Data protection is a high priority for Five7T management. If a data subject wishes to use special enterprise services via our website, processing of personal data may be necessary. We will generally obtain consent from the data subject without a statutory basis for such processing.
The processing of personal data, such as names, addresses, e-mail addresses, or telephone numbers, will always comply with the General Data Protection Regulation (GDPR) and applicable country-specific data protection regulations. This data protection declaration aims to inform the public of the nature, scope, and purpose of the personal data we collect, use, and process. Additionally, data subjects are informed of their rights.
As the controller, Five7T has implemented numerous technical and organisational measures to ensure the complete protection of personal data processed through this website. However, Internet-based data transmissions may have security gaps, so absolute protection cannot be guaranteed. Therefore, every data subject can transfer personal data to us via alternative means, such as by telephone.
1. Definitions
Our data protection declaration is based on the terms used by European legislators to adopt the GDPR. To ensure clarity, we will first explain the terminology used:
A) Personal Data
Information about an identifiable natural person (“data subject”). An identifiable person can be identified directly or indirectly by reference to identifiers such as name, identification number, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity.
B) Data Subject
Any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Any operation performed on personal data, whether automated or not, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.
D) Restriction Of Processing
Marking stored personal data to limit its future processing.
E) Profiling
Automated processing of personal data to evaluate certain personal aspects, mainly to analyse or predict aspects concerning a natural person’s performance, economic situation, health, preferences, interests, reliability, behaviour, location, or movements.
F) Pseudonymisation
Processing personal data so it cannot be attributed to a specific data subject without additional information, provided such additional information is kept separately. It is subject to technical and organisational measures to ensure that personal data is not attributed to an identifiable person.
G) Controller
The entity that determines the purposes and means of processing personal data, whether alone or jointly with others.
H) Processor
The entity that processes personal data on behalf of the controller.
I) Recipient
The entity to which personal data is disclosed, whether a third party or not. Public authorities receiving data in the framework of a particular inquiry by Union or Member State law are not considered recipients.
J) Third Party
Any entity other than the data subject, controller, processor, and persons authorised to process personal data under the direct authority of the controller or processor.
K) Consent
Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes signifies agreement to the processing of personal data relating to them.
2. Name and Address of the Controller
Controller for the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union, and other provisions related to data protection is:
Five 7T
3 Park Court, 40 Park Cross Street
Leeds, LS1 2QH
United Kingdom
T. 07774 774 254
E hello@five7t.com
Website: five7t.com
3. Name and Address of the Data Protection Officer
The Data Protection Officer of the controller is:
Waqar Sheikh
Five7T
3 Park Court, 40 Park Cross Street
Leeds, LS1 2QH
United Kingdom
T. 07774 774 254
Email: waqar@five7t.com
Website: Five7t.com
Any data subject may contact our Data Protection Officer directly with all questions and suggestions about data protection.
4. Cookies
Five7T’s internet pages use cookies and text files stored on a computer system via an internet browser.
Many websites and servers use cookies. Many cookies contain a unique identifier called a cookie ID. This ID consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other web browsers containing different cookies. A specific Internet browser can be identified using the unique cookie ID.
Through cookies, Five7T can provide this website’s users with more user-friendly services that would not be possible without the cookie setting.
Using a cookie, the information and offers on our website can be optimised with the user in mind. Cookies allow us to recognise our website users. The purpose of this recognition is to make it easier for users to utilise our website. For example, the website user who uses cookies does not have to enter access data each time the website is accessed because the website handles this, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop, which remembers the articles a customer has placed in the virtual shopping cart.
The data subject may, at any time, prevent the setting of cookies through our website by adjusting the settings of the internet browser used and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted anytime via an internet browser or other software. This is possible in all popular internet browsers. Not all website functions will be usable if the data subject deactivates the cookie settings in the internet browser.
5. Collection of General Data and Information
The Five7T website collects general data and information when a data subject or automated system accesses the website. This general data and information are stored in the server log files. Collected data may include:
When using these general data and information, Five 7T does not draw any conclusions about the data subject. Instead, this information is needed to:
Therefore, Five7T analyses anonymously collected data and information statistically, aiming to increase our enterprise’s data protection and security and achieve optimal protection for the personal data we process. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.
6. Registration on Our Website
Data subjects can register on the controller’s website by providing personal data. The type of personal data transmitted to the controller is determined by the specific input form used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and its purposes. The controller may transfer data to one or more processors (e.g., a parcel service) that also use personal data for an internal purpose attributable to the controller.
