We stand for human rights in the digital society and consider the protection of natural persons in the processing of personal data a human right. For this reason, we take the protection of your data very seriously and treat it confidentially and in accordance with legal regulations. With the following privacy policy we would like to inform you about what types of your personal data we process for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our website www.igfgreece.eu as well as within external online presences, such as our social media profiles on Facebook, Instagram, YouTube and LinkedIn (collectively referred to as "online offer").

IGF Greece organized under the auspices the Institute for Internet and the Just Society e.V., which provides for the necessary infrastructure for the implementation of the initiative. The Executive Committee acts independently on the basis of decisions and guidelines set by the community and the Multistakeholder Committee in accordance with the UN IGF standards. It consults with the presidency about matters where legal responsibility may arise.

Imprint:

Institute for Internet and the Just Society e.V.

c/o Konstantinos Tsakiliotis

Potsdamer Str. 63

10785 Berlin, Germany

Phone: +4915258475612

Email: info@internetjustsociety.org

USt-IdNr.: DE334212579

Last updated: March 14, 2021

General information

Table of Contents

· Controller

· Changes & Update

· Copyright Notice

· Definitions

· Overview of processing operations

o Types of data processed

o Categories of affected persons

o Purposes of processing

· Relevant legal bases

· National data protection regulations in Germany

· Security

o SSL or TLS encryption

o Quantcast Choice

o Google ReCaptcha

o Transfer and disclosure of personal data

· Data processing in third countries

· Deletion of data

· Use of cookies

o Notes on legal bases

o General notices on revocation and opposition (opt-out):

o Processing of cookie data on the basis of consent

· Commercial and business services

· Payment

· Single sign-on login

· Blogs and publication media

· Content Creation

· Contact

· Surveys

· Videoconferencing, online meetings, webinars and screen sharing

· Provision of the online offer and web hosting

· Music and podcasts

· Workspace and Cloud services

· Newsletter and broad communication

· Sweepstakes and competitions

· Web analysis and optimization

· Online marketing

· Presences on social networks

· Plugins and embedded functions as well as content

Controller

Institute for Internet and the Just Society e.V.

c/o Konstantinos Tsakiliotis

Potsdamer Str. 63

10785 Berlin

Tel: +49 (0) 15258475612

Data Protection Officer: Konstantinos Tsakiliotis

E-mail: dataprotection@internetjustsociety.org

Changes & Update

Due to new technologies and the continuous development of this website, we can make changes to this privacy policy, we recommend that you read the privacy policy again at regular intervals. If we provide addresses and contact information of companies and organizations in this Privacy Policy, please note that the addresses may change over time and ask you to check the information before contacting them.

The following privacy policy was created using the free data protection generator provided by Dr. Thomas Schwenke.

Definitions

This section provides an overview of the terms used in this Privacy Policy. Many of the terms are legal terms and are defined in particular in Article 4 of the General Data Protection Regulation, Regulation (EU) 2016/679 (hereinafter referred to as GDPR). The following explanations are primarily intended to provide an easily understandable privacy policy.

'personal data' means any information relating to an identified or identifiable natural person ('the data subject'); identified as identifiable is a natural person identified directly or indirectly, in particular by association with an identifier such as a name, identification number, location data, online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
'processing' means any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data such as the collection, collection, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination or any other form of provision, matching or linking, restriction, deletion or destruction;
'restriction of processing' is the marking of stored personal data with the aim of restricting their future processing;
'profiling' means any form of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects relating to a natural person, in particular in order to analyse or predict the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of that natural person;
'pseudonymisation' means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that such additional data is information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not assigned to an identified or identifiable natural person;
'file system' means any structured collection of personal data accessible according to certain criteria, whether that collection is central, decentralised or managed in a functional or geographical manner;
'responsible person' means the natural or legal person, authority, body or other body which decides, alone or jointly with others, on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for in accordance with Union law or the law of the Member States. become;
'processor' means a natural or legal person, authority, body or other body that processes personal data on behalf of the controller;
'recipient' means a natural or legal person, authority, body or other body to which personal data are disclosed, whether or not it is a third party. 2Authorities which may receive personal data under Union or Member State law under a particular investigative mission shall not, however, be deemed to be recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;
'third party' means a natural or legal person, authority, body or other body, other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processors are authorised to process the personal data;
'consent' means any voluntary expression of intent to the data subject in the form of a declaration or other unambiguous affirmative act in which the data subject is to be informed and unequivocally understand that it agrees to the processing of the personal data concerning it;
'breach of the protection of personal data' is a breach of security which may result in the destruction, loss or alteration, whether unintentional or unlawful, or unauthorised disclosure of or unauthorised access to personal data data that has been transmitted, stored or otherwise processed;
'undertaking' means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations which regularly engage in an economic activity;
'supervisory authority' is an independent public body set up by a Member State in accordance with Article 51 GDPR;
'supervisory authority concerned' shall mean a supervisory authority which is affected by the processing of personal data because the controller or processor is established in the territory of that Supervisory Authority, or because that supervisory authority is processing has or may have a significant impact on data subjects residing in the Member State of that supervisory authority or because a complaint has been lodged with that supervisory authority;
Affiliate Tracking: As part of affiliate tracking, links that link the linking websites to users to websites with product or other offers are logged. The operators of the respective linked websites can receive a commission if users follow these so-called affiliate links and then take advantage of the offers (e.g. goods or use services). For this purpose, it is necessary that the providers can track whether users who are interested in certain offers subsequently perceive them at the instigation of the affiliate links. Therefore, for the functionality of affiliate links, it is necessary that they are supplemented by certain values that become part of the link or are otherwise stored, e.g. in a cookie. The values include in particular the initial website (referrer), the time, an online identifier of the operators of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user as well as tracking-specific values, such as advertising media ID, partner ID, and categorizations.
Visit Action Evaluation: "Conversion Tracking" is a method for determining the effectiveness of marketing activities. As a rule, a cookie is stored on the users' devices within the websites on which the marketing measures are carried out and then retrieved again on the destination website. For example, we can track whether the ads we run on other websites were successful).
IP masking: IP masking is a method in which the last octet, i.e. the last two numbers of an IP address, is deleted so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing methods, especially in online marketing
Interest-based and behavioral marketing: Interest- and/or behavioral marketing is when potential interests of users in advertisements and other content are predetermined as precisely as possible. This is done on the basis of information about their previous behaviour (e.g. visiting certain websites and staying on them, buying behaviour or interaction with other users), which are stored in a so-called profile. Cookies are usually used for these purposes.
Conversion measurement: Conversion measurement is a method by which the effectiveness of marketing measures can be determined. As a rule, a cookie is stored on the users' devices within the websites on which the marketing measures are carried out and then retrieved again on the destination website. For example, we can track whether the ads we run on other websites were successful.
Reach measurement: The range measurement (also referred to as web analytics) is used to evaluate the visitor flows of an online offer and may include the behaviour or interests of visitors in certain information, such as content of websites. With the help of the range analysis, website owners can, for example, recognize the time at which visitors visit their website and what content they are interested in. This allows them, for example, to better adapt the contents of the website to the needs of their visitors. For the purposes of range analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more accurate analyses of the use of an online offer.
Remarketing: "Remarketing" or "retargeting" is referred to when, for example, for advertising purposes, it is noted which products a user has been interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
Tracking: "Tracking" is when the behavior of users can be tracked across multiple online offers. As a rule, with regard to the online offers used, behavioural and interest information is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to correspond to their interests.

