REMOVING LIMITS.

PRIVACY POLICY

The protection of your personal data is of the utmost importance to Deufol SE (hereinafter referred to as "we", "us" or "the Controller"). Observing and complying with legal provisions relating to data protection and data security are a matter of course for us. The following information sets out what data we collect when you visit our website, and how this data may be used:

General information about data processing

1.1 Scope of personal data processing

In principle, we process our users' personal data only to the extent that this is necessary to provide a functional website and to provide our content and services. Our users' personal data is processed on a regular basis only with the users' consent. An exception is made in such cases where prior consent cannot be obtained for factual reasons and statutory provisions permit the processing of the personal data.

1.2 Legal basis for the processing of personal data

Provided that we have obtained the data subject's consent to process their personal data, Article 6(1a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for said processing.
For the processing of personal data which is required to perform a contract to which the data subject is party, Art. 6(1b) GDPR serves as the legal basis. This also applies to processing operations required to take steps prior to entering into a contract.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1c) GDPR serves as the legal basis.
If processing is necessary in order to protect the legitimate interests of our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1f) GDPR serves as the legal basis for processing.

1.3 Location of the data processing

Personal data is generally processed in Germany and other European countries. Should we process data in a third country (outside of the European Union (EU) or the European Economic Area (EEA)), or should data be processed in the course of using services provided by third parties or be disclosed or transmitted to third parties, this will only take place in order to comply with our contractual obligations or measures prior to formation of a contract, based on your consent, to fulfill a legal requirement or on the basis of our legitimate interests. Subject to legal or contractual authorization, we will process the data or have it processed in a third country only in the event that the particular requirements set out in Articles 44 et seq. GDPR are met. This means that the processing may be based on specific guarantees, such as official recognition that an EU-equivalent level of data protection has been established (e.g. via the Privacy Shield for the USA, https://www.privacyshield.gov) or compliance with officially recognized special contractual obligations (known as standard contractual clauses).
The EU-US Privacy Shield is subject to the adequacy decision (2016/1250) taken by the EU Commission on 12th July 2016, which states that compliance with the regulations of the EU-US Privacy Shield provides an adequate level of data protection for personal data.

1.4 Erasure of data and storage period

The data subject's personal data is erased or blocked once the purpose of storage no longer applies. Data may continue to be stored beyond this point if provided for by European or national legislators in EU regulations, laws or other provisions to which the Controller is subject. Personal data is also erased or blocked if a storage period stipulated by the aforementioned standards expires, unless the continued storage of the data is required for the formation or performance of a contract.

Name and address of the Controller

The Controller responsible for the collection, processing and use of your personal data under the EU General Data Protection Regulation is

Deufol North America
Sunman, IN
USA
Tel.: 812.623.6630
Fax: 812. 618.3142
E-mail: pkg.solutions@deufol.com
Website: www.deufol-us.com

3 Data Protection Officer contact details

The Controller's Data Protection Officer can be contacted via:

Tel.: +49 (0) 69 63 80 94 41
E-mail: Datenschutz@deufol.com

4 Use of cookies, tracking pixels and tags 

We use automated data collection technologies such as cookies or tracking pixels for our website, newsletters, e-mails and online services. These enable us to collect data – including personal data – that relates to the use of and interaction with our online services.
Cookies are small text files that are transmitted by our website, applications and services and stored on your device. We use cookies to enable us to provide you with user-friendly, effective and personalized services, in order to ensure that our website, applications and services are secure and to improve them on an ongoing basis for your benefit.
Nevertheless, the user can at any time disable cookies on a blanket basis through their browser or automatically delete cookies each time the session ends or the browser is closed; see also "Storage period" and "Objections and remedies".
JavaScript snippets refer to tags that allow information to be transmitted from a website, for example in the context of online tracking.
Tracking pixels (also known as web beacons) are small graphics loaded when a website or e-mail is accessed which are used to track certain user activities. Loading a tracking pixel can mean accessing a web page or opening an e-mail in a web analytics tool.

