Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to simply as „data“) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and in particular on our websites, mobile platforms, and within external online presences such as our social media profiles (collectively referred to as the „online offering“).

The terms used are not gender-specific.

Status: October 31, 2024

Table of Contents

• Introduction
• Controller
• Overview of Data Processing
• Data Protection Officer Contact
• Legal Bases for Processing
• Security Measures
• Transmission and Disclosure of Personal Data
• Data Processing in Third Countries
• Use of Cookies
• Commercial and Business Services
• Payment Service Providers
• Credit Checks
• Provision of the Online Offering and Web Hosting
• Contact
• Newsletters and Electronic Notifications
• Web Analysis, Monitoring, and Optimization
• Online Marketing
• Presence in Social Networks (Social Media)
• Plugins and Embedded Content
• Data Deletion
• Changes and Updates to the Privacy Policy
• Rights of Data Subjects
• Definitions of Terms

Controller

Uwe-Josef Walden / UJW Consulting SRL
Strada Erou Bumbea Nr. 4, 555500 Dumbraveni
Email: info@uwevomwoid.de

Overview of Data Processing

The following overview summarizes the types of data processed, the purposes of processing, and the categories of data subjects.

Types of Data Processed

• Master data (e.g., names, addresses)
• Content data (e.g., entries in online forms)
• Contact data (e.g., email, phone numbers)
• Meta/communication data (e.g., device info, IP addresses)
• Usage data (e.g., visited websites, interest in content, access times)
• Location data (e.g., geographic data of a device or person)
• Contract data (e.g., subject matter, duration, customer categories)
• Payment data (e.g., bank details, invoices, payment history)

Categories of Data Subjects

• Business and contractual partners
• Prospective customers
• Communication partners
• Customers
• Users (e.g., website visitors, users of online services)

Purposes of Processing

• Credit assessment
• Provision and optimization of our online offering
• Visitor behavior analysis
• Office and organizational procedures
• Cross-device tracking for marketing purposes
• Direct marketing (e.g., via email or post)
• Interest- and behavior-based marketing
• Contact requests and communication
• Conversion measurement (marketing effectiveness)
• Profiling (user profiles)
• Remarketing
• Reach measurement (e.g., access statistics, repeat visitors)
• Security measures
• Tracking (e.g., interest/behavior-based profiling, cookies)
• Fulfillment of contracts and customer service
• Management and response to inquiries
• Audience targeting for marketing or content delivery

Automated Individual Decision-Making

• Credit checks (based on scoring)Legal Bases for ProcessingBelow we inform you about the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If specific legal bases apply in individual cases, we will inform you about them in this Privacy Policy.
  
  • Consent (Art. 6(1)(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

  ---

  Security MeasuresWe take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons.These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transmission, availability, and separation of data. We also have procedures in place to ensure data subject rights, data deletion, and responses to data compromise. Furthermore, we consider the protection of personal data during the development or selection of hardware, software, and processes, according to the principle of data protection by design and by default.SSL Encryption (https): To protect your data transmitted via our online services, we use SSL encryption. You can recognize such encrypted connections by the prefix „https://“ in the address bar of your browser.

  ---

  Transfer and Disclosure of Personal DataIn the course of processing personal data, we may transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients may include, for example, payment service providers, IT service providers, or providers of content and services integrated into a website. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements with recipients to protect your data.

