Privacy policy
Privacy policy
I. Name and address of the controller
DAMM & BIERBAUM Agentur für Marketing und Kommunikation GmbH
Hanauer Landstrasse 174 – 176
60314 Frankfurt
Germany
Phone: +49 (69) 78 91 05-38
Email: info@dammbierbaum.de
Website: www.dammbierbaum.de
is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.
II. Name and address of the data protection officer
The data protection officer of the controller is:
AGOR AG
Niddastraße 74
60329 Frankfurt am Main
Phone: +49 (0) 69 – 94 94 32-410
Email: info@agor-ag.com
Website: www.agor-ag.com
III. General information on data processing
Information on data protection for applications
1. scope of the processing of personal data
We only collect and use the personal data of users of our website insofar as this is necessary to provide a functional website, our content and services.
In principle, the collection and use of our users’ personal data only takes place with their consent. An exception to this principle applies in cases where the processing of data is permitted by law or where it is not possible to obtain prior consent for factual reasons.
2. Legal basis for the processing of personal data
The legal basis for the processing of personal data generally arises from Art:
- 6 para. 1 sentence 1 lit. a GDPR when obtaining the consent of the data subject.
- 6 para. 1 sentence 1 lit. b GDPR for processing operations necessary for the performance of a contract to which the data subject is party. This also includes processing operations that are necessary for the performance of pre-contractual measures.
- 6 para. 1 sentence 1 lit. c GDPR for processing operations that are necessary for compliance with a legal obligation.
- 6 para. 1 sentence 1 lit. d GDPR if vital interests of the data subject or another natural person require the processing of personal data.
- 6 para. 1 sentence 1 lit. f GDPR, if the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest.
3. Data erasure and storage duration
The user’s personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may be stored beyond this if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Use of our website, general information
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user’s computer system. The following information may be collected:
(1) Information about the browser type and version used,
(2) the user’s operating system,
(3) the user’s internet service provider,
(4) the IP address of the user,
(5) the date and time of access,
(6) Websites from which the user’s system accesses our website,
(7) Websites that are accessed by the user’s system via our website.
The data described is stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Purpose and legal basis for data processing
The temporary storage of the IP address by our system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.
The collection of your personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. The user therefore has no right to object.
3. Duration of storage
Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.
If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of the users are deleted or anonymised. It is then no longer possible to identify the calling client.
V. General information on the use of cookies
We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When you access a website, a cookie may be stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change.
TTDSG:
The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user’s terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG).
Please note that the legal basis for the processing of the personal data collected in this context then results from the GDPR (Art. 6 para. 1 sentence 1 GDPR). The relevant legal basis for the processing of personal data in each specific case can be found below on the respective cookie or on the respective processing itself.
The primary legal basis for the storage of information in the end user’s terminal equipment – i.e. in particular for the storage of cookies – is your consent, Section 25 1 sentence 1 TTDSG. Consent is given when you visit our website – although of course it does not have to be given – and can be revoked at any time in the cookie settings.
According to Section 25 para. 2 No. 2 TTDSG, consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user. In the cookie settings, you can see which cookies are categorised as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exemption rule of Section 25 para. 2 TTDSG and therefore do not require consent.
GDPR:
The following data is stored and transmitted when cookies are used
- A randomly generated number as a client ID to distinguish unique users
- Visited pages
- Information about accepted cookie notice
We also process your data using our consent management tool to save your individual cookie selection. For this purpose, this website uses a cookie from the provider Borlabs. The Borlabs cookie does not process any personal data.
The borlabs cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser or make new settings in our cookie settings.
The legal basis for the processing of personal data using cookies results from Art. 6 para. 1 lit. c, f GDPR. The purpose of using technically necessary cookies is to simplify the use of our website.
Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes in the settings of your Internet browser. Stored cookies can also be deleted there. Please note that you may no longer be able to use all the functions of our website if you deactivate cookies.
Further information on technically unnecessary cookies can be found in section VII Web Analytics.
VI. Your rights / rights of the data subject
According to the EU General Data Protection Regulation, you have the following rights as a data subject:
1. Right to information
You have the right to receive information from us as the controller as to whether and which personal data concerning you is processed by us, as well as further information in accordance with the legal requirements under Art. 13, 14 GDPR.
You can assert your right to information at: info@dammbierbaum.de.
2. Right to rectification
If the personal data processed by us and relating to you is incorrect or incomplete, you have a right to rectification and/or completion. The correction will be made immediately.
3. Right to restriction
You have the right to restrict the processing of personal data concerning you in accordance with the statutory provisions (Art. 18 GDPR).
4. Right to erasure
If the reasons set out in Art. 17 GDPR apply, you can demand that the personal data concerning you be deleted immediately.
We would like to point out that the right to erasure does not exist if the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
6. Right to data portability
Under the GDPR, you also have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.
7. Right to revoke the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to object
Furthermore, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 1 sentence 1 lit. GDPR.
9. Automated decision-making in individual cases, including profiling
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
10. Right to lodge a complaint with a supervisory authority
Finally, if you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
11. Data transfer outside the EU
The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union as part of the use of third-party services. We only authorise the processing of your data in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data may then only take place on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU by the EU Commission or compliance with officially recognised special contractual obligations, the so-called “standard data protection clauses”.
12. Minors under the age of 16
Minors under the age of 16 are expressly not addressees of our website and our offers on this website. We would like to point out that legal guardians must supervise the online activities of their children. Minors under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We explicitly do not request personal data from minors under the age of 16, do not knowingly collect it and do not pass it on to third parties.
