Privacy Policy

With this data protection declaration, OMR Education GmbH (hereinafter referred to as "we" or "us") informs you about the processing of your personal data (hereinafter also referred to as "data") when you visit our website https://omr.com and make use of our services.

Furthermore, you will receive information about the rights to which you are entitled. Data protection is very important to us and we naturally comply with the applicable data protection regulations, in particular the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Our website and our services are not aimed at children under the age of 16.

If you do not understand terms that we use in this data protection declaration, our explanations under "Help with data protection terms" may help you. However, if you have any questions about data protection, you are also welcome to contact us (informally) using the contact details provided below.

Responsible for data processing:
OMR Education GmbH, Lagerstr.32, 20357 Hamburg, Tel. +49 40 209310869, info@omr.com

Data Protection Officer:
Dr. Nils Haag
datenschutz@omr.com

I. Data processing in the context of your visit to our website
II. data processing in the context of events
III. data processing in our e-learning courses
IV. Data processing in the context of our online presences
V. Data processing in the context of job applications
VI. routine deletion and blocking of data
VII. Your rights
VIII. Help with data protection terms
IX. Security
X. Validity and changes to the data protection declaration
XI. Your questions about data protection

I. Data processing in the context of your visit to our website

In connection with your visit to our website, we process your personal data. This is done for the purposes and to the extent described below. We only pass on your data to third parties as described below.

1. provision of our website and services
When you visit our website, we automatically collect and process data from you in order to provide our website and the services it offers.
We collect and process the following data from you in order to provide our website:
- the date and time of your access
- the address of the website you used to reach us
- the websites you visit on our site
- information about your internet browser (browser type and version)
- the operating system of the device you use to access our website and services
- your internet service provider

For security reasons, we store this information in log files, but without your IP address, and delete it after 30 days. The data in the log files is stored separately from other data about you.
Longer storage is only necessary in individual cases (e.g. in the event of suspected abuse or fraud). In these cases, the respective log files are stored until the facts of the case have been clarified and subsequent, necessary measures have been completed.

In order to be able to provide you with our website and the services provided via it, we use service providers who process your data specified in this data protection declaration exclusively on our behalf and in accordance with our instructions (so-called order processors in accordance with Article 28 GDPR) and who have taken suitable technical and organisational measures to protect your rights.

For the hosting of the website including related services, we use the service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data will be processed unnoticed by US authorities for surveillance purposes. To establish the secure level of data protection, we have concluded EU standard contractual clauses with the service provider.

The legal basis for the processing of your data to provide our website and services is Article 6(1) sentence 1 letter f) GDPR. We have a legitimate interest in processing your data so that we can offer you our website and the services provided via it in a technically flawless, secure manner and optimised for your needs. The server log file data is stored separately from other data.

2. use of cookies and similar technologies

When you visit our website, we also collect and use data from you to enable you to use our website and services more comfortably and to measure and improve the effectiveness of our marketing measures. Non-mandatory cookies are only set with the consent of the user in accordance with Article 6(1) sentence 1 letter a) GDPR. We also use so-called cookies and cookie-like technologies such as pixel tags (i.e. small transparent graphics, also called web beacons). Cookies are small text files that are stored on your device via your internet browser. You can find out more about the term and functionality of cookies and other data protection and technical terms below under "Help with data protection terms".

We use a Consent Manager ("Cookie Banner") from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich. Within the framework of the Consent Management, we offer you the possibility to decide on the setting of cookies in the area of our offer according to your specifications. All information on the individual cookies, in particular their provider and intended use, the storage period, the allocation to the selectable categories (required, statistics and marketing) and legal basis can be found in this data protection declaration and in the "cookie banner".

You have the option here at any time to change the decision made there and to subsequently give or revoke your consent. You can access the settings options here. You can find more information about Usercentrics in the data protection declaration at https://usercentrics.com/de/datenschutzerklaerung/.
You can find out more about the use of cookies in this data protection declaration at the respective point related to the use of cookies. You can also find more information on cookies and the individual providers on the websites http://www.meine-cookies.org and http://www.youronlinechoices.com.

3. contacting us (especially when using forms)

You have the possibility to contact us in different ways. When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interest lies in the establishment and maintenance of a customer relationship. Insofar as we request information via our contact form that is not required for contacting us, we have always marked this as optional. This information is used to specify your enquiry and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent, Art. 6 para. 1 p. 1 lit. a) GDPR. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request. Of course, you can revoke this consent at any time for the future.

Something else only applies if the content of your contacts directly serves to implement a contractual relationship existing between us. In these cases, we base the processing of your data on Article 6(1) sentence 1 letter b) GDPR.
Your data stored in connection with the contact will be deleted as soon as they are no longer required and insofar as they are not subject to any statutory retention obligations. The review of whether storage is necessary takes place at least annually.

4. use of our newsletter

4.1 General information

On our website, you can subscribe to free newsletters with promotional information if you have expressly consented to receive them. The legal basis for the processing of your data is Article 6 (1) sentence 1 letter a) GDPR in conjunction with. § 7 (2) No. 3 UWG or the legal permission pursuant to § 7 (3) UWG. To prevent misuse, you will first receive an email with a confirmation link which you must activate in order to receive the actual newsletter (so-called double opt-in procedure).

When you register for the newsletter, your e-mail address, your IP address and the date and time of your registration are transmitted to us and stored and processed by us. This data is used exclusively to prove that you have consented to receive and send the newsletter. Data will not be passed on to third parties.
Your data will be stored for as long as we send you the newsletter on a regular basis. In the event that we no longer send you a newsletter, we will delete your data no later than 12 months after sending the last newsletter to you.
Please note that you can revoke your consent and cancel the newsletter at any time by sending us an email to newsletter@omr.com or by clicking on the cancellation link that is included in every newsletter.

4.2 MailChimp/Mandrill/ActiveCampaign

For sending our newsletters, we use the services MailChimp, Mandrill of the service provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA as well as ActiveCampaign of the service provider ActiveCampaign, 1 N Dearborn St. 5th Floor, Chicago, Illinois, IL 60602, USA, which process your data exclusively on our behalf and according to our instructions (so-called order processors according to Article 28 of the German Data Protection Act).

By integrating pixel tags into the newsletters, this service provider helps us to determine on a pseudonymised basis how many recipients have opened our newsletters and which links contained therein have been clicked on. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This is done on the basis of Article 6 (1) sentence 1 letter f) GDPR. We have a legitimate interest in analysing the opening behaviour of our newsletters in order to optimise our services and to be able to operate our services economically. If you do not agree to this, then do not open our newsletter and do not click on any links contained therein.

ccording to its own information, the dispatch service provider may use this data in pseudonymous form, i.e. without assigning it to a user, to optimise or improve its own services, e.g. for the technical optimisation of dispatch and presentation or for statistical purposes to determine which countries the recipients come from.
Your data will be stored for as long as we send you the newsletter on a regular basis. In the event that we no longer send you a newsletter, we will delete your data no later than 12 months after sending the last newsletter to you.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future. To establish the secure level of data protection, we have concluded EU standard contractual clauses with the service provider.

Please note that you can revoke your consent and cancel the newsletter at any time by sending us an email to newsletter@omr.com or by clicking on the cancellation link, which can be found in every newsletter.
The privacy policy of the services can be found here: https://mailchimp.com/legal/privacy/ and here: https://www.activecampaign.com/legal/privacy-policy.

4.3 OMR Education Newsletter

To get access to different courses of the OMR Academy you can subscribe to the OMR Education Newsletter. When registering for the newsletter, your email address, your IP address as well as the date, time of your registration and, if applicable, your telephone number are transmitted to us, stored and processed by us. This data is used exclusively for the purpose of proving consent to receive, send the newsletter and advertise new OMR Academy courses.

Your data will be stored for as long as we send you the newsletter on a regular basis. In the event that we no longer send you a newsletter, we will delete your data no later than 12 months after sending the last newsletter to you.

The legal basis for the processing of your data is your consent in accordance with Article 6(1) sentence 1 letter a) GDPR. Consent can be revoked at any time by sending an email to newsletter@omr.com or by clicking on the cancellation link found in every newsletter.

5. use of your e-mail address

We will use your email address to send you advertising for similar services or items unless you have opted out of such use. Please note that you can object to this use at any time by sending us an email to newsletter@omr.com or by clicking on the unsubscribe link that is included in every email. This will not incur any costs for you other than transmission according to basic rates.

6. use of anti-spam service

We use reCaptcha v2 on our websites. reCaptcha is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

ReCaptcha serves to prevent abusive automated entries in web forms and thus to protect the technical systems of the hoster.
If you call up one of our websites in which reCaptcha is integrated, a connection is established to Google's servers. A reCaptcha cookie is set. Your IP address is transmitted to Google.