  ---

  Data Processing in Third CountriesIf we process data in a third country (i.e., outside the EU or EEA), or if this occurs through the use of third-party services or disclosure or transfer of data to other persons or entities, it will only take place in accordance with legal requirements.Subject to explicit consent or legally required transmission, we only process data in third countries with an adequate level of data protection, based on standard contractual clauses of the EU Commission, certifications, or binding corporate rules (Art. 44–49 GDPR; see the EU Commission’s info page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).As part of the „Data Privacy Framework“ (DPF), the EU Commission has recognized the level of data protection for certain US companies as adequate (as of 10 July 2023). You can find the list of certified companies and further information on the DPF on the US Department of Commerce website: https://www.dataprivacyframework.gov/. We inform you in our privacy notice about which service providers we use are certified under the DPF.Credit CheckIf we advance payment or take on comparable financial risks (e.g., when placing an order on account), we reserve the right to obtain an identity and credit report in order to assess credit risk using mathematical-statistical procedures from specialized service providers (credit agencies).The information received from the credit agencies regarding the statistical probability of payment default is processed as part of a reasonable discretionary decision on the establishment, implementation, and termination of the contractual relationship. We reserve the right, in case of a negative result from the credit check, to refuse payment on account or any other advance payment.The decision as to whether we proceed with advance payment is made solely on the basis of an automated decision in an individual case, which is made by our software based on the information from the credit agency.If we obtain explicit consent from contracting parties, the legal basis for the credit report and the transmission of customer data to the credit agencies is consent. If no consent is obtained, the credit report is based on our legitimate interest in ensuring the security of our receivables.Processed Data Types:

  • Inventory data (e.g., names, addresses)
  • Payment data (e.g., bank details, invoices, payment history)
  • Contact data (e.g., email, phone numbers)
  • Contract data (e.g., subject of the contract, duration, customer category)

  Affected Persons:

  • Customers, prospects

  Purposes of Processing:

  • Assessment of creditworthiness and creditworthiness

  Legal Bases:

  • Consent (Art. 6 Para. 1 Sentence 1 lit. a. GDPR)
  • Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f. GDPR)

  Automated Decisions in Individual Cases:

  • Credit check (decision based on credit check)Web Analysis, Monitoring, and OptimizationWeb analysis (also referred to as „reach measurement“) serves the evaluation of visitor flows on our online offerings and can include behaviors, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify when our online offering or its functions or content are most frequently used or invite reuse. We can also determine which areas need optimization.In addition to web analysis, we can also use testing procedures, for example, to test and optimize different versions of our online offerings or their components.For these purposes, so-called user profiles can be created and stored in a file (so-called „cookie“) or similar procedures with the same goal can be used. This may include information such as viewed content, visited websites, and elements used on them, as well as technical details like the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data, depending on the provider, this can also be processed.User IP addresses are also collected. However, we use an IP masking process (i.e., pseudonymization by truncating the IP address) to protect users. In general, no personal data of users (e.g., email addresses or names) is stored in connection with web analysis, A/B testing, and optimization, only pseudonyms. This means that both we and the providers of the software used do not know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.Legal Basis Notes: If we ask users for their consent to use third-party services, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.Processed Data Types: Usage data (e.g., visited websites, interest in content, access times), Meta/communication data (e.g., device information, IP addresses).Affected Individuals: Users (e.g., website visitors, users of online services).Purposes of Processing: Reach measurement (e.g., access statistics, detection of recurring visitors), tracking (e.g., interest-/behavior-based profiling, use of cookies), visit action evaluation, profiling (creating user profiles).Security Measures: IP masking (pseudonymization of the IP address).Legal Basis: Consent (Art. 6 (1) sentence 1 lit. a DSGVO), Legitimate interests (Art. 6 (1) sentence 1 lit. f DSGVO).Used Services and Service Providers:
    