VII. Web Analytics
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension “_anonymiseIp()”. This means that IP addresses are further processed in abbreviated form so that they cannot be linked to a specific person. If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.
Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User conditions: http://www.google.com/analytics/terms/de.html ,
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html ,
and the privacy policy: http://www.google.de/intl/de/policies/privacy.
VIII. Use of Calendly
We use Calendly, a planning and organisation tool, to arrange appointments as part of the application process on our website. The service provider is the American company Calendly LCC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA.
The data used are name, email address and telephone number. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the appointment will be automatically deleted after the appointment and the completion of your enquiry.
Calendly also processes data in the USA, among other places. Calendly uses standard contractual clauses approved by the EU Commission (Art. 46 (2) and (3) GDPR) as the basis for data processing with recipients based in third countries (countries outside the direct scope of the GDPR) or for data transfer there. These clauses oblige Calendly to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. Further information about Calendly and Calendly’s data protection can be found at: https://calendly.com/de/privacy.
IX. Social Media
We currently use the following social media platforms:
Facebook
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads
and http://www.youronlinechoices.com
Supplementary agreement Insights data: https://www.facebook.com/legal/terms/page_controller_addendum
Instagram
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy/opt-out: http://instagram.com/about/legal/privacy/.
Twitter
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy policy: https://twitter.com/de/privacy
Opt-out: https://twitter.com/settings/account/personalization
YouTube (Google)
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Privacy policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
X. Social Media presence
We maintain fan pages within various social networks and platforms with the aim of communicating with the customers, interested parties and users active there and informing them about our services.
We would like to point out that your personal data may be processed outside the European Union, which may result in risks for you (e.g. when enforcing your rights under European / German law).
As a rule, user data is processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users. These user profiles can in turn be used, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of users’ personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art. 6 para. 1 sentence 1 lit. f. GDPR. If users are asked by the respective providers for consent to data processing (i.e. they give their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a. GDPR.
Further information on the processing of your personal data and your options to object can be found under the links provided by the respective provider. Data subjects can also assert their rights to information and other rights against the providers, but only those who have direct access to the user’s data and have the relevant information. We are of course available to answer any queries you may have and will support you if you need help.
A supplementary agreement is concluded with some social media platforms when operating a fan page. According to this agreement, data subject rights can generally be asserted both with the social media platform and with us. However, the primary responsibility under the GDPR for the processing of Insights data lies with the social media platform and it fulfils all obligations under the GDPR with regard to the processing of Insights data. In this context, the social media platform makes the essentials of the Page Insights supplement available to the data subjects.
As the operator of the fan page, we do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, such as the legal basis, the identity of the controller and the storage period of cookies on user devices.
XI. Integration of YouTube videos
We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transfer.
When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
XII Integration of Google Maps
We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section IV of this declaration is transmitted to Google. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Insofar as we obtain your consent, the legal basis for the use of the plug-in is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent. You can find out how the respective social media providers process your personal data in their respective privacy policies. We are not the controller within the meaning of the GDPR for the data processing of the social media providers.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.
XIII. Newsletter
1. General information
We send an irregular newsletter to customers and interested business contacts, in which we provide information about current agency developments and industry topics. We store the data that you manually transmit or make available to us in the course of getting to know us via business cards or if you are interested in receiving a newsletter. We use the CRM system “Insightly” for data collection and storage (see point 4). We use the newsletter distribution platform Mailchimp to send the newsletter (see point 5).
We require and use the following data to send the newsletter: Title (Mrs/Mr), surname, email address.
Your data will not be passed on. The data will be used exclusively for sending the newsletter.
2. Legal basis
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. The collection of the user’s email address serves to deliver the newsletter.
3. Cancellation, revocation and objection
You can cancel your subscription to the newsletter at any time. There is a corresponding link in every newsletter for this purpose.
We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements pursuant to Art. 21 GDPR. The objection can be made in particular against processing for direct marketing purposes.
4. Storage of the address data
The information entered when registering for the newsletter is processed in the Insightly CRM system of Insightly Inc, 680 Folsom St., San Francisco, California 94107. Insightly is subject to the requirements and certifications of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. You can view Insightly’s privacy policy here: www.insightly.com/privacy-policy
5. Dispatch service provider
The newsletter is sent using “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email address, title (female/male) and surname of our newsletter recipients and other data described under point 6 are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and analyse the newsletter on our behalf. Furthermore, MailChimp may, according to its own information, use this data to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or pass it on to third parties.
We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and thus undertakes to comply with EU data protection regulations. You can view MailChimp’s privacy policy here: www.mailchimp.com/legal/privacy
6. Statistical survey
We would like to point out that we evaluate your user behaviour when sending the newsletter in order to constantly optimise our newsletter.
Information on various general or personal activities is collected for this purpose. The following factors are tracked: opening rate, click rate, successful or unsuccessful delivery (bounces), unsubscribers,
opening time, clicked links/URLs, opening frequency per recipient or email domain, performance of integrated links.
XIV. Google Forms
We use the services of Google Forms from the provider Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to register for events.
In the form, we collect your name, your company (optional), your email address and your personalised message (optional). In addition, your IP address and the date and time of registration are stored at the time of registration. This data is processed for the purpose of event registration and event planning. It will not be passed on to third parties.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a, f GDPR. The IP address collected and the time and date of registration are deleted after 7 days. The remaining data will be stored until the event is completed and deleted after the event. This does not apply to data that we process for other purposes, such as an active business relationship.
You can find more information about data processing by Google in the data protection information: https://www.google.com/intl/de/policies/privacy/.