II. What is personal data?

The term “personal data” is used to refer to all information concerning an identified or identifiable natural person. This includes your name, address, phone number, and the data used to access your customer account. Personal data also includes the IP address of the connection you use to navigate through our pages, as well as all associated data concerning your surfing habits. Non-personal data is all other information (e.g. today’s date).

III. Your rights

We would firstly like to inform you about your rights as a data subject.

1. You can exercise the following rights against IT-HAUS with regard to your personal data:

• Right of access;
• Right to rectification or erasure;
• Right to the restriction of processing;
• Right to object to data processing;
• Right to data portability.

Here is a more detailed overview of your rights:

You may ask us to confirm whether your personal data is being processed at any time; this being the case, you have the right to access the personal data stored on you. You may exercise this right by contacting Sarah Müller via email at datenschutz@it-haus.com.

If the legal requirements are met, you may also OBJECT to data processing: If we are processing your personal data on the basis of our legitimate interest, you may formally object to this processing. This will particularly be the case if processing is not required for the execution of a contract with you, as indicated with the description of each feature below. When exercising your right to object, we kindly ask you to state the reasons why we should no longer process your personal data. If your objection is justified, we will examine the situation and either stop/adjust our data processing or indicate the essential and legitimate reasons for the continuation of our processing.

Needless to say, you may object to the processing of your personal data for the purposes of marketing and data analysis at any time. Please use the following contact details to inform us of your objection:

IT-HAUS GmbH
Europa-Allee 26/28, 54343 Föhren (DE)
Tel.: +49 6502 9208-0, Fax: +49 6502 9208-850
Email: info@it-haus.com

If you have given your consent to data processing, you may withdraw this at any time. Once you have withdrawn your consent, we will no longer be permitted to process your personal data.

You also have the right to rectify any incorrect information, restrict data processing and request the deletion of your personal data following its collection and processing. Under the conditions laid down in Art. 20 GDPR, you also have the right to data portability, i.e. to receive your personal data in a structured, machine-readable and common format, and to transmit this data to another controller without being impeded by us.

If you would like to exercise your data protection rights, please refer to the contact details in our Legal Notice or send an email to Sarah Müller at datenschutz@it-haus.com.

2. If you have any further questions, suggestions or complaints about our data protection information and the processing of your personal data, you can contact Sarah Müller directly at datenschutz@it-haus.com.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a (data protection) supervisory authority – particularly in the Member State of your habitual residence, place of work or place of the alleged infringement – if you believe the processing of your personal data infringes German or European data protection law. The supervisory authority for Rhineland-Palatinate is: The State Commissioner for Data Protection and Freedom of Information in Rhineland-Palatinate; Postal Address: Postfach 30 40, D-55020 Mainz; Visiting Address: Hintere Bleiche 34, D-55116 Mainz, Tel.: +49 6131 208-2449; Fax: +49 6131 208-2497; Email: poststelle(at)datenschutz.rlp.de.

IV. What else applies to business activities with us?

The aim of the following information is to advise our customers, business partners, suppliers, prospective customers and their assigned contacts as to how we process personal data.

1. We particularly process personal data:

a) to perform pre-contractual measures and/or contracts, including any warranties, guarantees and returns (legal basis: point (b) of Art. 6 (1) GDPR);

b) to fulfil our statutory obligations (legal basis: point (c) of Art. 6 (1) GDPR); and

c) to pursue our legitimate interest in the protection of our assets, the prevention of defaulted payments, the exercise and defence of our rights and, in the case of the personal data of contacts at companies, the identification of – and communication with – our current and prospective customers, suppliers and other business partners for the execution or initiation of business relations (legal basis: points (b) and (f) of Art. 6 (1) GDPR).

A pre-contractual relationship may arise, for example, if a prospective customer contacts us to request information about our company or services; we will then process that person’s data to process the request.

If you get in touch with us, we will save and, if necessary, store any information you provide (e.g. your email address, first name, surname, company and address) to respond to your enquiry. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR.

2. We obtain the personal data of assigned contacts (name and contact details, e.g. email address) for the above purposes from the company itself, the company’s website or the respective contact.

3. If you open an account on our online store under “Log-in/Register” (https://auth.it-haus.com/account/registration), the data you provide will be saved. Mandatory fields are marked as such; all other information is optional. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR. You cannot open a customer account without providing your complete and correct basic information, as we will require this data to process your order(s). Information marked as optional does not have to be provided.

4. You must provide your personal data to successfully place an order on our online store. Information required to process orders is marked as mandatory; further information is optional. We will use the data provided to process your order. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR.

5. We will collect and process the data required for the aforementioned purposes. You cannot place an order with us without providing this data (marked as mandatory fields on the online store). You do not have to fill out data fields marked as optional on the online store. Similarly, you cannot return goods or assert any warranty claims without providing the necessary information.

6.We may also process your personal data to tell you about other interesting products in our portfolio or to send you emails with technical information (e.g. regarding product recalls for your hardware and current IT security risks). We particularly reserve the right to store the following data in summarised lists and use it to create advertising for other similar goods and services (e.g. to send interesting deals and information in the post): your first name, surname, postal address and – provided we have received these additional details within the scope of the contractual relationship – your date of birth, department and cost centre, your trade name and VAT ID Number. The legal basis for this is point (f) of Art. 6 (1) GDPR or, if you explicitly consent to data processing, point (a) of Art. 6 (1) GDPR. You may object to the storage and usage of your data for these purposes or withdraw your consent at any time by getting in touch with us as indicated above. More information on our newsletter subscription: see below.

7. We offer purchase on account as a payment method and cover ourselves by running a credit check on every new customer (creditworthiness data) through Creditsafe Deutschland GmbH (Schreiberhauer Straße 30, D-10317 Berlin) or Creditreform Trier Eberhard KG (Ostallee 3, D-54290 Trier). Goods cannot be purchased on account without this form of data processing.

8. Personal data will be sent to our internal departments if required to properly perform our tasks. We sometimes use external service providers to process personal data. These have been carefully selected and commissioned by us; they are obliged to follow our instructions and are regularly audited. We generally insure receivables from customers worth at least 25,000.00 EUR – and, in some case, amounts under this threshold (receivables from abroad) – through the Euler Hermes SA branch (Friedensallee 254, D–22763 Hamburg) of Euler Hermes Deutschland. In order to perform a contract, we may disclose personal data to our bank, payment service providers and/or the shipping company commissioned to deliver goods, provided this is necessary for the delivery of the ordered goods. Moreover, we may disclose personal data to third parties if we perform a contract, hold events or offer similar services alongside business partners. We may also disclose personal data to our legal representatives or competent courts and authorities (e.g. in the case of a dispute).