Overview of processing operations

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

inventory data (e.g. names, addresses).

content data (e.g. text input, photographs, videos).

Contact details (e.g. e-mail, telephone numbers).

Meta/communication data (e.g. device information, IP addresses).

Usage data (e.g. websites visited, interest in content, access times).

Location data (data that indicates the location of an end-user's terminal).

Contract data (e.g. subject matter of the contract, term, customer category).

Payment data (e.g. bank details, invoices, payment history).

Categories of affected persons

employees (e.g. employees, applicants, former employees).

members (candidate members, applicants)

business and contractual partners.

Interested parties in communication.

Customers.

users (e.g. website visitors, users of online services).

Competition and market participants.

Purposes of processing

Affiliate tracking. Registration. Provision of our online offer and user-friendliness. Visiting action evaluation. Administration and organizational procedures. Direct marketing (e.g. by e-mail or postal). Execution of competition research. Feedback (e.g. collecting feedback via online form). Interest-based and behavioral marketing. Contact requests and communication. Conversion measurement (measurement of the effectiveness of marketing measures). Profiling. Remarketing. Range measurement (e.g. access statistics, detection of returning visitors). Security. Tracking (e.g. interest/behavioural profiling, use of cookies). Contractual services and services. Manage and respond to requests. Commercial and business services. Payment. Single sign-on login. Blogs and publication media. Content Creation. Contact Surveys Videoconferencing, online meetings, webinars and screen sharing Provision of the online offer and web hosting Music and podcasts Workspace and Cloud services Newsletter and broad communication Sweepstakes and competitions Web analysis and optimization Online marketing Presences on social networks Plugins and embedded functions as well as content

Relevant legal bases

In the following, we provide the legal bases of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection laws may apply in your or our country of residence. Should more specific legal bases be relevant in individual cases, we will inform you of them in the data protection declaration.

Consent (Art. 6 sec. 1 p. 1 lit. a GDPR) - The data subject has given his consent to the processing of the personal data concerning him or her for a specific purpose or several specific purposes.

Performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures, which take place at the request of the data subject.

Legal obligation (Art. 6 sec. 1 p. 1 lit. c. GDPR) - The processing is necessary for the fulfilment of a legal obligation to which the controller is subject.

Protection of vital interests (Art. 6 sec. 1 p. 1 lit. d. GDPR) - Processing is necessary to protect the vital interests of the data subject or another natural person.

Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR) - The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

National data protection regulations in Germany

In addition to the data protection regulations of the General Data Protection Regulation , national regulations on data protection apply in Germany. This includes in particular the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 of the BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. In addition, state data protection laws of the individual federal states can be applied.

Security

We shall take into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability of occurrence and the extent of the threats to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection commensurate with the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, entry, disclosure and safeguarding of data. availability and their separation. In addition, we have established procedures that ensure the exercise of data subjects' rights, the erasure of data and reactions to the risk of the data. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technical design and through data protection-friendly presets.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as a site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and by the lock icon in the browser line.

Quantcast Choice

We use Quantcast Choice, a privacy-by-design tool from Quantcast Corporation, 795 Folsom Street, San Francisco, CA 94107, USA, which builds on the IAB Europe Transparency & Consent Framework and helps us provide you with information and choices regarding the processing of your data. Quantcast Corp. may use tags, cookies, SDKs and plug-ins to store information about the privacy policies you receive and the options you make. This is done in accordance with the guidelines and technical specifications of the IAB Europe Transparency & Consent Framework. Information collected by Quantcast Choice is not used for any other purpose. For more information, see Quantcast Corp's Privacy Policy: https://www.quantcast.com/de/datenschutz/

Google ReCaptcha

We use Google ReCaptcha to protect against comment spam and other attacks on our website. reCAPTCHA is a free service provided by Google that protects websites from spam software and misuse by non-human visitors. By using reCAPTCHA, data is transmitted to Google, which Google uses to determine whether you are really a human being. Referrer URL (the address of the page from which the visitor comes), IP address (e.g. 256.123.123.1), information about the operating system (the software that allows the operation of your computer). Well-known operating systems include Windows, Mac OS X or Linux), cookies (small text files that store data in your browser), mouse and keyboard behavior (any action you perform with the mouse or keyboard is saved), date and language settings (which language or date you have preset on your PC stored), all Javascript objects (JavaScript is a programming language that allows web pages to adapt to the user. JavaScript objects can collect all sorts of data under one name), screen resolution (shows how many pixels the image analysis consists of).

