Information
Privacy policy
Privacy Policy Tobi GmbH&Co.KG
All personal data will be treated confidentially. Our data protection practice is in accordance with the Federal Data Protection Act (BDSG) and the Basic Data Protection Ordinance (DSGVO). In the following we inform you about the details of data protection:
Responsible person in the sense of the DSGVO and the BDSG
Tobi GmbH & Co. KG
Wildmoos 2, 82266 Inning am Ammersee, Germany
Fax: 0049-8143-99949-199
E-mail: info@babybay.de
Data Protection Officer
You can reach the data protection officer at:
E-mail: datenschutz@babybay.de
Fax: 0049-8143-99949-199
1. The reasons for data collection
We collect and process your data to provide our website and to provide you with the best possible service through convenient access to our services.
2. What data is collected, processed or used?
2.1 Visiting our website
When you access our website, our servers automatically collect information of a general nature, in particular for the purpose of establishing the connection, functionality and system security. This includes the type of browser used, the operating system used, the domain name of the Internet service provider, the connection data of the computer used (IP address), the website from which you are visiting us (referrer URL), the pages you visit on our website and the date and duration of your visit. Conclusions from these data to certain persons are not possible for us due to a pseudonymisation.
2.2 Contact form
If you contact us via a contact form, personal data is collected. Which data is collected in each case can be seen from the contact form. The data is stored for the purpose of processing your inquiry. Mandatory fields are marked with an asterisk (*). All other information is voluntary. We delete the data arising in connection with the contact form after the storage is no longer necessary, or restrict the processing if there are legal storage obligations. The legal basis for the processing of your personal data is Art. 6 Para. 1 lit. b) DSGVO when it comes to contacting you in the context of concluding a contract. In addition, it is our legitimate interest to answer your inquiries, so in this case Art. 6 para. 1 lit. f) DSGVO is the legal basis.
2.3 Newsletter registration
With your consent, you can subscribe to our free e-mail newsletter, which informs you about current interesting offers. You can unsubscribe from the newsletter at any time by notifying the responsible person, cf. at the beginning of our data protection policy, e.g. by sending an e-mail to info@babybay.de. The legal basis is Art. 6 Para. 1 S. 1 lit. a) DSGVO.
2.4 Dispatch of our e-mail newsletter to our existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers of similar goods or services to those already purchased from our range by e-mail. According to § 7 Abs. 3 UWG, this does not require any separate consent from you. The data processing takes place on the basis of our justified interest in the transmission of personalised direct advertising in accordance with Art. 6 Para. 1 lit. f) DSGVO. However, if you have initially objected to the use of your e-mail address for this purpose, we will of course not send you any e-mails. Even if you have not initially objected, you are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the person responsible, cf. beginning of our data protection policy. For this only transmission costs according to the basic tariffs are incurred. After receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.
2.5 Data processing when opening a customer account / registration
We collect personal data and process it when you provide it to us when executing a contract or opening a customer account. The legal basis is Art. 6 Para. 1 lit. b) DSGVO. Which data is collected can be found in the respective input forms. The deletion of your customer account is possible at any time and can take place by a message to the contact address of the responsible person. We store and use the data provided by you to process the contract between you and us. After complete completion of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data from our side was reserved, about which we inform you with the present data protection provision.
2.6 Data processing for guest orders
You have the option of placing an order without registering a customer account. Personal data will also be collected and processed in accordance with Art. 6 Para. 1 lit. b DSGVO. Which data is collected and processed can be seen from the respective input forms. We store and use the data communicated by you in the context of the guest order for the contract winding up. After complete completion of the contract, your data will be blocked with regard to tax and commercial retention periods and deleted at the end of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data from our side was reserved, about which we inform you in the context of this data protection provision.