9. It may be necessary to transfer data to third countries (outside the European Union and/or European Economic Area) in individual cases, e.g. to perform our contractual obligations. We will indicate this separately in each offer. We will comply with Art. 44 et seq. GDPR at all times.

10. We do not carry out automated decision-making (incl. profiling).

11. Your personal data (e.g. address, payment and order details) will be deleted as soon as it is no longer required for your enquiry or the performance of a contract, or as soon as a contract is rescinded and the statutory retention periods have lapsed (e.g. up to 10 years in accordance with the German Commercial Code and/or Fiscal Code). Your personal credit report data (e.g. name, address, date of birth and the credit check issued by the credit agency) will be stored for a period of one year. One of the purposes of this is to ensure that no further credit checks have to be performed if more goods are purchased on account in the future. We may also retain your personal data if you have given us your consent, or if there are legal disputes and we use this as evidence within statutory limitation periods of up to thirty years; the standard limitation period is three years.

12. SSL encryption is always used during orders placed on our online store, in order to prevent your personal data (especially your financial information) from being accessed by unauthorised third parties.

V. What else applies to events and webinars hosted by IT-HAUS?

The aim of the following information is to advise our customers, business partners, suppliers, prospective customers and/or their assigned contacts as to how we process personal data for events and webinars hosted by IT-HAUS GmbH.

1. Needless to say, any data submitted during the registration process for one of our events / webinars will be processed in accordance with the GDPR and BDSG.

2. Our website uses the “Newsletter” plug-in for WordPress to allow users to register for our events and webinars. If you register to attend one of our events / webinars, we will save the information you provide and your IP address and, as evidence, the time of your registration and opt-in. Required fields are marked as such in the registration form (usually your first name, last name, company and email address); all other information is strictly optional and does not have to be provided.

We will process your personal data:

(a) to perform a contract or pre-contractual measures on the basis of point (b) of Art. 6 (1) GDPR (establishment, structuring or modification of a legal relationship);

b) to fulfil our statutory obligations on the basis of point (c) of Art. 6 (1) GDPR; and

c) to pursue our legitimate interest in the identification of – and communication with – our current and prospective customers, suppliers and other business partners for the execution or initiation of business relations on the basis of points (b) and (f) of Art. 6 (1) GDPR.

You cannot register without fully and correctly providing the required information, as we will require this data to properly hold the event / webinar. Information marked as optional does not have to be provided.

More information on data protection and the WordPress plug-in can be found at:

https://www.thenewsletterplugin.com/documentation/gdpr-compliancy and
https://www.thenewsletterplugin.com/gdpr-and-data-processing-agreement.

3. If you get in touch with us via email, we will save the information you provide (e.g. your email address, first name, surname, company and address) to respond to your enquiry. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR.

4. If you get in touch with us via our call-back form (“Any Questions?”) on the event page, we will save the information you provide (your phone number is required; all other information is optional), in order to respond to your enquiry. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR.

5. We may also process your personal data to inform you about other interesting products and events / webinars in our portfolio or to send you emails with technical information. We particularly reserve the right to store your first name, last name and company name in summarised lists and to use this information to create advertising for other similar goods and services (e.g. to send interesting deals and information in the post. The legal basis for this is point (f) of Art. 6 (1) GDPR or, if you explicitly consent to data processing, point (a) of Art. 6 (1) GDPR. You may object to the storage and usage of your data for these purposes or withdraw your consent at any time by getting in touch with us as indicated above. You can find more information in Section III (“Your Rights”).

6. Personal data will be sent to our internal departments if required to properly perform our tasks. The data will not be passed on to third parties, with the exception of any necessary disclosures to

• our service providers who are bound by our instructions;
• our external teachers;
• hotel operators (if we book a room for you);
• transport companies, e.g. Deutsche Bahn (if we book your outward and return journey);
• the external cooperation partner for our event / webinar (without whom the event / webinar would not be possible); and
• our legal representatives and competent courts and authorities, especially to exercise our legal claims and defend our interests in legal disputes (legal basis: points (b) and (f) of Art. 6 (1) GDPR).

7. We might have to transfer data to third countries (outside the European Union and/or European Economic Area) if this is necessary in individual cases, such as to hold the respective event or webinar, especially if our cooperation partners are based there. You can find this information in the overview of our cooperation partners on the registration page for each event / webinar. We will comply with Art. 44 et seq. GDPR at all times. For example, we will make sure that our partners in the USA are subject to the EU-US Privacy Shield.

8. Needless to say, we will also observe the legally prescribed deletion deadlines. Your personal data will usually be deleted as soon as it is no longer required for your enquiry or the execution of the event or webinar and as soon as the statutory retention periods have lapsed (e.g. up to 10 years in accordance with the German Commercial Code and/or Fiscal Code). We may also retain your personal data if you have given us your consent, or if there are legal disputes and we use this as evidence within statutory limitation periods of up to thirty years; the standard limitation period is three years.

9. We do not carry out automated decision-making (incl. profiling).

10. SSL encryption is always used during the registration process to prevent your personal data from being accessed by unauthorised third parties.

VI. What else applies when visiting our website?

1. Information on the processing of personal data 

(1) We would like to inform you below about the processing of personal data during the use of our website.

You can use our website without sharing any personal data. Different regulations may apply to the use of individual services on our website, and these will be discussed separately. We will also indicate the specified storage period criteria.

(2) If you get in touch with us via a contact form on our website, we will save the information you provide (your email address and, if applicable, your first name, surname, company and address), in order to respond to your enquiry. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR. We will delete any data obtained in this manner as soon as its storage is no longer necessary, or we will restrict processing if such erasure is prevented by our statutory retention obligations.

(3) If our service providers or partners are based outside the European Economic Area (EEA), we will provide you with specific information regarding the consequences of this situation.

(4) We use SSL, one of the most secure encryption methods currently available, to protect your data from unauthorised access during transmissions via the Internet. Please note, however, that any data transmitted via the Internet may be subject to security gaps, and so complete protection against third-party access is impossible. Please choose an alternative communication channel to email when transmitting sensitive data.