Transfer and disclosure of personal data

In the context of our processing of personal data, the data may be transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers entrusted with IT tasks or providers of services and content that are integrated into a website. In such a case, we comply with the legal requirements and in particular conclude corresponding contracts or agreements with the recipients of your data, which serve the protection of your data.

Data processing in third countries

Insofar as we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of the use of third-party services or the disclosure or transfer of data to other persons, jobs or companies, this is only done in accordance with the legal requirements.

Subject to express consent or transfer required by contract or by law, we will only process or have the data processed in third countries with a recognised level of data protection, which includes the US processors certified under the "Privacy Shield", or on the basis of special guarantees, such as contractual obligations by so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR, information page of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Deletion of data

The data processed by us will be deleted in accordance with the statutory requirements as soon as their consents permitted for processing are revoked or other authorisations are omitted (e.g. if the purpose of the processing of this data has ceased or the purpose is not required).

Unless the data is deleted because it is necessary for other and legally permissible purposes, their processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person required.

Further information on the deletion of personal data can also be made within the framework of the individual data protection notices of this data protection declaration.

Rights of data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:

Right to object: For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is subject to Article 6 (1) e or f GDPR to object; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling in so far as it is related to such direct marketing.

Right of withdrawal in the case of consent: You have the right to revoke consents given at any time.

Right of access: You have the right to request confirmation as to whether the data in question is being processed and to obtain information about this data as well as to further information and copy of the data in accordance with the legal requirements.

Right to rectification: You have the right to request the completion of the data concerning you or the correction of the inaccurate data concerning you in accordance with the legal requirements.

Right to erasure and restriction of processing: You have the right to request that you delete data concerning you immediately or alternatively to demand a restriction of the processing of the data in accordance with the legal requirements.

Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request their transmission to another controller.

Complaint to the supervisory authority: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, workplace or place of alleged infringement, in accordance with the legal requirements, if you believe that the processing of personal data concerning you is in breach of the GDPR.

The competent supervisory authority for our organization is the Hellenic Data Protection Authority.n.

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin DE

Tel.: +49 30 13889-0

Fax: +49 30 2155050

E-mail: mailbox@datenschutz-berlin.de

Purposes of Processing

Use of cookies

Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user's computer. A cookie is primarily used to store the information about a user during or after his visit within an online offer. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was viewed. The term cookies also includes other technologies that perform the same functions as cookies (e.g. when user information is stored on the basis of pseudonymous online identifiers, also known as "user IDs") The following types of cookies and functions are distinguished:

Temporary cookies (also session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.

Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Similarly, the interests of users used for range measurement or marketing purposes may be stored in such a cookie.

First-party cookies: First-party cookies are set by us.

Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

Necessary cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user entries or for reasons of security).

Statistics, marketing and personalization cookies: In addition, cookies are usually also used in the context of range measurement and when the interests of a user or his behaviour (e.g. viewing certain content, benefits of functions, etc.) are stored on individual websites in a user profile. Such profiles are used to display to users, for example, content that corresponds to their potential interests. This procedure is also referred to as "tracking", i.e. tracking the potential interests of users. . Insofar as we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Notes on legal bases

On what legal basis we process your personal data with the help of cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed by cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary, in order to fulfil our contractual obligations.

General notices on revocation and opposition (opt-out):

Depending on whether the processing is based on consent or legal permission, you have the possibility at any time to revoke a given consent or to object to the processing of your data by cookie technologies (collectively, "opt-out"). You can first declare your objection by means of the settings of your browser, e.g. by disabling the use of cookies (whereby the functionality of our online offer may also be limited). An objection to the use of cookies for online marketing purposes can also be explained by means of a variety of services, especially in the case of tracking, through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

In addition, you can receive further notices of objection within the scope of the information on the service providers and cookies used.

Processing of cookie data on the basis of consent

Before we process or process data in the context of the use of cookies, we ask users to have their consent to Quantcast Choice, a privacy-by-design tool from Quantcast Corp (see above on security measures). Until consent has been given, cookies that are necessary for the operation of our online offer will be used. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.

Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons: users (e.g. website visitors, users of online services).

Legal bases: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Commercial and business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractors") in the context of contractual and comparable legal relationships as well as related measures and within the framework of the Communication with the contractual partners (or pre-contractual), e.g. to answer inquiries.

We process this data for the purpose of fulfilling our contractual obligations, for the protection of our rights and for the purposes of the administrative tasks associated with this information as well as the business organization. Within the scope of the applicable law, we only pass on the data of the contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or is carried out with the consent of the contractual partners (e.g. to participating parties). telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisers, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration.We will inform the contracting parties before or within the scope of the data collection, e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after expiry of statutory time limitation and comparable obligations, i.e. basically after 4 years, unless the data is stored in a customer account, e.g. as long as it is stored for legal reasons of archiving (e.g. for tax purposes usually 10 years). Data disclosed to us in the context of an order by the contractual partner, we delete in accordance with the specifications of the order, in principle after the end of the order. Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third parties or platforms apply in the relationship between the users and the providers.

Types of data processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of the contract, term, customer category).

Affected persons: interested parties, business and contractual partners.

Purposes of processing: Contractual services and services, contact requests and communication, office and organizational procedures, management and response of enquiries.

Legal bases: Performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR), legal obligation (Art. 6 sec. 1 lit. c. GDPR), legitimate interests (Art. 6 sec. 1 s. 1 lit. f. GDPR).

Payment

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use banks and credit institutions (collectively, "payment service providers").

