hl=de 

In addition, you can change your consent in the cookie settings [Change your consent] at any time.

Instagram

If you visit our Instagram channel, personal data will be stored and processed by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 D02 X525, Ireland, as provider of Instagram in accordance with Instagram's privacy policy. You can find the privacy policy here:

https://help.instagram.com/519522125107875
 We use the statistics service Instagram Insights for
the purpose of demand-oriented design and continuous optimisation of our pages. This service records your activity on our site and makes it available to us in anonymised statistics. This provides us with information about, among other things, the interactions of our fan page visitors, the views of our page, the reach of posts, information about the activity of our subscribers as well as information about which countries and locations our visitors come from and statistics about the gender ratios of our visitors. It is not possible for us to draw conclusions about individual users or access individual user profiles.

Meta Pixel / Meta Conversion Tracking

We use the visitor action pixel of the provider Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2 D02 X525, Ireland ("Meta") within our website. The remarketing tag or tracking pixel of Meta was implemented. Meta and we are jointly responsible for the data processing.

The meta pixel makes it possible for Meta to determine the visitors to our online offer as a target group for the display of advertisements (so-called "meta ads"). The tracking of a user can also take place across several websites. We use the meta pixel to display the meta ads placed by us only to those meta users who have shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products determined on the basis of the websites visited), which we transmit to Meta (so-called "custom audiences").

With the help of the meta pixel, we can also track the effectiveness of the meta ads for statistical and market research purposes ("audience insights") by seeing whether users were redirected to our website after clicking on a meta ad (so-called "conversion").

The meta pixel is a Javascript code that sends the following data to Meta:

-HTTP header information : including IP address, web browser information, page location, document, website URL and web browser device (computer, smartphone, tablet, other) as well as day and time of use.

-Pixel specific data: Pixel ID and meta-cookie data including your meta ID (these are used to link events to a specific meta-advertising account and thus associate them with a meta-user).

-Additional information about the visit and about standard and custom data events.

You can find more information here.

We also use the additional function "automatic extended matching". Here, data such as first and last name, place of residence, email addresses, telephone numbers or Meta IDs of the users are transmitted to Meta in encrypted form for the creation of target groups ("Custom Audiences" or "Look Alike Audiences"). This also includes data from non-Meta users and from users who are not registered with Meta when they visit our website. This can also identify website visitors who have deactivated the storage of third-party cookies.

If no meta-cookies are stored in your browser, no classification into one of the user groups designated as "Custom Audience" will be made. However, if an assignment of the meta ID contained in the meta cookie to a meta user has been made, Meta will assign this user to a so-called "Custom Audience" based on the rules defined by us.

According to the case law of the European Court of Justice, we are jointly responsible with Meta for the operation of the tracking pixel with regard to compliance with data protection regulations. In this context, Meta provides the associated IT infrastructure as well as the website of the social network and is basically the primary contact when it comes to the processing of your data on the pages of the social network (e.g. information or deletion). However, you can also assert your legal rights against us. In this case, we will forward your requests to the operator of the social network. We use the meta pixel to display the "meta ads" we place to meta users who have shown an interest in our online offer or who have certain characteristics that we transmit to Meta (so-called "custom audiences").

The legal basis for the use of Meta Custom Audience is your consent in accordance with Art. 6 para. 1 lit. a) DS-GVO.

You can find more information about this here and in Meta's privacy policy.

Paypal

We offer the option of processing the payment transaction via the payment service provider PayPal, PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

For payment via PayPal, credit card via PayPal, direct debit via PayPal or - if offered

- "Purchase on account" via PayPal, we pass on your payment data to PayPal as part of the payment processing. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these have their basis in a scientifically recognised mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values.

For further information on data protection law, including information on the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full 

Shopify

We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.We use Shopify on a processing basis on our behalf.

When you visit our website, Shopify collects your IP address and information about the device and browser you are using. Furthermore, Shopify analyses user behaviour and creates user statistics. When you make a purchase from our website, Shopify collects your name, email address, shipping and billing addresses, payment information and other data related to the purchase (e.g. phone number, amount of sales made, etc.). For the analyses, Shopify stores cookies in your browser.

All data collected on our website is processed on Shopify's servers. In case of transfer of data to Shopify Inc. in Canada, the adequate level of data protection is guaranteed by adequacy decision of the European Commission. For further information on Shopify's data protection, please visit the following website: https://www.shopify.de/legal/datenschutz.

Shopify Payments

We use the payment service provider "Shopify Payments", If you choose a payment method offered via the payment service provider Shopify Payments, the payment processing is carried out via the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process.