2. The collection of personal data during visits to our website

(1) If you use our website for purely informational purposes (i.e. if you do not register or otherwise provide us with information), we will collect the personal data that your browser transmits to our server. If you would like to view our website, we will collect the data listed below; this is technically necessary to display our website and to guarantee stability and security (legal basis: point (f) of Art. 6 (1) GDPR):

• IP address;
• Date and time of the request;
• Time zone difference to Greenwich Mean Time (GMT);
• Contents of the request (specific page);
• Access status / HTTP status code;
• Volume of data transmitted;
• Website from which the request comes;
• Browser
• Operating system and its interface;
• Language and version of the browser software.

We will store this data for 14 days before it is automatically deleted.

(2) In addition to the data listed above, cookies will be saved on your computer when you use our website. Cookies are small text files that are matched to your browser and saved on your hard drive, allowing certain information to be obtained by the entity that places the cookie (us in this case). Cookies cannot run any programmes or transmit viruses to your computer.

(3) Use of cookies:

a) This website uses the following types of cookies, and their scope and functions are explained below:

• Temporary cookies (see “b”)
• Permanent cookies (see “c”).

b) Temporary cookies are automatically deleted when you close your browser. This particularly includes session cookies. These are used to store so-called “session IDs”, which allow various requests from your browser to be assigned to one session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

c) Permanent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can always delete cookies in your browser’s security settings.

d) We have a legitimate interest in the use of cookies designed to make our website generally safer, more user-friendly and efficient, such as by speeding up navigation on our platform. Cookies also enable us to measure the frequency of page views. Our legal basis for the use of such cookies is point (f) of Art. 6 (1) GDPR. Such cookies are described as “essential” in the cookie preferences in our cookie banner.

e) Our legal basis for the use of cookies to process personal data for analytical and marketing purposes / tracking (more on this below) is your consent, which we will explicitly request in accordance with point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. Our cookie banner lets you set your own preferences for the use of cookies on our website. When setting your preferences, please refer to the additional information in our cookie banner.

f) You can configure your browser settings as you like, e.g. to reject third-party cookies or all cookies. If you do so, however, please note that you may not be able to use all the features of this website.

3. Other functions and features of our website

(1) Our website can be used for more than just informational purposes; we also offer various services that may be of interest to you. We normally require further personal data to provide such services, and the aforementioned data processing principles apply. More information on our online store, events and webinars: see above.

(2) We sometimes use external service providers to process your data. These have been carefully selected and commissioned by us; they are obliged to follow our instructions and are regularly audited.

4. Newsletter

(1) You can give your consent to subscribe to our newsletter, which we will then use to keep you informed about any interesting offers we currently have. The advertised goods and services will be indicated in the declaration of consent.

(2) We use the so-called “double opt-in” process for subscriptions to our newsletter via our website. This means we will ask you to confirm that you would like to receive the newsletter by sending an email to the email address provided during your registration. If you do not confirm your registration, your information will be deleted after one month. We will also store your IP address, as well as the time of your registration and confirmation. This process allows us to prove your registration and notify you if your personal data is ever misused.

(3) Your email address is the only piece of information we need to send you the newsletter. The provision of any other separately marked data is optional. Following your confirmation, we will save your email address to be able to send you the newsletter. The legal basis for this is point (a) of Art. 6 (1) GDPR.

(4) You may freely withdraw your consent to receiving the newsletter at any time by sending an email to info@it-haus.com, or by contacting us through the communication channels contained in our Legal Notice. You will also find a hyperlink at the bottom of every email, which you can use to conveniently unsubscribe from the newsletter.

(5) Please note that we will analyse your user behaviour when sending the newsletter. The legal basis for this is point (f) of Art. 6 (1) GDPR. In order to carry out this analysis, our emails contain so-called “web beacons” and “tracking pixels”, which are single-pixel image files stored on our website. We will link these web beacons and the data described in Section VI.2 with your email address and an individual ID. Links in newsletters also contain this ID. We will use this data to create a user profile and tailor our newsletter to your personal interests. We will establish your personal interests by recording when you read our newsletter and which links you click on. We will link this information with your actions on our website.

You can object to this tracking at any time by clicking on the separate link contained in every email, or by informing us through a different communication channel (see above). The information will be stored as long as you are subscribed to our newsletter. If you unsubscribe, we will store the data anonymously and purely for statistical purposes.

5. Google Analytics

(1) Google Analytics, a web analysis service provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”), is used on this website.

This website uses Google Analytics with the extension “anonymizelP()”. This means IP addresses are truncated before processing, making personal identification impossible. If you can be identified through the data collected on you, this will be immediately ruled out.

(2) Google Analytics uses so-called “cookies”; these are text files that are saved on your computer and allow us to analyse your use of the website. The information generated by cookies on your use of this website will generally be transferred to a Google server in the USA and stored there. As IP anonymisation is activated on this website, however, Google will firstly truncate your IP address before transferring data within Member Sates of the European Union or other Contracting States to the Agreement on the European Economic Area. Your IP address will only be transferred to a Google server and then truncated there in exceptional circumstances. The IP address transmitted by your browser via Google Analytics shall not be merged with other Google data. Google will use this information on behalf of the website operator to analyse your use of the website, to compile reports on website activities, and to provide us – as the website operator – with other services related to the use of this website and the Internet.

(3) If we explicitly request your consent to the processing of personal data, the legal basis will be point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly. If you do this, however, please note that you may not be able to fully use all the features of this website. You can also stop the data generated by the cookie on your use of this website (incl. your IP address) from being transferred to Google for processing by downloading and installing this browser add-on:

https://tools.google.com/dlpage/gaoptout?hl=de

Opt-out cookies stop your data from being collected during future visits to this website. In order to stop Google Analytics from collecting data across several devices, you will have to enable the opt-out cookie on all the systems you use. You can click here to place the opt-out cookie on this website:

Disable Google Analytics

Please note that you should not delete any opt-out cookies if you do not want your data to be collected. If you have deleted all cookies in your browser, you will have to re-save the opt-out cookie.

(4) Sessions and campaigns are closed after a certain period of time. Sessions tend to be closed after 30 minutes of inactivity and campaigns after six months. Campaigns can run for a maximum of two years.

(5) We use Google Analytics to analyse the use of our website and make regular improvements. The statistics we obtain allow us to improve our service and make it more interesting for our users.