In addition, reCaptcha collects the following data by means of "fingerprinting":
- browser plug-ins used
- cookies set by Google in the last 6 months
- number of mouse clicks and touches you have made on this screen
- CSS information for the page you called up
- Javascript objects
- the date
- the browser language

You may refuse the use of cookies and fingerprinting by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
There is a risk that your data will be processed in and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

You can find Google's privacy policy and terms of use here: https://www.google.com/policies/privacy/ and here: https://policies.google.com/terms.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 sentence 1 lit. a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings here and changing your selection there.

7. integration of third party content

We have integrated third-party content in some places on our website. This includes videos, map services, images or fonts. In connection with the integration of this content, it is technically necessary for us to provide the third parties with your IP address so that they can display the content to you. We do not store your IP address for the purpose of integrating third-party content. The third-party providers may use your IP address, cookies and other technologies (e.g. pixel tags, i.e. invisible graphics) to track your surfing behaviour and, in addition to your IP address, process other technical information (including browser type/version, operating system used, the page you previously visited, the host name of the accessing device and the time as well as other information on the use of our online offer).

A more detailed description of who we embed content from and how your data is processed can be found below in the respective description of the embedded content.

These plugins normally collect data from you by default and transmit it to the servers of the respective provider. To ensure the protection of your privacy, we have taken technical measures to ensure that your data cannot be collected by the providers of the respective plugin without your consent. When you call up a page on which the plugins are integrated, they are initially deactivated unless you have given your consent within the Consent Manager ("Cookie Banner"). If you have not given your consent, the plugin will only be activated when you click on the respective symbol. You thereby give your consent for your data to be transferred to the respective provider. The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. a) GDPR.

- Google Maps Plug-in
This site uses the map service Google Maps. Google Maps is a mapping service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In order to use the functions of Google Maps, information, including the IP address as well as the address, which is entered within the scope of the route function, can be transmitted to the provider's servers. This information is usually transferred to a Google server in the USA and stored there. When you visit a website that contains Google Maps, your browser establishes a direct connection with Google's servers, whereby the map content is sent to your browser and integrated by it. We have no influence on this data transmission.

According to current knowledge, this includes the following data:
- Date and time of the visit to the website in question,
- Internet address or URL of the website called up,
- IP address, (start) address entered as part of route planning.
Google Maps is used in the interest of an attractive presentation of our online offers and to make it easy to find the places we have indicated on the website. If you do not wish Google to process your data via this service, you can deactivate the use of JavaScript in your browser settings. Please note that in this case the interactive map function of Google Maps cannot be used.

If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". If you call up a page in which Google Maps is embedded, a connection to the Google servers will only be established when you click on the button to confirm. In this case, Google will set cookies and use your visit data for its own purposes. If you are logged in to Google at this time, the information about the videos you have viewed will be assigned to your member account with Google. You can prevent this by logging out of your member account before visiting our website.

There is a risk that your data will be processed in and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

You can find more information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

The legal basis for this data processing is your consent in accordance with Art.6 Para.1 S.1 lit. a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings here and changing your selection there.

- Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. We have opted for the offline variant, in which the Google Fonts are stored locally on our web server. The fonts can then be managed - using CSS - as with any other font family. The IP address and other data are not transmitted to Google.

Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers with regard to efficiency and cost-saving considerations. This constitutes a legitimate interest within the meaning of Art. 6 (1) f) GDPR. If your browser does not support web fonts, a standard font from your computer will be used.

For more information on Google Web Fonts, please see Google's privacy policy: https://www.google.com/policies/privacy/.

- YouTube
We use services from YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland is the data controller for your data.

If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". If you call up a page in which a YouTube video is embedded, a connection to the YouTube servers is only established when you click on the button to confirm. In this case, YouTube will set cookies and use your visit data for its own purposes. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your member account with YouTube. You can prevent this by logging out of your member account before visiting our website.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

Further information on YouTube's data protection is provided by Google under the following link: https://www.google.de/intl/de/policies/privacy/.

- TikTok
We use services from "TikTok" (for EU: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) on our website.

If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". When you access a page in which a TikTok video is embedded, a connection to the TikTok servers is only established when you click on the button to confirm. In this case, TikTok will set cookies and use your visit data for its own purposes. If you are logged in to TikTok at this time, the information about the videos you watch will be assigned to your member account with TikTok. You can prevent this by logging out of your member account before visiting our website.

For more information, please see the TikTok privacy policy at https://www.tiktok.com/legal/privacy-policy.
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings here and changing your selection there.

- Vimeo
We use services from "Vimeo" (Vimeo LLC, 555 West 18th Street, New York 10011, USA) on our website.
If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". If you call up a page in which a Vimeo video is embedded, a connection to the Vimeo servers is only established when you click on the button to confirm. In this case, Vimeo will set cookies and use your visit data for its own purposes. If you are logged in to Vimeo at this time, the information about the videos you have viewed will be assigned to your member account with Vimeo. You can prevent this by logging out of your member account before visiting our website.

Further information on this can be found in the Vimeo privacy policy at https://vimeo.com/privacy.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings here and changing your selection there.

- Podigee
We use the podcast hosting service Podigee of the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded by Podigee or transmitted via Podigee.
Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymised or pseudonymised before being stored in Podigee's database, unless it is necessary for the provision of the podcasts.
Further information can be found in Podigee's privacy policy: https://www.podigee.com/de/about/privacy/.

The legal basis for this data processing is your consent in accordance with Art.6 Para.1 S.1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings here and changing your selection there.

8. Registration and use of the user account, payment processing
You have the option to create and use a user account, for example to purchase tickets, book events or purchase our reports. When registering, we may receive (e.g. via Google, Facebook, email, LinkedIn or XING) the following data from you:
- Personal data: First name, last name, birthday, email, phone number
- Interests
- Company data: Company name, e-mail, homepage, telephone number, address, type of company, field of activity, number of employees, career level.
- Link to Facebook, LinkedIn, Google or XING
If you decide to purchase a product for which a fee is charged, we also process your data in order to be able to carry out the order and payment processing.

In doing so, we process your name and address and contact data, date of birth (for events from the age of 18) as well as contract data and the payment data you have provided (e.g. account data). The legal basis for this is to fulfil the existing contract between us or to be able to carry out pre-contractual measures (Article 6 paragraph 1 sentence 1 letter b) GDPR). Data is passed on to third parties for the purpose of processing payments to financial service providers and, to the extent permitted by law, to authorities and consultants (Article 6(1) sentence 1 letter c) GDPR).We use the data above and beyond this for the following purposes:
- Recommendations of relevant content and events from OMR and OMR partners based on the interests indicated.
- Contacting by other members and OMR partners
- Publication in participant lists and profile form
- Newsletter distribution - Promotion of OMR events and products
- Enabling a more personal event experience (suggestion of talks, exhibitors, side events, (digital) masterclasses, jobs, ... )
The legal basis for this is Article 6(1) sentence 1(f) GDPR. The legitimate interest is based on the provision of the aforementioned services.

If you have agreed to use the networking functions of OMR, other users can see whether you are registered for an OMR event, are currently checked in (badge scan at the entrance and exit) and contact you by mail or app. The legal basis for this is Article 6 para. 1 sentence 1 letter a) GDPR. You can revoke this consent at any time in your user dashboard (my.omr.com).

You can delete your user account including your data at any time. Your data stored in connection with the registration and use of your user account as well as payment processing will be deleted within 14 days after you have notified us of your wish to delete your customer account. This does not apply to data that must be retained for reasons of commercial or tax law. We store this data on the basis of Article 6 (1) sentence 1 letter c) of the General Data Protection Regulation and delete it when the statutory retention period expires (see "IV. Routine deletion and blocking of data").

9. ticket purchase
You have the opportunity to purchase tickets for our events. The following data collected in the process will be used to carry out the respective event: Salutation, first name, last name, company, position, e-mail, telephone, country, special meal requests and billing address.
The legal basis for this data processing is Article 6(1) sentence 1 letter b) GDPR.

10. Use for analysis purposes
In the event of your consent, we process data during your visit to our website with the tools listed below in order to be able to track the behaviour of visitors to our website, to optimise our website and to be able to adapt it to visitor interests. The legal basis for this is your consent in accordance with Article 6(1) sentence 1 letter a GDPR.

a. JENTIS
Without the use of cookies, we use the analysis tool JENTIS from JENTIS GmbH, Schönbrunner Straße 231, 1120 Vienna. Actions of visitors to our website are recorded for analysis purposes and processed for statistical evaluations. The ID set by JENTIS is only used for temporary recognition and does not allow us or JENTIS to assign a specific or identifiable person. Your IP address is shortened before it is stored so that it is no longer personally identifiable. If personal data is processed when using JENTIS, the processing is based on an overriding interest in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR. Our legitimate interest is the ongoing optimisation of our website based on the knowledge gained about the use of the site. Please click here if you do not wish JENTIS to process your data: Objection to the use of JENTIS

b. Google Analytics (with anonymisation function)
On this website we use the web analysis service Google Analytics (with anonymisation function) of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The purpose of the Google Analytics component is to analyse how visitors use our website. Google, as our processor in accordance with Article 28 GDPR, provides us with reports for this purpose, which we can use to display and evaluate the activities on our website. For this purpose, a Google Analytics cookie is stored on the device with which you visit our website. By calling up individual pages of this website, the Internet browser on your device is automatically prompted by the Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data about you, in particular information about the browser type/version, operating system used, the page you previously visited, the host name of the accessing device, IP address and the time of the request, which Google uses, among other things, to track the origin of visitors and clicks. However, this data is not merged with any other data about you. In addition, we use the function whereby the IP address of your internet connection is automatically shortened by Google and thus anonymised if access to our website is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future. To establish the secure level of data protection, we have additionally concluded EU standard contractual clauses with the service provider.

Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link: https://www.google.com/intl/de_de/analytics/

We have configured Google Analytics so that the data on which the reports are based are deleted after 26 months at the latest.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings here and changing your selection there.

c. Albacross
This website uses functions of the lead identification and ad targeting service Albacross. The provider is Albacross Nordic AB, Kungsgatan 26, 111 35 Stockholm, Sweden.

Albacross uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website is usually transmitted to and stored by Albacross Nordic AB on servers in Ireland.

The data Albacross collects and uses for this purpose is information about the IP address from which you visited our website and technical information that enables Albacross to distinguish different visitors from the same IP address. Albacross stores the domain from the form input to correlate the IP address with your employer.
If your browser supports the "Do-Not-Track" technology and you have activated it, your visit will be automatically ignored.
Your data will be deleted after 12 months at the latest.

Further information on the processing of personal data can be found in the privacy policy of Alabcross (https://albacross.com/privacy-policy/).
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings here and changing your selection there.

d. ContentSquare
We use analytical software from the provider Content Square (5 Boulevard de la Madeleine, 75001 Paris, France), which enables us to evaluate visits to our website. This enables us to determine, for example, which areas are viewed for a particularly long time. We can also track an entire visit by a website user in individual cases. We can then understand which sub-pages are visited in which order, how a mouse was guided and how fast people scroll at certain passages.

This information about a specific website visit is only collected anonymously. Therefore, we cannot assign this information to a specific user or person. We only use cookies that are automatically deleted after you close your browser and anonymise your IP address as quickly as technically possible. The analysis is carried out on the servers of our service provider, who only receives information from us that has already been anonymised.

For more information, please see the ContentSquare privacy policy (https://contentsquare.com/de-de/privacy-center/privacy-policy/).
The legal basis for this data processing is your consent in accordance with Art.6 Para.1 S.1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings here and changing your selection there.

e. Hotjar
We use the web analytics service Hotjar to analyse the use of our website. Hotjar Ltd (St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) complies with the provisions of the Data Protection Act, Chapter 440 of the Laws of Malta ("Applicable Law"), which implements all relevant European Union directives on data protection.

By means of Hotjar, user behaviour (mouse movements, clicks, scroll height etc.) on our websites is measured, recorded if necessary and analysed. Furthermore, information about previously visited websites, your home country, devices used, operating systems and browsers is collected. The IP address of the end device is only collected and stored anonymously by setting the last octet of IPv4 addresses to 0 to ensure that the full IP address is never written to the hard disk. The data collected is transferred and stored via an encrypted connection to servers located in Ireland (EU).

The purpose of the data processing is to improve the offer, the functionality of the Hotjar-based website and thus the user experience. For this purpose, Hotjar also sets cookies on your end devices, among other things. You can find more information on the cookies used at: https://www.hotjar.com/legal/policies/cookie-information.

Further information on Hotjar's compliance with data protection can be found here: https://www.hotjar.com/legal/policies/privacy/.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings here and changing your selection there.

f. Twitter Analytics
We use "Twitter Analytics", a service provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland ("Twitter"). Twitter Analytics stores and processes information about your user behaviour on our website. The information is stored in a cookie that is saved on your terminal device.

We use Twitter Analytics to improve the user-friendliness of our website and for statistical analysis of user behaviour in order to optimise our website and make it more interesting for you as a user.
The data is deleted as soon as it is no longer required for the processing purposes.

Further information on data protection can be found on the following website: https://twitter.com/de/privacy and https://help.twitter.com/de/rules-and-policies/twitter-cookies.
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings here and changing your selection there.

g. VG Wort
On our website we use the tracking pixel of Verwertungsgesellschaft WORT, Goethestraße 49, 80336 München ("VG Wort").

The pixel-code enables authors to receive royalties for their linguistic works. The pixel-code is installed as an invisible graphic within a website and counts visitors. The data is used exclusively to determine whether the required threshold for a payout is reached. The IP address is only processed and used in anonymised form to exclude misuse.

For more information, please visit https://www.vgwort.de/datenschutz.html.
The legal basis for the processing is our legitimate interest according to Art.6 para.1 p.1 lit. f) GDPR, this lies in the economic exploitation of our texts.

11. use for marketing purposes
In the event of your consent, we collect and process data on our website using the tools mentioned below in order to be able to display more suitable advertising to you on this and other websites (re-marketing/re-targeting) and to measure the success of our advertising measures. In doing so, we work together with providers who help us in particular to be able to track whether users reach us via certain advertising measures (so-called conversion tracking). In this context, pseudonymised usage profiles are also created. The legal basis for this is your consent in accordance with Article 6 (1) sentence 1 letter a GDPR.

a. Google Marketing Services
We use marketing services of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA on these websites. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
The services used include:

AdWords: The use of the Google service AdWords allows us conversion tracking, i.e. it can be determined whether you have reached our website via a Google ad. It is not possible for us to identify you on this basis. Only statistics are compiled.

Double-click: The use of the Google service Double-Klick allows us to present relevant advertisements to the user. Cookies are used for this purpose, which allow the user's browser to be identified. This makes it possible to track which ads have been shown to the user and which ads the user has called up.

AdSense: The use of the Google service AdSense enables us to display third-party advertisements on our pages. Cookies and pixel tags are used to evaluate visitor behaviour and to be able to display ads that are as interest-oriented as possible.

Google Re-Marketing: The use of Google's Re-Marketing function allows us to display interest-based advertisements to the user within the Google advertising network, which relate to content that the user has previously accessed on our website. This can also be done across devices.

Google Syndication: This is a domain owned by Google that is used to store and load ad content and other resources related to ads for Google AdSense and DoubleClick from the Google CDN.

Firebase: The use of Google's Firebase service allows us to analyse user groups and play push notifications, in the course of which only anonymised data is transmitted to Firebase. You can obtain further information here: https://www.firebase.com/terms/privacy-policy.html
The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a) GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings here and changing your selection there.

Google Tag Manager: The use of the Google service Tag Manager only enables us to integrate the listed services by implementing the other cookies/tags and the integration of the Consent Manager ("cookie banner"). The legal basis for the processing is our legitimate interest according to Art.6 para.1 p.1 lit. f) GDPR, this lies in optimisation of our site and compliance with the provisions of the GDPR through a Consent Manager.

Within the scope of the aforementioned services, Google uses cookies and cookie-like technologies such as pixel tags (i.e. small transparent graphics, also known as web beacons) and processes personal data from you, in particular information about the browser type/version, operating system used, the page you previously visited, the host name of the accessing device, IP address and the time of the request as well as offers, search terms and content in which you were interested. This data is transferred to Google. Usage profiles are created on a pseudonymised basis. This means that it is not possible for us to identify you on this basis. You can find more information on this at https://policies.google.com/technologies/types

The cookies are automatically deleted after 30 days. You can object to or adapt the use of interest-based advertising here: https://www.google.com/ads/preferences/?hl=de

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future. To establish the secure level of data protection, we have additionally concluded EU standard contractual clauses with the service provider.

Further information and the applicable data protection provisions of Google can be found at https://policies.google.com/privacy. The functioning of the Google marketing services is explained in more detail under this link: https://policies.google.com/technologies/ads

b. Facebook Pixel / Facebook Custom Audiences
We use the Custom Audiences service of Facebook Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA) as part of our usage-based online advertising. For this purpose, we define target groups of users in the Facebook ad manager on the basis of certain characteristics, who are subsequently shown ads within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through their use of Facebook. If a user clicks on an advertisement and subsequently arrives on our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel integrated on our website. In principle, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. This collects information about your activities on our website (e.g. surfing behaviour, sub-pages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising. Facebook Custom Audiences via the customer list is not used by us, nor is the "extended matching" function.
The data is deleted after 720 days at the latest.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

You can find Facebook's privacy policy here: https://www.facebook.com/policy.php- You can object to the collection and use of your data by the Facebook pixel here: https://www.facebook.com/settings?tab=ads.

c. Criteo OneTag
This website uses technology from the provider Criteo, based at 32 Rue Blanche, 75009 Paris, France. Criteo enables us to collect information about the surfing behaviour of our website visitors for advertising and marketing purposes in anonymised or pseudonymised form. The service collects browsing behaviour data via cookies and/or advertising IDs that record the following:
- Events related to your activity on our website (for example, number of pages viewed, products viewed on this website, searches you have made on this website).
- Information about your terminal device (device type, operating system, version)
- Vague information about your location and information derived from your shortened IP address so that we can only serve ads for products that are actually available in your country, region or city.
- Events related to Criteo's ad delivery, for example, the number of ads displayed to you.

