We as Personizer GmbH & Co. KG (hereinafter referred to as “Personizer” or “We”) would like to inform visitors and users of our websites, apps and Services (hereinafter referred to as “Services”) about the purpose, nature and scope of the processing of personal data with this privacy policy.
The responsible Entity within the meaning of Art. 4 No. 7 GDPR for the processing of your personal data is:
Personizer GmbH & Co. KG
Schafjückenweg 2
26180 Rastede
E-Mail: info@personizer.com
Phone: +49 (0) 4402 9739 300
Contact formulas:
DE: https://www.personizer.com/de/kontakt/
EN: https://www.personizer.com/en/contact/
I. Our websites and Services
Our websites and Services are constantly being revised and developed. This also means that this privacy policy is regularly revised and updated. This applies regarding the procedures we use for usage analysis, for measuring the effectiveness of advertising methods and comparable Services, especially from third-party providers. The status can be found in the table below.
A few words in advance regarding the use of service providers outside the European Union: Personizer provides various Services that are offered internationally. Generally, we prefer to use EU service providers for certain Services if they can provide the required Services to us in an equally good and comparably priced manner. For many Services we use, there are currently no EU providers or the existing EU providers do not represent an acceptable alternative. We therefore use some service providers that are located outside the European Union. We ensure that all measures are taken that are required under European and national data protection law to ensure an adequate level of data protection.
Use of personal data
We collect, process and use personal data for the following purposes:
- Adjusting the presentation of our web pages
- Improving the quality of our web pages
- Optimal marketing of our web pages
- Improvement of the stability and functionality of our web pages
- Optimization of our advertising offer and its advertising
- Optimization of our online offer
- Analysis of our online offer
- Economic operation of our online offer
- Analysis of user behavior
- Optimization of user guidance
The scope of the processing of personal data depends on whether one of our internet pages is only “visited” or whether internet pages are used as a registered user or a registration as a user takes place.
Privacy of children
Our websites and apps are generally accessible and not intended for children. We do not knowingly collect personal data from users who are considered children under their respective national laws.
II. Information we collect when you use our Services
We use the following cookies and web analytics Services:
Cookies
We use cookies on our websites. Cookies are small text files that are stored on your terminal device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. The processing serves the optimization of the user guidance and the adaptation of the presentation of our website.
You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the appropriate browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed optimally and some functions may no longer be technically available.
The following cookie categories are used:
Technically required cookies
These cookies are technically necessary for the operation, security and functionality of the website. They are essential to ensure that the user can navigate and use certain features of the website. Without them, essential parts of the website cannot be used. Accordingly, these cookies are always enabled. No consent is required for the use of these cookies. The legal basis is Art. 6 para. 1 lit. f GDPR.
- Google Tag Manager (Duration: not specified)
- Usercentrics Consent Management Platform (Duration: not specified)
Functional cookies
Functional cookies enable the website to store information provided, such as the username or language selection, and to offer the user improved and personalized functions based on this information. The information collected is evaluated exclusively in aggregated form.
Since we would like to offer you a website that is designed for optimal user-friendliness, we recommend activating these cookies. Functional cookies are also used, for example, to activate functions you have requested, such as the playback of videos.
- Crisp Chat (Duration: not specified)
Marketing cookies
Marketing cookies are used to offer content that is more targeted to the user and relevant to their interests. They are also used to measure and control the effectiveness of campaigns. They record, for example, whether a website has been visited or not, as well as which content has been used. With the help of this information, an interest profile is created so that only content of interest to you is displayed. If you revoke your consent to marketing cookies, this does not mean that you will see and receive less content as a result. Rather, it means that the content you see and receive is not tailored to your individual needs.
- Facebook Pixel (Duration: 1 year)
- Google Ads Conversion (Duration: 1 year)
- Google Ads Remarketing (Duration: 1 year)
- LinkedIn Insight Tag (Duration: 6 month)
- Microsoft Advertising (Duration: 1 year, 25 days)
Analysis cookies
Analysis cookies allow us to collect data in an aggregate form about our website visitors and your experience on our website. We use this data to troubleshoot and improve the experience for all visitors.