When registering on the controller’s website, the IP address assigned by the internet service provider (ISP) and used by the data subject, along with the date and time of the registration, are also stored. This data storage is necessary to prevent misuse of our services and, if necessary, to enable the investigation of any offences committed. This data is not passed on to third parties unless required by law or if the transfer is needed for criminal prosecution.
The registration of the data subject, with the voluntary provision of personal data, is intended to enable the controller to offer the data subject content or services that can only be offered to registered users. Registered persons may modify or delete their data at any time.
7. Subscription to Our Newsletters
Users can subscribe to our enterprise’s newsletter via the website. The input form for this purpose determines the personal data transmitted when the newsletter is ordered.
Five7T regularly informs its customers and business partners through a newsletter about enterprise offers. The enterprise’s newsletter can only be received if the data subject has a valid email address and registers for the newsletter. Following the double opt-in procedure, a confirmation email will be sent to the email address registered by the data subject for the first time for newsletter shipping.
During the registration for the newsletter, we store the IP address of the computer system assigned by the ISP and used by the data subject at the time of registration, along with the date and time of registration. This data collection is necessary to understand any misuse of the email address later and thus serves the legal protection of the controller.
The personal data collected during the newsletter registration will only be used to send our newsletter. Subscribers to the newsletter may also be informed by email if necessary for the operation of the newsletter service or registration, such as in the case of changes to the newsletter offer or technical modifications.
There is no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter can be terminated at any time by the data subject. Consent to the storage of personal data for newsletter shipping can be revoked at any time.
8. Newsletter-Tracking
Five7T’s newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML to enable log file recording and analysis. This allows statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Five7T can see if and when a data subject opened an email and which links were clicked.
Personal data collected via tracking pixels in the newsletters are stored and analysed by the controller to optimise the newsletter’s shipping and tailor the content of future newsletters to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects can revoke the consent provided via the double opt-in procedure. Upon revocation, the controller will delete these personal data. Five7T automatically considers withdrawal from the newsletter receipt as a revocation.
9. Contact via the Website
The Five7T website contains information that enables quick electronic contact with our enterprise, including a general electronic mail address (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. These personal data, voluntarily transmitted by a data subject to the controller, are stored for processing or contacting the subject. There is no transfer of this personal data to third parties.
10. Subscription to Comments in the Blog on the Website
Third parties can subscribe to comments made in the Five7T blog. There is the option for a commenter to subscribe to follow-up comments on a specific blog post.
Suppose a data subject opts to subscribe to the comments. In that case, the controller will send an automatic confirmation email to verify the double opt-in procedure, ensuring that the owner of the specified email address decided in favour of this option. The option to subscribe to comments can be terminated at any time.
11. Routine Erasure and Blocking of Personal Data
The data controller shall process and store the subject’s data only for the period necessary to achieve the purpose of storage or as far as granted by the European legislator or other applicable laws and regulations.
If the purpose of the storage is not applicable, or if a storage period prescribed by the European legislator or another competent authority expires, the personal data is routinely blocked or erased by legal requirements.
12. Rights of the Data Subject
A) Right of Confirmation
Every data subject has the right to obtain confirmation from the controller on whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they may, at any time, contact our Data Protection Officer or another employee of the controller.
B) Right of Access
Every data subject has the right to obtain free information about their data stored at any time and a copy of this information from the controller. Furthermore, the European directives and regulations grant the data subject access to the following information:
Furthermore, the data subject has the right to know whether personal data are transferred to a third country or an international organisation and to be informed of the appropriate safeguards relating to the transfer.
C) Right to Rectification
Every data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning them without undue delay. Considering the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may contact our Data Protection Officer or another controller employee at any time.
D) Right to Erasure (Right to Be Forgotten)
Every data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have an obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
The data subject objects to the processing under Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing under Article 21(2) of the GDPR.
The personal data have been unlawfully processed.
The personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.
Personal data was collected about the offer of information society services referred to in Article 8(1) of the GDPR.
Suppose one of the reasons above applies, and a data subject wishes to request the erasure of personal data stored by Five7T. In that case, they may contact our Data Protection Officer or another controller employee anytime. The Data Protection Officer of Five7T or another employee shall promptly ensure that the erasure request is complied with immediately.