From the data collected in this way, usage profiles are created under a pseudonym.
Your data will be deleted after 13 months at the latest. For more information on the scope and storage period, please refer to Criteo's privacy policy: https://www.criteo.com/de/privacy/. There you can also prevent the collection of data for "Criteo Dynamic Retargeting" and "Criteo Sponsored Products" by making the appropriate settings.

The legal basis for this data processing is your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings here and changing your selection there.

d. FOMO
We use a marketing tool on our website provided by Fomo, Solstice Equity Partners Inc, 300 Delaware Ave, STE 210-A, Wilmington, DE 19801, USA ("Fomo").
We use Fomo for marketing purposes. The tool shows users the purchase of other users in an abbreviated form. Only the first name and the product are displayed in order to ensure the protection of personal data.
The data is deleted as soon as it is no longer needed for the processing purposes.
Further information is available in the data protection declaration at: https://fomo.com/privacy.

e. Helpscout
We use the CRM system of the provider Help Scout Inc, 131 Tremont St, Boston, MA 02111-1338, USA, to process user enquiries more quickly and efficiently.

Help Scout is used to manage contact requests and for communication. At least the entry of an e-mail address is necessary. The entry of further data is optional
There is a risk that your data will be processed in and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

The data will be deleted as soon as they are no longer needed for the processing purposes.
Users can find more information in Help Scout's privacy policy: https://www.helpscout.net/company/legal/privacy/.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings here and changing your selection there.

f. Twitter Advertising
We use services from Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA on our website. The responsible body for handling data subject rights within the EU/EEA is the

Twitter International Company
Attn: Data Protection Officer
One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 IRLAND.

Twitter Ads allows advertisers to collect data from users who visit their website. Cookies and code are used that connect the website to another third-party platform such as Twitter. In the process, a non-reversible and non-personal checksum (hash value) is generated from your usage data and transmitted to Twitter for analysis and marketing purposes. In addition, a so-called "Twitter pixel" may be used to track the actions of users after they have seen or clicked on a Twitter advertisement.

User behaviour is recorded, such as websites visited, content retrieved, time of visit, etc., but also device-related data such as applications and operating systems used. Your IP address is stored and used for the geographical targeting of advertising. With "cross-device personalisation", Twitter also tries to identify and link all of a user's devices. Since the data is stored and processed by Twitter, a connection to the respective user profile on twitter.com is also possible.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data will be processed unnoticed by US authorities for surveillance purposes. In order to establish the secure level of data protection, we have concluded EU standard contractual clauses with the service provider.

Anonymised data is deleted within 6 months. Data that makes it possible to identify a specific user on Twitter is deleted within 90 days. For more information on the duration of storage, please contact the provider or visit https://legal.twitter.com/ads-terms/international.html.

Further information on the purpose and scope of data collection and the further processing and use of the data, as well as privacy settings, can be found in Twitter's privacy policy: https://twitter.com/de/privacy.

The legal basis for this data processing is your consent in accordance with Art.6 Para.1 S.1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings here and changing your selection there.

12. Use of social plugins
We use so-called "social plugins" of various social networks (hereinafter: "plugin providers") on our website. A social network is a social meeting place operated on the Internet that enables users to communicate with each other and interact in virtual space. To ensure the protection of your privacy, we have taken technical measures to ensure that your data cannot be collected by the providers of the respective plugin/tool without your consent.

After activation, the plugins/tools also collect personal data such as your IP address and send it to the servers of the respective provider, where it is stored. In addition, activated social plugins/tools set a cookie with a unique identifier when the website in question is called up. This also allows the providers to create profiles about your usage behaviour. This also happens if you are not a member of the social network of the respective provider. If you are a member of the provider's social network and are logged into the social network during your visit to this website, your data and information about your visit to this website may be linked to your profile on the social network. We have no influence on the exact scope of the data collected from you by the respective provider.

For more information on the scope, type and purpose of data processing and on rights and setting options for protecting your privacy, please refer to the data protection information of the respective provider of the social network. These are available at the following addresses:

a. Facebook
The social plugins of the social network Facebook are operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (www.facebook.com), and Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (www.facebook.de) ("Facebook"). An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins; information on data protection at Facebook can be found here: www.facebook.com/policy.php.
If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". If you call up a page in which Facebook is embedded, a connection to the Facebook servers will only be established when you click on the "Confirm" button. In this case, Facebook will set cookies and use your visit data for its own purposes. If you are logged in to Facebook at this time, the information about the videos you have viewed will be assigned to your Facebook member account. You can prevent this by logging out of your member account before visiting our website.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

If you wish to object to the collection of data by Facebook for the future, you can do so here: https://www.facebook.com/settings?tab=ads

b. Instagram
Plugins from Instagram are operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). You can find more information on this in Instagram's privacy policy (https://help.instaqram.com/15583370790Q388).

If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". If you call up a page in which Instagram is embedded, a connection to the Instagram servers is only established when you click on the "Confirm" button. In this case, Instagram will set cookies and use your visit data for its own purposes. If you are logged in to Instagram at this time, the information about the videos you have viewed will be assigned to your member account on Instagram. You can prevent this by logging out of your member account before visiting our website.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

Information on data protection at Instagram can be found here: https://help.instagram.com/155833707900388/

The legal basis for this data processing is your consent pursuant to Art.6 para.1 sentence 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings here and changing your selection there.

c. LinkedIn
Plugins from LinkedIn are operated by LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland. Information on data protection at LinkedIn can be found here: https:/en.linkedin.com/legal/privacy-policy.

If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". If you call up a page in which LinkedIn is embedded, a connection to the LinkedIn servers is only established when you click on the "Confirm" button. In this case, LinkedIn will set cookies and use your visit data for its own purposes. If you are logged in to LinkedIn at this time, the information about the videos you viewed will be assigned to your member account on LinkedIn. You can prevent this by logging out of your member account before visiting our website.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

d. Twitter
The Twitter social plugins are operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of Twitter's plugins can be found here: https://twitter.com/about/resources/buttons; information on data protection at Twitter can be found here: twitter.com/privacy.
If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". If you call up a page in which Twitter is embedded, a connection to the Twitter servers is only established when you click on the "Confirm" button. In this case, Twitter will set cookies and use your visit data for its own purposes. If you are logged in to Twitter at this time, the information about the videos you have viewed will be assigned to your member account on Twitter. You can prevent this by logging out of your member account before visiting our website.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

e. Xing
Plugins from Xing are operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany ("Xing"). Information on data protection at Xing can be found here: https://privacy.xing.com/de/datenschutzerklaerung.

If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". If you call up a page in which Xing is embedded, a connection to the Xing servers will only be established when you click on the "Confirm" button. In this case, Xing will set cookies and use your visit data for its own purposes. If you are logged in to Xing at this time, the information about the videos you have viewed will be assigned to your member account at Xing. You can prevent this by logging out of your member account before visiting our website.

f. Pinterest
The Pinterest social plugins are operated by Pinterest Inc, 635 High Street, Palo Alto,CA, 94301, USA ("Pinterest"). Information on data protection at Pinterest can be found here: https://about.pinterest.com/de/privacy-policy.

If you have not given your consent within the framework of the Consent Manager, you have the option of giving it subsequently within the framework of the so-called "2-click procedure". If you call up a page in which Pinterest is embedded, a connection to the Pinterest servers is only established when you click on the "Confirm" button. In this case, Pinterest will set cookies and use your visit data for its own purposes. If you are logged in to Pinterest at this time, the information about the videos you have viewed will be assigned to your Pinterest member account. You can prevent this by logging out of your member account before visiting our website.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

13. Use of website functions (quizzes, checks, etc.)
At several points on our website you have the option of using certain services, in particular checks, quizzes etc.. As a rule, no personal data is collected or processed in this context. We use the data collected in this context exclusively to be able to carry out the respective function and do not combine the collected data with other data from you of which we may have knowledge. If, in individual cases, a personal reference can nevertheless be established, then the legal basis for the processing of your data is Article 6 (1) sentence 1 letter f) GDPR. Our legitimate interest in this respect is to offer you the respective function to increase the attractiveness of our websites. The data entered will not be passed on to third parties.

Your data processed in connection with the use of the respective functions will be deleted as soon as they are no longer required or you have stopped using the function. The IP address stored in the context of use is automatically deleted after 7 days.