    • etracker: Web analysis / reach measurement; Service provider: etracker GmbH, Erste Brunnenstraße 1 20459 Hamburg, Germany; Website: etracker.com; Privacy policy: etracker Privacy; Data processing agreement: etracker Agreement.
    • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This ID number does not contain unique data such as names or email addresses. It is used to assign analysis information to a device to recognize which content users have accessed during one or multiple sessions, which search terms they have used, and interacted with our online offering. The time of use, duration, sources that referred users to our online offering, and technical aspects of their devices and browsers are also recorded. Cookies may be used to create pseudonymous user profiles with information from the use of various devices. Google Analytics does not log or store individual IP addresses for EU users. However, it provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, and subcontinent. For EU traffic, the IP address data is only used to derive geolocation data before being immediately deleted. The data is not logged, is not accessible, and is not used for other purposes. The IP address data is processed on EU-based servers before being forwarded for further processing. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) sentence 1 lit. a DSGVO); Website: Google Analytics; Privacy policy: Google Privacy; Data processing agreement: Google Data Agreement; Basis for third-country transfers: Data Privacy Framework (DPF).Presences in Social Networks (Social Media)
      We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.We point out that user data may be processed outside the European Union. This may pose risks to users, such as making the enforcement of user rights more difficult.Furthermore, user data is generally processed within social networks for market research and advertising purposes. For instance, usage profiles may be created based on user behavior and resulting interests. These profiles may then be used to display advertisements within and outside the networks that are likely aligned with users‘ interests. For these purposes, cookies are generally stored on users‘ devices, which save their usage behavior and interests. In addition, data can be stored in usage profiles independent of the devices used by users (especially if the users are members of the respective platforms and are logged into them).For a detailed description of the respective processing methods and opt-out possibilities, we refer to the privacy policies and information of the operators of the respective networks.In case of inquiries or the assertion of data subject rights, we point out that these can most effectively be asserted with the providers. Only the providers have access to user data and can directly take corresponding actions and provide information. If you still need assistance, you can contact us.Processed Data Types:
      Personal data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., input in online forms), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).Affected Individuals:
      Users (e.g., website visitors, users of online services).Purposes of Processing:
      Contact inquiries and communication, tracking (e.g., interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g., access statistics, recognition of returning visitors).Legal Grounds:
      Legitimate interests (Art. 6(1) Sentence 1 lit. f. GDPR).Services and Service Providers Used:Instagram:
      Social network, allows sharing of photos and videos, commenting and favoriting posts, sending messages, subscribing to profiles and pages.
      Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
      Legal Grounds: Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR).
      Website: https://www.instagram.com
      Privacy Policy: https://privacycenter.instagram.com/policy/
      Basis for Transfers to Third Countries: Data Privacy Framework (DPF).Facebook Pages:
      Profiles within the Facebook social network – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called „Fanpage“).
      Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
      Legal Grounds: Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR).
      Website: https://www.facebook.com
      Privacy Policy: https://www.facebook.com/privacy/policy/
      Basis for Transfers to Third Countries: Data Privacy Framework (DPF).LinkedIn:
      Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for collecting (but not further processing) data from visitors to create „Page Insights“ (statistics) for our LinkedIn profiles.
      Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
      Legal Grounds: Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR).
      Website: https://www.linkedin.com
      Privacy Policy: https://www.linkedin.com/legal/privacy-policy
      Basis for Transfers to Third Countries: Data Privacy Framework (DPF).Pinterest:
      Social network.
      Service Provider: Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA.
      Website: https://www.pinterest.com
      Privacy Policy: https://about.pinterest.com/de/privacy-policy.TikTok:
      Social network / Video platform.
      Service Provider: Musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA.
      Website: https://www.tiktok.com
      Privacy Policy: https://www.tiktok.com/de/privacy-policy.X (formerly Twitter):
      Social network.
      Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
      Legal Grounds: Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR).
      Website: https://x.com
      Privacy Policy: https://x.com/de/privacy.YouTube:
      Social network and video platform.
      Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
      Privacy Policy: https://policies.google.com/privacy.
      Opt-Out: https://adssettings.google.com/authenticated.Xing:
      Social network.
      Service Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
      Website: https://www.xing.de
      Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.Data Deletion
      The data we process will be deleted in accordance with legal requirements as soon as the consents for processing, granted by the data subject, are revoked, or other permissions cease to apply (e.g., when the purpose of processing these data no longer exists or they are not necessary for that purpose).If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. That means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or if its retention is necessary for asserting, exercising, or defending legal claims or to protect the rights of another natural or legal person.Further information regarding the deletion of personal data may also be provided in the respective privacy notices of this Privacy Policy.Amendment and Update of the Privacy Policy
      We ask that you regularly review the contents of our Privacy Policy. We will adjust the Privacy Policy as soon as changes to the data processing we carry out make this necessary. We will inform you when such changes require your action (e.g., consent) or other individual notification.Please note that if we provide addresses and contact details of companies and organizations in this Privacy Policy, these may change over time, so we request that you verify the information before making contact.Rights of Data Subjects
      As a data subject, you have various rights under the GDPR, which are particularly detailed in Articles 15 to 21 of the GDPR:
      