4.1 Legal basis for the use of cookies, tracking pixels and tags

The legal basis for the use of cookies, tracking pixels and tags is a legitimate interest within the meaning of Article 6(1f) GDPR, and to guarantee that our website works correctly, is as easy to use as possible and provides you with a positive user experience.
We use analytical cookies, tags and retargeting technologies on the basis of our legitimate interest (Article 6(1f) GDPR, Recital 47). Our legitimate interest lies in optimally tailoring our website, applications and services to the interests of our customers.

4.2 Storage period/objections and remedies

You have the option of changing your browser settings so that cookies are not saved at all, and the option of deleting existing cookies.
In addition, the following description of the processing operations that take place includes references to ways to opt out by contacting the processor directly, where possible.
An objection (whether general or specific to certain providers) to the use of tracking, analytical functions or cookies can be submitted to the following services:

  • US Digital Advertising Alliance http://www.aboutads.info/choices/
  • Digital Advertising Alliance of Canada http://youradchoices.ca/
  • European Interactive Digital Advertising Alliance http://www.youronlinechoices.com/

Please be aware that it may not be possible to use all the functions of our online services if cookies are disabled.

5 Social media use

We offer our visitors the option of using social media services on our website.
Links to the respective services are provided for this purpose, via which users can rate, recommend or share content.

The social media services are operated exclusively by third parties. If the user follows one of these links, information may be transmitted to these third parties. Data is provided via HubSpot call-to-action links. Data is only transmitted to the respective provider when the user actively clicks on one of the links.
Provided that the user does not actively select a social media link, no data is exchanged with social media providers.
If you use these social media provider services and content, the provider will receive information about your visit to our website. It may be the case that personal data, such as your IP address, will be processed by the provider in this context. Should you be logged into your social media account when visiting our website, the provider may link information relating to your visit with your social media account.

The legal basis for the provision of the social media links is Article 6(1f) GDPR; we have a legitimate interest in enabling visitors to our website to use social media services.

You can find more details about the terms of use and data protection in the descriptions of the individual social media providers.

We have integrated the following social media providers onto our website:

  •  Facebook Inc.
    This website contains links to Facebook services and content, which are provided by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). These may include content such as images, videos and text. Furthermore, you can use the provided links to "like" or "share" content from our website on Facebook.

    The Facebook privacy policy can be found at: https://www.facebook.com/policy.php
    Facebook is certified in accordance with the EU-US Privacy Shield Framework:
    https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC
  •  Twitter Inc.
    This website contains links to Twitter services and content, which are provided by Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA). You can use Twitter to express an interest in content on our website or subscribe to articles, among other actions.
    The Twitter privacy policy can be found at:
    https://twitter.com/privacy?lang=en
    Twitter is certified in accordance with the EU-US Privacy Shield Framework:
    https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO

    You can object to Twitter's storage of data and information relating to your visits to websites, and to Twitter placing cookies on your device, by using the following opt-out link:
    https://twitter.com/personalization
  • LinkedIn
    This website contains links to LinkedIn services and content, which are provided by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland) and the LinkedIn Corporation. These may include content such as images, videos and text. We also provide you with LinkedIn functions such as "Share" by way of links.

    The LinkedIn privacy policy can be found at:
    https://www.linkedin.com/legal/privacy-policy.
    LinkedIn is certified in accordance with the EU-US Privacy Shield Framework:
    https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0

    You can object to LinkedIn's storage of data and information relating to your visits to websites, and to LinkedIn placing cookies on your device, by using the following opt-out link:
    https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy

An objection (whether general or specific to certain providers) to the use of tracking, analytical functions or cookies can be submitted to the following services:

  • Digital Advertising Alliance http://www.aboutads.info/choices/
  • Digital Advertising Alliance of Canada http://youradchoices.ca/
  • European Interactive Digital Advertising Alliance http://www.youronlinechoices.com/

6 HubSpot platform use

We use the integrated software platform and services provided by HubSpot as the basis of our Deufol website and for marketing and sales activities. These are provided by HubSpot, Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, United States, with a subsidiary in Ireland: HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland), hereinafter referred to as "HubSpot".