14. Participation in a competition
You can participate in a competition on our website.
When you enter a competition, the data we request (first name, e-mail address) as well as the time and date of your entry will be transmitted to us and stored and processed by us. Your data will only be used for the purpose of the competition and will not be passed on to third parties.

The legal basis for the processing of your data in the context of participation in competitions is your consent (Article 6(1) sentence 1 letter a) GDPR). Your consent can be revoked at any time (See V. Your rights / 5. Right to revoke consent).

Your data will be stored until the competition has ended. Afterwards, your data will be deleted within 7 days.

15. Further recipients of your data
We also use service providers in the context of data processing (in particular cloud providers, providers of accounting and comparable services, payment service providers) who process your personal data exclusively on our behalf in accordance with Article 28 GDPR and in accordance with our instructions and who have taken appropriate technical and organisational measures to protect your rights. These are in particular the following:
- No agency - Webdesign Agentur aus Hamburg, Karpfangerstrasse 17, 20459 Hamburg (in the context of maintaining our website).

If data is transferred outside the EEA, where there may not be a standard comparable to the European level of data protection, this is done on the basis of appropriate guarantees in accordance with Articles 44 to 49 of the GDPR.

II. Data processing in the context of events

After your registration for an event, we may pass on your company and position (without giving your name) to participants and partners in order to give them the opportunity to invite you to future events through us. The potential sponsor will not receive your name. If the transmitted data is not anonymised due to the combination of company and position, the transmission is based on Article 6(1) sentence 1 letter f) GDPR. As the core objective of such a conference, the bringing together of business contacts is in the common interest and the disclosure of company and position is minimally invasive of personal interests. Your other data will remain with us.

If you apply for a (Digital) Masterclass (at our festival), we will provide the speakers with your company and position details for the purpose of participant selection as described in the GTC. For further exchanges following the (Digital) Masterclass, the organising company receives the first name, surname, email address, company and position of the participants registered for the respective (Digital) Masterclass.
The legal basis for this data processing is Article 6(1) sentence 1 letter b) GDPR.

At the OMR Festival, you have the option at the exhibition stands to have your visitor badge scanned in order to leave contact details, which should enable the respective exhibitor or sub-exhibitor represented there to contact you. In this case, we will transmit the following data from you to the exhibitor (or sub-exhibitor): Name, company, e-mail address. The transmission is based on an overriding interest in the form of a simplified exchange of contact data at the festival (Article 6(1) sentence 1 letter f) GDPR). If you do not agree to this, please let us know briefly at the respective exhibition stand.

Photos and videos are taken at our events, which may be published in print, digital and online publications and via social media channels. The data processing is based on an overriding interest in public relations (Article 6(1) sentence 1 letter f) GDPR). If you do not agree with this, please briefly inform our photographers in the specific situation.

Your data processed for the purpose of holding the event will be deleted 365 days after the end of the event. This does not apply to data that must be retained for reasons of commercial or tax law. We store this data on the basis of Article 6(1) sentence 1 letter c) of the General Data Protection Regulation and delete it when the statutory retention period expires.

OMR Deep Dive
In order to be able to carry out the OMR Deep Dive via the Internet, we rely on the software solution of Digital Samba (Digital Samba S.L., Aribau 15, 08011 Barcelona, Spain).

In doing so, we process your name and address and contact data, as well as contract data and the payment data you have provided (e.g. account data). The legal basis for this is to fulfil the existing contract between us or to be able to carry out pre-contractual measures (Article 6(1) sentence 1 letter b) GDPR). The legal basis for free webinars is Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in conducting a technically flawless webinar.

OMR Education Webinars
To deliver the OMR Education webinars, we use "Webinarjam" (Genesis Digital LLC, 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947, USA).
By subscribing to the OMR Education newsletter, you will in return receive the opportunity to register for our free webinars and receive news about the OMR Academy. This requires your consent to the processing of your data (name and email address), by OMR.

There is a risk that your data will be processed and transferred to the USA, i.e. a third country outside the European Union (EU) or the European Economic Area (EEA). For this country, there is no adequacy decision by the EU Commission to ensure that a level of data protection equivalent to the European standard exists there. According to the European Court of Justice (ECJ), there is a particular risk that data may be processed unnoticed by US authorities for surveillance purposes. The legal basis for the processing of your data is your consent pursuant to Article 49(1) sentence 1 letter a) GDPR. This can be revoked at any time with effect for the future.

The legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. a) GDPR. You have the option to revoke your consent for the newsletter at any time for the future by sending an email to education@omr.com or by clicking on the link to cancel, which can be found in every newsletter. You can unsubscribe from the webinar at any time.

III. Data processing in our e-learning courses

Courses / Booking & Processing

Seminar booking
To book our events, we use an external service provider to which you are automatically redirected during the booking process. The service provider collects your customer and participant data on our behalf and, in the case of online payment, your credit card or bank details. Our service provider in turn uses further order processors who have been appropriately obligated by him to comply with data protection.

If you book a course as a private individual, in accordance with the guidelines for distance learning online, there is no complete booking process, only your registration. We will then provide you with a distance learning contract, a signed copy of which must be returned to us in order to complete your booking.
All service providers involved in processing your credit card or bank details are subject to European banking supervision or the relevant national supervisory authority in an EU country. Your credit card or bank details are processed directly by the audited financial service providers. Our booking service provider and we only receive feedback on the success of the payment transaction, but do not know the details of your payment method.

Data categories: Contact details, booked event (theme and date), credit card/bank connection details, payment status.

Data recipient (if applicable, third country transfer): Booking service providers who are bound to us to observe data protection via a contract for commissioned processing according to Art. 28 GDPR, as well as payment service providers used by the booking service provider and other commissioned processors who are in turn bound via contracts according to Art. 28 GDPR. Our service provider is located in the EU, so that a third country transfer does not take place. Those further processors of our service provider who also process data outside the EEA have assured an adequate level of data protection at the place of processing by concluding EU standard data protection clauses.

Purpose + legal basis: Online booking of our trainings. The legal basis for the booking and payment process is Art. 6 para. 1 p. 1 lit. b) GDPR. The preparation or fulfilment of the training contract with us.

Storage period: We store the data of your booking for six years in accordance with the regulations in commercial law for the storage of business letters or ten years in accordance with the storage periods under tax law.

Customer database (online CRM HubSpot)
We maintain your data in our customer database in the sense of a Customer Relation Management (CRM). We use HubSpot's powerful cloud technology for this purpose, which allows us to process your contract and invoice data as well as send you invitations to the events you have booked. Via the CRM, we control the business communication with you and document the history of your customer relationship with us.

Your registration for our newsletters and marketing information is also managed in our CRM. Access to your personal customer accounts in our separate training applications is also controlled from the CRM.
We provide some of our websites directly via HubSpot as a hosting service provider. See also the processing "Analysis of user behaviour (HubSpot)".

Data categories: Registration data (name, email address, password), contact data (telephone number, address), orders (goods/services, payment and delivery conditions, invoices), date of birth/age, activity history, marketing consents.

Data recipients (third country transfer if applicable): HubSpot Inc, USA, EU contact: One Dockland Central, Dublin 1, Ireland. HubSpot is obligated to us to observe data protection via a contract for commissioned processing in accordance with Art. 28 GDPR. HubSpot has concluded standard data protection clauses with us for data transfer to the USA and thus guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Use of a high-performance CRM system as a cloud solution that enables us to provide holistic support to our customers from acquisition to billing. Legal basis is Art. 6 para. 1 p. 1 lit. b) GDPR. The preparation or fulfilment of the training contract with us.

Storage period: We store your customer account for up to six years after the conclusion of the last customer contact. In this respect, we comply with the retention obligation for business letters under commercial law. We store your account for longer if you continue to subscribe to our newsletter. If you cancel your newsletter subscription at a later date, your data will be deleted immediately.

Online trainings
Our product is training courses that are largely held as online training courses (webinars). For this purpose, we work with various e-learning platforms that are hosted for us by cloud service providers. We create customer accounts for you on these platforms and send you the access data. The courses you book are posted to the customer accounts. Your training progress is also documented here.

You are free to add a photo or icon image to your user account in our learning platform. Your name will be visible to all other participants in the same training.
In the context of group work, which is an integral part of many of our training concepts, we make your email address available to the other participants. This sharing is intended to enable participants to exchange information about the learning content outside of the webinars, as this type of cooperation is the only way to achieve the level of quality we strive for in our training courses.

During the webinars, you can participate in the event in different ways (chat, audio, video). Some of our webinars are recorded so that they can be made available for subsequent viewing. You will be informed of this at the latest at the beginning of the respective course.

In some cases, you will receive notifications (e.g. reminders) about your courses by e-mail, which are sent automatically by our eLearning platform.
Participation in the webinars takes place via your internet browser (see the processing operations "Visiting our web pages").
For some of our events, you can also access them via our app for mobile devices (see the processing operations "Using our apps").