The transfer of your data to Stripe is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations. All data required for payment processing are used exclusively for the execution of payments and are transmitted via the "SSL" procedure. Stripe is certified according to PCI DSS.

Stripe may transfer, process and store personal data outside the EU. In this case, Stripe has agreed to EU standard contractual clauses for data transfers outside the EU/EEA, which ensure a level of data protection comparable to the GDPR.

For more information about Shopify Payments' privacy practices, please visit https://www.shopify.com/legal/privacy.

You can find more information about Stripe's data protection at: https://stripe.com/de/privacy.

YouTube videos

On our YouTube channel you can find videos or helpful tips about our offer. The customer service team also professionally answers users' questions and comments on YouTube. Personal data is stored and processed by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland ("Google"), as operator of YouTube, in accordance with Google's privacy policy. You can find the privacy policy here: https://policies.google.com/privacy?hl=de&gl=deMithilfe YouTube's Analytics functions enable us to carry out certain statistical evaluations to optimise our channel. This includes, in particular, details of the most popular videos (e.g. length of time users spend on the channel, ranking of videos), target groups (e.g. countries, language settings, age and gender, activity times) and the reach of our channel (e.g. where users were directed to a video from) and impressions (e.g. how many users saw a particular ad). It is not possible for us to draw conclusions about individual users or access individual user profiles.Further information about YouTube's analytics functions can be found at: https://support.google.com/youtube/answer/9002587?hl=de 

Facebook
If you access our Facebook fan page, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 D02 X525, Ireland , collects, stores and processes your personal data in accordance with Facebook's privacy policy. You can find the privacy policy here:

https://de-de.facebook.com/policy.php

Within the framework of the "Facebook Insights" function, Facebook may provide us with the following data categories, among others, in anonymised / statistical form for the purpose of performance measurement and optimisation of our Facebook presence:

-Predefined interactions on our fan page

-timestamp

-country/city of the user

-HTTP language code

-age/gender group

-Previously visited website (so-called referral URL)

-End device of the user

-Facebook user ID (if logged in)

With regard to the processing of insights data, there is a joint responsibility between Facebook and us, within the framework of which Facebook has assumed primary responsibility. This concerns the processing of insights data and the implementation of the data subjects' rights. Please therefore contact Facebook directly regarding all obligations under the GDPR with regard to the processing of insights data. We will forward any requests we receive in this regard to Facebook. Further details are set out in the Joint Controller Addendum, which can be found at www.facebook.com/legal/terms/page_controller_addendum.

You can find more information about Facebook Insights here:

www.facebook.com/legal/terms/information_about_page_insights_data 

15. Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. To this end, we take extensive technical and organizational security precautions, which are  regularly reviewed and adapted to technological progress.  

This includes the use of recognized encryption methods (SSL or TLS). However, data disclosed in unencrypted form, for example by unencrypted e-mail, may be read by third parties. We have no influence over this. It is the responsibility of the respective user to protect the data provided by them against misuse through encryption or in any other way.

16. Changes to the Declaration

We reserve the right to update this declaration at any time if necessary.

17. Your rights

Here you will find your rights in relation to your personal data. Details can be found in Articles 7, 15-22 and 77 GDPR. You can contact the controller in this regard (Section 2).

Right to withdraw your consent under data protection law in accordance with Art. 7 para. 3 sentence 1 GDPR

You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the legality of the processing carried out up to the point of withdrawal.

a) Right to information in accordance with Art. 15 GDPR

You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.

b) Right to rectification and completion in accordance with Art. 16 GDPR

You have the right to request the rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

c) Right to erasure ("right to be forgotten") pursuant to Art. 17 GDPR

You have the right to erasure if the processing is not necessary.
This is the case, for example, if your data is no longer required for the original purposes, if you have revoked your declaration of consent under data protection law or if the data has been processed unlawfully.

d) Right to restriction of processing in accordance with Art. 18 GDPR

You have a right to restriction of processing, e.g. if you believe that the personal data is incorrect.

e) Right to data portability pursuant to Art. 20 GDPR

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.

f) Right to object pursuant to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you.

In the case of direct advertising, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

g) Automated decision-making in individual cases including profiling in accordance with Art. 22 GDPR

You have the right not to be subject to a decision based solely on automated processing - including profiling - except in the exceptional circumstances mentioned in Art. 22 GDPR.

No decision-making based solely on automated processing - including profiling - takes place.

h) Complaint to a data protection supervisory authority pursuant to Art. 77 GDPR

You can also lodge a complaint with a data protection supervisory authority at any time, for example if you are of the opinion that the data processing does not comply with data protection regulations.