Privacy Policy

Privacy Policy

  1. Introduction

This website is operated by: YMPACT GmbH.

It is very important to us to handle the data of our website visitors with trust and to protect it in the best possible way. For this reason, we make every effort to meet the requirements of the GDPR.

Below we explain to you how we process your data on our website. To do this, we use language that is as clear and transparent as possible, so that you really understand what happens to your data.

This website is operated by: YMPACT GmbH.

It is very important to us to handle the data of our website visitors with trust and to protect it in the best possible way. For this reason, we make every effort to meet the requirements of the GDPR.

Below we explain to you how we process your data on our website. To do this, we use language that is as clear and transparent as possible, so that you really understand what happens to your data.

This website is operated by: YMPACT GmbH.

It is very important to us to handle the data of our website visitors with trust and to protect it in the best possible way. For this reason, we make every effort to meet the requirements of the GDPR.

Below we explain to you how we process your data on our website. To do this, we use language that is as clear and transparent as possible, so that you really understand what happens to your data.

  1. General Information

2.1 Processing of Personal Data and Other Terms

Data protection applies to the processing of personal data. Personal data refers to all data through which you can be personally identified. This includes, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when 'something happens to it'. For example, the IP address is transmitted from the browser to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable Regulations/Laws – GDPR, BDSG, and TDDDG

The scope of data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

Furthermore, the TDDDG complements the provisions of the GDPR, insofar as it concerns the use of cookies.

2.3 The Responsible Party

The party responsible for data processing on this website is the responsible party in the sense of the GDPR. This is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

You can reach the responsible party at:

YMPACT GmbH

Eifflerstr. 43 22769 Hamburg

hello@ympact.agency

As we have already noted, there is data (e.g., IP address) that is automatically collected. This data is primarily needed for the technical provision of the homepage. If we use personal data beyond that or collect other data, we will inform you about it or ask for your consent.

Other personal data is shared with us consciously by you.

Detailed information on this can be found further down.

2.5 Your Rights

The GDPR provides you with extensive rights. These include, for example, the free information about the origin, recipients, and purpose of your stored personal data. You can also request the correction, blocking, or deletion of this data or file a complaint with the responsible data protection supervisory authority. You can revoke your consent at any time.

You will find out how these rights look in detail and how to exercise them in the last section of this privacy policy.

2.6 Data Protection – Our View

For us, data protection is more than just a nuisance! Personal data has great value, and a careful handling of this data should be a matter of course in our digitized world. You, as a website visitor, should also be able to decide for yourself what, when, and by whom is done with your data. Therefore, we are committed to adhering to all legal requirements, only collecting the necessary data for us, and treating it confidentially.

2.7 Sharing and Deletion

The sharing and deletion of data are also important and sensitive topics. Therefore, we would like to inform you briefly in advance about our general approach to this matter.

Data is shared only on the basis of a legal basis and only when necessary. This may be especially the case when a so-called processor is involved and a processing agreement has been concluded according to Art. 28 GDPR.

We delete your data when the purpose and the legal basis for processing cease to exist and no other legal obligations oppose the deletion. A 'good' overview is also provided by Art. 17 GDPR.

For all further information, please refer to this privacy policy and contact the responsible party for specific questions.

2.8 Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host. This includes both automatically collected and stored log files (see below for more details), as well as all other data that website visitors provide.

The external hosting is carried out for the purpose of securely, quickly, and reliably providing our website and serves in this context to fulfill the contract with our potential and existing customers.

The legal basis for processing is Art. 6 para. 1 lit. a, b, and f GDPR, as well as § 25 para. 1 TDDDG, insofar as consent encompasses the storage of cookies or access to information on the website visitor's or user's device within the meaning of the TDDDG.

Our host processes only such data that is necessary to fulfill its service obligations and acts as our processor, meaning it is subject to our instructions. We have concluded a corresponding contract for processor services with our host.

We use the following host:

https://www.framer.com/

2.9 Legal Bases

The processing of personal data always requires a legal basis. The GDPR provides the following possibilities in Art. 6 para. 1 sentence 1:

a) The data subject has given their consent to the processing of their personal data concerning one or more specific purposes;

b) the processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;

c) the processing is necessary for compliance with a legal obligation to which the controller is subject;

d) the processing is necessary to protect the vital interests of the data subject or another natural person;

e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, particularly where the data subject is a child.