2.7 Data processing for order processing - data transfer to third parties
Data transfer to shipping service providers. The personal data collected by us will be forwarded to the transport company commissioned with the delivery (e.g. DHL-Deutsche Post AG, DPD Deutschland GmbH, or forwarding agents designated by us) within the framework of contract processing, insofar as this is necessary for the delivery of the goods. For the purpose of arranging the delivery date for forwarding goods, we also provide the transport company with your telephone number. Legal basis for the passing on of the data is art. 6 para. 1 lit. b) and f) DSGVO.
Data transfer to payment service providers (payment service providers) and credit assessment
PayPal:
We have integrated components of PayPal on our website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which are virtual private or business accounts.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the person concerned selects "PayPal" as the payment option during the ordering process in our online shop, the data of the person concerned is automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, surname, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. For the completion of the sales contract such personal data are also necessary, which stand in connection with the respective order.
The transmission of the data is intended for payment processing and fraud prevention. The person responsible for the processing will transfer personal data to PayPal in particular if there is a justified interest in the transfer. The personal data exchanged between PayPal and the data controller may be transferred by PayPal to credit agencies. The purpose of this transfer is to check identity and creditworthiness.
PayPal may transfer the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil the contractual obligations or if the data is to be processed on behalf of the customer.
The person concerned has the opportunity to revoke his or her consent to the handling of personal data at PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
The valid data protection regulations of PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Paypal checkout:
This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local payment methods from third parties. Payment via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "Pay later" via PayPal we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), further. The transfer takes place in accordance with Art. 6 Paragraph 1 lit. b GDPR and only to the extent that this is necessary for payment processing.PayPal reserves the right to use the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "Pay later" via PayPal - the implementation of a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing. If you select the PayPal payment method "purchase on account", your payment data will first be sent to PayPal to prepare the payment, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") to carry out the payment. The legal basis is Article 6 (1) (b) GDPR. In this case, RatePay carries out an identity and credit check on its own behalf to determine solvency in accordance with the principle already mentioned and gives your payment data to credit agencies based on the legitimate interest in determining solvency in accordance with Article 6 (1) (f) GDPR further. A list of the credit agencies that Ratepay can use can be found here: https://www.ratepay.com/legal-payment-creditagencies/
When using the payment method of a local third-party provider, your payment data will first be passed on to PayPal in accordance with Article 6 (1) (b) GDPR in order to prepare the payment. Depending on your selection of an available local payment method, PayPal then transmits your payment data to the relevant provider to carry out the payment in accordance with Article 6 (1) (b) GDPR:
- Immediately (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, The Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
For more information on data protection law, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
3. Integration of YouTube videos
We have included YouTube videos in our online offering, which are stored at http://www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the following data be transmitted. We have no influence on this data transfer. When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. The IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request came, browser, operating system and its interface, language and version of the browser software are transmitted. This occurs regardless of whether YouTube provides a user account that you are logged in to, or whether no user account exists. If you are logged into Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website.
You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Further information on the purpose and scope of data collection and processing by YouTube can be found in the Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the processing is Art. 6 Para. 1 lit. f) DSGVO.
4. Integration of Google Maps
On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and allows you to conveniently use the map function. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, website from which the request came, browser, operating system and its interface, language and version of the browser software are transmitted. This occurs regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and / or needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website.
You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the processing is Art. 6 Para. 1 lit. f) DSGVO.
5. Raffles
From time to time, you will have the opportunity to participate in competitions on our website. Personal data (e-mail address, name, address and any other data required for the competition) may also be collected and stored for the purpose of processing the competition. The personal information you provide to us will only be used to process the competition (e.g. to determine the prize, notify you of the prize and hand over the prize). As part of the competition, we will specifically inform the participant about data processing in connection with the specific competition. The data of the participants will be deleted after the end of our sweepstakes.
6. Deletion
Personal data will be deleted or blocked as soon as the purpose of storage no longer applies or you request deletion. The data will also be deleted if a storage period prescribed by the aforementioned standard expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract or you have given your consent to this.