Where the controller has made personal data public and is obliged under Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required.
E) Right of Restriction of Processing
Every data subject has the right to obtain from the controller restriction of processing where one of the following applies:
Suppose one of the conditions mentioned above is met, and a data subject wishes to request the restriction of processing personal data stored by Five7T. In that case, they may contact our Data Protection Officer or another controller employee anytime. The Five7T Data Protection Officer or another employee will arrange the processing restriction.
F) Right to Data Portability
Every data subject has the right to receive the personal data concerning them, which they have provided to a controller in a structured, commonly used, and machine-readable format. They shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent under point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract under point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller.
Furthermore, in exercising their right to data portability under Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
To assert the right to data portability, the data subject may contact the Data Protection Officer designated by Five7T or another employee at any time.
G) Right to Object
Every data subject has the right to object, on grounds relating to their situation, at any time, to the processing of personal data concerning them, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
Five7T shall no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims.
If Five7T processes personal data for direct marketing purposes, the data subject shall have the right to object to processing personal data concerning them for such marketing. This applies to profiling to the extent that it relates to such direct marketing. If the data subject objects to Five7T processing for direct marketing purposes, Five7T will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to their situation, to object to Five7T’s processing of personal data concerning them for scientific or historical research purposes or statistical purposes under Article 89(1) of the GDPR unless the processing is necessary for the performance of a task carried out for reasons of public interest.
The data subject may contact Five7T’s Data Protection Officer or another employee to exercise the right to object. Additionally, the data subject is free to exercise their right to object by automated means using technical specifications in the context of information society services, notwithstanding Directive 2002/58/EC.
H) Automated Individual Decision-Making, Including Profiling
Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, Five7T shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate
I) Right to Withdraw Data Protection Consent
As granted by the European legislator, every data subject has the right to withdraw their consent to processing their data at any time.
If a data subject wishes to exercise the right to withdraw consent, they may directly contact our Data Protection Officer or another controller employee.
13. Data Protection for Applications and the Application Procedures
The data controller shall collect and process the applicants’ data to process the application procedure. The processing may also be carried out electronically, especially if an applicant submits application documents by email or via a web form on the website.
If the data controller concludes an employment contract with an applicant, the submitted data will be stored to process the employment relationship in compliance with legal requirements. If no employment contract is concluded, the application documents will be automatically erased two months after the notification of the refusal decision, provided there are no other legitimate interests of the controller opposed to the erasure.
A legitimate interest could be, for example, the burden of proof in a procedure under the General Equal Treatment Act (AGG).
14. Data Protection Provisions About the Application and Use of Facebook
The controller has Facebook-integrated components on this website. Facebook is a social network that allows users to communicate and interact online. The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If someone lives outside the United States or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time an individual page of this website, operated by the controller and into which a Facebook component (Facebook plug-ins) is integrated, is called up, the web browser on the information technology system of the data subject is automatically prompted to download the corresponding Facebook component. An overview of all the Facebook plug-ins can be accessed under Facebook Plugins. During this technical procedure, Facebook is informed of which specific sub-page of our website the data subject visited.
Suppose the data subject is logged in on Facebook. In that case, Facebook detects each call-up to our website by the data subject and identifies which sub-page was visited for the entire duration of their stay. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. Suppose the data subject clicks on one of the Facebook buttons integrated into our website, such as the “Like” button, or submits a comment. In that case, Facebook associates this information with the personal user account and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the data subject whenever they are logged in to Facebook during the call-up to our website, regardless of whether they click on the Facebook component or not. If this information transmission to Facebook is undesirable, the data subject can prevent it by logging off from their account before calling our website.
The data protection guideline published by Facebook, available at Facebook Privacy, provides information about collecting, processing, and using Facebook’s data. Additionally, it explains the settings options Facebook offers to protect the data subject’s privacy. Various configuration options are also available to eliminate a data transmission to Facebook, such as the Facebook blocker from the provider Webgraph, which can be obtained under Webgraph Facebook Blocker. The data subject can use these applications to eliminate data transmission to Facebook.
15. Data Protection Provisions About the Application and Use of Google AdSense
The controller has integrated Google AdSense on this website. Google AdSense is an online service that allows advertising on third-party sites. Google AdSense is based on an algorithm that selects advertisements displayed on third-party sites to match the content of the respective third-party sites. Google AdSense enables interest-based targeting of Internet users by generating individual user profiles.