Accompanying course material is also available via our eLearning platform, which is made available via an external hosting provider (a so-called Content Delivery Network, CDN) in the interests of technically optimal provision. The CDN is a US company and provides the data from data centres in the USA. The CDN does not receive any data that you actively provide as part of your participation, only your IP address and the typical weblog data that is generated when a server is called up via the Internet.

Data categories: Name, email address, password (encrypted and not readable by us), photo, booked courses and training progress (activity history), audio and film recordings or text comments (in the case of your own activity in the webinar), weblog data (IP address, time stamp, type and version of browser used).

Data recipients (third country transfer if applicable): Our cloud service providers for eLearning platforms in cooperation with a content delivery network, who are bound to data protection via an order processing agreement. The third-country transfers that take place in the process are secured via the conclusion of EU standard data protection clauses.

Purpose + legal basis: Use of an eLearning system as a cloud solution that enables us to provide powerful infrastructure for our webinars. The legal basis for processing your data is Art. 6 para. 1 p. 1 lit. b) GDPR. The fulfilment of the training contract with us. The legal basis for publishing your name and passing on your email address to other participants is Art. 6 para. 1 p. 1 lit. f) GDPR. There is a legitimate interest in this, as an exchange between the participants in accordance with our interactive training concept is not possible in any other way.

Storage period: We store your account in the eLearning platform for up to two years after the last contact with you. In this respect, we thereby fulfil the retention obligation for business letters from commercial law and want to make it possible to send you duplicates of your training confirmations even some time after completion of the course.

External lecturers
Many of the experts who teach the webinars in our online training courses are not employed by us but are external service providers. The lecturers are given access to your personal data within the scope of the webinar, as it is visible in the eLearning platform. In addition, the lecturers have insight into the results of examinations that you have taken. The lecturers are contractually obliged by us to maintain confidentiality. They are not allowed to export your data from the eLearning platform or use your data in any way for purposes other than the delivery of the training.

Data categories: Name, email address, photo, booked courses and training progress as well as examination results, audio and film recordings or text comments (for own activity in the webinar).

Data recipients (if applicable, third country transfer): External lecturers in the online training courses. A third country transfer does not take place.

Purpose + legal basis: Involvement of external experts as lecturers for the online trainings. The legal basis for the disclosure of your data is Art. 6 para. 1 p. 1 lit. f) GDPR. There is a legitimate interest in this, as the lecturers have access to the personal data solely via the eLearning platform and are bound to confidentiality via their service provider contract.

Storage period: There is no independent storage, as the lecturers only access the data in the eLearning platform.

Test access partner software
Many of our courses involve the participants themselves implementing the measures recommended in the course in the relevant applications. Practical experience as an elementary part of the training. The vast majority of modern applications are cloud applications, also called software-as-a-service, which run entirely under the technical sovereignty of the respective provider.
We receive test accounts for our course participants from the providers with whom we cooperate in this respect. In order to set up the test accounts, we have to pass on names and email addresses to the providers. The providers have been obliged by us not to use the data for their own purposes.

Data categories: Name, email address, course booked

Data recipient (third country transfer if applicable): The respective providers of the training-relevant application as named in the course description. Insofar as a third country transfer takes place, an appropriate level of data protection is assured via standard data protection clauses.

Purpose + legal basis: Provision of course-relevant software access for practical exercises. The legal basis for processing your data is Art. 6 para. 1 p. 1 lit. b) GDPR (contract fulfilment), as the provision of the software is part of the course offer.

Storage period: We delete the test accesses six months after the end of the course. Should a participant wish to have their account deleted earlier, we will delete it correspondingly earlier.

Chat with course participants (Slack)
We offer our course participants the opportunity to exchange with other participants and the course instructors in a chat, which we make available as a Slack channel. The use of Slack and the exchange via it is not mandatory and offers an additional communication channel besides e-mails and other functions of our learning software that can be used voluntarily.

To chat via Slack, you must independently create a user account with Slack and download the Slack app to your end device. We do not receive any data from Slack about your usage behaviour. We only receive the messages that you publish in the Slack channel of the respective course offering. The responsibility for the communication infrastructure lies solely with Slack. We are only responsible for the Slack channels we set up and their deletion after completion of the course.

For more information about how Slack handles your user data, please see Slack's privacy policy: https://slack.com/intl/de-de/trust/privacy/privacy-policy.

Data categories: Data processed by Headstart Studios: Expressions in the Slack channel of the relevant course. Data processed by Slack: User account and activity log including technical logfile (e.g. IP address from which Slack is accessed); see Slack's privacy information for details.

Data recipients (third country transfer if applicable): Slack Technologies LLC (a subsidiary of Salesforce.com Inc.), 500 Howard Street, San Francisco, CA 94105, USA. Slack processes the data both in EU data centres and in the USA. For this third country transfer, we have concluded EU standard data protection clauses with Slack, via which Slack guarantees that the data is handled at EU data protection level.

Purpose + legal basis: Communication via a Slack channel serves to optimise interactivity among the participants and with the lecturers and to increase the success of the training through such exchange. The legal basis for processing the communication content is Art. 6 para. 1 p. 1 lit. b) GDPRContractual fulfilment, as the communication channel is part of the training offer and its use is voluntary. The legal basis for data processing by Slack is Art. 6 para. 1 p. 1 lit. b) GDPR Fulfilment of the user contract, which participants conclude independently of and with Slack.

Storage period: The Slack channels for the respective course offers with the communication content contained therein will be deleted by us immediately after completion of the course. The storage period of the general user data is the responsibility of the participants and, if applicable, their employers as well as Slack.

Preparatory questionnaire
We offer a one-off questionnaire to some prospective participants before they book their course, so that we can direct them to the course that best suits them based on their answers. Participation in this preparatory questionnaire is voluntary and is used to select the most suitable offer.
We use the SurveyMonkey service as the platform for the online questionnaire. Your responses to the questionnaire will be used solely by us. Other data processing, e.g. resulting from accessing the website, is the sole responsibility of SurveyMonkey.

On our behalf, SurveyMonkey stores the IP address from which you accessed the questionnaire and blocks re-filling from the same IP address.
Details of SurveyMonkey's privacy policy can be found at: https://www.surveymonkey.de/mp/legal/privacy/

Data categories: By us: answers to your questions and IP address; by SurveyMonkey: weblog (IP address, timestamp, browser version and operating system of the end device used).

Data recipients (third country transfer if applicable): With regard to the content of the questionnaire, SurveyMonkey is obligated to data protection as a processor. With regard to the weblog, there is a direct transfer by you to SurveyMonkey. SurveyMonkey is a service of the US provider Momentive Inc., which can be contacted by us as an EU company via Momentive Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland. SurveyMonkey also transfers data to third countries and has secured these transfers via EU data protection clauses and, where necessary, supplementary measures.
Purpose + legal basis: One-off use of an online questionnaire in preparation for our course selection advice. The legal basis for processing your data is Art. 6 para. 1 p. 1 lit. b) GDPR Contract fulfilment or, in this case, contract preparation.

Storage period: We store your answers until the end of your customer relationship with us. For the storage periods of other data processing by SurveyMonkey, see their data protection information.

Functions in the app
You can access the content of your courses booked with us and your user profile via our app. The functions in the app are basically the same as those offered in the internet browser, but are optimised for use on mobile devices. Special app-related data processing does not take place. Reference can be made to the "online training" processing.

Even though we are responsible for the operation of the app, the app is offered for download in the app stores by the external app developers as developers on our behalf.

Data categories: See the processing "Online training".

Data recipients (third country transfer, if applicable): See the processing "Online training".

Purpose + legal basis: See the processing "Online training".
Storage period: See the processing "Online training".

Download of the apps
If you want to use our app on your mobile device, you will need to download it to your device from an app shop appropriate for your device's operating system. For iOS devices this is Apple's AppStore, for Android devices it is either Google's PlayStore or another platform for Android apps.

All data processing in connection with the download of our app takes place between you and the respective app store. We do not receive any personal data about this, only statistical compilations about the number of downloads. For all information about the respective data processing, we refer you to the corresponding data protection information of Apple, Google or the download platform you use.

Video conference (Google Meet)
If you take part in a video conference with us to which we have (technically) invited you, the responsibility for the data processing through this communication lies with us. We also use Google Meet for video conferences. When we invite to a conference, we send a Google Meet URL related to the specific conference with the appointment.

To participate in a video conference, you must use either the Google Meet app for mobile devices or workstations (desktop/laptop). The apps are automatically offered to you for download when you open the invitation link to a conference. It is also possible to participate by telephone alone. In addition to the invitation URL, you will also be provided with the corresponding access data for a telephone dial-in.