Although personal data may be transferred to the USA, Google is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

(6) You can find more information on Google’s terms of use and data protection at the following links:

1. Terms of Use: https://www.google.com/analytics/terms/de.html,
2. Privacy Overview: https://www.google.com/intl/de/analytics/learn/privacy.html, and
3. Privacy Policy: http://www.google.de/intl/de/policies/privacy.

6. Google Optimize

(1) Our website uses Google Optimize, a web analysis and optimisation service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). We use this service to improve the attractiveness, contents and functionality of our website by displaying new functions and contents to a percentage of our users and statistically analysing any changes in use. Google Optimize is a service integrated within Google Analytics.

(2) Google Optimize uses cookies to optimise and analyse your use of our website. The information generated by these cookies on your use of our website will generally be transferred to a Google server in the USA and stored there. However, we use Google Optimize with IP anonymisation, so Google will truncate your IP address before transferring data within Member Sates of the European Union or other Contracting States to the Agreement on the European Economic Area. Your IP address will only be transferred to a Google server and then truncated there in exceptional circumstances. Google will use this information to analyse your use of our website, to compile reports on optimisation tests and related website activities, and to provide us with other services related to the use of this website and the Internet.

(3) If we explicitly request your consent to the processing of personal data, the legal basis will be point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly. If you do this, however, please note that you may not be able to fully use all the features of this website. You can also stop the data generated by the cookie on your use of this website (incl. your IP address) from being transferred to Google for processing by downloading and installing this browser add-on:

https://tools.google.com/dlpage/gaoptout?hl=de

Opt-out cookies stop your data from being collected during future visits to this website. In order to stop Google Analytics from collecting data across several devices, you will have to enable the opt-out cookie on all the systems you use. You can click here to place the opt-out cookie on this website:

Disable Google Analytics

Please note that you should not delete any opt-out cookies if you do not want your data to be collected. If you have deleted all cookies in your browser, you will have to re-save the opt-out cookie.

(4) Google Optimize is a service integrated within Google Analytics. More information on Google Analytics is provided in Section VI. 5.

(5) Although personal data may be transferred to the USA, Google is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

(6) Google provides more information via the following links:

1. Overview of Google Optimize: https://marketingplatform.google.com/intl/de/about/optimize/
2. Privacy Policy: http://www.google.de/intl/de/policies/privacy

7. Facebook Pixel, Facebook Custom Audiences and Facebook Conversion

(1) Our website uses Facebook Pixel, which is provided by the social network operated by Facebook Inc. (1 Hacker Way, Menlo Park, CA 94025, USA) or, if you are located in the EU, Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The Facebook pixel detects whether a visitor to our website also uses Facebook or Instagram; this particularly applies if you are logged in to your Facebook or Instagram account during your visit to our website. The pixel allows Facebook to categorise you as a visitor to our website and establish you as a target group for Facebook Ads. Accordingly, we use our Facebook pixel to make sure our Facebook Ads (see Section VII for more information on our Facebook and Instagram fan pages) are only displayed to Facebook / Instagram users who have actually shown an interest in our website or who have certain traits (e.g. an interest in certain topics or products, as determined by the websites visited), which we then send to Facebook (“Custom Audiences”; the specific customer data collected during processes like purchases, log-in and registration, such as the user’s email address, is recorded and transferred to Facebook). We use our Facebook pixel to ensure our ads are shown to potentially interested users and do not cause a nuisance. The Facebook pixel also allows us to check the effectiveness of our Facebook Ads for the purposes of market research and statistics, as we can see whether users have been redirected to our website after clicking on a Facebook Ad (“Conversion”).

(2) Our Facebook pixel will be triggered as soon as you do something on our website. Such actions include adding an item to your shopping cart or making a purchase. These actions (“events”) are detected by the pixel. The tracking itself is enabled by cookies (not by the Facebook pixel). If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. Facebook will process this data and, as far as we can tell, use it for its own market research and advertising purposes.

(3) Our legal basis for data processing via the Facebook pixel, “Custom Audiences” and the placement of “conversion cookies” is your consent, which we will explicitly request in accordance with point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly.

(4) Facebook is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

(5) Facebook will process your data in accordance with the Facebook / Instagram privacy policies. General and specific information about Facebook Ads – and details about the Facebook pixel and its functions – can be found on Facebook’s help page and at:

https://www.facebook.com/policy.php; more information on data collection:

https://www.facebook.com/help/instagram/155833707900388,

https://www.facebook.com/about/ads,

https://de-de.facebook.com/business/help/651294705016616,

https://de-de.facebook.com/business/help/341425252616329?id=2469097953376494

8. Use of LinkedIn Conversion Tracking

(1) Our website uses a LinkedIn Insight Tag for conversion tracking; this service is provided by LinkedIn Ireland Unlimited Company (Attn: Legal Dept., Wilton Plaza, Wilton Place, Dublin 2, Ireland; “LinkedIn”). The LinkedIn Insight Tag places a unique LinkedIn browser cookie (“conversion cookie”) on your browser to enable the collection of the following data: metadata like IP address, timestamp and page events (e.g. page views).

(2) The Insight Tag allows LinkedIn to categorise you as a visitor to our website and establish you as a target group for ads. Accordingly, we use the LinkedIn Insight Tag to make sure our LinkedIn Ads are only displayed to LinkedIn users who have actually shown an interest in our website or who have certain traits (e.g. an interest in certain topics or products, as determined by the websites visited), which we then send to LinkedIn (“Matched Audiences”). We use our LinkedIn Insight Tag to ensure our LinkedIn Ads are shown to potentially interested users and do not cause a nuisance. The LinkedIn Insight Tag also allows us to check the effectiveness of our LinkedIn Ads for the purposes of market research and statistics, as we can see whether users have been redirected to our website after clicking on a LinkedIn Ad (“Conversion”).

(3) If you visit certain pages on our website and the cookie has not yet expired, LinkedIn and we will be able to detect whether you have been redirected to our website after clicking on a LinkedIn Ad. The LinkedIn Insight Tag will also enable LinkedIn to collect data about your visit to our website, including your URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. This data is transferred to LinkedIn and encrypted, and IP addresses are truncated; the direct IDs of LinkedIn members are removed within seven days to pseudonymise the data. The remaining pseudonymised data is then deleted by LinkedIn within 90 days. LinkedIn does not share any personal data with us; it only provides summarised reports on our website target group and the performance of our ads; the information obtained by the conversion cookie is used to create conversion statistics. This allows us to determine the total number of users who have been redirected to a page containing our conversion tracking tag after clicking on one of our LinkedIn Ads. LinkedIn members can determine the use of their personal data for advertising purposes in their account settings.

