8, Victoria Building,
c/w 21st September Avenue
Naxxar NXR 3622
Managing Director: Louise Pommer
The types of information we collect and process:
- Inventory information (e.g. customer master data such as names and addresses)
- Contact information (e.g. email addresses, telephone numbers)
- Contract information (e.g. contract subject matter, terms, customer categories)
- Payment information (e.g. bank account details, payment history)
- Content data (e.g. text, communication content)
- Usage data (e.g. websites visited within our Web Presence)
- Meta/communication data (e.g. device information, IP addresses)
Categories of persons affected by the Collection and Processing of personal information
- Customers, potential customers and business partners
- Visitors and users of our Web Presence
(Persons affected by the Collection and Processing of personal information are hereinafter referred to as “Users”).
Purposes of the Collection and Processing of personal information
- To render contractual services and provide customer care
- To make our Web Presence, and its functions and content, available to Users
- To respond to requests for contact and to communicate with Users
- Security measures
- Marketing, advertising and market research
Last updated: July 2018
- “Personal Information” includes all information which refers to an identified or identifiable natural person (hereinafter referred to as “Affected Individual”); a natural person is considered identifiable if they can be directly or indirectly identified on the basis of identifiers such as a name, an identification number, location information, online identifiers (e.g. cookies) or one or more features specific to the natural person’s physical, physiological, genetic, mental, economic, cultural or social identify.
- “Collection and Processing” refers to any operation, whether aided by automated procedures or not, or any such set of operations performed on personal information. This term is very broad and pertains to practically all forms of data handling.
- “Pseudonymization” is a way of processing personal data in which the data cannot be used to identify an Affected Individual without reference to additional information, provided the additional information is stored separately and is subject to technical and organizational measures which ensure that the personal data cannot be associated with an identified or identifiable natural person.
- “Profiling” pertains to all types of automated information processing which use personal information to evaluate particular personal aspects relating to a natural person, in particular to analyze or predict aspects regarding a natural person’s job performance, economic situation, health, personal preferences, interests, dependability, behavior, place of residence or change of location.
- “Responsible Person” refers to the natural or legal person, public authority, institution or other body which alone or jointly with others determines the purposes and means of the processing of personal information.
- “Processor” is a natural or legal person, public authority, institution or other body which processes personal information on behalf of the Responsible Person.
- Relevant Legal Bases
- Security Measures
- In order to ensure a sufficient level of security against risks to the rights and freedoms of natural persons, we implement suitable technical and organizational measures which comply with the relevant legal requirements, taking into consideration the state of the art and cost of implementation of these measures, the scope, circumstances and purposes for the Collection and Processing of personal information as well as the probability and seriousness of such risks.
- These measures include, in particular, the safeguarding of the confidentiality, integrity and availability of data by means of physical and other access controls, as well as controls relating to the entry and sharing of data, and the safeguarding and segregation of the availability of data. These security measures include, in particular, the encrypted transfer of data between your browser and our server. Furthermore, we have implemented procedures which ensure that the rights of persons affected by the Collection and Processing of personal information are protected, that data is deleted and that risks to data are effectively responded to. We also account for the protection of personal information during the development and selection of the hardware, software and procedures we use in accordance with the principle of privacy by design and privacy by default.
- Collaboration with External Processors
- If the data we collect and process are revealed to other persons and companies (External Processors, referred to together as Responsible Persons or Third Parties) or are transmitted to them or made accessible to them in any other way, this is done on the basis of a legal allowance to do so (e.g. the transmission of data to third parties such as payment service providers whose services are necessary for the fulfillment of the contract), because users have consented to this, because we are legally obligated to do so, or on the basis of our legitimate interests (e.g. when assigning authorized persons, using a web hosting service, etc.).
- If data are revealed or transmitted to other companies within our corporate group, or made accessible to them in any other way, this is done in particular for administrative purposes in our legitimate interest and, furthermore, on a basis corresponding to the legal requirements.