Google’s AdSense component is operated by Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
Google’s AdSense component aims to integrate advertisements on our website. Google AdSense places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the cookie setting, Alphabet Inc. can analyse the use of our website.
Each call-up to an individual page of this website, which is operated by the controller and into which a Google AdSense component is integrated, results in the Internet browser on the information technology system of the data subject automatically submitting data through the Google AdSense component online advertising and the settlement of commissions to Alphabet Inc.
During this process, Alphabet Inc. gains knowledge of personal data, such as the IP address of the data subject, which serves Alphabet Inc. to understand the origin of visitors and clicks and subsequently create commission settlements.
The data subject can prevent cookies from being set on our website at any time by adjusting their web browser settings and thus permanently denying the setting of cookies. Such an adjustment to the Internet browser would also prevent Alphabet Inc. from setting a cookie on the data subject’s information technology system. Additionally, cookies already used by Alphabet Inc. can be deleted anytime via a web browser or other software.
Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic embedded in web pages to enable log file recording and analysis, which allows statistical analysis. Based on the embedded tracking pixels, Alphabet Inc. can determine when a data subject opened a website, and which links the data subject clicked. Tracking pixels serve, among other things, to analyse visitor traffic on a website.
Through Google AdSense, personal data and information, including the IP address necessary for collecting and accounting for displayed advertisements, are transmitted to Alphabet Inc. in the United States of America. These personal data are stored and processed in the United States of America. Alphabet Inc. may disclose the collected personal data through this technical procedure to third parties.
Google AdSense is further explained under the following link: Google AdSense.
16. Data Protection Provisions About the Application and Use of Google Analytics (with Anonymisation Function)
The controller has integrated the component of Google Analytics (with the anonymiser function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, among other things, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, and how often and for what duration a sub-page was viewed. Web analytics are mainly used to optimise a website and conduct a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The controller uses the application “_gat ” for web analytics through Google Analytics. _anonymizeIp.” This application abridges the IP address of the data subject’s Internet connection. It anonymises it when it accesses our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse traffic on our website. Google uses the collected data and information to evaluate our website’s use, provide online reports that show our website’s activities, and provide other services concerning the use of our website.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the cookie settings, Google can analyse the use of our website. With each call-up to an individual page of this website, which is operated by the controller and into which a Google Analytics component is integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for online advertising and the settlement of commissions to Google.
During this process, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, among other things, to understand the origin of visitors and clicks and subsequently create commission settlements.
The cookie stores personal information, such as the access time, the location from which the access was made, and the data subject’s frequency of visits to our website. With each visit to our Internet site, personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. Google stores these personal data in the United States of America. Google may pass the personal data collected through technical procedures to third parties.
The data subject can prevent cookies from being set on our website at any time by adjusting their web browser settings and thus permanently denying the setting of cookies. Such an adjustment to the Internet browser would also prevent Google Analytics from setting a cookie on the data subject’s information technology system. Additionally, cookies already used by Google Analytics can be deleted anytime via a web browser or other software programs.
Furthermore, the data subject can object to the collection of data generated by Google Analytics related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download and install a browser add-on under the link Google Analytics Opt-out.
17. Data Protection Provisions About the Application and Use of Google Remarketing
The controller has integrated Google Remarketing services on this website. Google Remarketing is a feature of Google AdWords that allows an enterprise to display advertising to Internet users who have previously visited the enterprise’s website. The integration of Google Remarketing enables the enterprise to create user-based advertising and show relevant advertisements to interested Internet users.
The operating company of the Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The purpose of Google Remarketing is to insert interest-relevant advertising. It allows us to display ads on the Google network or other websites based on individual needs and matched to the interests of Internet users.
Google Remarketing sets a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the cookie setting, Google enables recognition of visitors to our website if they call up consecutive web pages, which are also members of the Google advertising network. With each call-up to an Internet site on which Google Remarketing has integrated the service, the data subject’s web browser identifies automatically with Google.
During this technical procedure, Google receives personal information, such as the IP address or the surfing behaviour of the user, which Google uses, among other things, for the insertion of interest-relevant advertising.
The cookie stores personal information, such as the Internet pages visited by the data subject. Each time the data subject visits our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. Google stores these personal data in the United States of America.
The data subject may, as stated above, prevent the setting of cookies through our website at any time using a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser would also prevent Google from setting a cookie on the information technology system of the data subject.