As a participant, you do not have to create a user account with Google. However, you are free to use such an account for participation. When you dial in to the conference, you will be asked to give yourself a participant name for the conference, so that you can be identified, for example, when speaking in the chat during the conference. You can also use fantasy names here. The app asks for your consent to access your microphone and camera. You can give any of these permissions, but you do not have to if you want to follow a conference without active participation, for example. In addition to audio and video, the conference app offers you supplementary functions: an accompanying chat for exchanges in text form, requests to speak via iconicons, profile maintenance (profile picture, additional contact data, artificial background picture).

Conferences can be recorded. When we record conferences, we inform all participants before the start of the recording and only start the recording when all participants have given their consent to the recording. If a participant does not consent to the recording, the recording will either be waived or the person will be asked not to participate in the recorded conference. Unless there is an explicit recording, the conference will not be stored in any way. After the conference has ended, the contents of an unrecorded conference can no longer be accessed. In this respect, this corresponds to telephone conversations which have not been recorded.

It is technically possible for each participant to make screenshots or a recording of the conference in whole or in part using his or her own means. Such behaviour without appropriate consultation with all participants may constitute a data protection violation on the part of the acting person and, if it is not one of our employees, is outside our responsibility. Surreptitious recording of the spoken word may constitute a criminal offence under § 201 of the Criminal Code. We reserve the right to take legal action of any kind against persons who use their participation in a video conference to engage in conduct that is hostile to data protection.

As the host (moderator) of the conference, we have the technical means to mute or black out you, change your user name and exercise other moderator rights without your involvement. We only use such options if there is a need to do so.
Google is bound to us by a data protection order processing agreement. Google is not allowed to use the data generated in the course of conference participation for its own purposes. As far as data processing is concerned that is not directly related to the specific conference, the responsibility does not lie with us but directly with Google. This applies, for example, to the download of the app or the use of your own Google user account. By downloading the app onto your end device, you establish an independent legal relationship between yourself and Google.

The data transfer between your terminal device and the Google server requires Google to take note of the IP address through which you are online during the video conference. The servers also collect all types of data that are regularly generated during the use of telemedia services. For comprehensive information on the use of data collected by Google, please refer to Google's privacy information (https://policies.google.com/privacy) and Google's information on cookies (https://policies.google.com/technologies/cookies).

Data categories: User name, participation times, video or audio signal, video or audio recording (only with consent), actions in the chat, status word message, profile data (profile picture, contact data, background picture), telephone number (for participation by telephone); further data categories such as log data (incl. IP address) or login data are processed by Google under its own responsibility.

Data recipient (if applicable, third country transfer): Google Cloud EMEA Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google is obligated to us to observe data protection via an order processing contract. Insofar as data is transferred by Google to third countries, Google guarantees that the data will be handled at EU data protection level by concluding standard data protection clauses.

Purpose + legal basis: Use of a video conference. Depending on the content of the conversation, the legal basis is preparation or fulfilment of a contract according to Art. 6 para. 1 p. 1 lit. b) GDPR or according to Art. 6 para. 1 p. 1 lit. f) GDPR the legitimate interest in exchanging information with you. For recordings, the legal basis is consent according to Art. 6 para. 1 p. 1 lit. a) GDPR.

Storage period: If no recording takes place, all data will be deleted at the end of the conference. If the conference was recorded, the recording is deleted as soon as the last purpose for which the recording was made has been achieved.

Direct communication with us
Phone calls

When we call each other, our mobile phones or our cloud-based telephone system in conjunction with our softphones record your number and the time of the call. This data in the call lists is continuously deleted from subsequent calls.
If the content of the call suggests this, we create a call note and record it in the appropriate place (e.g. in the customer database or for applicants in the personnel area). It is conceivable that we will include your data in our contact directory for customers, business partners and other contacts.
Conversations are only recorded in exceptional cases and after we have obtained your express consent.

Data categories: Telephone number; time of the call; content of the call, if applicable.

Data recipients (third country transfer if applicable): Telecommunications providers covered by telecommunications secrecy and the service provider for our cloud telephone system in connection with our softphones, who is bound to data protection via an order processing agreement. A third country transfer does not take place.

Purpose + legal basis: Communication by telephone call Depending on the content of the conversation, the legal basis is the preparation or fulfilment of a contract according to Art. 6 para. 1 p. 1 lit. b) GDPR or according to Art. 6 para. 1 p. 1 lit. f) GDPR the legitimate interest in exchanging information with you.

Storage period: Depending on the content of the conversation; regularly only a few days. Individual conversation notes may fall under the retention obligation for business letters of six years under commercial law.

IV. Data processing in the context of our online presences

In addition to the website, we are also represented on online platforms and social networks. If you visit these online presences and communicate with us via them, their terms and conditions and data protection policies (see below) as well as this data protection declaration apply. In this respect, we are, where applicable, jointly responsible with the provider under data protection law in accordance with Article 26 GDPR.

Your data may be processed for analysis and advertising purposes. This is done, for example, by creating user profiles from your usage behaviour and the resulting interests. Cookies are usually used to store the usage profiles, which make it possible to analyse your usage behaviour and interests. The usage profiles are usually used to enable advertisements to be placed with the respective provider or elsewhere on the Internet that correspond to your interests. In addition, other data may also be stored for the usage profiles, especially if you are a registered user of the platform of the respective provider and are logged in to it. For a detailed description of the processing by the respective providers and the consent (opt-in), we refer to the information of the providers linked below.

If you visit our online presence and communicate via these online presences, the data processing that takes place is based on your consent (Article 6 (1) sentence 1 letter a) GDPR), provided that you have given this consent. Your consent can be revoked at any time (see V. Your rights / 5. Right to revoke consent). Otherwise, data processing, in particular communication with us, is carried out on the basis of legitimate interests (Article 6(1) sentence 1 letter f) GDPR. In this respect, our interest is to be able to offer you an online presence that is as informative, adapted to you and appealing as possible.

We will delete your data (in particular the content of our communication) as soon as it is no longer required for the respective purpose and insofar as this is possible for us. You have the rights listed under "Your rights" (see below) vis-à-vis us and the provider. Since access to your data is partly only possible for the respective provider, you should in any case also assert your rights vis-à-vis the provider.

Facebook: http://www.facebook.com/OnlineMarketingRockstars
Twitter: https://twitter.com/OMRockstars
Xing: https://www.xing.com/news/pages/online-marketing-rockstars-56
YouTube: https://www.youtube.com/channel/UC2vPnUauXTOLZHpVXCm9m7Q
Instagram: https://www.instagram.com/omrockstars/
LinkedIn: https://www.linkedin.com/company/online-marketing-rockstars-conference
SoundCloud: https://soundcloud.com/omrpodcast
Spotify: https://open.spotify.com/show/4rION5Qm2nPvDbzIB1wUiH
iTunes: https://itunes.apple.com/de/podcast/omr-podcast-channel-i-askomr-omr-podcast-i-by-online/id1056312052
Podigee: https://omr.podigee.io/

If you communicate with us via these online presences, we process the data contained in your messages and posts either on the basis of Article 6(1) sentence 1 letter b) GDPR or Article 6(1) sentence 1 letter f) GDPR, depending on the content contained therein and the purposes pursued with the communication. Your data will be deleted, insofar as this is permitted by the online presence, as soon as they are no longer required for the respective purpose.

Facebook
Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (www.facebook.com) and Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (www.facebook.de)) enables us to obtain your anonymised data on so-called fan pages using the Facebook Insight function, which is available as a non-derogable part of the user relationship. This data is collected by means of cookies, each of which contains a unique user code. The user code, can be linked to your Facebook login details if you are registered with Facebook and is collected and processed when you access the fan page. Facebook provides more detailed information on this under the following link: http://de-de.facebook.com/help/pages/insights.

In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us. When you access a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for "German" IP addresses).

Facebook also stores information about its users' end devices (e.g. as part of the "login notification" function); this may enable Facebook to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your end device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons embedded in websites enable Facebook to record your visits to these website pages and assign them to your Facebook profile. This data can be used to offer content or advertising tailored to you. If you want to make it more difficult for Facebook to track you, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device and close and restart your browser. This will delete Facebook information that can directly identify you. This allows you to use our Facebook page without Facebook being able to identify you via your cookies.

When you access interactive functions on the site (like, comment, share, message, etc.), a Facebook login screen appears. Once you have logged in, you will be directly recognisable to Facebook as a specific user.
Information on how to manage or delete information about you can be found on the following Facebook support pages: https://de-de.facebook.com/about/privacy#.