In the following sections, we will name the specific legal basis for the respective processing.

2.1 Processing of Personal Data and Other Terms

Data protection applies when processing personal data. Personal data refers to any data that can identify you personally. This includes, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when 'something happens with it'. For instance, the IP address is transmitted from the browser to our provider and stored automatically. This is considered processing (according to Art. 4 No. 2 GDPR) of personal data (under Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable Regulations/Laws – GDPR, BDSG, and TDDDG

The scope of data protection is regulated by laws. In this case, the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law apply.

Additionally, the TDDDG complements the regulations from the GDPR as far as the use of cookies is concerned.

2.3 The Responsible Party

The party responsible for data processing on this website is the person/entity responsible in the sense of the GDPR. This is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

You can reach the responsible party at:

YMPACT GmbH

Eifflerstr. 43 22769 Hamburg

hello@ympact.agency

As we have already established, there is data (e.g., IP address) that is collected automatically. This data is primarily needed for the technical provision of the homepage. To the extent that we use personal data or collect other data, we will inform you about it or ask for your consent.

Other personal data is shared with us consciously.

You will receive detailed information about this below.

2.5 Your Rights

The GDPR grants you comprehensive rights. These include, for example, the free information about the origin, recipients, and purpose of your stored personal data. You can also request the correction, blocking, or deletion of this data or file a complaint with the competent data protection supervisory authority. Any granted consent can be revoked at any time.

How these rights look in detail and how to exercise them is described in the last section of this privacy policy.

2.6 Data Protection – Our Perspective

Data protection is more than just an annoying duty for us! Personal data has great value, and a mindful handling of this data should be a given in our digitized world. Additionally, as a website visitor, you should be able to decide for yourself what happens with your data, when, and by whom. Therefore, we commit ourselves to comply with all legal provisions, only collect the data necessary for us, and treat it confidentially.

2.7 Transfer and Deletion

The transfer and deletion of data are also important and sensitive topics. Therefore, we would like to briefly inform you about our general approach here in advance.

Data will only be transferred based on a legal basis and only when this is unavoidable. This may particularly be the case when it concerns a so-called processor, and a processing agreement has been concluded under Art. 28 GDPR.

We delete your data when the purpose and legal basis for processing cease to exist and there are no other legal obligations preventing deletion. A 'good' overview of this is also provided by Art. 17 GDPR.

For further information, please refer to this privacy policy and contact the responsible party with specific questions.

2.8 Hosting

This website is hosted externally. The personal data collected on this website are stored on the servers of the host. This includes both automatically collected and stored log files (see below for more details), as well as all other data provided by website visitors.

The external hosting is done for the purpose of secure, fast, and reliable provision of our website and serves in this context to fulfill the contract with our potential and existing customers.

The legal basis for processing is Art. 6 Para. 1 lit. a, b, and f GDPR, as well as § 25 Para. 1 TDDDG, to the extent that consent includes the storage of cookies or access to information on the end device of the website visitor or user in the sense of the TDDDG.

Our host only processes data that is necessary to fulfill its service obligations and acts as our processor, meaning it adheres to our instructions. We have concluded a corresponding processing agreement with our host.

The following host is used:

https://www.framer.com/

2.9 Legal Bases

The processing of personal data always requires a legal basis. The GDPR provides the following possibilities in Art. 6 Para. 1 Sentence 1:

a) The data subject has consented to the processing of personal data concerning him or her for one or more specific purposes;

b) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;

c) the processing is necessary for compliance with a legal obligation to which the controller is subject;

d) the processing is necessary to protect the vital interests of the data subject or another natural person;

e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.

In the following sections, we will indicate to you the specific legal basis for each processing operation.

  1. That is happening on our website

By visiting our website, we process personal data about you.

To protect this data as best as possible against unauthorized access by third parties, we use SSL and TLS encryption. You can recognize this encrypted connection by the fact that a https:// or a padlock symbol is displayed in the address bar of your browser.