- Transmission of Data to Third Countries
- If data are collected and processed by us in third countries—i.e. outside of the European Union (EU), the European Economic Area (EEA) or Switzerland—, or if this occurs as part of our use of the services of third parties or as part of the disclosure or transmission of data to other persons or companies, this is only done with your consent, on the basis of a legal requirement, on the basis of our legitimate interests, or in order to fulfill our (pre)contractual obligations. These data are processed by us or by others in a third country only if the legal prerequisites are met, subject to legal or contractual allowances. This means that the data are processed, for example, on the basis of particular safeguards such as the officially recognized assessment of a level of data privacy protection corresponding to that of the EU (e.g. via “Privacy Shield” for the United States) or compliance with particular officially recognized contractual obligations.
- Rights of Affected Persons
- You have the right to request confirmation as to whether personal data are collected and processed by us, as well as the right to information regarding these data and to further information and copies of the data in accordance with the relevant legal requirements.
- In accordance with the relevant legal requirements, you have the right to request that your personal information be completed or, in the event these data are incorrect, to request that the data be corrected.
According to the relevant legal requirements, you have the right to request that your personal information be deleted or, alternatively, that the Collection and Processing of your information be restricted.
- You have the right to receive the personal information you have provided to us in accordance with the relevant legal requirements and to request that the data be transmitted to other responsible parties.
- Furthermore, according to the relevant legal requirements, you have the right to file a complaint with the responsible supervisory authority.
- Right of Withdrawal
You have the right to withdraw your consent with effect for the future.
- Right of Objection
You may object to the Collection and Processing of your personal data in accordance with the relevant legal requirements at any time. Objections can be made in particular against the Collection and Processing of personal data for the purpose of direct marketing.
- Data Deletion
- If the data are not deleted because they are required for other purposes permitted by law, their Collection and Processing is restricted. This means that the data are blocked and are not processed for other purposes. This applies, for example, to data which must be stored for commercial or taxing purposes.
- Contractual Services
- We collect and process the data of our contractual partners and prospective customers (referred to herein as “Contractual Partners”) in order to provide them with contractual and precontractual services. These contractual services include, in particular, translation, interpretation, consultation and training.
- The data collected and processed in the course of providing these services, as well as the type, scope, purpose and necessity of their Collection and Processing, are determined according to the underlying contractual relationship.
- The data collected and processed include our Contractual Partners’ master data (e.g. names and addresses), contact information (e.g. email addresses and telephone numbers), contract information (e.g. services received, contract contents, contractual communication and names of contact persons), and payment data (e.g. bank details, payment history).
- Generally, we do not collect and process special categories of personal data unless these constitute part of the data we have been assigned with collecting and processing or are part of the data collected and processed in accordance with the contract.
- We collect and process data which are necessary for the establishment and performance of contractual services, and we indicate the necessity of their disclosure if this is not already evident to the Contractual Partner. Personal data are only disclosed to external persons or companies when required by contract. Data entrusted to us as part of an order are processed and handled in accordance with the customer’s instructions and the relevant legal requirements.
- We may save IP addresses and timestamps of User activity when our online services are used. This information is saved on the basis of our legitimate interests as well as the interests of users in the safeguarding of personal information against misuse and other unauthorized forms of use. Generally, these data are not forwarded to third parties unless it is necessary to do so for us to pursue our claims or unless we are obligated to do so by law.
- These data are deleted when they are no longer required for the fulfillment of contractual or legal duties of care or for the handling of any possible warranty obligations or comparable duties; the necessity to stored these data is reviewed every three years, and the legal storage obligations apply.
- Administration, Financial Accounting, Office Organization, Contact Management
- Data are collected and processed by us in the course of performing administrative tasks and the organization of our business, as well as in the hiring of subcontractors, financial accounting, and in the observance of our legal duties (e.g. archiving). In these cases, the same data is collected and processed as in the rendering of our contractual services. Customers, prospective customers, business partners and visitors to our website are affected by the Collection and Processing of these data. The purpose of the Collection and Processing of these data, and our legitimate interest therein, is the performance of tasks relating to administration, financial accounting, office organization and the archiving of data, that is, tasks which serve to maintain our business activities, the observance of our duties and the rendering of our services. The deletion of data as regards contractual services and contractual communication corresponds to the information provided during the course of these Collection and Processing activities.