(4) Our legal basis for processing is your consent, which we will explicitly request in accordance with point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You may withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly.

(5) You can find more detailed information on cookies and LinkedIn’s privacy policy at:

https://www.linkedin.com/legal/cookie-policy and

https://www.linkedin.com/legal/privacy-policy.

Conversion tracking:

https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking and https://www.linkedin.com/help/lms/answer/81849/linkedin-insight-tag-haufig-gestellte-fragen?lang=de

(6) Linkedln is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

9. DoubleClick by Google

(1) This website also uses the online marketing tool “DoubleClick by Google”. DoubleClick uses cookies to display ads that are relevant to users, to optimise campaign performance reports, and to prevent users from seeing the same ad more than once. Google uses a cookie ID to determine which adds have been placed in a particular browser, in order to stop these from being displayed multiple times. DoubleClick can also use cookie IDs to track so-called “conversions” in relation to ad requests. This is the case, for example, when a user sees a DoubleClick ad and subsequently uses the same browser to visit the advertiser’s website and purchase something there. According to Google, DoubleClick cookies do not contain any personal information.

(2) Due to the marketing tools used, your browser will automatically establish a direct connection to the Google server. We have no control over the scope and further use of the data collected by Google through this tool, and so we can only inform you to the best of our knowledge. By integrating DoubleClick, Google will be notified that you have accessed a specific part of our website or clicked on one of our ads. If you are a registered user of a service provided by Google, it will be able to match the visit to your account. Even if you are not registered and/or logged in to a Google account, the service provider may still be able to locate and save your IP address.

(3) There are several ways to prevent participation in this tracking process:

1. By changing your browser software settings – you can block third-party cookies to stop receiving third-party ads;
2. By disabling cookies for conversion tracking – you can configure your browser to block cookies from the domain “www.googleadservices.com” (https://www.google.com/settings/ads), but this setting will be deleted if you delete your cookies;
3. By disabling targeted ads from providers in the “About Ads” self-regulatory campaign – you can do this at http://www.aboutads.info/choices, but this setting will be deleted if you delete your cookies;
4. By permanently disabling ad personalisation in Firefox, Internet Explorer or Google Chrome at https://www.google.com/settings/ads/plugin. If you do this, however, please note that you may not be able to fully use all the features of this website;
5. By setting your preferences in our cookie banner.

(4) Our legal basis for data processing is your consent, which we will explicitly request in accordance with point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent.

(5) You can find more information on DoubleClick by Google at https://www.google.com/doubleclick, as well as Google’s general privacy policy at https://www.google.com/intl/de/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.

(6) Google is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

10. Use of Google Ads Conversion Tracking

(1) Our website uses Google Ads for the purpose of conversion tracking. Google Conversion Tracking is an analytical service provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). If your habitual place of residence is in the European Union, the European Economic Area or Switzerland, the controller responsible for your data is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Ireland Limited is therefore the company affiliated with Google that is responsible for the processing of your data and compliance with the applicable data protection legislation.

(2) If you click on a Google Ad, a cookie will be placed on your computer for conversion tracking. These cookies are only valid for a limited period; they do not contain any personal data and therefore cannot be used to identify you personally. If the cookie has been placed on your computer and is yet to expire, Google and we will be able to detect whether you have been redirected to our website after clicking on a Google Ad. Every Google Ads customer (advertiser) is given a unique Conversion ID. Therefore, there is no way for cookies to be tracked on the websites of other Google Ads customers. The information obtained by the conversion cookie is used to create conversion statistics. This allows us monitor and improve our advertising by determining the total number of users who have been redirected to a page containing our tracking tag after clicking on one of our Google Ads. We can also see whether users have bought something on our website or subscribed to our newsletter after clicking on our ad. However, we do not receive any information that might be used to personally identify users.

(3) Your data may be transferred to the USA. As Google is subject to the EU-US Privacy Shield, however, it is obliged to comply with the European data protection standards. More information on the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

(4) If we explicitly request your consent to the processing of personal data, the legal basis will be point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly.

(5) You can find more detailed information and Google’s privacy policy at https://www.google.de/policies/privacy/ and

https://ads.google.com/intl/de_de/home/ and

https://support.google.com/google-ads/answer/1722054?hl=de and

https://ads.google.com/intl/de_de/home/how-it-works/ and

https://support.google.com/google-ads/answer/6146252?utm_medium=et&utm_campaign=de&utm_source=ww-ww-et-b2bfooter_adwords

11. Microsoft Advertising

(1) Our website uses Microsoft Advertising technology (ads.microsoft.com), which is provided and operated by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”).

(2) If you have accessed our website via a Microsoft Ad, a cookie will be saved on your device. This lets us see that someone has been redirected to our website and has landed on a predetermined target page (“conversion site”) after clicking on an ad.

This allows us to determine the total amount of users who have clicked on a Microsoft Ad, the amount of time they have spent on our website, which areas of the website have been accessed, and which ad has redirected users to our website. Information concerning your identity will not be recorded. Microsoft uses these cookies to collect and process information, which is then used to create pseudonymised user profiles. Microsoft may also use cross-device tracking to monitor your user behaviour across several electronic devices and subsequently display personalised advertising on Microsoft websites and apps.

(3) This information is collected, transferred to Microsoft servers in the USA and generally stored there for 180 days at most.

(4) Using Microsoft Advertising enables us to track the activities of users on our website if they have accessed our site after clicking on a Microsoft Ad. Our legal basis for data processing is your consent, which we will explicitly request in accordance with point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner.

(5) If you do not want information on your behaviour to be used by Microsoft as described above, you can stop the necessary cookies from being placed on your computer by setting your preferences in our cookie banner or by configuring your browser to generally disable the automatic placement of cookies. You can also stop data on your use of this website from being collected by cookies and processed by Microsoft by disabling the analysis function via the following link: http://choice.microsoft.com/de-DE/opt-out. However, this may affect the functionality of the website.

(6) You can find more detailed information about these analytical services on the Microsoft Advertising website: https://help.ads.microsoft.com/#apex/3/de/53056/2. You can find more information on data protection at Microsoft in its privacy statement: https://privacy.microsoft.com/de-de/privacystatement.