Below you will learn which data is collected when you visit our website, for what purpose this is done, and on what legal basis.

3.1 Data Collection When Accessing the Website

By accessing the website, information is automatically stored in so-called server log files. This includes the following information:

• Browser type and browser version

• Operating system used

• Referrer URL

• Hostname of the accessing computer

• Time of the server request

• IP address

This data is temporarily needed to be able to display our website permanently and without problems. In particular, this data serves the following purposes:

• Security of the website

• Stability of the website

• Troubleshooting on the website

• Establishing a connection to the website

• Displaying the website

The processing of this data is carried out in accordance with Article 6 paragraph 1 letter f of the GDPR and is based on our legitimate interest in processing this data, especially in the interest of the functionality of the website and its security.

This data will be stored pseudonymously whenever possible and deleted once the respective purpose has been achieved.

As far as the server log files allow the identification of the affected person, the data will be stored for a maximum period of 14 days. An exception exists if a security-related event occurs. In this case, the server log files will be stored until the security-related event has been resolved and conclusively clarified.

Moreover, no merging with other data takes place.


3.2 Cookies

3.2.1 General

This website uses so-called cookies. These are data records, information that is stored in the browser of your end device and is related to our website.

By setting cookies, the navigation of the website can be made easier, particularly for visitors.

In our cookie consent tool, you will find all information about the cookies that we use on our website (if applicable, after your consent).

3.2.2 Declining Cookies

You can manage all cookies that are not technically necessary directly through our cookie consent tool.

Setting cookies can be prevented by adjusting your browser settings.

Here are the relevant links to frequently used browsers:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

Microsoft Edge: https://support.microsoft.com/en-us/help/4468244/windows-10-delete-cookies

Safari: https://support.apple.com/en-us/HT201265 and https://support.apple.com/en-us/HT201265. If you use another browser, it is advisable to enter the name of your browser and 'Delete and manage cookies' into a search engine and follow the official link to your browser.

Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.

However, we must inform you that a comprehensive blocking/deletion of cookies may lead to limitations in the use of the website.

3.2.3 Technically Necessary Cookies

We use technically necessary cookies on this website so that our website functions correctly and in accordance with applicable laws. They help make the website user-friendly. Some features of our website cannot be displayed without the use of cookies.

The legal basis for this, depending on the case, is Article 6 paragraph 1 letter b, c and/or f of the GDPR.

3.2.4 Technically Non-Necessary Cookies

We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the browsing behavior of the website visitor or to offer features of the website that are, however, not technically strictly necessary.

The legal basis for this is your consent in accordance with Article 6 paragraph 1 letter a of the GDPR.

Technically non-necessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.


3.3 Data Processing through User Input

3.3.1 Own Data Collection

We offer the following service on our website: process optimization & consulting.

For this, we collect the following data:

Name

Email address

Phone number

The legal basis for this data processing is Article 6 paragraph 1 letter b of the GDPR.

The data will be deleted as soon as the respective purpose ceases and it is possible according to the legal requirements.

3.3.2 Contacting

a) Email

If you contact us via email, we process your email address and possibly other data included in the email. These will be stored on the mail server and partly on the respective end devices. Depending on the concern, the legal basis for this is regularly Article 6 paragraph 1 letter f of the GDPR or Article 6 paragraph 1 letter b of the GDPR. The data will be deleted as soon as the respective purpose ceases and it is possible according to the legal requirements. 

b) Contact Form

We offer a contact form. This is used for contacting our company. 

In this form, we typically process your first and last name, your phone number, your email address, a postal address, and the content of the message. The data will be stored on our web server and internally forwarded to the respective responsible email addresses. 

The legal basis for data processing is Article 6 paragraph 1 letter f of the GDPR, as we have a legitimate interest in answering your inquiry and providing an uncomplicated way to contact us. If the contact aims to conclude a contract, the additional legal basis for processing is Article 6 paragraph 1 letter b of the GDPR.

We will delete this data no later than 3 months after receipt, unless it is needed for an existing contract relationship.