As the provider of the information service, we also collect and process the following data from your use of our service:

Daten	Verwendungs- zweck	Rechtsgrundlage
User interactions (Postings, Likes etc.)	User communication	Art. 6 Abs.1 lit. f GDPR
Facebook-Cookies*	Target group advertising	Art. 6 Abs.1 lit. a GDPR
Demographic data (e.g. based on age, place of residence, language or gender).	Target group advertising	Art. 6 Abs.1 lit. f GDPR
Statistical data on user interactions in aggregated form, i.e. without personal reference for us (e.g. page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions incl. origin, times of day)	Target group advertising	Art. 6 Abs.1 lit. f GDPR

Twitter
Information on data protection at Twitter (Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA) can be found here: https://twitter.com/privacy

Xing
Information on data protection at Xing (Xing AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) can be found here: https://www.xing.com/app/share?op=data_protection

YouTube
Information on data protection at YouTube (YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA. For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland is the data controller for your data.) can be found here: https://policies.google.com/privacy

Instagram
Information on data protection at Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA) and an objection option can be found here: http://instagram.com/about/legal/privacy/

LinkedIn
Information on data protection at LinkedIn (LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland) can be found here: https://de.linkedin.com/legal/privacy-policy

SoundCloud
Information on data protection at SoundCloud (SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin) can be found here: https://soundcloud.com/pages/privacy

Spotify
Information on data protection at SoundCloud (Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden) can be found here: https://www.spotify.com/de/legal/privacy-policy/

iTunes
Privacy information at Apple (Apple, One Apple Park Way, Cupertino, CA 95014) can be found here: https://www.apple.com/legal/privacy/de-ww/

Podigee
Information on data protection at Podigee (Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany) can be found at https://www.podigee.com/de/about/privacy.

V. Data processing in the context of applications

If you send us data about yourself in the context of an application (in particular name, contact details, CV, covering letter, certificates, etc.), we store and process this data exclusively for the duration of and in order to carry out the application procedure. The legal basis for this is Article 6 paragraph 1 sentence 1 letter b) GDPR. After completion of the application process, your data will be securely deleted. We do not pass this on to third parties. Internally, only those persons who need to be informed within the scope of the application procedure or employment relationship will receive knowledge.
Please note that we do not request any information about race, ethnic origin, gender, religion or belief, disability, age or sexual identity, illness, pregnancy, political views, philosophical or religious beliefs, trade union membership, physical or mental health or sex life as part of your application.

VI. Routine deletion and blocking of data

As a matter of principle, we only store your data for the period of time required to achieve the purpose of storage or if this is stipulated by the European Directive and Regulation Maker or another legislator in laws or regulations to which we are subject. For Germany, in particular, there is an obligation to retain data for 6 years in accordance with § 257 para. 1 of the German Commercial Code (in particular commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers). Pursuant to § 147 para. 1, 3 German Fiscal Code (Abgabenordnung) 10 years for books, records, management reports, accounting vouchers, documents relevant for taxation as well as 6 years in particular for commercial and business letters. If the purpose of storage no longer applies or if a legally prescribed storage period expires, your personal data will be routinely blocked or deleted in accordance with the statutory provisions. Please also note the specific explanations on individual storage and deletion periods in this data protection declaration.

VII. Your rights

As a person affected by data processing (Article 4 No. 1 GDPR), you have numerous rights vis-à-vis us, which we would like to inform you about below. You will also find details of these in Articles 15 to 21 of the GDPR and §§ 32 to 37 of the BDSG (in the version applicable from 25 May 2018).
To assert your rights, please contact (also informally if you wish) the following office:
E-mail: info@omr.com

1. right to information
You have the right to receive information from us about whether and which data we process about you. This includes, among other things, information on how long and for what purpose we process the data, where it comes from and to which recipients or categories of recipients we pass it on. We can also provide you with a copy of this data.

2 Right to rectification
You have the right to request that we correct information about you that is not or no longer accurate without delay. In addition, you can request that we complete your incomplete personal data. If required by law, we will also inform third parties of this correction if we have disclosed your data to them.

3. right to erasure ("right to be forgotten")
You have the right to request that we delete your personal data without delay if one of the following reasons applies:
- Your data is no longer necessary for the purposes for which it was collected or otherwise processed or the purpose has been achieved;
- You withdraw your consent and there is no other legal basis for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing; where personal data is used for direct marketing, a mere objection by you to the processing is sufficient;
- your personal data have been processed unlawfully;
- the erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.

Please note that your right to deletion may be restricted by legal provisions. These include, in particular, the restrictions listed in Article 17 of the GDPR and § 35 of the Federal Data Protection Act (in the version applicable as of 25 May 2018).

4. right to restriction of processing (blocking)
You have the right to request us to restrict the processing of your personal data if one of the following conditions is met:
- You dispute the accuracy of your personal data for a period of time that enables us to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of your personal data;
- we no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
- You have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.
If you have obtained a restriction of processing in accordance with the above list, we will inform you before the restriction is lifted.

5. right of revocation for consents
You can revoke the consent you have given us at any time with effect for the future. This revocation can take the form of an informal communication to the above contact addresses. This also applies to consents you gave us before the GDPR came into force (i.e. before 25 May 2018). If you revoke your consent, the lawfulness of the data processing carried out up to that point will not be affected. As a rule, the consequence of a revocation is that you can no longer use our service, in the context of which we have asked you for your consent, or can no longer use it to the full extent.

6. Right to data portability
You have the right to receive personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to others. Details and restrictions can be found in Article 20 of the GDPR. The exercise of this right does not affect your right to erasure.

7. right to complain to the supervisory authority
If you believe that the processing of your data by us violates applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities, i.e. in particular the Hamburg Commissioner for Data Protection and Freedom of Information or the respective supervisory authority in the member state of your place of residence, your place of work or the place of the alleged data protection violation.

8. right of objection according to Article 21 GDPR
According to Article 21 GDPR, you have in particular the right to object to the processing of your data at any time on grounds relating to your particular situation, if we base this processing on legitimate interests pursuant to Article 6(1) sentence 1(f) GDPR. If you object, we will no longer process your personal data, except in two cases:
- we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or
- the processing serves the assertion, exercise or defence of legal claims.
In particular, also insofar as we process your personal data for direct advertising (e.g. within the scope of our newsletter), you have the right to object at any time to the processing of your data for the purpose of such advertising. If you object to the processing of your data for direct advertising purposes, we will no longer use your personal data for this purpose.

VIII. Help with data protection terms

In this data protection declaration, we use some terms that have also been used by the legislator, in particular in the European General Data Protection Regulation (GDPR). As it is important to us that this data protection declaration is understandable for you, we explain some important terms in alphabetical order below:

Processor: This is a natural or legal person, public authority, agency or other body that processes personal data on behalf of a controller.
Data subject: This is any identified or identifiable natural person whose personal data are processed by the controller.

Browser: This is a program for displaying websites on the Internet, for example the programs Mozilla Firefox or Google Chrome.

Cookies: These are small text files that contain a characteristic string of characters (cookie ID) and are filed and stored on your device (e.g. smartphone or computer) via an internet browser if you do not prevent this through technical settings. Cookies enable the websites and servers visited to distinguish your individual browser from other internet browsers. A specific internet browser can therefore be recognised and identified via the unique cookie ID. In this way, it is possible to make it easier for you to use our website, as you only have to enter certain data once, for example. Wherever possible, we use cookies that are deleted again when you close your browser (so-called session cookies). In addition, we also use cookies that are stored on your computer for a longer period of time (so-called persistent cookies). In addition to the option of configuring your browser so that it does not accept cookies, you can delete cookies that have already been set at any time via an Internet browser or other programs. Please note, however, that not using cookies may mean that not all functions of our website or services can be fully used.

Third party: This is a natural or legal person, public authority, agency or other body (other than the data subject), the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

Restriction of processing: This is a marking of stored personal data in such a way that their future processing (e.g. with regard to specific processing purposes) is restricted.

Consent: This is any freely given specific and informed indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Recipient: this is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party.
IP address: This is an address assigned to your device (e.g. smartphone or computer) on the internet so that their device can be addressed and reached there.

Pixel tags (web beacons): These are small, usually invisible graphics that are integrated into websites and other services in order to be able to carry out statistical analyses, usually for marketing purposes.

Personal data: This is any information relating to an identified or identifiable natural person (also referred to as a "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiling: this is a type of automated processing of personal data which consists of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

Pseudonymisation: This is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the addition of further information. This is particularly the case if the additional information is kept separately and technical and organisational measures have been taken to ensure that it is no longer possible with reasonable effort to attribute the data to an identified or identifiable natural person.

Processing: This is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller or controllers: These are the natural or legal persons, public authorities, bodies or agencies which alone or jointly with others determine the purposes and means of the processing of personal data.

IX. Security

We use technical and organisational security measures to protect your personal data against misuse, loss, destruction or access by unauthorised persons. Our security measures correspond to the current state of the art.

X. Validity and changes to the data protection declaration

The data protection declaration is currently valid and dated 11.06.2021.
Due to the further development of our website or the implementation of new technologies, it may become necessary to change this data protection declaration. We reserve the right to make corresponding changes at any time.

XI. Your questions about data protection

If you still have questions about this data protection declaration or your rights, please contact: info@omr.com