(7) Microsoft is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

12. Integration of YouTube videos

(1) We have embedded YouTube videos on our website to improve it and make it more interesting for our users; these videos are saved at http://www.YouTube.com and can be played directly on our website. A cookie will be saved on your device.

(2) When you visit our website, YouTube will be informed that you have accessed a particular sub-page. The data described in Section VI.2 above will also be transmitted regardless of whether you have a user account with YouTube and are logged in. If you are logged in to a Google account, your data will be directly matched to your account. If you do not want your data to be matched to your YouTube account, you will have to log out of your account. YouTube will save your data as a user profile and use it to create advertising, conduct market research and/or tailor the design of its website to users’ needs. Data is particularly used in this way (even if users are not logged in) to show targeted advertising and inform other social network users about your activities on our website. You have the right to object to the creation of user profiles, which you may exercise by contacting YouTube.

(3) Our legal basis for data processing is your consent, which we will explicitly request in accordance with point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly.

(4) Please refer to YouTube’s privacy policy for more information on the purpose and scope of its data collection and processing. This also contains more information on your rights and possible privacy settings. https://www.google.de/intl/de/policies/privacy.

Google will also process your personal data in the USA, but it is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

13. Use of the TeamViewer Support Tool

(1) Our website has integrated features provided by TeamViewer GmbH (Jahnstr. 30, D-73037 Göppingen; Tel.: +49 7161 60692 50; Email: service@teamviewer.com.

(2) Clicking on the “download” button will let you download the TeamViewer remote maintenance tool. After downloading and installing the executable file (Teamviewer*.exe), a member of the technical support team at IT-HAUS GmbH will be able to connect to your computer and gain access to your system. This will only be possible if you share the ID that appears in the small window with a member of staff. You will have to do this to authorise remote access.

TeamViewer transfers data via an encrypted Internet connection. Nevertheless, we cannot guarantee with absolute certainty that transferred data will not be viewed or accessed by unauthorised third parties. If you do not wish to take this risk, we recommend using our telephone support.

(3) We will only process personal data to provide our technical support services within the scope of existing contracts (point (b) of Art. 6 (1) GDPR). If we use external service providers to render our services, they too will only access personal data for this purpose and on a contractual basis. The service providers commissioned by us have been audited and are contractually obliged to act in compliance with data protection legislation.

Whenever technical support services are requested, we will also save the name of the contact, the date and time, the amount of time needed, and an email address. This information will only be collected to create technical support documentation and for billing purposes.

(4) If we provide our technical support services via the TeamViewer tool, the members of our technical support team will be granted access to your screen, including all accessible information there. It is therefore in your interest to close all programmes and windows that are not related to the technical support services. You should also ensure that our members of staff do not come into contact with your personal data. We reserve the right to immediately end the session if our members of staff establish that personal data will be unnecessarily accessed during the provision of technical support services. You may also end the technical support session at any time.

The members of staff responsible for remote maintenance at IT-HAUS GmbH have been obliged in writing to maintain confidentiality and comply with data protection regulations. We ensure compliance with data protection regulations by implementing technical and organisational measures.

(5) Personal data will be deleted as soon as it is no longer required for the provision of our services, unless this erasure is prevented by statutory retention obligations.

(6) You can find more information about data protection and the TeamViewer support tool at https://www.teamviewer.com/de/privacy-policy/ and https://www.teamviewer.com/de/security/.

14. Integration of Google Maps

(1) We use Google Maps on our website. This lets us display interactive maps and lets you comfortably use the maps feature. A cookie will be saved on your device.

When you visit our website, Google will be informed that you have accessed a particular sub-page. The data described in Section VI.2 above will also be transmitted regardless of whether you have a user account with Google and are logged in. If you are logged in to a Google account, your data will be directly matched to your account. If you do not want your data to be matched to your Google account, you will have to log out of the account. Google will save your data as a user profile and use it to create advertising, conduct market research and/or tailor the design of its website to users’ needs. Data is particularly used in this way (even if users are not logged in) to show targeted advertising and inform other Google users about your activities on our website. You have the right to object to the creation of user profiles, which you may exercise by contacting Google.

(3) Our legal basis for data processing is your consent, which we will explicitly request in accordance with point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly.

(4) Google will also process your personal data in the USA, but it is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

15. Google Fonts

(1) We use Google Fonts on our website. Google Fonts is a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), which allows us to display Google’s typefaces.

(2) When visiting our website, the data described in Section VI.2 above will be transmitted to Google in the USA. This is necessary, as we have a legitimate interest in enabling your browser to display our text in a visually improved format. The legal basis for this is point (f) of Art. 6 (1) GDPR.

If your browser does not support this feature, your computer will display the texts in a standard typeface.

(3) You can find more detailed information about Google Fonts at
https://developers.google.com/fonts/faq?hl=de-DE&csw=1.

You can find general information about data protection at Google by clicking here:
https://www.google.com/intl/de-DE/policies/privacy/.

Google will also process your personal data in the USA, but it is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

16. Google reCAPTCHA

(1) We use Google reCAPTCHA on our website. This feature is used to inspect our website and prevent interaction via automated access, e.g. bots. Google reCAPTCHA is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”).

(2) Google uses this service to determine which website a request is sent from and which IP address you use to activate a reCAPTCHA input box. In addition to your IP address, Google may collect further information required to offer and guarantee the service.

(3) The legal basis for this is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in the security of our website and the prevention of unsolicited automated access in the form of spam and the like.

(4) You can find more information about data protection at Google by clicking here: http://www.google.de/intl/de/policies/privacy.

Google will also process your personal data in the USA, but it is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

17. Use of social media links

(1) We currently insert links to the following social media sites: Facebook, Instagram, Twitter, XING, LinkedIn and YouTube. Each social media provider can be identified by the label on its button, its first letter or its logo.

You can use these buttons to communicate directly with us through our social media sites. We also use these links to let you interact with the social networks and other users, so that we can improve our services and make them more interesting to our users. The legal basis for this is point (f) of Art. 6 (1) GDPR. If you are asked to consent to data processing (e.g. by ticking a check box or clicking a confirmation button), the legal basis for data processing will be point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website.

(2) If you are redirected to one of our social media sites after clicking on a marked field, the data specified in Section VI.2 will be transferred to the social media provider. If such information is transferred to Facebook or XING, the respective providers state that IP addresses in Germany will be anonymised following their collection. When using social media sites, your personal data will be transmitted to the respective social media provider and stored there. As each social media provider mainly collects data through cookies, we recommend that you delete all cookies via your browser’s security settings before clicking a button.