We integrate the contact form from

Framer

Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands

https://www.framer.com/legal/privacy-statement/?utm_source=google&utm_medium=adwords&utm_campaign=PerformanceMax-Framer_&gad_source=1&gclid=Cj0KCQjwlZixBhCoARIsAIC745CTgsJwNQoLWsI_S_5RmKii7ZlKcj5gbPDPgjVQIbFAu5RCNs0I4kMaAltDEALw_wcB

on our website.

c) Appointment Scheduling Tool

Cal.com

To schedule an appointment with us, we integrate the functions of cal.com. This service is offered by cal.com Inc., 5220 Cabrito Dr, Lay Vegas, Nevada, 89103, USA.

For the purpose of appointment booking, personal data, in particular name, company name, postal address, phone number, and email address as well as, if applicable, financial qualification and billing data such as name and address of the invoice and credit card number and the desired appointment, are requested and entered in the designated mask. The data entered will be used for the planning, execution, and if necessary, for the follow-up of the appointment.

The legal basis for the use of cal.com is Article 6 paragraph 1 letter f of the GDPR, as we have a legitimate interest in engaging in direct exchange with clients, potential clients, and other interested parties and processing inquiries immediately and as quickly as possible.

The data will be stored until the affected person requests deletion, revokes the consent to storage, or the purpose for storage ceases. Mandatory legal provisions on retention periods remain unaffected.

In the context of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

Further information:

https://cal.com/en/privacy.

3.4 Cookie Consent Tool

3.4.1 Usercentrics

To ensure that only the cookies for which there is a legal basis are set on our website, we use the consent management tool of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. 

This service is used to obtain and document the consent of the website visitor for the storage of certain cookies in their browser or the use of certain technologies in compliance with data protection regulations. 

When visiting this website, the consent given by the website visitor or the revocation of consent is stored as a Usercentrics cookie in the browser of the website visitor. For this purpose, a connection to the servers of Usercentrics is established. 

The legal basis is Article 6 paragraph 1 letter c of the GDPR. Usercentrics is used to obtain the legally required consent for the use of cookies. 

As far as the consent management tool of Usercentrics is integrated on the website via a third party, data transfer (e.g., of the IP address) to the third party is possible.

The data collected will be stored until the website visitor requests deletion or Usercentrics deletes it themselves or the purpose for storing the data ceases. The mandatory legal retention periods remain unaffected.

3.5 Analysis and Tracking Tools

3.5.1 Google Analytics

We use Google Analytics on this website. Google Analytics is a web analysis service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies to recognize the user and thus analyze the usage behavior. These cookies are only set with consent. The consent can be revoked at any time and managed in our cookie consent tool.

The legal basis for processing is Article 6 paragraph 1 letter a of the GDPR and § 25 paragraph 1 of the TDDDG.

The information collected here is usually transmitted to a Google server in the USA and stored there. On July 10, 2023, the European Commission adopted an adequacy decision for the USA. Google LLC is certified under the EU-U.S. Privacy Framework. However, since Google servers are stationed worldwide and data transfer to third countries (e.g., Singapore) cannot be ruled out, the standard contractual clauses (SCC) of the EU Commission apply.

By using Google Analytics, IP anonymization applies. The respective user's IP address is shortened within member states of the EU (or the European Economic Area) on servers within the EU, so that a trace back to a natural person is no longer possible. Furthermore, Google commits itself to appropriate data protection through the Google Ads data processing terms and provides an evaluation of website usage and website activity and delivers the associated services. The Google Ads data processing terms apply to companies that are subject to the EU General Data Protection Regulation (GDPR) of the European Economic Area (EEA), the California Consumer Privacy Act (CCPA), or similar regulations. 

Using an additional browser plugin can prevent the collected information (such as the IP address) from being sent to Google and used by Google. The plugin and more information can be found at https://tools.google.com/dlpage/gaoptout?hl=en

Otherwise, the storage duration depends on the type of data processed. Each customer can choose how long Google Analytics stores data before it is automatically deleted. The maximum lifespan of a Google Analytics cookie is two years.

Further information about data usage by Google can also be found at https://support.google.com/analytics/answer/6004245?hl=en. For any further inquiries, you can also contact support-deutschland@google.com directly.