In addition, the data subject can object to Google’s interest-based advertising. For this purpose, the data subject must call the link to Google Ads Settings and make the desired settings on each Internet browser.
Further information and Google’s data protection provisions may be retrieved under Google Privacy.
18. Data Protection Provisions About the Application and Use of Google+
The controller has integrated the Google+ button as a component on this website. Google+ is a social network that allows users to communicate and interact in a virtual space, share opinions and experiences or provide personal or business-related information.
The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
With each call-up to an individual page of this website, which is operated by the controller and on which a Google+ button has been integrated, the Internet browser on the information technology system of the data subject automatically downloads a display of the corresponding Google+ button of Google through the respective Google+ button component.
During this technical procedure, Google was made aware of the specific sub-page of our website visited by the data subject. More detailed information about Google+ is available under Google+.
Suppose the data subject is logged in to Google+ at the same time. In that case, Google recognises each call-up to our website by the data subject and for the entire duration of their stay on our Internet site, in which the data subject visited specific sub-pages of our Internet page. This information is collected through the Google+ button, and Google matches this with the respective Google+ account associated with the data subject.
Suppose the data subject clicks on the Google+ button integrated into our website and thus gives a Google+ 1 recommendation. In that case, Google assigns this information to the data subject’s personal Google+ user account and stores the personal data.
Google stores the Google+ 1 recommendation of the data subject, making it publicly available by the terms and conditions accepted by the data subject. Subsequently, a Google+ 1 recommendation given by the data subject on this website, together with other personal data, such as the Google+ account name used by the data subject and the stored photo, is stored and processed on other Google services, such as search engine results of the Google search engine, the Google account of the data subject or in different places, e.g. on Internet pages, or about advertisements.
Google can also link the visit to this website with other personal data stored on Google. Google further records this personal information to improve or optimise the various Google services.
Through the Google+ button, Google receives information that the data subject visited our website if the data subject is logged in to Google+ at the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Google+ button or not.
If the data subject does not wish to transmit personal data to Google, they can prevent such transmission by logging out of their Google+ account before calling our website.
Further information and Google’s data protection provisions may be retrieved under Google Privacy. More references from Google about the Google+ 1 button may be obtained under the Google+ Button Policy.
19. Data Protection Provisions About the Application and Use of Google AdWords
The controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads in Google search engine results and the Google advertising network.
Google AdWords allows an advertiser to pre-define specific keywords and then display an ad on Google’s search results when the user uses the search engine to retrieve a keyword-relevant search result. The ads in the Google Advertising Network are distributed on relevant web pages using an automatic algorithm, considering the previously defined keywords.
Google AdWords’ operating company is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
Google AdWords promotes our website by including relevant advertising on third-party websites and in Google search engine results and inserting third-party advertising on our website.
If a data subject reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the data subject through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject.
If the cookie has not expired, the conversion cookie is used to check whether specific sub-pages, e.g., the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, i.e., executed or cancelled a sale of goods.
Google uses the data and information collected through the conversion cookie to create visit statistics for our website. These visit statistics are used to determine the total number of users served through AdWords ads, ascertain the success or failure of each AdWords ad, and optimise our ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.
The conversion cookie stores personal information, such as the Internet pages visited by the data subject. Each time the data subject visits our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. Google stores these personal data in the United States of America. Google may pass the personal data collected through technical procedures to third parties.
The data subject may, at any time, prevent the setting of cookies by our website, as stated above, using a corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser would also prevent Google from placing a conversion cookie on the data subject’s information technology system. Additionally, a cookie set by Google AdWords may be deleted anytime via the Internet browser or other software programs.
The data subject may object to Google’s interest-based advertisements. Therefore, the data subject must access Google Ads Settings from each browser using the link and setting the desired settings.
Further information and Google’s applicable data protection provisions may be retrieved under Google Privacy.
20. Data Protection Provisions About the Application and Use of Instagram
The controller has integrated components of the Instagram service on this website. Instagram is an audiovisual platform that allows users to share photos and videos and disseminate such data on other social networks.
Instagram’s operating company is Instagram LLC, 1 Hacker Way, Building 14, First Floor, Menlo Park, CA, United States.
With each call-up to an individual page of this Internet site, which is operated by the controller and on which an Instagram component (Instagram button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Instagram component from Instagram. During this technical procedure, Instagram became aware of the specific sub-pages of our website that were visited.