(3) Social media providers may also collect other data. We currently have no control over their processes used to collect and process data, and we do not know the full scope of data collection, the purposes of data processing or the data retention periods. Moreover, we do not have any comprehensive information on the erasure of data collected by social media providers.

(4) Social media providers save your data as a user profile and use it to create advertising, conduct market research and/or tailor their websites to users’ needs and, in the case of Facebook, to carry out research and innovation for social purposes. Data is particularly used in this way (even if users are not logged in) to show targeted advertising and inform other social media users about your activities on our social media sites. You have the right to object to the creation of such user profiles, which you may exercise by contacting the respective social media provider.

(5) As far as we are aware (and according to information provided by Facebook, Instagram and Twitter), this data transfer takes place irrespective of whether you have a user account with the social media provider and are logged in. If you are logged in to your account with the social media provider, the data collected on you on our website will be directly matched to your account with the social media provider. We recommend that you regularly log out of your account with social media providers after use – and especially before clicking on a button – as this may prevent your data from being matched to your account with the social media provider.

(6) You can find more information on the purpose and scope of the data collection and processing carried out by social media providers in their respective privacy policies, which you can find below. These also contain more information on your relevant rights and possible privacy settings.

(7) Address of each social media provider and URLs with more information:

a) For Facebook and Instagram: Facebook Inc. (16015 California Ave, Palo Alto, California 94304, USA) and/or Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland);
https://www.facebook.com/policy.php; More information on data collection:
https://www.facebook.com/help/186325668085084,
https://www.facebook.com/help/instagram/155833707900388,
https://www.facebook.com/about/ads,
https://help.instagram.com/1896641480634370?ref=ig.
Facebook is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

b) XING AG, Gänsemarkt 43, D-20354 Hamburg; http://www.xing.com/privacy.

c) Linkedln Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Linkedln is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

d) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
Twitter is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

e) YouTube: https://www.google.de/intl/de/policies/privacy.
Google will also process your personal data in the USA, but it is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

18. Use of Mouseflow

This website uses Mouseflow, a web analysis tool provided by Mouseflow ApS (Flaesketorvet 68, 1711 Copenhagen, Denmark). If you visit our website, the following information will be collected via Mouseflow:

• Clicks, mouse movements, hovering, scrolling
• Browser
• Device (desktop / tablet / mobile)
• Language
• Operating system
• Screen resolution
• Length of visit
• Navigation (URLs)
• Page content (HTML)
• ISP & location (city, state / region, country)
• Keyboard input (only for non-EU / non-EEA data subjects in non-EU / non-EEA accounts and never for passwords, numbers or excluded fields)
• Referrer URL
• Type of visitor (first-time / returning visitor)
• Individual tags or variables

This data will be stored for 6 months.

Data processing is carried out to analyse this website and its visitors. Data is also collected and stored for marketing and optimisation purposes. It may be used to create pseudonymised user profiles. Cookies may be used for this purpose. Mouseflow also records randomly selected individual visits (only with anonymised IP addresses). Mouse movements and clicks are logged to recreate individual visits to the website and devise potential improvements. The data collected by Mouseflow is not used to personally identify visitors to this website and is not merged with personal data concerning the bearer of the pseudonym without the explicit consent of the data subject.

Our legal basis for processing is your consent, which we will explicitly request in accordance with point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly. You can also disable data collection for your current browser on all websites that use Mouseflow by clicking on the following link: https://mouseflow.de/opt-out/. Selecting this will place an opt-out cookie on your device, which will be stored there until its deletion.

You can find general information about data protection at Mouseflow by clicking here: https://mouseflow.de/gdpr/

19. Use of wao.io

(1) Our website uses wao.io, which is a service provided by Sevenval Technologies GmbH (Am Bahnhofsvorplatz 1, D-50667 Köln). On the one hand, this allows us to analyse and optimise our website and ensure its cost-effective operation. On the other hand, wao.io improves the security of our website by protecting it against attacks like clickjacking, cross-site scripting and SQL injection.

(2) wao.io must process the user’s IP address to ensure the secure transmission of our website to the user’s browser. This data is anonymised and stored in log files for seven days.

(3) Pseudonymised information is also stored in cookies on the user’s device. Two tracking cookies are used in addition to fleeting session cookies. The purpose is to present and analyse user behaviour (reporting and analytics). The data obtained by cookies cannot be used to personally identify individual users; you can delete it at any time by changing your browser settings.

(4) We have a legitimate interest in improving the security of our website by protecting it against attacks like clickjacking, cross-site scripting and SQL injection, and so our legal basis for data processing is point (f) of Art. 6 (1) GDPR.

(5) The service provided by wao.io only uses servers in the EU.

(6) More information on wao.io can be found at:

https://wao.io/de/ and

https://wao.io/de/features and

https://wao.io/de/faq

VII. What else applies to our Facebook and Instagram fan pages?

(1) We have our own pages on Facebook (https://de-de.facebook.com/ithaus/) and Instagram (https://www.instagram.com/it_haus_gmbh); Company: Facebook Inc. (16015 California Ave, Palo Alto, California 94304, USA) and/or Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland).

(2) By visiting our fan pages, you can read our posts, react to them, comment on them and make your own user posts. Any information you provide and make available to us in this context (e.g. username, pictures, interests, contact details, location, age, gender and language) will only be used to communicate with our existing and potential customers on the basis of our overriding legitimate interest (point (f) of Art. 6 (1) GDPR). It is in our interest to provide a platform on which we can display up-to-date information, and which you can use to send us requests and receive a response as quickly as possible. If the fan page is ever closed, your data will be deleted if possible.

(3) Facebook is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

(4) We use Facebook Insights and Instagram Insights to receive statistical data about the people who visit our fan pages. This data cannot be matched to specific individuals. This function allows us to better analyse our pages and tailor them to users’ needs and interests. Facebook uses this function to process personal data. We receive general summaries regarding visitors to our fan pages, mainly including the following information: date of visit; page activities; pages accessed; page preview; likes; comments; follows / shares; page range; recommendations; interaction with posts; Instagram story views and interaction; videos; page subscribers; demographic data of the persons who like our page, based on age, gender and language details found on their profiles; country of origin and number of fans there; city and number of fans there; language and number of fans speaking that language; organic / paid. Moreover, we can see whether a particular user has liked or subscribed to one of our pages. We can also match comments on our Facebook pages to individual users. Any personal data that becomes accessible to us will only be used to communicate with our existing and potential customers, and to provide specific recipients with up-to-date information on the basis of our overriding legitimate interest (point (f) of Art. 6 (1) GDPR). Facebook provides more information on “Insights” at https://www.facebook.com/legal/terms/page_controller_addendum#.