The data processed by the payment service providers includes inventory data, such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. The data may be transmitted by payment service providers to business information agencies. The purpose of this transmission is to verify identity and creditworthiness. For this purpose, we refer to the terms and conditions and data protection notices of the payment service providers.

The terms and conditions and the data protection notices of the respective payment service providers apply to the payment transactions, which are available within the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other data subjects.

Types of data processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. contract subject matter, term, customer category), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contact data (e.g. e-mail, telephone numbers).

Affected persons: customers, interested parties.

Purposes of processing: Contractual services and services, contact requests and communication, affiliate tracking.

Legal bases: Performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR), Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Services and service providers used:

Amazon Payments: Payment Services; Service provider: Amazon Payments Europe S.C.A. 38 avenue J.F. Kennedy, L-1855 Luxembourg; Website: https://pay.amazon.com/de; Privacy Policy: https://pay.amazon.com/de/help/201212490.
American Express: Payment services; Service provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany; Website: https://www.americanexpress.com/de; Privacy Policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.
Apple Pay: Payment services; Service providers: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/de/apple-pay/; Privacy Policy: https://www.apple.com/legal/privacy/de-ww/.
Giropay: payment services; Service provider: giropay GmbH, An der Welle 4, 60322 Frankfurt, Germany; Website: https://www.giropay.de; Privacy Policy: https://www.giropay.de/rechtliches/datenschutzerklaerung/.
Google Pay: payment services; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://pay.google.com/intl/de_de/about/; Privacy Policy: https://policies.google.com/privacy.
Klarna / Instant Transfer: Payment Services; Service providers: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; Website: https://www.klarna.com/de; Privacy Policy: https://www.klarna.com/de/datenschutz.
Mastercard: payment services; Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Website: https://www.mastercard.de/de-de.html; Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html.
PayPal: payment services and solutions (e.g. PayPal, PayPal Plus, Braintree); Service providers: PayPal (Europe) S.A. r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Stripe: payment services; Service providers: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Website: https://stripe.com/de; Privacy Policy: https://stripe.com/de/privacy.
Visa: payment services; Service providers: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, UK; Website: https://www.visa.de; Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Single sign-on login

"Single sign-on" or "single sign-on" or "authentication" means methods that allow users to use a user account with a single sign-on provider (e.g. a social network), including our online offer, to register. The prerequisite for single sign-on authentication is that the users are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose, or already with the single sign-on provider and confirm the single sign-on registration via the button.

Authentication is done directly with the respective single sign-on provider. In the context of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that is no longer usable for us for other purposes (so-called "User Handle"). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected in the context of authentication and also on the data users have used in the privacy or other settings of the user account. with the single sign-on provider. Depending on the single sign-on provider and the choice of users, different data can be, usually the email address and the user name. The password entered by the single sign-on provider as part of the single sign-on procedure is not visible to us, nor is it stored by us.

Users are asked to note that their data stored by us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually done. For example, if the e-mail addresses of the users change, they must change them manually in their user account with us.

If agreed with the users, we may use the single sign-on application within the scope of or prior to the performance of the contract, insofar as the users have been requested to process it within the scope of a consent and otherwise set it on the basis of the legitimate interests on our part and the interests of users in an effective and secure registration system.

Should users decide to stop linking their user account with the single sign-on provider for the single sign-on procedure, they must disconnect from the single sign-on provider within their user account. If users wish to delete their data with us, they must cancel their registration with us.

Types of data processed: inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers).

Affected persons: users (e.g. website visitors, users of online services).

Purposes of processing: contractual services and services, registration procedure.

Legal basis: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), fulfilment of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR), legitimate interests (Art. 6 sec. 1 s. 1 lit. f. GDPR).

Services and service providers used:

Facebook Single-Sign-On: Authentication Service; Service providers: https://www.facebook.com, FacebookIreland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out: https://www.facebook.com/settings?tab=ads.

Blogs and publication media

We use blogs or similar means of online communication and publication (hereinafter "publication medium"). The data of the readers are processed for the purposes of the publication medium only to the extent that it is necessary for its presentation and communication between authors and readers or for reasons of security. In addition, we refer to the information on the processing of visitors to our publication medium within the framework of these data protection notices.

Comments and Posts: When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is done for our safety if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we ourselves can be prosecuted for commentor or post and are therefore interested in the identity of the author.

Furthermore, we reserve the right to process the information of the users for spam detection on the basis of our legitimate interests.

On the same legal basis, we reserve the right to store the IP addresses of users for their duration in the case of surveys and to use cookies in order to avoid multiple votes.

The information provided in the context of the comments and contributions about the person, any contact and website information as well as the content information will be stored permanently by us until the user objects.

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons: users (e.g. website visitors, users of online services).

Purposes of processing: Contractual services and services, feedback (e.g. collecting feedback via online form), security measures, management and answering of enquiries.

Legal bases: performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR), consent (Art. 6 sec. 1 p. 1 lit. a GDPR), protection of vital interests (Art. 6 sec. 1 s. 1 lit. d. GDPR).

Content Creation

We process personal data when creating content for educational and marketing purposes. For example, we include the name, a profile picture and the affiliation of a guest speaker to our events in promotional content (e.g. banners), or for example the name and quote of our members in the designated presentation webpage.

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos)

Affected persons: employees, former employees, members, former members, guest speakers, event participants

Purposes of processing: Contractual services and services, feedback (e.g. collecting feedback via online form), security measures, management and answering of enquiries.

Legal bases: legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR), consent (Art. 6 sec. 1 p. 1 lit. a GDPR)

Services and service providers used:

Canva; Service Provider: Canva Pty Ltd, 110 Kippax St, Surry Hills NSW Australia 2010; Privacy Policy: https://about.canva.com/privacy-policy/
Buffer; Service Provider: Buffer, Inc., 2443 Fillmore Street #380-7163, San Francisco, CA 94115 Privacy Policy: https://buffer.com/legal#privacy-shield

Contact

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the information of the requesting persons will be processed, insofar as this is necessary to answer the contact requests and any necessary measures requested.