We use the content management functions provided by HubSpot for our website and our blog. We make a wide range of information about the Deufol company available around the world on these platforms. This information includes company presentations, solution concepts, newsletters, sales campaigns, our blog and a comprehensive range of media relating to our problem-solving expertise available for download.

In addition, we use marketing functions provided by the integrated HubSpot software platform for reporting purposes with respect to our website (e.g. traffic sources, access), social media publishing and reporting, contact management (e.g. user segmentation and CRM), landing pages, user interaction via chat or offline chat and contact forms.

We also use sales functions provided by the integrated HubSpot software platform for sales support and processing contractual services and services prior to formation of a contract.

A limited number of authorized users have access to the data stored in HubSpot to the extent required. Access to the personal data you provide is only granted to the relevant employees of the Deufol Group, affiliated companies and third-party companies commissioned by Deufol to provide services in the context of the Deufol website. These include employees in the Marketing and Business Development department, customer service and sales executives and IT department employees who require such access to administer and maintain the Deufol website or to comply with our contractual and legal obligations and measures prior to formation of a contract.
In this context, no data is disclosed to third parties outside of the Deufol Group except where necessary to process the initiation of a contract, perform a contract or handle sales inquiries.

We use HubSpot on the basis of the EU standard contractual clauses. HubSpot acts on our behalf as a data processor and solely acts in accordance with our instructions.

The HubSpot privacy policy can be found at:
https://legal.hubspot.com/de/privacy-policy
HubSpot is certified in accordance with the EU-US Privacy Shield Framework:
https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG

6.1 Provision of website and analytical functions

6.1.1 Description and scope of data processing

Each time you request the website, a range of general data and information is collected, processed and made available to us by our service provider HubSpot. The data collected can include (1) the browser type and version used, (2) the operating system used by the accessing system, (3) the web address of the site the user came to our website from (referrer), (4) the subsites accessed, (5) the date and time of the access to our website, (6) the accessing IP address, (7) the Internet service provider of the accessing system and (8) other similar data and information used for security matters in the event of attacks on the operator's IT systems.
This information is required in order to (1) provide users with the content of our website, applications and services correctly, (2) analyze user behavior on our website, applications and services and (3) guarantee the long-term functionality of the operator's IT systems, HubSpot and the technology used on our website.
We use geolocation data (at the national level) to enable us to offer you our website, applications and services with appropriate localization.

6.1.2 Legal basis for data processing

We have a legitimate interest in protecting and securing the IT systems and technology we use for our website, applications and services in accordance with Article 6(1f) GDPR.
The analytical measures we use are carried out on the basis of Article 6(1f) GDPR as well. Our legitimate interest lies in designing our service to meet your needs and optimizing it for you on an ongoing basis. In addition, the data collected is used to improve and continue to develop the technology and content on our website within the context of our PDCA process. At the same time, this constitutes a legitimate interest for us in accordance with Article 6(1f) GDPR.
Geolocation data is used at the national level in our legitimate interest as per Article 6(1f) GDPR in order to provide you with suitably localized information.

6.1.3 Storage period/objections and remedies

In the event that data is processed in order to make the website available, the data is erased once the respective session ends.
The data processed as part of the analytical functions is pseudonymized using technical means. This ensures that it is no longer possible to link data to the user accessing the site. The data is not stored together with other personal data relating to users.

6.2 Newsletters, e-mails and downloads

6.2.1 Description and scope of data processing

We offer a wide range of newsletters and downloads on our website. After signing up for our newsletter or consenting to us getting in touch with you on our website, you will receive a confirmation e-mail to the e-mail address you specified when registering (double opt-in process).
Newsletters and e-mails may contain tracking pixels that are requested from HubSpot servers when you open the e-mail in question. This request entails HubSpot collecting data, such as information about the browser and device used, your IP address and the time of the request. In addition, HubSpot records on our behalf whether e-mails are opened, when they are opened and what links are clicked on. These analyses allow us to understand the reading habits of our users and adapt and develop our content accordingly, or to send different content in line with our users' interests.