- We disclose or transmit data to financial managers or consultants, such as tax advisors and public accountants, as well as to other tax authorities and payment service providers.
- Furthermore, on the basis of our business interests, we store information regarding suppliers, organizers and other business partners, e.g. for the purpose of contacting them at a later point in time. Generally, these predominately company-related data are stored permanently by us.
- Business Analyses and Market Research
- In order to operate our business profitably and to identify market trends and the desires of our contractual partners and Users, we analyze data available to us pertaining to transactions, contracts, requests, etc. We process inventory information, communication information, contractual information, payment information, User information and meta data on the basis of our legitimate interests; the persons affected by the processing of these data include contractual partners, prospective customers, customers and visitors to, and users of, our Web Presence.
- In the course of these analyses, we are able to take account of the profiles of registered Users on the basis of information, such as the services they have used. These analyses help us to improve user-friendliness, to optimize our services and to increase the profitability of our business. These analyses are used by us alone and will not be disclosed to external persons unless the analyses are anonymous and contain aggregated values.
- If these analyses or profiles contain personal information, they are deleted or anonymized when the User terminates his or her registration, or three years following conclusion of contract. Moreover, overall business analyses and the general identification of trends are performed anonymously wherever possible.
- When Users contact us (e.g. via contact form, email, telephone or social media), the information they provide are collected and processed so that, within the framework of our contractual/precontractual customer relationships, we can process and execute the contact request; in the case of non-customers, this information is collected and processed on the basis of our legitimate interest in responding to the request. Users’ information may be stored in a customer relationship management system (“CRM system”) or a comparable system for organizing requests.
- Requests are deleted if they are no longer needed, provided our legal archiving obligations do not require us to retain them. This requirement is verified every two years.
- Hosting and Sending Emails
- The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, the sending of emails, security services, and technical maintenance services used by us for the purpose of operating our Web Presence.
- In the course of providing these services, we, or our hosting provider, collect and process the following data on the basis of our legitimate interest in providing efficient and secure access to our Web Presence: inventory information, contact information, content data, contract information, use data, and meta and communication data from customers, prospective customers and visitors to our Web Presence.
- Collection of Access Data and Log Files
- Each time the server upon which this service is stored is accessed, we or our hosting provider collect data (so-called server log files). These access data include the name of the requested website or file, the date and time of the request, the amount of data transferred, notification that the request was successfully served, browser type and version, the User’s operating system, the referrer URL (the page visited before the request was made), IP address and the provider making the request.
- Log file information is stored for security reasons (e.g. to clarify cases of misuse or fraud) for a maximum period of 14 days and is then deleted or anonymized. Data which must be retained as evidence are exempt from deletion until final clarification of the case in question.
- Cookies and Right of Objection to Direct Marketing
- Cookies are small files which are stored on Users’ computers. Stored cookies can contain a variety of information. Cookies are primarily used to store information about a User (or the device on which the cookies are stored) during or after the User’s visit to our Web Presence. Temporary cookies (also called “session cookies” or “transient cookies”) are cookies which are deleted when the User leaves a website and closes his or her browser. Cookies such as these may store, for example, the contents of the User’s shopping basket at an online shop, or his or her login status. “Permanent” or “persistent” cookies are cookies which remain stored even after the User has closed his or her browser. These cookies may, for example, store the User’s login status for when he or she visits the website in the future. Such cookies may also store the User’s interests, which can be used for measuring reach or for marketing purposes. “Third party cookies” are cookies provided by online providers other than the person responsible for the website in question (cookies provided by the operator of the website itself are referred to as “first-party cookies”).