21. Data Protection Provisions for Using Jetpack with WordPress
This website uses Jetpack, a WordPress plugin that enhances the features available to the site operator. Jetpack provides insights into site visitors, displays related posts, allows content sharing, and helps increase visitor numbers. It also includes security features that protect the site from brute-force attacks and optimises image loading times.
Automatic Inc. operates Jetpack at 132 Hawthorne Street, San Francisco, CA 94107, USA. The tracking technology is provided by Quantcast Inc., located at 201 Third Street, San Francisco, CA 94103, USA.
When Jetpack is used, a cookie is placed on the user’s device. Cookies are explained earlier in this document. Whenever a page with a Jetpack component is accessed, the user’s browser automatically sends data to Automatic for analysis.
This data helps create an overview of website visits and is used to analyse user behaviour to optimise the website. Without explicit consent, this data is not used to identify users. Quantcast also receives this data and uses it for similar purposes.
Users can prevent cookies from being set through their browser settings, which also stops Automatic/Quantcast from placing cookies on their devices. Existing cookies can be deleted through the browser or other software.
Users can also object to Jetpack’s data collection by opting out at https://www.quantcast.com/opt-out/, which sets an opt-out cookie. If cookies are deleted, the opt-out process must be repeated.
However, using an opt-out cookie might affect the usability of the website.
Automatic’s privacy policy is available at https://automattic.com/privacy/. Quantcast’s privacy policy can be found at https://www.quantcast.com/privacy/.
22. Data Protection Provisions for Using LinkedIn
This website includes components from LinkedIn Corporation, a social network for professional contacts. LinkedIn connects users with existing business contacts and helps them make new ones. Over 400 million people in more than 200 countries use LinkedIn, making it the largest platform for business networking.
LinkedIn Corporation operates LinkedIn at 2029 Sterlin Court, Mountain View, CA 94043, USA. For privacy matters outside the USA, LinkedIn Ireland handles issues, located at Wilton Plaza, Wilton Place, Dublin 2, Ireland.
When a page with a LinkedIn component is accessed, the browser downloads the LinkedIn component, which informs LinkedIn about the specific sub-page visited. If the user is logged into LinkedIn, the network records this visit and associates it with their LinkedIn account. If the user clicks a LinkedIn button on the site, this information is stored in the user’s LinkedIn account.
LinkedIn collects this data regardless of user interaction with LinkedIn buttons. To prevent data transmission to LinkedIn, users should log out of their LinkedIn account before visiting the website.
Users can manage email, SMS, and targeted ads settings at https://www.linkedin.com/psettings/guest-controls and deny cookies at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s privacy policy is available at https://www.linkedin.com/legal/privacy-policy.
23. Data Protection Provisions for Using Twitter
This website includes Twitter components, allowing users to share short messages, or “tweets,” with a broad audience. Tweets are visible to all, including non-Twitter users, and can be followed, shared, and linked to by other users.
Twitter, Inc. operates Twitter at 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
When a page with a Twitter component is accessed, the browser downloads the Twitter component, which informs Twitter about the specific sub-page visited. If the user is logged into Twitter, the network records this visit and associates it with their Twitter account. They click a Twitter button on the site and store this information in the user’s Twitter account.
Twitter collects this data regardless of user interaction with Twitter buttons. To prevent data transmission to Twitter, users should log out of their Twitter account before visiting the website.
Twitter’s privacy policy is available at https://twitter.com/privacy?lang=en.
24. Data Protection Provisions for Using YouTube
This website integrates YouTube components. YouTube is an online video platform that allows users to upload and share videos for free, enabling other users to watch, review, and comment. It hosts a wide range of content, including full movies, TV shows, music videos, trailers, and user-generated videos.
YouTube, LLC operates the platform at 901 Cherry Ave., San Bruno, CA 94066, USA. It is a subsidiary of Google Inc., headquartered at 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
When users access a page with a YouTube component, their browser automatically loads the corresponding YouTube content. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. During this process, YouTube and Google learn which specific sub-page of our site the user visited.
If the user is logged into YouTube, the platform recognises which subpage of our site the user visits. YouTube and Google collect this data and link it to the user’s YouTube account.
YouTube and Google receive information that the user visited our website if they are logged into YouTube when accessing our site, regardless of whether they interact with a YouTube video or not. To prevent this data transfer, users should log out of their YouTube account before visiting our website.