6.2.2 Legal basis for data processing

The legal basis for the processing of personal data in the context of our newsletters or sending e-mails is the consent of the user, in accordance with Article 6(1a) GDPR in conjunction with Section 7(2) no. 3 of the German Act Against Unfair Competition (UWG) where applicable. We are also permitted to send relevant information to data subjects by e-mail on the basis of Section 7(3) UWG.
The HubSpot service provider is used and statistical data collection and analysis are performed on the basis of our legitimate interest in accordance with Article 6(1f) GDPR. Our interest lies in the implementation of a user-friendly and secure newsletter and e-mail system that serves our commercial interests and meets the expectations of our users.
Registrations for our newsletters and consent to us contacting users are logged on the basis of our legitimate interest in being able to demonstrate user registration or consent at any time (Article 6(1f) GDPR).

6.2.3 Storage period

We store the data you consign to us for the purposes of sending the newsletter until you unsubscribe from the newsletter in question. The same applies to data held for the purpose of remaining in contact with you, which is stored until you withdraw your consent to its storage.
Data that we store for other purposes remains unaffected by this.

6.2.4 Objections and remedies

Consent given to the receipt of newsletters or e-mails can be withdrawn at any time by using the link at the end of each newsletter or by e-mailing info@deufol.com to this end.

6.3 Blog

6.3.1 Description and scope of data processing

We maintain a blog on our website which allows you to comment on the posts available.
This function stores the text of the comment, the first name given by the user and their e-mail address. The user may include additional information on an optional basis. We also collect the IP address of the user when they post a comment, and the timestamp for when it was posted. We use Google reCAPTCHA (see section "Google reCAPTCHA") to secure the comment function.
We also offer you the option of sharing, sending or rating blog posts through links to social media platforms. We provide these options via the services provided by Twitter, LinkedIn and Facebook.

6.3.2 Legal basis for data processing

The legal basis for the processing of personal data relating to a comment on a blog post is the consent given by the user when they post the comment (Article 6(1a) GDPR). We also have a legitimate interest within the meaning of Article 6(1f) GDPR in processing IP addresses for our security, with the aim of identifying spam when comments are posted, or in the event that comments contain illegal content or violate the rights of third parties.

6.3.3 Storage period

Comments are stored for as long as the blog post that the comment refers to exists.

6.3.4 Objections and remedies

The user has the option, at any time, to withdraw their consent to the processing of personal data.

6.4 Contact

6.4.1 Description and scope of data processing

We collect personal data if you use the contact form on our website to access personalized services. This includes your surname and first name, company name, phone number and e-mail address, which we need as contact details in order to process your query. In addition, in order to secure our contact form, we collect the IP address used to access the form and a timestamp.
We also provide you with option of contacting us using the live chat function on our website. We use the data you enter in our live chat to process the services you request in that context.

6.4.2 Legal basis for data processing

The legal basis for the processing of the personal data transmitted to us in the course of this contact (e.g. using our contact form, sending us an e-mail, using the live chat function, phoning us, contacting us via social media, etc.) is our legitimate interest in processing and responding to requests submitted to us in accordance with Article 6(1f) GDPR. Should personal data be transmitted using our contact form or via the chat function, the consent of the user in accordance with Article 6(1a) GDPR provides an additional legal basis for the processing of such data. The use of our contact form or chat function is logged on the basis of our legitimate interest in being able to demonstrate user consent at any time (Article 6(1f) GDPR).
Where contact is made with a view to forming a contract, Article 6(1b) GDPR provides an additional legal basis for the processing.

6.4.3 Storage period/objections and remedies

The personal data that you disclose in the course of contact with us (e.g. using our contact form, sending us an e-mail, using the live chat function, phoning us, contacting us via social media, etc.) is erased when the respective conversation with you ends or if it is possible to conclude from the circumstances that the issue in question has been conclusively resolved. An exception is made if this contact results in the initiation of a contract, the formation of a contract or some other legal requirement to retain the data for a certain period.