3.5.2 Google Conversion Tracking

This website uses Google Conversion Tracking. Google Conversion Tracking is a web analysis service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Conversion Tracking sets cookies for identification. We learn the user numbers and which actions have been performed on the website by the website visitors.

The legal basis for processing is Article 6 paragraph 1 letter a of the GDPR and § 25 paragraph 1 of the TDDDG. The consent can be revoked at any time.

The data will be deleted as soon as they are no longer needed for processing purposes.

Further details:

https://policies.google.com/privacy?hl=en.

3.5.3 Google Tag Manager

On this website, we use Google Tag Manager. Google Tag Manager is a web analysis service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager does not store cookies and does not analyze on its own. It only serves to manage the tools integrated via it. However, the IP address of the website visitor is recorded, which can be transmitted to Google's parent company in the USA.

The legal basis for processing is Article 6 paragraph 1 letter f of the GDPR. We have a legitimate interest in easily integrating and managing various tools on our website.

Further details:

https://policies.google.com/privacy?hl=en.


3.5.4 Framer Analytics

We use the functionalities of Framer Analytics on this website. This service is provided by Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands. Framer Analytics provides specific functions for monitoring user interactions with website prototypes. It allows tracking user actions such as clicks and page views, visualizes user paths through the prototype, and measures the duration of stay on different pages. This data helps identify bottlenecks in user navigation and optimizes the user experience. Framer Analytics does not collect personal data and does not use cookies to track user activities.

The processing of the data is based on Article 6 paragraph 1 letter f of the GDPR. Our legitimate interest is to continuously improve our website through analysis.

Further information:

https://www.framer.com/legal/privacy-statement/?utm_source=google&utm_medium=adwords&utm_campaign=PerformanceMax-Framer_&gad_source=1&gclid=Cj0KCQjwlZixBhCoARIsAIC745CTgsJwNQoLWsI_S_5RmKii7ZlKcj5gbPDPgjVQIbFAu5RCNs0I4kMaAltDEALw_wcB.

3.6 Social Media Profile

Besides our website, we are also present on social networks with our company. In doing so, we want to present our company and provide the opportunity to get in touch with us. We also use the opportunity to run advertisements and job postings on social media. Below, we inform you about which data we and the respective social network process when visiting and interacting with our profile.3.6.1 LinkedIn We maintain a LinkedIn profile on https://www.linkedin.com/.

This social network is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

a) Interaction with our company profile

When visiting our LinkedIn profile and interacting with us through it, we process personal data. On the one hand, the publicly available data on the profile. On the other hand, also the personal data included in posts, comments, or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information. The legal basis for this processing is Article 6 paragraph 1 letter f of the GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our LinkedIn profile. If an inquiry relates to the fulfillment of a contract or is necessary for the execution of pre-contractual measures, our processing is based on Article 6 paragraph 1 letter b of the GDPR.

b) Page Insights

LinkedIn provides us with summarized statistics and insights (so-called Page Insights) that inform us about how people interact with our company page. We receive information about the number of profiles that view, comment on, or otherwise interact with our posts, as well as aggregated demographic and other information that help us understand the interaction with our page or our LinkedIn profile. Page Insights provided to us by LinkedIn consists of aggregated data, whereby LinkedIn does not provide us with any personal data of members regarding Page Insights. We also have no way to link the Page Insights with individual members. When running advertisements, LinkedIn transmits to us information about the types of people who see our ads and about the success of our ads. Personal data is only shared with us if that person has consented to such processing. LinkedIn also provides us with information that allows us to track which of our ads led to a purchase or action being taken. The processing of this data serves to analyze our reach and adapt our content and advertisements to user interests. Based on the evaluations of this data, we can recognize how our content, profile, and advertising are consumed. This enables us to create targeted content and place advertising in order to better market our company and our services. The processing is based on our legitimate interest under Article 6 paragraph 1 sentence 1 letter f of the GDPR. When processing personal data in the context of so-called Page Insights, the processing takes place in joint responsibility with LinkedIn according to Article 26 paragraph 1 of the GDPR.