7. Cookies
Cookies are used so that the use of the websites and the preferences of the website visitors can be made attractive. In this way, for example, your details are saved for the selection of a language. Cookies are text files that are stored on your hard drive to enable identification of the browser when the website is called up again. You can prevent cookies from being stored on your hard drive by making the appropriate browser settings.
Cookies that have already been set can be deleted at any time. For information on how to delete cookies or prevent their storage, please refer to the respective browser instructions. If you do not accept cookies, this can lead to an impairment in the use of our website. The legal basis for the processing of cookies is Art. 6 Para. 1 lit. f) DSGVO.
8. Data security
We secure our website and other systems through technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons. Depending on the browser used, the data is transmitted using 128-bit to 256-bit SSL encryption. Despite regular checks and constant improvement of our security measures, complete protection against all dangers is not possible.
9. Google AdWords Remarketing
Our website uses the functions of Google AdWords Remarketing, hereby we advertise this website in the Google search results, as well as on third party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). To this end, Google places a cookie in the browser of your terminal device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. Processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Para. 1 lit. f) DSGVO.
Further data processing will only take place if you have agreed to Google linking your Internet and app browser history to your Google account and using information from your Google account to personalise advertisements you view on the web. In this case, if you are logged into Google during your visit to our website, Google will use your information in conjunction with Google Analytics data to create and define cross-device remarketing target audience lists. Google will temporarily link your personal data to Google Analytics data in order to create target groups. You can permanently disable the setting of cookies for ad preferences by downloading and installing the browser plug-in available from the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can contact the Digital Advertising Alliance at the Internet address www.aboutads.info to find out about the setting of cookies and configure your settings. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or whether to exclude the acceptance of cookies in certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted.
Google LLC, headquartered in the USA, is certified for the us European Privacy Shield Agreement, which ensures compliance with the data protection level applicable in the EU. Further information and the data protection regulations regarding advertising and Google can be found here: http://www.google.com/policies/technologies/ads/
10. Use of Google Analytics for web analysis
This website uses Google Analytics, a web analysis service provided by Google Inc. (www.google.de). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. If IP anonymisation is activated on this website, however, Google will shorten your IP address beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. The data will be deleted after 26 months.
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
The terms of use and information on data protection can be found at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/. respectively.
11. Use of social media plug-ins
11.1 Which providers do we use?
We currently use the following social media plug-ins: Facebook, Instagram, Google+, Pinterest. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box above its initial letter or the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have called up the corresponding website of our online service. In addition, the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request came, browser, operating system and its interface, language and version of the browser software are transmitted. In the case of Facebook, the IP address is anonymized immediately after collection according to the information provided by the respective provider in Germany. By activating the plug-in, personal data is transmitted from you to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grayed-out box.
11.2 No influence by us
We have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also do not have any information on the deletion of the collected data by the plug-in provider.
11.3 Use by Provider
The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Para. 1 S. 1 lit. f) DSGVO.
11.4 Data transfer
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid being assigned to your profile by the plug-in provider.
11.5 Data protection declaration of the providers
Further information on the purpose and scope of the data collection and processing by the plug-in provider can be found in the following data protection declarations of these providers. There you will also find further information on your rights in this regard and setting options to protect your privacy.
Addresses of the respective plug-in providers and URL with their data protection information:
Facebook Inc. 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram LLC, 1 Hacker Way, Building 14 First Floor, Mento Park, CA, USA, https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy
Google Inc. 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Pinterest Inc., 808 Braunau Street, San Francisco, CA 94103-490, USA, https://about.pinterest.com/de/privacy-policies.
11.6. Facebook pixels
We use the Facebook pixel, a Facebook business tool from Facebook Ireland Limited (Ireland, EU) on our website. Information on Facebook Ireland's contact details and the contact details of Facebook Ireland's data protection officer can be found in Facebook Ireland's data policy at https://www.facebook.com/about/privacy.