7 Job advertisements and applications

7.1 Description and scope of data processing

We provide an overview of vacant positions within the Deufol Group on our website. If you are interested in a position, you will be forwarded to our applicant platform, operated by On-apply GmbH, for a detailed description of the position and the option of applying online.

If you wish to apply online directly, this will require you to enter certain personal data, identified as mandatory fields in the online form, such as your first name and surname, postal address and e-mail address. To make it easier for us to get in contact with you, you also have the option of voluntarily sending us additional personal data and files relevant to the application process (covering letter, CV, references, etc.). The personal data that you provide in the online application is processed on our behalf in one of the databases operated by On-apply GmbH.
As an alternative, you can send us your application by e-mail or by post.

Access to the personal data you provide is only granted to the relevant employees of the Deufol Group, affiliated companies and third-party companies commissioned by Deufol SE to provide services in the context of the application process. For this purpose, Deufol SE's central HR department examines the applications and if necessary involves other offices, such as the HR department, specialist department, works council, etc., who require access in order to reach a hiring decision and to comply with our contractual and legal obligations and measures prior to formation of a contract.

7.2 Legal basis for data processing

The predominant legal basis is Article 6(1b) GDPR in conjunction with Sections 26(1) and (2) of the German Federal Data Protection Act (BDSG).
To the extent necessary, we also process your personal data on the basis of Article 6(1f) GDPR in order to safeguard our legitimate interests or those of third parties (e.g. public authorities).

7.3 Purpose of data processing

The personal data and files you send are collected, stored and used solely for purposes in connection with recording and processing your interest in current or future employment with a Deufol company.It is necessary to process your applicant details in order to reach a decision on the establishment of an employment relationship.

7.4 Storage period

If your application is successful, the personal data and files you have transmitted may continue to be used in the context of the employment relationship with you. You will then receive detailed information about how your personal data is handled within the employment relationship in the course of signing the employment contract.
If your application for an advertised position or speculative application does not result in your employment, your personal data will be erased after six months in accordance with Section 61b(1) of the German Labor Court Act (ArbGG) in conjunction with Section 15 of the German General Act on Equal Treatment (AGG), unless you have expressly consented to the long-term storage of your personal data in the context of a pool of applicants or there is a legal basis for its continued storage on a case-by-case basis.

7.5 Objections and remedies

The user has the option, at any time, to withdraw their consent to the processing of personal data.

8 Google services

We use Google Analytics and Google Tag Manager as web analytics services and Google reCAPTCHA to secure user inputs on our website. These services are provided by Google LLC (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
In addition, we use the provider YouTube to embed videos on our website. YouTube is operated by YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA). YouTube is represented by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

The Google privacy policy can be found at:
http://www.google.com/analytics/terms/us.html and https://policies.google.com/privacy?hl=en
Google is certified in accordance with the EU-US Privacy Shield Framework:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

8.1 Google web analytics

8.1.1 Description and scope of data processing

We use the services Google Analytics and Google Tag Manager for web analytics purposes. Google Analytics uses cookies to analyze website use.

When content is requested on our website, the following data is stored:

(1) Anonymized IP address of the user's system making the request

(2) The requested website

(3) The website from which the user came to the requested site (referrer)

(4) The subsites accessed from the requested website

(5) The duration of the visit to the website

(6) The frequency of requests for the website

The data generated by the cookie about your use of this website is normally sent to a Google server in the USA, where it is stored. Please note that this website uses Google Analytics with the extension code "gat._anonymizeIp();". This means that your IP address is truncated by Google within member states of the European Union or other states party to the Agreement on the European Economic Area before it is transferred to the USA. Only in exceptional cases is the full IP address sent to a Google server in the USA, where it is truncated.