For this purpose, we have made an appropriate agreement with LinkedIn, which can be viewed here (https://legal.linkedin.com/pages-joint-controller-addendum). The contact details of LinkedIn are as follows:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

For LinkedIn, you can contact the data protection officer at the following link:https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

3.6.2 Processing by LinkedIn

In connection with your visit to our company profile, LinkedIn may also process personal data beyond that. In this case, the processing is carried out solely by LinkedIn and without our knowledge.

Further information from LinkedIn can be found at:
https://www.linkedin.com/legal/privacy-policy.

3.6.3 LinkedIn Ads

We also integrate the functions of LinkedIn Ads on our website. With the help of LinkedIn Ads, we can easily create effective advertisements that can be perceived by a large audience on LinkedIn. LinkedIn collects personal data through cookies for this purpose. This evaluates the behavior of the users and analyzes the effectiveness of advertising measures to adjust future campaigns to user orientation.

These cookies are only set with consent. The consent can be revoked at any time. The legal basis for this is Article 6 paragraph 1 letter a of the GDPR. The legal basis for processing the data through LinkedIn Ads is Article 6 paragraph 1 letter f of the GDPR. We have a legitimate interest in expanding and optimizing our advertising presence on the LinkedIn platform.

3.7 Instagram

We maintain an Instagram profile. This social media platform is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

3.7.1 Interaction with Our Company Profile

When visiting our Instagram profile and interacting with us through it, we process personal data. On the one hand, the publicly available data on the profile. On the other hand, also the personal data included in posts, comments, or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information. The legal basis for this processing is Article 6 paragraph 1 letter f of the GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Instagram profile. If an inquiry relates to the fulfillment of a contract or is necessary for the execution of pre-contractual measures, our processing is based on Article 6 paragraph 1 letter b of the GDPR.

3.7.2 Insights

As explained in the Meta privacy policy under ‘How do we use your information?’ (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect), Meta also collects and uses information to provide analysis services, known as insights, for page operators. This also applies to our Instagram profile. The insights consist of aggregated statistics that are generated based on certain interactions of visitors with pages and their associated content and are logged by the Meta servers. This includes, among other things, information such as

• How many people see our products, services, or content, such as posts, videos, Instagram pages, ads, shops, and advertisements (when the advertising is shown on Meta products) and interact with them;

• How do people interact with our content, websites, apps, and services;

• Which groups of people interact with our content or which groups of people use our services.

Meta provides us with aggregated reports and insights that inform us about how well our content, features, products, and services perform.

We do not gain access to personal data here; we only receive the aggregated reports.

For evaluating the reach, we can make settings or apply corresponding filters regarding the selection of a timeframe, the consideration of a specific post, and the demographic groupings. This data is anonymized. Conclusions about specific individuals are not possible for us. The processing of this data serves the purpose of analyzing our reach and adapting our content and advertisements to user interests so that visitors can derive the greatest possible benefit from it. Based on the evaluations of this data, we can recognize how our content, profile, and advertising are consumed. This enables us to create targeted content and place advertising to better market our company and our services. The processing is based on our legitimate interest according to Article 6 paragraph 1 sentence 1 letter f of the GDPR. When processing personal data in the course of the so-called insights, the processing takes place in joint responsibility with Meta according to Article 26 paragraph 1 of the GDPR.

For this purpose, we have made an appropriate agreement with Meta, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum).

The contact details for Meta are: Online contact: https://www.facebook.com/help/contact/1650115808681298

Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For Instagram, you can contact the data protection officer at the following link:
https://www.facebook.com/help/contact/540977946302970.

Further information about the insights:
https://de-de.facebook.com/help/pages/insights.

The complete privacy policy of Instagram can be found here:https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Processing of personal data and cookies by Meta When accessing an Instagram page, the IP address assigned to your end device is transmitted to Meta. According to Meta, this IP address is anonymized (for

  1. THAT'S ALSO IMPORTANT

Zum Abschluss möchten wir Dich ausführlich und detailliert über Deine Rechte informieren und Dir mitteilen, wie Du über Veränderungen der datenschutzrechtlichen Anforderungen informiert werden wirst.