The answer to contact requests in the context of contractual or pre-contractual relationships is made in order to fulfil our contractual obligations or to respond to (pre)contractual enquiries and, moreover, on the basis of the legitimate interests in the Answering the questions.

Types of data processed: inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos).

Affected persons: communication partners.

Purposes of processing: contact requests and communication.

Legal bases: Performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR), Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Services and service providers used:

Communication via Messenger

We use Messenger for communication purposes and therefore ask you to observe the following instructions on the functionality of Messenger, encryption, the use of the metadata of the communication and your possibilities of objection.

You can also contact us via alternative means, e.g. by phone or e-mail. Please use the contact options provided to you or the contact options provided within our online offer.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages is not visible, not even by the messenger providers themselves. You should always use an up-to-date version of Messenger with encryption enabled to ensure that the message contents are encrypted.

However, we also point out to our communication partners that while messenger providers do not view the content, they can find out that and when communication partners communicate with us and provide technical information about the used communication partner's device and location information (so-called metadata) is processed, depending on the settings of their device.

Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis of our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us on their own initiative, we use Messenger in relation to our contractual partners as well as in the context of the initiation of the contract as a contractual measure and in the case of other interested parties and communication partners based on our legitimate interests in a fast and efficient communication and fulfillment of the needs of our communication partner in communication via Messenger.

Revocation, opposition and cancellation: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (e.g. as described above, after the end of contractual relations, in the context of archiving specifications, etc.) and otherwise, as soon as we can assume that we have answered any information provided by the communication partners, if no recourse to a previous conversation is to be expected and the deletion is not contrary to legal retention obligations.

Reservation of reference to other means of communication: Finally, we would like to point out that for your safety we reserve the right not to answer requests via Messenger. This is the case, for example, if contract internals require special confidentiality or a reply via Messenger does not meet the formal requirements. In such cases, we refer you to more adequate communication channels.

Skype: Skype's end-to-end encryption requires it to be enabled (unless enabled by default).

Types of data processed: contact data (e.g. e-mail, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. text entries, photographs, videos).

Affected persons: communication partners.

Purposes of processing: contact enquiries and communication, direct marketing (e.g. by e-mail or postal).

Legal bases: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Gmail Communication Services; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/; Privacy Policy: https://www.google.com/policies/privacy,Security Notices: https://cloud.google.com/security/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Aktive; Standard contractual clauses (guarantee of data protection level for processing in a third country): https://cloud.google.com/terms/data-processing-terms; Additional information on data protection: https://cloud.google.com/terms/data-processing-terms.
Facebook Messenger: Facebook messenger with end-to-end encryption (end-to-end encryption of Facebook messenger requires activation if it is not enabled by default); Service providers: https://www.facebook.com, FacebookIreland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out: https://www.facebook.com/settings?tab=ads.
Skype: Skype Messenger with end-to-end encryption; Service providers: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://www.skype.com/de/; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement,Security Notices: https://www.microsoft.com/de-de/trustcenter; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.

Surveys

The surveys conducted by us (hereinafter "Surveys") are evaluated anonymously. Processing of personal data is only carried out to the extent that this is necessary for the provision and technical execution of the surveys (e.g. processing of the IP address in order to display the survey in the user's browser or by means of a temporary cookie (session cookie) to allow the survey to resume) or users have consented.

Notes on legal bases: If we ask the participants to give their consent to the processing of my data, this legal basis is the processing, otherwise the processing of the data of the participants takes place on the basis of our legitimate interests in conducting an objective survey.

Types of data processed: contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons: communication partners, users (e.g. website visitors, users of online services).

Purposes of processing: contact requests and communication, direct marketing (e.g. by e-mail or postal), tracking (e.g. interest/behavioural profiling, use of cookies), feedback (e.g. collecting feedback via online form), profiling (creating user profiles).

Legal bases: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Services and service providers used:

Google form: Google cloud forms; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://firebase.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settingsfor displaying advertisements: https://adssettings.google.com/authenticated.
LimeSurvey: LimeSurvey Survey Services; Service provider: LimeSurvey GmbH Survey Services & Consulting, Papenreye 63, 22453 Hamburg, Germany; Website: https://www.limesurvey.org/de; Privacy Policy: https://www.limesurvey.org/de/richtlinien/datenschutzrichtlinie.

Videoconferencing, online meetings, webinars and screen sharing

We use third-party platforms and applications (hereinafter referred to as "Third Parties") for the purpose of conducting video and audio conferencing, webinars, and other types of video and audio meetings. When selecting third-party providers and their services, we comply with the legal requirements. Within this framework, data of the communication participants are processed and stored on the servers of the third-party providers, insofar as these are part of communication processes with us. This data may include, in particular, login and contact details, visual and vocal posts, as well as entries in chats and shared screen content.

Where users are referred to the third parties, their software or platforms in the context of communication, business or other relationships with us, the third parties may use usage data and metadata for security purposes, service optimization or processing for marketing purposes. We therefore ask you to observe the privacy policy of the respective third parties.

Notes on legal bases: If we ask the users for their consent to the use of third-party providers or certain functions (e.g. consent to a recording of conversations), the legal basis of the processing is the consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of the third-party providers has been agreed within this framework. Otherwise, the data of the users will be processed on the basis of our legitimate interests in an efficient and secure communication with our communication partners. In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Affected persons: communication partners, event participants, guest speakers, users (e.g. website visitors, users of online services).

Purposes of processing: Contractual services and services, contact requests and communication, office and organizational procedures.