On our behalf, Google uses this information to statistically analyze your browsing behavior on our website, to compile reports on the appeal of individual content and services provided, and to provide us with other services related to the use of the website and the Internet.
The IP address relayed by your browser within the scope of Google Analytics is not linked to other Google data.
You can find more details on this matter at
http://www.google.com/intl/us/analytics/privacyoverview.html, which provides general information about Google Analytics and data protection.
The Google Tag Manager tool does not itself collect personal data. The tool enables actions to be triggered, which may potentially capture data (e.g. Google Analytics).

8.1.2 Opt-out

You can object to Google's storage of data and information relating to your visit to our website, and to Google placing cookies on your device, by using the following opt-out link:
This places an opt-out cookie on your system, which prevents your data from being collected during future visits to this website:

Disable Google Analytics

8.1.3 Legal basis for data processing

We use the web analytics service Google Analytics in combination with Google Tag Manager for the purpose of designing our web pages to meet requirements and optimizing them on an ongoing basis. This constitutes a legitimate interest in accordance with Article 6(1f) GDPR.

8.1.4 Purpose of data processing

The purpose of the web analytics is to continually improve our website and further develop our online services in a user-oriented way.
Google Analytics enables us to record and statistically analyze the browsing behavior, visit duration and interests of visitors to our website in pseudonymized form, in order to optimize our website on behalf of our visitors. 

8.1.5 Storage period/objections and remedies

Cookies are stored on your device and transmitted to our website by your device. This means that you have full control over the use of cookies as a user. You can disable or limit the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also take place on an automated basis. If cookies are disabled for our website, it may not be possible to use all the functions on our website to their full extent.

8.2 Google reCAPTCHA

8.2.1 Description, purpose and scope of data processing

Google reCAPTCHA is a service for security checks and primarily serves to determine whether entries are made by natural persons or in an abusive fashion by means of machine and automated processing.
It is necessary to send the IP address of the user and potentially additional data required by Google for the reCAPTCHA service to Google in order to use the reCAPTCHA service.

You can find more details about the Google reCAPTCHA terms of use and privacy policy at:
https://policies.google.com/privacy?hl=en
https://policies.google.com/terms?hl=en

8.2.2 Legal basis for data processing

We also have a legitimate interest within the meaning of Article 6(1f) GDPR in processing IP addresses to ensure that our website remains secure and to protect the service we provide against automated spying, misuse and spam.

8.3 Provision of videos via YouTube

8.3.1 Description and scope of data processing

If you visit one of our web pages that contains videos embedded using the YouTube plug-in, this establishes a connection with YouTube servers. This allows the YouTube servers to obtain information about your visit to our website.
YouTube cookies may also be stored on your device. These cookies enable YouTube to obtain information about visitors to our website. This information is used, among other purposes, to collect video statistics, improve user-friendliness and prevent fraud attempts.
If you are logged into your YouTube account while visiting our website, it is possible for YouTube to match your browsing behavior to your personal profile directly. The use of the YouTube plug-in, such as clicking the start button on a video, is also linked to your user account.

8.3.2 Legal basis for data processing

The use of YouTube enables us to present our online content and services in an appealing way. This constitutes a legitimate interest in accordance with Article 6(1f) GDPR.

8.3.3 Purpose of data processing

We use the YouTube platform to upload our own videos and allow visitors to our website to access them.

8.3.4 Storage period/objections and remedies

The cookies used by YouTube remain on your device until you delete them.

9 User feedback

9.1 Description and scope of data processing

We use services provided by Hotjar on our website in order to better understand the needs of our users and optimize our service on our website. The services are provided by Hotjar Limited (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta).
We use a Hotjar plug-in to offer visitors to our website the opportunity to quickly send us feedback on the content we provide. The Hotjar plug-in offers users a rating scale from "good" to "bad", where the user has the option of adding a comment.