4.1 Deine Rechte im Detail

4.1.1 Auskunftsrecht nach Art. 15 DSGVO

Du kannst Auskunft darüber verlangen, ob personenbezogenen Daten von Dir verarbeitet werden. Ist das der Fall, kannst Du weitere Auskünfte zur Art und Weise der Verarbeitung einfordern. Eine detaillierte Aufzählung findest Du in Art. 15 Abs. 1 lit. a bis h DSGVO.

4.1.2 Recht auf Berichtigung nach Art. 16 DSGVO

Dieses Recht umfasst die Berichtigung unrichtiger Daten und die Ergänzung unvollständiger personenbezogener Daten.

4.1.3 Recht auf Löschung nach Art. 17 DSGVO

Dieses sogenannte ‚Recht auf Vergessenwerden‘ gibt Dir das Recht, unter bestimmten Voraussetzungen, die Löschung der personenbezogenen Daten durch den Verantwortlichen zu verlangen. Dies ist grundsätzlich dann der Fall, wenn der Zweck der Datenverarbeitung entfallen ist, wenn eine Einwilligung widerrufen wurde oder die Ausgangsverarbeitung ohne Rechtsgrundlage stattfand. Eine detaillierte Aufzählung von Gründen findest Du in Art. 17 Abs. 1 lit. a bis f DSGVO. Dieses „Recht auf Vergessenwerden“ korrespondiert darüber hinaus mit der Pflicht des Verantwortlichen aus Art. 17 Abs. 2 DSGVO angemessene Maßnahmen zu ergreifen, um eine allgemeine Löschung der Daten herbeizuführen.

4.1.4 Recht auf Einschränkung der Verarbeitung nach Art. 18 DSGVO

Dieses Recht ist an die Voraussetzungen gemäß Art. 18 Abs. 1 lit. a bis d geknüpft.

4.1.5 Recht auf Datenübertragbarkeit nach Art. 20 DSGVO

Hier wird das grundsätzliche Recht zum Erhalt der eigenen Daten in einer gängigen Form und der Übermittlung an einen anderen Verantwortlichen geregelt. Dies gilt allerdings nur für die Daten einer Verarbeitung aufgrund von Einwilligung oder Vertrag nach Art. 20 Abs. 1 lit. a und b und soweit dies technisch machbar ist.

4.1.6 Recht auf Widerspruch nach Art. 21 DSGVO

Du kannst grundsätzlich der Verarbeitung Deiner personenbezogenen Daten widersprechen. Dies gilt insbesondere dann, wenn Dein Interesse am Widerspruch das berechtigte Interesse des Verantwortlichen an der Verarbeitung überwiegt und wenn sich die Verarbeitung auf Direktwerbung und oder Profiling bezieht.

4.1.7 Recht auf „Entscheidung im Einzelfall“ nach Art. 22 DSGVO

Du hast grundsätzlich das Recht, nicht einer ausschließlich auf einer automatisierten Verarbeitung (einschließlich Profiling) beruhenden Entscheidung unterworfen zu werden, die Dir gegenüber rechtliche Wirkung entfaltet oder Dich in ähnlicher Weise erheblich beeinträchtigt. Auch dieses Recht findet allerdings Einschränkungen und Ergänzungen in Art. 22 Abs. 2 und 4 DSGVO.

4.1.8 Weitere Rechte

Die DSGVO beinhaltet umfassende Rechte der Unterrichtung von Dritten darüber, ob oder wie Du Rechte nach Art. 16, 17, 18 DSGVO geltend gemacht haben. Dies allerdings nur insoweit dies auch möglich bzw. mit einem angemessenen Aufwand durchführbar ist.

Wir möchten Dich an dieser Stelle erneut auf Dein Recht des Widerrufs einer erteilten Einwilligung nach Art. 7 Abs. 3 DSGVO hinweisen. Die Rechtmäßigkeit der bis dahin durchgeführten Verarbeitung wird dadurch allerdings nicht berührt.

Außerdem möchten wir Dich auch noch auf Deine Rechte nach §§ 32 ff. BDSG hinweisen, die allerdings inhaltlich größtenteils deckungsgleich mit den soeben beschrieben Rechten sind.