The Facebook pixel is a piece of JavaScript code that allows us to track visitor activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data):
Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product. Specific pixel information such as pixel ID and Facebook cookie.
Information about buttons clicked by visitors to the website;
Information contained in HTTP headers, such as IP addresses, web browser information, page location and referrer; Information on the status of the deactivation/restriction of ad tracking.
Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the Facebook pixel, via which information is stored on the device you are using. Such storage of information by the Facebook pixel or access to information that is already stored in your device only takes place with your consent.
Tracked conversions appear in our Facebook Ads Manager dashboard and Facebook Analytics. We may use the conversions tracked there to measure the effectiveness of our ads, to set Custom Audiences for ad targeting, for Dynamic Ads campaigns and to analyze the effectiveness of our website's conversion funnels. The functions we use via the Facebook pixel are described in more detail below.
Processing of event data for advertising purposes
The event data collected via the Facebook pixel is used to target our ads and to improve ad delivery, to personalize functions and content, and to improve and secure Facebook products.For this purpose, event data is collected on our website using the Facebook pixel and transmitted to Facebook Ireland. This will only happen if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Facebook Ireland is therefore Article 6 (1) (a) GDPR. You can revoke your consent via our consent management.
This collection and transmission of the event data is carried out by us and Facebook Ireland as jointly responsible. We have entered into a processing agreement with Facebook Ireland as joint controllers, which sets out the distribution of data protection obligations between us and Facebook Ireland. In this Agreement, we and Facebook Ireland have agreed, among other things, that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR on the joint processing of personal data, that Facebook Ireland is responsible for enabling the rights of data subjects pursuant to Art. 15 to 20 GDPR with regard to the personal data stored by Facebook Ireland after joint processing. You can access the agreement concluded between us and Facebook Ireland at https://www.facebook.com/legal/controller_addendum.
Facebook Ireland is solely responsible for the subsequent processing of the transmitted event data. For more information on how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how you can exercise your rights against Facebook Ireland, please see Facebook Ireland's Data Policy at https://www.facebook.com /about/privacy.
Processing of event data for analysis purposes. We have also commissioned Facebook Ireland to prepare reports on the effectiveness of our advertising campaigns and other online content (campaign reports) and analyzes and insights into users and their use of our website and products based on the event data collected via the Facebook pixel and create services (analyses). For this purpose, we transmit personal data contained in the event data to Facebook Ireland. The transmitted personal data is processed by Facebook Ireland as our processor in order to provide us with the campaign reports and analyses.
Personal data will only be processed to create analyzes and campaign reports if you have given your prior consent. The legal basis for this processing of personal data is therefore Art. 6 Para. 1 Letter a GDPR. A transmission of data to Facebook Inc. in the USA cannot be ruled out. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the "Data transfer to third countries" section.
10.7. TiKTok Pixel
We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok advertiser tool from the two providers. TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both hereinafter collectively referred to as “TikTok”).
The TikTok Pixel is a snippet of JavaScript code that allows us to understand and track visitor activity on our website. The Tiktok Pixel collects and processes information about the creators of our website or the devices they use (so-called event data).
The event data collected via the TikTok Pixel is used to target our ads and to improve ad delivery and personalized advertising. For this purpose, the event data collected on our website using the TikTok pixel is transmitted to Facebook TikTok.
Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the TikTok Pixel, via which information is stored on the device you are using. Such storage of information by the TikTok pixel or access to information that is already stored in your end device only takes place with your consent. The legal basis for the collection and transmission of personal data by us to TikTok is therefore Article 6 (1) (a) GDPR. You can revoke your consent at any time using our Consent Management Tool. This collection and transmission of the event data is carried out by us and TikTok as joint controllers. We have entered into a processing agreement with TikTok as joint controllers, which sets out the distribution of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things, that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR about the joint processing of personal data, that TikTok is responsible for protecting the rights of data subjects in accordance with Art. 15 to 20 GDPR with regard to the personal data stored by Facebook Ireland after joint processing. You can check the agreement between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871. recall.