- Google Analytics (Duration: 2 years)
Usage data and log files
Each time our website is called up, our server system collects automated data and information from the computer system of the calling computer. This data record consists of:
- the page from which the file was requested
- the name of the file
- the date and time of the request
- the amount of data transferred
- the access status (file transferred, file not found)
- the description of the type of web browser used
- the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
This data is not merged with other data sources. We record such technical information in so-called log files so that you can view our website correctly and so that we can determine the causes of any technical problems, for the technical optimization of our website and for the purpose of the security of our computer systems and networks. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Typically, this technical information is deleted or made unrecognizable after seven days at the latest. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
Single Sign On
You may sign into our Services using a third-party application, such as Google. When you sign in using a third-party application, you authorize us to collect your authentication information, such as your username and other information provided by the account with the third-party provider, as described in the following sections.
When you sign up for or log in to our Services using your Google Account, Google asks your permission to share certain information from your Google Account with our Services. This includes the email address associated with your Google Account, your date of birth (optional), your gender (optional), and your avatar (optional). This information is collected by Google and provided to us in accordance with the terms of the Google Privacy Policy (https://www.google.com/policies/privacy).
You can control the information we receive from Google through your Google activity settings (https://myaccount.google.com/activitycontrols).
If you have registered through Google in error, you may request deletion of your account at any time by contacting our email support info@personizer.com.
III. Web analytics Services
We use the following web analytics Services:
Google Analytics
This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of our use of the tool is to enable the analysis of your user interactions on websites and in apps and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.
We primarily collect the interactions between you as a website user and our website using cookies, device/browser data, IP addresses, and website or app activity. Google Analytics also collects your IP addresses to ensure the security of the service and to provide us, as the website operator, with information about which country, region, or location the respective user comes from (so-called “IP location determination”). For your protection, however, we naturally use the anonymization function (“IP masking”), i. e. that Google truncates the IP addresses by the last octet within the EU/EEA.
Google acts as an order processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. A data transfer to a third country takes place. In the USA, there is no legal protection system comparable to the European data protection law. The European Commission has rejected an adequacy decision for the USA. We have therefore taken other suitable precautions to protect your personal data. This is possible via the European Commission’s standard data protection clauses for the protection of personal data pursuant to Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our data protection officer if you would like more information on this.
The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your consent (Art. 6 para. 1 lit. a in conjunction with Art. 44 GDPR). The revocation of your consent is possible at any time, without affecting the permissibility of the processing until the revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is to use our Consent Manager or to install the Google browser add-on, which can be accessed via the following link: http://tools.google.com/dlpage/gaoptout?hl=en/.
For more information on the scope of Services provided by Google Analytics, please visit marketingplatform.google.com/about/analytics/terms/en/. Google provides information on data processing when using Google Analytics at the following link: http://support.google.com/analytics/answer/6004245?hl=en/. General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google’s privacy policy at www.google.de/intl/de/policies/privacy/.
IV. Advertising (Remarketing, Conversion Tracking)
We use the following online marketing services on our websites:
Google Ads
We use the Google Ads service to draw attention to our offers with the help of advertisements. If you access our website via a Google ad, Google Ads will store a cookie in your terminal device. The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR, i. e. the integration only takes place after your consent.
The advertising material is delivered by Google via so-called “ad servers”. For this purpose, we and other websites use so-called ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. Through the Google Ads cookies stored on our website, we can obtain information about the success of our advertising campaigns. These cookies are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that a user no longer wishes to be addressed) are usually stored as analysis values.
The cookies set by Google enable Google to recognize your internet browser. If a user visits certain pages of the website of an Ads customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer, so the cookies cannot be tracked across the websites of other Ads customers. Through the integration of Google Ads, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider learns your IP address and stores it.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We ourselves do not independently collect personal data in the aforementioned advertising measures but provide Google alone with the opportunity to collect the data. We only receive statistical evaluations from Google, which provide information about which ads were clicked on how often and at what prices. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. The easiest way to revoke is via our Consent Manager or via the following functions: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving third-party ads; b) by setting your browser to block cookies from the domain “www.googleadServices.com“, www.google. de/settings/ads, deleting this setting when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link www.aboutads.info/choices, deleting this setting when you delete your cookies; d) by permanently disabling them in your Firefox, Internet explorer or Google Chrome browsers at the link www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
Further information on data protection at Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, can be found here: www.google.com/intl/de/policies/privacy and Services.google.com/sitestats/de.html.