- If users wish to prevent cookies from being stored on their computers, we ask that they deactivate the corresponding settings in their browser’s system settings. Cookies which have already been stored can be deleted in the browser’s system settings. Preventing the storage of cookies may result in reduced functionality of our Web Presence.
- The online marketing services used by us, and the cookies they employ, are described below.
- Google Tag Manager
Google Tag Manager is a tag management solution which enables us to manage website tags (e.g. so that we can use Google Analytics and other Google marketing services on our Web Presence). Google Tag Manager itself (which implements the tags) does not collect or process personal User data. For information regarding the Collection and Processing of personal User data by these Google services, please refer to the page linked below. Use Policy: https://www.google.com/intl/de/tagmanager/use-policy.html.
- Google Analytics
- We use Google Analytics, a web analytics service operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
- Google is a certified Privacy Shield company and hence guarantees that its Collection and Processing of information conforms to European and Swiss data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google uses this information on our behalf to analyze User behavior on our Web Presence, to create reports about User activity on our Web Presence, and to provide us with other services related to the use of our Web Presence and of the internet. The data collected and processed by Google may be used to generate pseudonymous usage profiles for users.
- We use Google Analytics exclusively with IP anonymization. This means that users’ IP addresses are truncated by Google in a member state of the European Union or another contracting party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server located in the United States before being truncated.
- Google does not associate the IP address transmitted by the User’s browser with other data. Users can prevent cookies from being stored by changing the corresponding settings in their browser software; users can also prevent Google from collecting and processing data generated by cookies regarding their use of our Web Presence by downloading and installing the plug-in under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
- Users’ personal data are deleted or anonymized after 14 months.
- Social Media Pages
- We operate online pages on social networks and platforms in order to communicate with our customers, prospective customers and users and to provide information about our services.
- In the course of using these pages, users’ data may be sent outside of the European Union and Switzerland for processing. This may present risks for users, as it may become difficult for them to exercise their rights. Note that US providers which are certified Privacy Shield companies are obligated to act in accordance with the data privacy standards of the EU and Switzerland.
- User data are normally also collected and processed for marketing research and advertising purposes. These data may be used, for example, to generate usage profiles based on users’ online behavior and based on interests which can be identified as a result of this behavior. These usage profiles may in turn be used to display advertisements presumably corresponding to the users’ interests both within and beyond the platforms in question. To this end, cookies containing behavioral and interest-related data are normally stored on the users’ computers. Furthermore, data may be stored to these usage profiles regardless of what device users are using (in particular if users are members of the platform in question and are logged in).
- Users’ personal data are collected and processed on the basis of our legitimate interest in having effective User information and communication with users. In the event users are asked to agree to the Collection and Processing of data by these providers (i.e. to declare consent, for example, by means of checking a box or clicking a button), the declaration of consent serves as the legal basis for Collection and Processing.
- Please note that requests for information and the exercising of User rights with regard to the Collection and Processing of personal data are best taken up with the providers themselves. The providers alone have access to these User data and are able to directly take appropriate measures and provide requested information. Should you require help despite your efforts to get in touch with these providers, you may contact us.
- For detailed information about the data Collection and Processing activities of each provider and the opt-out options available to you, please refer to the links provided below:
- Embedding of Third-Party Services and Content
- We use third-party content and service offerings within our Web Presence in order to embed content and services, e.g. videos and fonts (hereinafter referred to collectively as “Content”).
- This requires that the third-party providers of this Content detect users’ IP addresses in order to send the Content to their browsers. The IP address is hence necessary for the display of this Content. We endeavor to only use Content which is supplied by providers who detect and use IP addresses only for the delivery of the Content. Third-party providers may also use pixel tags (transparent graphics also known as “web beacons”) for statistical or marketing purposes. Web beacons enable the analysis of information, such as User traffic, on our website. This pseudonymous information may also be stored in cookies on the User’s device and may contain technical information regarding the User’s browser and operating system, referring websites, time of visit and other information related to the use of our Web Presence and may also be associated with information of this type from other sources.