The plug-in also transmits the following data to Hotjar:

  • IP address (collected and stored in pseudonymized form)
  • Geolocation at the national level based on the IP address
  • URL of the website
  • The browser type and version
  • Screen resolution setting and time zone on the device

9.2 Opt-out

You can object to Hotjar's storage of data and information relating to your visit to our website, and to Hotjar placing tracking cookies on your device, by using the following opt-out link:

https://www.hotjar.com/legal/compliance/opt-out

9.3 Legal basis for data processing

We have a legitimate interest within the meaning of Article 6(1f) GDPR in providing users of our website with the option to actively submit feedback on their experiences with our website, both in order to respond to the needs of our customers and to improve and continue to develop the technology and content on our website within the context of our PDCA process.

9.4 Purpose of data processing

User feedback is gathered, pseudonymized or anonymized, processed and made available to us via a Hotjar plug-in.
Neither we nor Hotjar use the information to identify individual users or combine the information with other data relating to individual users. More information can be found in Hotjar's privacy policy at https://www.hotjar.com/legal/policies/privacy.

9.5 Storage period/objections and remedies

Personal data transmitted to Hotjar is erased by Hotjar immediately after processing.

10 Geolocation service

10.1 Description and scope of data processing

We use the ipstack.com service, operated by apilayer GmbH (Hoerlgasse 12/4, 1090 Vienna, Austria) for geolocation services.

When you request our website, the ipstack.com service is used to determine the two-character country code for the country you are probably located in on the basis of your IP address.

Additional information on the purpose and scope of data collection and processing by ipstack.com can be found in the provider's privacy policy at https://ipstack.com/privacy.

10.2 Legal basis for data processing

The geolocation service provided by ipstack.com is used for the purpose of displaying our online services in a way that appeals to specific national audiences and in the national language of the visitor. This constitutes a legitimate interest within the meaning of Article 6(1f) GDPR.

10.3 Purpose of data processing

We use the geolocation service provided by ipstack.com for the purpose of displaying our online services in a way that appeals to specific national audiences and in the national language of the visitor.

10.4 Storage period/objections and remedies

Deufol does not store any personal data as part of this processing.

11 SlideShare

11.1 Description and scope of data processing

We use the service SlideShare on our website in order to make files available. SlideShare is operated by LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA). LinkedIn Ireland (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) is responsible for data protection matters outside of the USA.

The service is integrated using a call-to-action link provided by HubSpot.
This means that when you visit our site, no personal data is passed on initially. Only once you actively request a file stored in SlideShare, e.g. a Deufol presentation, does a separate browser window open and you are forwarded to the content in SlideShare. In the process, personal data is disclosed to SlideShare.com and potentially to companies affiliated with them.
If you are logged in with your SlideShare user account, SlideShare can match your browsing history to your personal profile directly. This can be prevented by logging out of SlideShare.

The LinkedIn privacy policy can be found at:
http://www.linkedin.com/legal/privacy-policy
LinkedIn is certified in accordance with the EU-US Privacy Shield Framework:
https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0

11.2 Legal basis for data processing

SlideShare is used to make Deufol content available in order to guarantee that our services are presented in an appealing and easily available way. This constitutes a legitimate interest in accordance with Article 6(1f) GDPR.

11.3 Purpose of data processing

The SlideShare service is used to store and provide Deufol content on the Internet.

11.4 Storage period/objections and remedies

An objection to SlideShare's use of tracking, analytical functions and cookies can be registered with the following services:

  • US Digital Advertising Alliance http://www.aboutads.info/choices/
  • Digital Advertising Alliance of Canada http://youradchoices.ca/
  • European Interactive Digital Advertising Alliance http://www.youronlinechoices.com/

12 Wistia video service

12.1 Description and scope of data processing

We use the service Wistia on our website in order to display online videos. This service is provided by Wistia Inc. (17 Tudor Street, Massachusetts, 02139 USA).
A direct connection is established between your browser and a Wistia service in order to display videos stored by Wistia. In the process, Wistia obtains and stores information relating to your browser, including your IP address and cookie information. Wistia enables statistical analysis on the use of the stored videos, such as how many visitors watch certain videos or how long videos are watched for.
Wistia uses CDN (content delivery networks) and tools from third-party providers in order to supply content quickly and in technically optimized form.