(5) Our Facebook and Instagram pages let you contact us in various ways and for various purposes. We will only use the data you provide to process your enquiry. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR. Your messages will be deleted once your enquiry has been fully processed, unless they have to be retained for other reasons (e.g. to comply with statutory retention periods).

(6) We will not use our fan page to carry out any data processing other than the processes required to enable its basic functions. Please note that Facebook Ireland Limited may use tracking tools and cookies – regardless of how we use the fan page. You can find more information in the Facebook privacy statements listed above.

(7) Further statements from Facebook and the company’s privacy information can be found at the addresses indicated in VI.17. above. You can configure how Facebook processes your personal data in the “settings” tab of your Facebook and Instagram profiles.

(8) We work with Facebook Ireland Limited as joint controllers for the processing of Insights data. Our agreement with Facebook pursuant to Art. 26 GDPR (joint controllers) can be accessed at https://www.facebook.com/legal/terms/page_controller_addendum#. In accordance with the GDPR, Facebook Ireland is primarily responsible for the processing of Insights data and must fulfil all duties arising from the GDPR with regard to the processing of this data (e.g. Art. 12 and 13 GDPR – Obligation to Provide Information –, Art. 15 to 22 GDPR – Rights of Data Subjects – and Art. 32 to 34 GDPR – Data Security and the Notification of Data Breaches –).

(9) You can exercise the rights described in Section III (“Your Rights”) at any time and free of charge by contacting us through one of the communication channels listed above. If you contact us regarding the processing of Insights data and the duties assumed by Facebook Ireland, we must forward all relevant information to Facebook Ireland immediately – and at the latest within 7 (seven) calendar days – and Facebook will then respond to your enquiry. If you would like to exercise your rights, please get in touch with Facebook Ireland Limited directly at 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland. We would like to indicate the following once again: We have a legitimate interest in the running of our Facebook and Instagram pages to ensure effective marketing on global platforms; in accordance with Art. 21 GDPR, you have the right to object to data processing carried out for this purpose with future effect at any time (see “Your Rights” in Section III above).

VIII. What applies to our Twitter fan page?

(1) We have our own IT-HAUS page on Twitter (https://www.twitter.com/it_haus); Company: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA.

(2) By visiting our Twitter page, you can read our posts, react to them, comment on them, re-tweet them and make your own tweets. Any information you provide and make available to us in this context (e.g. username, pictures, interests, contact details, location, age, gender and language) will only be used to communicate with our existing and potential customers on the basis of our overriding legitimate interest (point (f) of Art. 6 (1) GDPR). It is in our interest to provide a platform on which we can display up-to-date information, and which you can use to send us requests and receive a response as quickly as possible. If the fan page is ever closed, your data will be deleted if possible.

(3) Twitter is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

(4) We use Twitter Analytics to receive statistical data about the people who visit our Twitter page. This data cannot be matched to specific individuals. This function allows us to better analyse our page and tailor it to users’ needs and interests. Twitter uses this function to process personal data. We receive general summaries regarding visitors to our Facebook fan page, mainly including the following information: date of visit; demographic characteristics based on age and gender details saved on their profiles; interests; followers; devices; buying intentions based on their purchases and other consumer behaviour; target groups; keywords (based on their latest tweets or tweets with which they have recently interacted); geographic analysis (restriction to a country / region / city); number of impressions; number of interactions; interaction rate; and number of video views, link clicks, photo / video clicks, likes, re-tweets, replies, detail extensions and profile clicks. Any personal data that becomes accessible to us will only be used to communicate with our existing and potential customers, and to provide specific recipients with up-to-date information on the basis of our overriding legitimate interest (point (f) of Art. 6 (1) GDPR).

(5) Our Twitter page lets you contact us in various ways and for various purposes. We will only use the data you provide to process your enquiry. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR. Your messages will be deleted once your enquiry has been fully processed, unless they have to be retained for other reasons (e.g. to comply with statutory retention periods).

(6) We do not use our Twitter page to carry out any data processing other than its basic functions. Please note that Twitter Inc. may use tracking tools and cookies – regardless of how we use the page. You can find more information in the Twitter privacy statements and at https://help.twitter.com/de/rules-and-policies/twitter-cookies.

(7) Further statements from Twitter and the company’s privacy information can be found at the addresses indicated in VI.17 above. You can configure how Twitter processes your personal data in the “settings and privacy” tab of your Twitter profile.

(8) In accordance with the GDPR, Twitter Inc. and/or Twitter International Company is primarily responsible for the processing of Analytics data and must fulfil all duties arising from the GDPR with regard to the processing of this data (e.g. Art. 12 and 13 GDPR – Obligation to Provide Information –, Art. 15 to 22 GDPR – Rights of Data Subjects – and Art. 32 to 34 GDPR – Data Security and the Notification of Data Breaches –).

(9) You can exercise the rights described in Section III (“Your Rights”) at any time and free of charge by contacting us through one of the communication channels listed above. If you would like to exercise your rights, please get in touch directly with Twitter International Company, Dublin, Ireland. We would like to indicate the following once again: We have a legitimate interest in the running of our Twitter page to ensure effective marketing on global platforms; in accordance with Art. 21 GDPR, you have the right to object to any data processing carried out for this purpose with future effect at any time (see “Your Rights” in Section III above).

IX. Links

Our Privacy Policy does not apply to the contents of any external links found on our website. If we provide such links, we will endeavour to ensure that they also meet our data protection and security standards. However, we have no control over other providers’ compliance with data protection and security regulations. You should therefore refer to the data protection regulations published by these other providers.

X. Changes to our Privacy Policy 

(1) We reserve the right to change our security and data protection measures, provided this is necessary following technical developments or changes to our services. In such cases, we will also adjust our Privacy Policy (if necessary) and inform you of such changes therein.

(2) Any such changes will take effect upon the release of our revised Privacy Policy. You should therefore always refer to the current version of our Privacy Policy. You can see when this Privacy Policy was last updated by referring to the date at the top of this page.