Services and service providers used:

Google Meet: Communication and video conferencing software; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://meet.google.com/; Privacy Policy: https://policies.google.com/privacy?hl=en&gl=uk
Wonder: Video conferencing and virtual events software; Service provider: Yotribe GmbH, Kommandantenstraße 77 10117 Berlin Germany; Website: https://www.wonder.me/; Privacy Policy: https://www.wonder.me/privacy-policy
Zoom: Communication and video conferencing software; Service provider: Zoom Video Communications, Inc. , 55 Almaden Blvd. Suite 600, San Jose, CA 95113 USA; Website: https://zoom.us/; Privacy Policy: https://zoom.us/privacy#_Toc44414847

Provision of the online offer and web hosting

In order to be able to provide our online offer securely and efficiently, we use the services of the web hosting provider, “Papaki”, Enartia A.E., S Street, Heraklion Area, Greece. from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance. Enartia A.E. processes your data as a processor on the basis of a contract concluded in accordance with Art. 28 GDPR. You can access the data protection regulations applicable by domainfactory GmbH here: https://www.papaki.com/el/privacy-policy.htm

The data processed in the context of the provision of the hosting offer may include all information concerning the users of our online offer that is incurred in the context of use and communication. This regularly includes the IP address necessary to deliver the contents of online offers to browsers and all entries made within our online offer or from websites.

Collection of access data and log files: We ourselves (or Enartia A.E.) collect data for every access to the server (so-called server log files). The server log files may include the address and name of the retrieved websites and files, the date and time of the retrieval, the amount of data transferred, the notification of successful retrieval, the browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to reduce the load on the servers and their stability. Ensure.

Types of data processed: content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons: users (e.g. website visitors, users of online services).

Legal bases: Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Music and podcasts

We use hosting and analysis services from service providers to provide our audio content for listening to or downloading and to obtain statistical information on how to retrieve the audio content.

Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons: users (e.g. website visitors, users of online services).

Purposes of processing: range measurement (e.g. access statistics, detection of returning visitors), visit action evaluation, profiling (creating user profiles).

Services and service providers used:

Soundcloud: Soundcloud - Music Hosting; Service providers: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Website: https://soundcloud.com; Privacy Policy: https://soundcloud.com/pages/privacy.
Spotify: Spotify - music hosting and widget; Service providers: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; Website: https://www.spotify.com/de; Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/.

Workspace and Cloud services

We use software services accessible over the Internet and running on their providers' servers (so-called "cloud services", also referred to as "Software as a Service") for the following purposes: document storage and administration, calendar management, E-mail, spreadsheets and presentations, exchange of documents, content and information with specific recipients, or publication of websites, forms or other content and information, chats and participation in audio and Video conferencing.

In this context, personal data may be processed and stored on the servers of the providers, insofar as these are part of communication processes with us or are otherwise processed by us as set out in this data protection declaration. This data may include, in particular, master data and contact data of the users, data on transactions, contracts, other processes and their contents. Cloud service providers also process usage data and metadata they use for security and service optimization purposes.

Insofar as we provide documents and content to other users or publicly accessible websites, providers may provide cookies on users' devices for the purpose of web analysis or to adjust user preferences (e.g. in the case of media control).

Notes on legal bases: If we ask for consent to the use of cloud services, the legal basis of the processing is consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of the cloud services has been agreed within this framework. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e., interest in efficient and secure management and collaboration processes)

Affected persons: customers, employees (e.g. employees, applicants, former employees, members, former members of the organization), interested parties, communication partners.

Purposes of processing: office and organisational procedures.

Services and service providers used:

Google G-Suite for Non-Profit: Cloud storage services; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/; Privacy Policy: https://www.google.com/policies/privacy,Security Notices: https://cloud.google.com/security/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Aktive; Standard contractual clauses (guarantee of data protection level for processing in a third country): https://cloud.google.com/terms/data-processing-terms; Additional information on data protection: https://cloud.google.com/terms/data-processing-terms.
Slack: Workspace communication software; Service Provider: Slack Technologies Limited
4th Floor, One Park Place, Hatch Street Upper, Dublin 2, Ireland, parent company: Slack Technologies, 500 Howard Street, San Francisco, CA 94105 USA; Website:https://slack.com Privacy Policy:https://slack.com/intl/en-de/trust/privacy/privacy-policy?geocode=en-de
Notion: workspace collaboration software; Service Provider: Notion Labs, Inc. 548 Market St #74567, San Francisco, CA 94104-5401 USA; Website:https://www.notion.so/; Privacy Policy: https://www.notion.so/GDPR-c8eac6ea83a64fb1a3ea3bcd5c3d4951

Newsletter and broad communication

We only send newsletters, e-mails and other electronic notifications (hereinafter "Newsletter") with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. For the rest, our newsletters contain information about our services and us. In order to subscribe to our newsletters, it is always sufficient if you provide your e-mail address. However, we may ask you to provide a name so that we can personally address you in the newsletter, or other information if required for the purposes of the newsletter.

At the same time, IGF Greece, with the aim of creating and strengthening a digital community related to Internet Governance in Greece, provides a mailing list. The data collected through the subscription form include your email address and optionally your name. In addition, the registration date and time as well as the IP address can also be saved. To successfully subscribe to the list, users must confirm an invitation email and agree to the use of their data as part of the mailing list. The email invitation provides more details about data processing in relation to the mailing list.

If you send messages to the mailing list, we will forward your message to all other subscribers to this mailing list and we will collect the contents of this post in the mailing list file along with the email address and the name you originally signed up for. The mailing list file will be made available to the public. In addition to this data, we may also collect post metadata as contained in each email, such as IP address, date and time the email was sent, email schedule, retransmission servers.

You can unsubscribe from the mailing list at any time.

The personal data available through the mailing list file are stored for an indefinite period of time, for purposes related to transparency and for the maintenance of the institutional file of IGF Greece.

Double opt-in procedure: The registration for our newsletter and mailing list is basically done in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can log in with foreign e-mail addresses. The registrations for the newsletter and mailing list are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation time as well as the IP address. The changes to your data stored by the shipping service provider will also be logged.