- If we request that users accept the use of third-party services and content, the legal basis for the processing of their information is the provision of consent in accordance with Art. 6 Par. 1 lit. a of the GDPR. Furthermore, this processing of information is performed on the basis of our legitimate interest, as per Art. 6 Par. 1 lit. f of the GDPR, in the user-centered and economically efficient operation of our Web Presence.
- We use the following third-party services and content:
- The information provided below is intended to explain the content, registration process, delivery procedure, statistical analyses and opt-out rights of our newsletter. By subscribing to our newsletter, you consent to receiving the newsletter and to the processes and procedures described here.
- We send newsletters, emails and other electronic messages containing promotional information (hereinafter referred to as “Newsletter”) only if users have consented to receiving these or if we have a legal allowance to do so. If the contents of the Newsletter are described concretely when the User subscribes to it, these contents are relevant to the User’s consent. Our Newsletters also contain information regarding our offers, services and promotions as well as information about foreign languages and translation.
- Our Newsletter uses a double opt-in procedure for subscriptions. This means that you are sent an email requesting you to confirm your subscription. This confirmation step is necessary to prevent users from subscribing to our Newsletter with someone else’s email address. Subscriptions to our Newsletter are logged in order to provide verification of the subscription process in accordance with the relevant legal requirements. The information logged includes the time at which the subscription request was submitted and the time at which the subscription request was confirmed. We also log changes made to your data stored by the email delivery service provider.
- Subscribing to our Newsletter only requires that you provide a valid email address. We may also request that you provide your name so that we can address you personally in the Newsletter.
- Delivery of our Newsletter and measurement of our Newsletter’s performance are performed on the basis of the User’s consent or, in the event consent is not required, on the basis of our legitimate interest in direct marketing.
- Logging of the subscription process is performed on the basis of our legitimate interest. Our interest is in providing a newsletter system which is user-friendly and secure and which serves our commercial interests, meets users’ expectations and enables us to demonstrate the provision of consent.
- Users can unsubscribe (i.e. withdraw their consent) from our Newsletter at any time. An unsubscribe link is provided at the bottom of each Newsletter. On the basis of our legitimate interest, we may continue to store email addresses which have been removed from our subscription list for up to three years before we delete them in order to be able to demonstrate that consent was previously provided. These data are only processed for the purpose of defending ourselves against potential claims. Individual requests for deletion may be submitted at any time, provided confirmation of the User’s previous provision of consent is also given.
- Newsletter Delivery Service Provider
- MailChimp may use the recipient’s data in pseudonymous form (i.e. without associating the data with the User) in order to optimize or improve its own services. For example, MailChimp may use these data to make technical optimizations to the delivery and display of newsletters or for statistical purposes. However, MailChimp does not use the data of our newsletter recipients in order to contact them or in order to forward the data to third parties.
- Newsletter Performance Metrics
- Our Newsletters contain web beacons, i.e. pixel-sized files which are retrieved from our server or from the server of a delivery service provider (if one is used), when the Newsletter is opened. In the course of this retrieval, technical information, such as browser and system information, your IP address and the current date and time, are collected.
- This information is used to make technical improvements to the services, on the basis of the technical information, or to the target audiences and their reading behavior, on the basis of their location (which can be identified using their IP address) and the date and time at which the web beacon is retrieved. The data collected for statistical purposes also serves to identify whether the recipient opens the Newsletter, the date and time at which the Newsletter is opened, and which links the User clicks on. For technical reasons, this information may indeed be directly associated with individual Newsletter recipients. However, it is not our aim, nor is it the aim of the delivery service provider, to observe and monitor individual users. Rather, these analyses help us to identify the reading habits of our users and to modify our content in accordance with these habits, or to send a variety of content which corresponds to the interests of our users.
- It is not possible to separately opt out of the collection and analysis of Newsletter performance metrics; in this case, the subscription to the Newsletter must be canceled in full.