Google Conversion-Tracking
We use Google Ads with the additional application “Google Conversion Tracking”. This is a procedure with which we can check the success of our advertising campaigns. For this purpose, the advertisements are provided with a technical provision, e. g. an ID, with which we can determine how a user interacts after clicking on the advertisements and whether one of our Services is actually used. This provides us with information in statistical form about the total number of readers of our ads, which ads are particularly popular, and possibly other information about consequences from the ad.
The legal basis for the processing of your data is also in this respect Art. 6 para. 1 lit. a GDPR, i. e. the integration only takes place after your consent. You can prevent or no longer use the conversion tracking function in the same way as described above for Google Ads.
Google Remarketing
We use Google Ads with the additional application “Google Remarketing”. With this procedure, we can create advertisements based on existing information about you and address you again during your further internet use. This is done by means of cookies set when you visit our offers (usually by cookies), via which your usage behavior when visiting various websites is recorded by Google and evaluated pseudonymously. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data, which may be stored by Google.
The legal basis for the processing of your data is also in this respect Art. 6 para. 1 lit. a GDPR, i. e. the integration only takes place after your consent. You can prevent or no longer use the remarketing function in the same way as described above for Google Ads.
Bing Universal Event Tracking (UET)
On the Vacationizr, Clockout and Personizer websites, Bing Ads technologies are used to collect and store data from which usage profiles are created using pseudonyms. This service allows us to track the activities of users on our website if they have arrived at our website via ads from Bing Ads. If the site visitor arrives at our website via such an ad, a cookie is set on his or her computer. A Bing UET tag is integrated on our website. This is a code which, in conjunction with the cookie, stores some non-personal data about the use of the website. This includes, among other things, the length of time spent on the website, which areas of the website were accessed and via which ad the users arrived at the website. Information on the identity of the respective site visitor is not recorded. The legal basis is Art. 6 para. 1 lit. a GDPR.
The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. The collection of the data generated by the cookie and related to the use of the website as well as the processing of this data can be prevented by the site visitor via deactivating the setting of cookies. A transfer of data to a third country takes place. In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex. europa. eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
In addition, Microsoft may be able to track usage behavior across multiple electronic devices through so-called cross-device tracking and is thus able to display personalized advertising on or in Microsoft websites and apps. This behavior can be disabled by the site visitor at https://choice.microsoft.com/de-de/opt-out.
More information about Bing’s analytics Services is available on the Bing Ads website.
More information on data protection at Microsoft and Bing can be found in Microsoft’s privacy policy.
LinkedIn Conversion Tracking
On our website, we use the retargeting, analysis and conversion tracking technology of the LinkedIn platform. With the aforementioned technology of LinkedIn, the site visitor can be shown more relevant advertising based on his interests. The legal basis is Art. 6 para. 1 lit. a GDPR.
Furthermore, we receive aggregated and anonymous reports from LinkedIn of ad activities and information about how the site visitor interacts with our website. Further information on data protection at LinkedIn is available on the LinkedIn website: https://www.linkedin.com/legal/privacy-policy.