YouTube’s privacy policy, which details the collection, processing, and use of personal data by YouTube and Google, is available at https://www.google.com/intl/en/policies/privacy/.
25. Data Protection Provisions for Using DoubleClick
This website uses DoubleClick by Google components. DoubleClick is a Google trademark for online marketing solutions for advertising agencies and publishers.
Google Inc., located at 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, operates DoubleClick.
DoubleClick transmits data to its servers with each impression, click, or other activity, triggering a cookie request to the user’s browser. If accepted, a cookie is placed on the user’s device. Cookies help optimise and display relevant ads, create or improve ad campaign reports, and avoid displaying the same ad multiple times.
DoubleClick uses a cookie ID necessary for technical processes, such as displaying ads and tracking conversions (e.g., when a user purchases viewing a DoubleClick ad). DoubleClick cookies do not contain personal data but may include campaign IDs to track user interactions with campaigns.
When a page with a DoubleClick component is accessed, the browser sends data to Google for online advertising and commission billing. Google uses this data to calculate commissions and track user interactions with ads.
Users can prevent cookies from being set through their browser settings, stopping Google from placing cookies on their devices. They can also delete existing cookies through the browser or other software.
Further information on DoubleClick’s data protection provisions can be found at https://www.google.com/intl/en/policies/.
26. Data Protection Provisions for Using PayPal
This website integrates PayPal components. PayPal is an online payment service provider that processes payments through virtual accounts. Users can make and receive payments online and use credit cards without a PayPal account. PayPal also offers escrow and buyer protection services.
PayPal (Europe) S.à.r.l. & Cie. S.C.A., located at 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg, operates PayPal in Europe.
Users who select PayPal as a payment method during checkout automatically transfer their data to PayPal. By choosing PayPal, the user consents to transfer data necessary for payment processing.
Typically, this data includes the user’s name, address, email, IP address, phone number, and other information required for processing the payment. This data helps prevent fraud and process transactions. PayPal may share this data with credit agencies for identity and credit checks.
PayPal may also share personal data with affiliates, service providers, or subcontractors to fulfil contractual obligations or process data as needed.
Users can revoke their consent to PayPal’s data handling at any time. However, this revocation does not affect data necessary for contractual payment processing.
PayPal’s privacy policy is available at https://www.paypal.com/us/webapps/mpp/ua/privacy-fu
27. Legal Basis for Processing
The legal basis for processing operations for which we obtain consent for a specific purpose is Art. 6(1)(a) GDPR. When processing personal data is necessary to fulfil a contract to which the data subject is a party, such as supplying goods or providing services, the legal basis is Art. 6(1)(b) GDPR.
This also applies to pre-contractual measures, like inquiries about our products or services. If our company is legally required to process personal data, such as for tax obligations, the basis is Art. 6(1)(c) GDPR. In rare cases, processing may be necessary to protect the vital interests of the data subject or another person, such as if a visitor is injured and their information needs to be shared with medical personnel; in this case, the legal basis is Art. 6(1)(d) GDPR.
Lastly, processing may be based on Art. 6(1)(f) GDPR when necessary for the legitimate interests of our company or a third party, provided the rights and freedoms of the data subject do not override these interests. The European legislator has noted that legitimate interests may be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
28. Legitimate Interests Pursued by the Controller or a Third Party
When processing personal data under Art. 6(1)(f) GDPR, our legitimate interest is to conduct our business to benefit all employees and shareholders.
29. Period for Which Personal Data Will Be Stored
The storage duration of personal data is determined by the statutory retention period. Once this period expires, the data is routinely deleted unless it is still required for contract fulfilment or initiation.
30. Provision of Personal Data as Statutory or Contractual Requirement; Requirement Necessary to Enter into a Contract; Obligation of the Data Subject to Provide the Personal Data; Consequences of Failure to Provide Such Data
Providing personal data may be legally required (e.g., tax laws) or result from contractual obligations (e.g., information on the contractual partner). Sometimes, the data subject must provide personal data for contract conclusion. For example, a contract cannot be signed if the data subject does not provide the required personal data. Before providing personal data, the data subject should contact our Data Protection Officer. The Data Protection Officer will explain whether giving personal data is a legal or contractual requirement, if there is an obligation to provide it, and the consequences of not providing it.
31. Existence of Automated Decision-Making
Five7T has generated this privacy policy for data protection purposes.