      • Right to Object: You have the right to object to the processing of personal data concerning you, based on Article 6(1)(e) or (f) of the GDPR, at any time due to reasons arising from your particular situation; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object to the processing of personal data for such advertising purposes at any time; this applies also to profiling, insofar as it is related to such direct marketing.
      • Right of Withdrawal for Consents: You have the right to withdraw any consents you have given at any time.
      • Right to Access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about these data, along with a copy of them, in accordance with the legal requirements.
      • Right to Rectification: You have the right to request the completion of your personal data or the correction of any inaccurate personal data concerning you, in accordance with the legal requirements.
      • Right to Deletion and Restriction of Processing: You have the right to request the deletion of personal data concerning you without delay, or alternatively, to request the restriction of the processing of these data, in accordance with the legal requirements.
      • Right to Data Portability: You have the right to obtain the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with the legal requirements.
      • Right to Lodge a Complaint with a Supervisory Authority: You also have the right, under the legal requirements, to lodge a complaint with a supervisory authority, particularly in the member state of your usual residence, place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

      Definition of Terms
      This section provides an overview of the terms used in this Privacy Policy. Many of these terms are derived from the law, particularly Article 4 of the GDPR. The legal definitions are binding, and the following explanations serve primarily to assist with understanding. The terms are listed alphabetically.

      • Visit Action Analysis: „Visit action analysis“ (also known as „conversion tracking“) refers to a method used to determine the effectiveness of marketing measures. Typically, a cookie is stored on the users‘ devices on the websites where marketing activities occur, which is then retrieved again on the target website. For instance, this allows us to track whether advertisements placed on other websites were successful.
      • Credit Check: Automated decisions are based on automatic data processing without human intervention (e.g., in the case of an automatic rejection of a purchase on account, an online loan application, or an online job application process without any human involvement). Such automated decisions are only permitted under Article 22 of the GDPR if the data subject consents, if they are necessary for the performance of a contract, or if national laws permit these decisions.
      • Cross-Device Tracking: Cross-device tracking is a form of tracking where users‘ behavioral and interest information is collected across devices into profiles by assigning an online identifier. This allows the information to be analyzed for marketing purposes regardless of the devices used (e.g., mobile phones or desktop computers). The online identifier is not typically linked to personal data such as names, addresses, or email addresses.
      • IP Masking: IP masking is a method where the last octet (i.e., the last two numbers) of an IP address is deleted to prevent it from being used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing operations, especially in online marketing.
      • Interest-Based and Behavioral Marketing: Interest-based and/or behavioral marketing refers to the practice of predicting potential interests of users for advertisements and other content. This is done based on their previous behavior (e.g., visiting certain websites, browsing behavior, or interacting with other users) and stored in a profile. Cookies are typically used for this purpose.
      • Conversion Measurement: Conversion measurement is a method used to evaluate the effectiveness of marketing activities. A cookie is typically stored on users‘ devices on websites hosting marketing activities, which is then retrieved again on the target website. For example, this allows us to determine whether the ads we placed on other websites were successful.
      • Personal Data: „Personal data“ refers to all information relating to an identified or identifiable natural person (the „data subject“). A natural person is considered identifiable if they can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., cookie), or one or more specific factors that are expressions of the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
      • Profiling: „Profiling“ refers to any automated processing of personal data that involves the use of personal data to evaluate certain personal aspects of a natural person, particularly to analyze or predict aspects such as age, gender, location, behavior on websites, shopping habits, or social interactions. Cookies and web beacons are often used for profiling.