Deletion and restriction of processing: We may store the e-mail addresses that have been processed for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense of claims. An individual request for cancellation is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a block list (so-called "blacklist") for this purpose alone.

The registration procedure is logged on the basis of our legitimate interests for the purpose of proving its proper conduct. Insofar as we commission a service provider to send e-mails, this is based on our legitimate interests in an efficient and secure shipping system.

Information on legal bases: The sending of the newsletters and mailing list content is based on the consent of the recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of existing customer advertising. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to prove that it was conducted in accordance with the law.

Content: Information about us, our services, promotions and offers.

Success measurement: The newsletter and mailing lists contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from our server when opening the newsletter and mailing list from our server or, if we use a shipping service provider, from its server. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, are collected first.

This information is used to improve the technical aspects of our newsletter and mailing list on the basis of the technical data or the target groups and their reading behaviour on the basis of their polling locations (which can be determined by means of the IP address) or the access times. This analysis also includes determining whether the newsletter and mailing lists are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual recipients. However, it is neither our intention nor, if used, that of the shipping service provider to observe individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The evaluation of the newsletter and mailing list and the measurement of success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purposes of the use of a user-friendly and secure newsletter and mailing list system, which is both serves our business interests as well as meets the expectations of our users.

A separate revocation of the success measurement is unfortunately not possible, in this case the entire newsletter and mailing list subscription must be cancelled or must be contradicted.

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).

Affected persons: communication partners.

Purposes of processing: Direct marketing (e.g. by e-mail or by post).

Legal bases: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Possibility of objection (opt-out): You can cancel the receipt of our newsletter and mailing list at any time, i.e. revoke your consents or object to further receipt. You can either find a link to cancel the newsletter and mailing list at the end of each newsletter and mailing list or otherwise use one of the above-mentioned contact options, preferably e-mail.

Services and service providers used:

Mailchimp: email marketing platform; Service Provider: "Mailchimp" - Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Website: https://mailchimp.com; Privacy Policy: https://mailchimp.com/legal/privacy/; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.

Sweepstakes and competitions

We process personal data of the participants of competitions and competitions only in compliance with the relevant data protection regulations, insofar as the processing for the provision, execution and processing of the competition is contractually necessary participants have consented to the processing or the processing serves our legitimate interests (e.g. in the security of the competition or the protection of our interests against misuse by the possible collection of IP addresses when submitting competition entries).

If entries of the participants are published in the context of the Contests (e.g. in the context of a vote or presentation of the Prize Entries or the Winners or the Coverage of the Competition), we would like to point out that the names of the participants are can also be published in this context. Participants can object to this at any time.

If the sweepstakes takes place within an online platform or a social network (e.g. Facebook or Instagram, hereinafter referred to as the "Online Platform", the terms of use and data protection of the respective platforms shall also apply. In such cases, we would like to point out that we are responsible for the information provided by the participants in the context of the competition and that inquiries regarding the competition should be directed to us.

The winners' data will be deleted as soon as the competition or contest is completed and the data is no longer required to inform the winners or because questions about the competition are to be expected. In principle, the data of the participants will be deleted no later than 6 months after the end of the competition. Winners' data may be retained for longer, e.g. to answer questions about the winnings or to fulfill the winnings; in this case, the retention period depends on the type of profit and is, for example, up to three years for items or services, in order to be able to handle warranty cases, for example. In addition, the participants' data can be stored for longer, e.g. in the form of reporting on the competition in online and offline media.

If data has also been collected for other purposes in the context of the competition, its processing and retention period shall be governed by the data protection notices for this use (e.g. in the case of a registration for the newsletter in the context of a competition).

Types of data processed: inventory data (e.g. names, addresses), content data (e.g. text input, photographs, videos).

Persons affected: competition and competition participants.

Purposes of processing: execution of sweepstakes and competitions.

Legal bases: Performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR).

Web analysis and optimization

The web analysis (also referred to as "range measurement") is used to evaluate the visitor flows of our online offer and can be used as pseudonymous values for behaviour, interests or demographic information about visitors, such as age or gender. Include. With the help of the range analysis, we can, for example, identify at what time our online offer or its functions or contents are used most often or invite to reuse. We can also understand which areas require optimization.

In addition to web analysis, we can also use test methods to test and optimize different versions of our online offer or its components, for example.

For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar methods can be used for the same purpose. This information may include, for example, content viewed, websites visited and elements and technical information used there, such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, these can also be processed depending on the provider.

The IP addresses of the users are also stored. However, we use an IP masking method (i.e., pseudonymization by shortening the IP address) to protect users. In general, the web analysis, A/B testing and optimization do not store clear user data (such as e-mail addresses or names), but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask the users for their consent to the use of the third-party providers, the legal basis for the processing of data is the consent. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Types of data processed: usage data (e.g. websites visited, interest in content, access times).

Affected persons: users (e.g. website visitors, users of online services).

Purposes of processing: range measurement (e.g. access statistics, detection of returning visitors), tracking (e.g. interest/behavioural profiling, use of cookies), visit action evaluation, profiling (creating user profiles), interest-based and behavioural marketing.

Security measures: IP masking (pseudonymization of the IP address).

Legal bases: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Services and service providers used:

Google Analytics: We use Google Analytics data for the purpose of improving areas of our online offerings and improving the alignment of our marketing activities with potential user interests; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://optimize.google.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settingsfor displaying advertisements: https://adssettings.google.com/authenticated.

Online marketing

We process personal data for online marketing purposes, including in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "Content") based on potential interests of users and measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar methods are used by which the information relevant to the presentation of the aforementioned contents about the user is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, these can also be processed.