4.1.9 Beschwerderecht nach Art. 77 DSGVO

Du hast auch das Recht dich bei einer Datenschutzaufsichtsbehörde zu beschweren, wenn Du der Ansicht bist, dass eine Verarbeitung der dich betreffenden personenbezogenen Daten gegen diese Verordnung verstößt.

In conclusion, we would like to inform you in detail about your rights and let you know how you will be informed about changes to data protection requirements.

4.1 Your Rights in Detail

4.1.1 Right of Access under Art. 15 GDPR

You can request information on whether personal data concerning you is being processed. If so, you can request further information on the manner of processing. A detailed enumeration can be found in Art. 15 para. 1 lit. a to h GDPR.

4.1.2 Right to Rectification under Art. 16 GDPR

This right includes the rectification of inaccurate data and the completion of incomplete personal data.

4.1.3 Right to Erasure under Art. 17 GDPR

This so-called 'right to be forgotten' gives you the right, under certain conditions, to request the erasure of personal data concerning you from the controller. This is basically the case when the purpose of the data processing has lapsed, when consent has been withdrawn, or when the initial processing took place without a legal basis. A detailed enumeration of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This "right to be forgotten" also corresponds to the obligation of the controller under Art. 17 para. 2 GDPR to take appropriate measures to effectuate a general erasure of the data.

4.1.4 Right to Restrict Processing under Art. 18 GDPR

This right is linked to the conditions according to Art. 18 para. 1 lit. a to d.

4.1.5 Right to Data Portability under Art. 20 GDPR

This establishes the fundamental right to receive your data in a commonly used format and to transmit it to another controller. However, this only applies to data processed based on consent or contract under Art. 20 para. 1 lit. a and b and as far as it is technically feasible.

4.1.6 Right to Object under Art. 21 GDPR

You can generally object to the processing of your personal data. This applies especially when your interest in objection outweighs the legitimate interest of the controller in processing and when the processing relates to direct marketing and/or profiling.

4.1.7 Right to "Decision in Individual Cases" under Art. 22 GDPR

You have the right not to be subjected to a decision based solely on automated processing (including profiling) that has legal effects concerning you or similarly significantly affects you. However, this right is also subject to restrictions and additions in Art. 22 para. 2 and 4 GDPR.

4.1.8 Other Rights

The GDPR includes comprehensive rights to inform third parties on whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this is only to the extent that it is possible or feasible with reasonable effort.

We would like to remind you again of your right to withdraw any consent given under Art. 7 para. 3 GDPR. However, the legality of the processing carried out until then is not affected.

Furthermore, we would also like to inform you about your rights under sections 32 et seq. of the German Federal Data Protection Act (BDSG), which are primarily similar in content to the rights just described.

4.1.9 Right to Complain under Art. 77 GDPR

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates this regulation.

  1. What if the GDPR is abolished tomorrow or other changes occur?

Der aktuelle Stand dieser Datenschutzerklärung ist 23.04.2025. Von Zeit zu Zeit ist es erforderlich, den Inhalt der Datenschutzerklärung anzupassen, um auf tatsächliche und rechtliche Veränderungen zu reagieren. Wir behalten uns daher vor, diese Datenschutzerklärung jederzeit zu ändern. Wir werden die geänderte Version an gleicher Stelle veröffentlichen und empfehlen Dir, die Datenschutzerklärung regelmäßig zu lesen.

Erstellt mit freundlicher Unterstützung von Dieter macht den Datenschutz

"Dieter macht den Datenschutz" ist ein Produkt der simply Legal GmbH, Burkarderstr. 36, D-97082 Würzburg. All rights reserved 2025.

The current status of this privacy policy is April 23, 2025. From time to time, it is necessary to adjust the content of the privacy policy to respond to actual and legal changes. We therefore reserve the right to change this privacy policy at any time. We will publish the amended version in the same place and recommend that you read the privacy policy regularly.

Created with the kind support of Dieter makes data protection

"Dieter makes data protection" is a product of simply Legal GmbH, Burkarderstr. 36, D-97082 Würzburg. All rights reserved 2025.