TikTok is solely responsible for the processing of the transmitted event data that follows the transmission. For more information on how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, see TikTok's data policy at https://www.tiktok.com/legal/privacy -policy?lang=en-EN.
12. Applications
We also collect and process personal data from applicants for the purpose of processing the application process we have carried out. The processing can also be carried out electronically. This is always the case if the applicant submits application documents to us electronically, i.e. by e-mail or via a web form implemented on our website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If, however, no employment contract is concluded between us and the applicant, the application documents will be deleted four months after notification of the rejection decision, provided that no other legitimate interests of the person responsible oppose such deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG). We would like to evaluate all applicants only according to their qualifications and therefore ask them to refrain as far as possible from providing information on racial or ethnic origin, political opinions, religious or ideological convictions or any trade union membership, genetic data, biometric data for the unambiguous identification of a natural person, health data or data on sexual life or sexual orientation in their application.
13. Rights of the data subject
If personal data is processed by you, you are the data subject within the meaning of the DSGVO and you have the following rights vis-à-vis the person responsible:
13.1 Right to information
You can request confirmation from the person responsible as to whether personal data relating to you will be processed by us.
In the event of such processing, you may request the following information from the data controller:
- the purposes for which the personal data will be processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
- the planned duration of the retention of the personal data concerning you or, if it is not possible to provide specific information in this regard, the criteria for determining the retention period;
- the existence of a right to rectify or erase personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the origin of the data, if the personal data are not collected from the data subject.
13.2 Right to rectification
You have the right to have your personal data corrected and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must carry out the rectification immediately.
13.3 Right to limitation of processing
Under the following conditions, you may request that the processing of your personal data be restricted:
if you dispute the accuracy of the personal data concerning you for a period of time which allows the data controller to verify the accuracy of the personal data;
the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or if you have lodged an objection against the processing pursuant to Art. 21 para. 1 DSGVO and it is not yet clear whether the justified reasons of the controller outweigh your reasons. If the processing of personal data concerning you has been restricted, such data - apart from their storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the processing restriction has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
13.4 Right of deletion
Cancellation obligation
You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) DSGVO and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 (2) DSGVO.
The personal data concerning you have been processed unlawfully.
The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
The personal data relating to you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 DSGVO.
Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 (1) DSGVO, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.
Exceptions
The right to deletion does not exist if the processing is necessary.
to exercise freedom of expression and information; to fulfil a legal obligation which processing requires under the law of the Union or of the Member States to which the controller is subject, or to perform a task which is in the public interest or is carried out in the exercise of official authority vested in the controller; for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) DSGVO; to assert, exercise or defend legal claims.
13.5 Right to information
If you have exercised your right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, cancellation or limitation, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of such recipients by the data controller.
13.6 Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the responsible person in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another data controller without being hindered by the data controller to whom the personal data have been provided, provided that the processing is based on a consent pursuant to Art. 6 Para. 1 lit. a DSGVO or Art. 9 Para. 2 lit. a) DSGVO or on a contract pursuant to Art. 6 Para. 1 lit. b) DSGVO and the processing is carried out using automated procedures. In exercising this right, you also have the right to have the personal data relating to you transferred directly by one responsible party to another responsible party, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
13.7 Right of objection
You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data carried out on the basis of Art. 6 para. 1 lit. e) or f) DSGVO; this also applies to profiling based on these provisions. The person responsible will no longer process the personal data concerning you unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. You have the possibility to exercise your right of objection through automated procedures using technical specifications in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC.
13.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.
13.9 Automated decision in individual cases including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This shall not apply where the decision is necessary for the conclusion or performance of a contract between you and the data controller, is authorised by Union or national law to which the data controller is subject, and such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or is taken with your express consent. However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a) or g) DSGVO applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
13.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the DSGVO. The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.
Status: November 2022