The site visitor can object to the analysis of his usage behavior by LinkedIn as well as the display of interest-based recommendations (“opt-out”); to do so, he clicks on the “Opt-out on LinkedIn” (for LinkedIn members) or “Opt-out” (for other users) box at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Facebook Retargeting
A pixel of Facebook Ireland Limited is integrated into this website (website custom audience pixel). Through this pixel, information about the use of this website (e. g. information about viewed articles) is collected by Facebook Ireland Limited. This information can be assigned to your person with the help of further information that Facebook Ireland Limited has stored about you, e. g. due to your ownership of an account on the social network “Facebook”. Based on the information collected via the pixel, you can be shown interest-based advertisements about our offers in your Facebook account (retargeting). The information collected via the pixel may also be aggregated by Facebook Ireland Limited and the aggregated information may be used by Facebook Ireland Limited for its own advertising purposes as well as for advertising purposes of third parties. For example, Facebook Ireland Limited may infer certain interests from your browsing behavior on this website and may also use this information to promote third-party offers. Facebook Ireland Limited may also combine the information collected via the pixel with other information that Facebook Ireland Limited has collected about you via other websites and / or in connection with the use of the social network “Facebook”, so that a profile about you can be stored at Facebook Ireland Limited. This profile can be used for advertising purposes. You can obtain more information about data protection at Facebook Ireland Limited here: https://www.facebook.com/policy.php .
The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR. You can fully revoke the consent you have given for the data processing described above here.
V. Newsletter
The following information explains the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection.
Content of the Newsletters
We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter referred to as “newsletter”) only with the consent of the recipients pursuant to Art. 6 para. 1 lit. a GDPR or a legal permission. If the contents of the newsletter are specifically described in the course of a registration, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.
Double opt-In und logging
The registration for our newsletter takes place in a so-called double opt-in procedure. In other words, you will receive an e-mail after registering, in which you will be asked to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.
Dispatch service providers
The newsletter is sent by CleverReach (CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany), hereinafter referred to as “shipping service provider”. The data protection declaration, contact options and further information about the shipping service provider can be found in the list of our subcontractors below.
Furthermore, the shipping service provider may, according to its own information, use data in anonymous form, i. e. without attribution to a user, to optimize or improve its own Services, e. g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass them on to third parties.
Registration data
To subscribe to the newsletter, it is sufficient for you to enter your e-mail address. Optionally, we ask you to provide a name for personal address in the newsletter.
Statistical collection and analysis
The newsletters contain a so-called “web beacon”, i. e. a pixel-sized file that is retrieved from the server of the shipping service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are first collected. This information is used to technically improve the Services on the basis of technical data or target groups and their reading behavior on the basis of access points (which can be determined by the IP address) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is not our intention or that of the shipping service provider to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The statistical surveys and analyses are carried out in accordance with Art. 6 para. 1 lit. a GDPR. The logging of the registration procedure is carried out on the basis of our legitimate interests acc. Art. 6 para. 1 lit. f GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users.
Termination and revocation
You can cancel the receipt of our newsletter at any time, i. e. revoke your consent. At the same time, your consent to its dispatch by the shipping service provider and the statistical analyses expire. A separate revocation of the shipment by the shipping service provider or the statistical evaluation is unfortunately not possible. A link to unsubscribe from the newsletter can be found at the end of each newsletter.
VI. Tools
We use the following Tools from Google:
Google Tag Manager
We use the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags from an interface. The Google Tag Manager itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags that may collect data. Google Tag Manager does not access this data. The privacy policy, contact options and further information about Google Tag Manager can be found in the list of our subcontractors below. Google Tag Manager is used in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 44 GDPR.
A transfer of data to a third country takes place. In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is used to check whether data is entered on our websites (e. g. in a contact form) by a human or by an automated program. To this end, reCAPTCHA analyses the behavior of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e. g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. Data processing takes place on the basis of Art. 6 para. 1 lit. a in conjunction with Art. 44 GDPR. The purpose of the processing is to protect our website from abusive automated spying and from SPAM. Your IP address collected for the reCAPTCHA service is transmitted to Google. However, Google will first shorten and anonymize it within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. A transfer of data to a third country takes place. In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
On behalf of the website operator, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other data held by Google. The data will not be passed on. Nor are data from other sources linked to the data collected.
Your input is processed by Google to improve pattern recognition for the reCAPTCHA tool. Furthermore, Google reads the cookies from other Google Services such as Google Analytics. All mentioned data will be sent to Google in encrypted form. Google’s subsequent evaluation decides in which form the captcha is displayed on the page – in the form of a checkbox or by text input.