More information about data protection can be found in Wistia's privacy policy at http://wistia.com/privacy.
Wistia is certified in accordance with the EU-US Privacy Shield Framework:
https://www.privacyshield.gov/participant?id=a2zt0000000TSBFAA4

12.2 Legal basis for data processing

The legal basis for the processing of personal data in the context of online video provision is our legitimate interest in accordance with Article 6(1f) GDPR in offering online videos on our website.

12.3 Purpose of data processing

The processing serves the purpose of providing videos as well as statistical analysis of the way the available videos are used.

12.4 Storage period/objections and remedies

Deufol does not store any personal data as part of this processing.

13 Rights of the data subject

Where personal data that relates to you is processed, this makes you a data subject within the meaning of the GDPR and you have the following rights with regard to the Controller:

13.1 Right of access by the data subject

You can obtain from the Controller confirmation as to whether or not personal data that concerns you is being processed by us.
Where such processing takes place, you can obtain the following information from the Controller:

(1) The purposes for which the personal data is processed;

(2) The categories of personal data that are processed;

(3) The recipients or categories of recipient to whom the personal data relating to you has been or will be disclosed;

(4) The envisaged period for which the personal data relating to you will be stored, or, if specifics cannot be provided, the criteria used to determine the storage period;

(5) The right to request from the Controller rectification or erasure of personal data relating to you or restriction of processing of personal data or to object to such processing;

(6) The right to lodge a complaint with a supervisory authority;

(7) Where the personal data is not collected from the data subject, any available information as to its source;

(8) The right to automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in those cases,
meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether personal data relating to you is transferred to a third country or to an international organization. In this context, you can request information about the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

13.2 Right to rectification

If the processed personal data relating to you is inaccurate or incomplete, you have the right to have it rectified and/or completed by the Controller. The Controller must rectify such data without undue delay.

13.3 Right to restriction of processing

You have the right to request restriction of processing of the personal data relating to you under one or more of the following conditions:

(1) If you contest the accuracy of the personal data relating to you, for a period enabling the Controller to verify the accuracy of the personal data;

(2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) The Controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defense of legal claims; or

(4) You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the Controller override yours.

Where processing of personal data relating to you has been restricted, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the conditions outlined above, you will be informed by the Controller before the restriction of processing is lifted.

13.4 Right to erasure

Erasure obligation

You have the right to obtain from the Controller the erasure of personal data relating to you without undue delay and the Controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) The personal data relating to you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

(2) You withdraw consent on which the processing is based according to Article 6(1a), or Article 9(2a) GDPR, and where there is no other legal ground for the processing;

(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;

(4) The personal data relating to you was unlawfully processed;

(5) The personal data relating to you has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;

(6) The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Information to third parties

Where the Controller has made the personal data relating to you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure of any links to, or copies or replications of, this personal data.


Exceptions

The right to erasure does not apply if processing is necessary:

(1) For exercising the right of freedom of expression and information;

(2) For compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

(3) For reasons of public interest in the area of public health in accordance with Article 9(2h) and (2i) as well as Article 9(3) GDPR;

(4) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR provided the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) For the establishment, exercise or defense of legal claims.

13.5 Right to notification

If you have exercised your right to rectification or erasure of personal data relating to you or restriction of processing vis-à-vis the Controller, the Controller undertakes to communicate this rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You also have the right to information from the Controller about those recipients.

13.6 Right to data portability

You have the right to receive the personal data relating to you, which you have provided to the Controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the Controller to which the personal data has been provided, where

(1) the processing is based on consent pursuant to Article 6(1a) or Article 9(2a) GDPR or on a contract pursuant to Article 6(1b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where technically feasible. This right must not adversely affect the rights and freedoms of others.
This right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

13.7 Right to withdraw consent and object to processing

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You also have the right to object to processing if the conditions of Article 21 GDPR are met.

13.8 Exercise of rights under Items 13.1 to 13.7

If you wish to exercise your rights in accordance with Items 13.1 to 13.7, you may contact us informally using the contact details indicated above under Items 2 and 3.

13.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.