The IP addresses of the users are also stored. However, we use available IP masking methods (i.e., pseudonymization by shortening the IP address) to protect users. As a general rule, the online marketing process does not store clear user data (such as e-mail addresses or names), but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in cookies or by similar procedures. These cookies can later generally also be used on other websites that use the same online marketing procedure, read out and analyzed for the purposes of displaying content as well as supplemented with further data and on the server of the online marketing process provider stored.

Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing procedures we use and the network connects the profiles of the users with the aforementioned information. We kindly ask you to note that users can make additional agreements with the providers, e.g. by consent in the context of registration.

In principle, we only have access to aggregated information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract with us. Conversion measurement is used solely to analyze the success of our marketing efforts.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons: users (e.g. website visitors, users of online services).

Purposes of processing: tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavioral marketing, profiling (creating user profiles), conversion measurement (measurement of the effectiveness of marketing measures).

Security measures: IP masking (pseudonymization of the IP address).

Legal bases: Consent (Art. 6 sec. 1 p. 1 lit. a GDPR), legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Possibility of opposition (opt-out): We refer to the data protection notices of the respective providers and the possibilities of objection indicated to the providers (so-called "opt-out"). Unless an explicit opt-out option has been specified, you may switch off cookies in your browser settings. However, this may limit the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary to each area: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territorial: https://optout.aboutads.info.

Presences on social networks

We maintain online presences within social networks and process users' data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that users' data can be processed outside the European Union. This can create risks for users, as this could, for example, make it more difficult to enforce users' rights. With regard to U.S. providers that are certified under the Privacy Shield or offer similar guarantees of a secure level of privacy, we would like to point out that they are committed to complying with EU data protection standards.

Furthermore, users' data within social networks are usually processed for market research and advertising purposes. For example, user profiles can be created based on the user behaviour and the resulting interests of the users. The user profiles can in turn be used to display advertisements inside and outside the networks, for example, which presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the user's usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective processing methods and the opt-out, we refer to the data protection declarations and information of the operators of the respective networks.

We would also like to point out that these can be asserted most effectively by the providers in the case of requests for information and the assertion of data subjects' rights. Only the providers have access to the data of the users and can take direct action and provide information. If you still need help, you can contact us.

Affected persons: users (e.g. website visitors, users of online services).

Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, range measurement (e.g. access statistics, detection of returning visitors).

Legal bases: Legitimate interests (Art. 6 sec. 1 p. 1 lit. f. GDPR).

Services and service providers used:

Instagram : Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out: Ad settings: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on the joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy Notice forFacebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
LinkedIn: Social network; Service providers: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Twitter: Social Network; Service providers: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/de/privacy, (Settings) https://twitter.com/personalization; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
YouTube: Social network; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: https://adssettings.google.com/authenticated.

Plugins and embedded functions as well as content

We incorporate functional and content elements from the servers of their respective providers (hereinafter referred to as "Third Parties") in our online offering. These may include graphics, videos, social media buttons, and posts (hereinafter referred to as "Content").

The integration always presupposes that the third parties of this content process the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content or functions. We make every effort to use only those content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and, among other things, technical information about the browser and operating system, referencewebsites, the time of visit and other information on the use of our online offer as well as to be associated with such information from other sources.

Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end-user's terminal), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), inventory data (e.g.

Affected persons: users (e.g. website visitors, users of online services), communication partners.

Purposes of processing: provision of our online offer and user-friendliness, contractual services and service, contact requests and communication, direct marketing (e.g. by e-mail or postal), tracking (e.g. interest/behavioural profiling, use of cookies), interest-based and behavioural marketing, profiling (creating user profiles), reach measurement (e.g. access statistics, recognition of returning visitors), online form), security measures, management and response of requests.

Legal bases: Legitimate interests (Art. 6 sec. 1 s. 1 lit. f. GDPR), consent (Art. 6 sec. 1 p. 1 lit. a GDPR), performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 s. 1 lit. b. GDPR).

Services and service providers used:

Facebook plugins and content: This may include content such as images, videos or texts and buttons with which users can share content from this online offer within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/; Service providers: https://www.facebook.com, FacebookIreland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-out: Ad settings: https://www.facebook.com/settings?tab=ads.
Google Fonts: We integrate the fonts ("Google Fonts") of the provider Google, whereby the data of the users are used solely for the purpose of displaying the fonts in the browser of the users. The integration is based on our legitimate interests in a technically safe, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration. Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Google Maps: We include the maps of the "Google Maps" service of the provider Google. The data processed may include, in particular, IP addresses and location data of the users, but these may not be collected without their consent (usually carried out within the framework of the settings of their mobile devices); Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Privacy Policy: https://policies.google.com/privacy; Privacy Shield:https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active; Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settingsfor displaying advertisements: https://adssettings.google.com/authenticated.
Instagram plugins and content: Instagram plugins and content - This may include content such as images, videos or texts and buttons that allow users to share content from this online offering within Instagram. Service providers: https://www.instagram.com,Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
LinkedIn plugins and content: LinkedIn plugins and content - This may include content such as images, videos or texts and buttons that allow users to share content from this online offering within LinkedIn. Service providers: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.instagram.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Soundcloud Music Player Widget: Soundcloud Music Player Widget; Service providers: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Website: https://soundcloud.com; Privacy Policy: https://soundcloud.com/pages/privacy.
Spotify Music Player Widget: Spotify Music Player Widget; Service providers: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; Website: https://www.spotify.com/de; Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/.
Twitter plugins and content: Twitter plugins and buttons - This may include content such as images, videos or texts and buttons with which users can share content from this online offer within Twitter. Service providers: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Website: https://twitter.com/de; Privacy Policy: https://twitter.com/de/privacy.
YouTube videos: video content; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settingsfor displaying advertisements: https://adssettings.google.com/authenticated.
Vimeo videos: video content; Service providers: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-out: We point out that Vimeo may use Google Analytics and refer to the privacy policy (https://policies.google.com/privacy) as well asthe opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=de)or Google's settings for data usage for marketing purposes (https://adssettings.google.com/).