The data protection declaration, contact options and further information about Google reCAPTCHA can be found in the list of our subcontractors below.
YouTube videos
We have integrated YouTube videos into our online offer, which are stored on http://YouTube.com and can be played directly from our website. The legal basis for displaying the videos is Art. 6 para. 1 lit. a GDPR, i. e. the integration takes place only after your consent, in conjunction with Art. 44 GDPR.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the above-mentioned basic data such as IP address and time stamp are transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
The collected information is stored on Google servers, including in the USA. A transfer of data to a third country takes place. In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa. eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information about your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy
Webhosting
We use the Amazon Web Services (hereinafter “AWS”) service of Amazon Web Services EMEA Sàrl, Ave J-F Kennedy 38, 1855 Luxembourg, Luxembourg for hosting the database and web content. The data is stored exclusively in a German data center (Frankfurt/Main) that is certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. Of course, Personizer has strictly limited access rights and the data is protected against third-party access according to the state of the art. The privacy policy and contact options of Amazon AWS can be found in the list of our subcontractors below.
Sentry
We use the Sentry error tracking and performance monitoring platform (Sentry io., 45 Fremont St, San Francisco, CA 94105, USA). The tool checks when and why a system crashed. It serves to improve the stability and reliability of our Services. This may involve processing your first and last name or your e-mail address. Sentry processes these data only on behalf of and for our purposes and is therefore a so-called processor within the meaning of Art. 4 No. 8 GDPR. Sentry is located in the USA and thus in a third country outside the European Union and the EEA. The processing takes place exclusively for the fulfilment of contractual and business obligations and for the maintenance of your business relationship with us (the legal basis is Art. 6 para. 1 lit. b or f GDPR respectively in conjunction with Art. 44 GDPR). In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
VII. Sending transactional emails
Mailgun
For sending order confirmations, notifications, billing information, etc., we use the shipping service provider Mailgun (Mailgun Technologies, Inc., 548 Market St. 43099, San Francisco, CA 94104, USA). Mailgun enables us to ensure that e-mails sent by us reach you reliably, securely and quickly, without being classified as spam. We have an agreement with Mailgun on order processing acc. Art. 28 GDPR, with which we oblige the provider to protect the data of our customers and not to pass it on to third parties. The privacy policy, contact options and further information about Mailgun can be found in the list of our subcontractors below. A transfer of data to a third country takes place. In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
KnockApp
For sending push and e-mail notifications we use the service provider Knock (Knock Labs Inc. 175 Varick St, 413 New York, NY 10014, USA). Knock allows us to ensure that you are reliably notified in the system. Knock processes personal data (e-mail addresses, first and last names, as well as everything that appears in our system emails) solely on behalf of and for our purposes and is therefore a so-called processor within the meaning of Art. 4 No. 8 GDPR. Knock is located in the USA and thus in a third country outside the European Union and the EEA. The processing is carried out to simplify and improve the notifications. They are intended to improve communication between Personizer, the customer and its employees (legal basis is Art. 6 para. 1 lit. f in conjunction with Art. 44 GDPR). In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
VIII. Information we collect when opening your customer account and for contract processing
In order to use our free or paid Services, it is usually necessary to create a customer account. Below you will find out which data is stored or processed in connection with a customer account or contract processing.
Creating a customer account to use our Services
If you wish to use our Services, you may need to create a customer account. When creating the customer account, we store your e-mail address and, if applicable, the password you have chosen on the basis of Art. 6 para. 1 lit. b GDPR. Your data will be stored by us for as long until you object to the storage by e-mail to info@personizer.com and wish to delete your customer account. Unless there are statutory retention periods, your data will be deleted within 10 days after the cancellation has been declared.
Ordering a paid service
If you want to use paid Services, you may need to log in with your customer account. We store and use your personal data, which you transmit to us during the ordering process, on the basis of Art. 6 para. 1 lit. b GDPR solely for the processing of your orders. We use your e-mail address for notifications about the status of your order or for sending relevant receipts. We also offer to send you account reports and news and product information by e-mail.
As part of the ordering process, the information provided by you will be processed in addition to the information about the order (name, address, account number, bank code, credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR in conjunction with Art. 44 GDPR to the payment service provider Stripe (Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA) via an encrypted SSL or TLS connection. The transfer of data takes place exclusively for the purpose of payment processing with the payment service providers and only to the extent necessary for this purpose. The respective data protection declarations and contact options of the payment service providers can be found in the list of our subcontractors below.
A transfer of data to a third country takes place. In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
For more information on Stripe’s privacy, please visit Privacy Policy (stripe. com).
Our website uses Pathway Solutions’ “Stripe to Datev” service to simplify the processing of payment information and to enable the direct transfer of this data to our accounting software. As part of this function, payment data is securely transferred from Stripe to Pathway Solutions, whereby only the necessary information is processed to ensure the accuracy of our accounting and financial reports. Pathway Solutions processes the data strictly in accordance with instructions as a processor on the basis of the concluded contract for order processing in accordance with Art. 28 GDPR.
The data processing is carried out exclusively for the purpose of accounting and financial management.
To analyze our SaaS offering, we create metrics of our customers’ payments in order to measure and analyze the success of our offering. Profitwell (Price Intelligently, 109 Kingston Street Fl 4, Boston, MA, USA) is used for this purpose.
To create the aforementioned metrics, the service processes the e-mail address and payment amount of the respective account holder to which all users of our Services in a company are associated. Thus, a direct statement about the behavior of an individual employee would only be possible in the rare case if a company has only one employee and only that member uses our service(s). Therefore, for data protection reasons, we only use Profitwell if a company has several users. If you do not wish your data to be processed by Profitwell, please send us a message via our contact form. The legal basis for processing is Art. 6 para. 1 lit. a GDPR in conjunction with Art. 44 GDPR.
A transfer of data to a third country takes place. In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
Further information on Profitwell’s data protection is available at https://www.profitwell.com/privacy-policy
IX. Information we collect when you communicate with us
If you contact us, e. g. via a contact form, or if you take part in a survey, personal data may be processed. You will find out what data these are and for what purpose we process them in the following.
Contact and support form
You have the opportunity to contact us via web forms. To use our contact form, we usually only need your e-mail address. You may provide further information, but you are not required to do so. By submitting the respective form, you agree that the data provided by you will be collected electronically and stored for up to 6 years. The legal basis for the processing in the contractual relationship is Art. 6 para. 1 lit. b GDPR, otherwise Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in conducting the exchange you are seeking or processing your request appropriately. We will only use your data to process your request.
To process your support or contact request, we use the software solution Crisp (Crisp IM SARL., 2 Boulevard de Launay, 44100 Nantes, France). Your data is stored and processed on servers hosted by Crisp within the EU. We have a contract with Crisp for the processing of orders according to Art. 28 GDPR, with which we oblige the provider to protect the data of our customers and not to pass it on to third parties. The privacy policy, contact options and further information about Crisp can be found in the list of our subcontractors below.
Surveys
To conduct surveys on our website, we use the Services of SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland. When you voluntarily participate in this survey, SurveyMonkey collects information about the device and application you use to participate in the survey. This includes the IP address, the version of your operating system, the type of device, system, performance and browser type information. When you participate in the survey through a mobile device, SurveyMonkey also collects the UUID of the device. SurveyMonkey also uses so-called third-party tracking Services, which in turn use cookies and page tags (also known as web beacons) to collect usage data and user statistics. We have no control over the amount of data collected by SurveyMonkey. For more information on the cookies used by SurveyMonkey, data protection and storage periods, please visit the following link: https://www.surveymonkey.com/mp/legal/privacy-policy/#pp-section-10
We use SurveyMonkey to provide you with surveys. This is also our legitimate interest in the processing of the data, which is based on Art. 6 para. 1 lit. f in conjunction with Art. 44 GDPR.
SurveyMonkey Europe UC is a subsidiary of SurveyMonkey Inc. based in the USA. It is possible that your information collected by SurveyMonkey may also be transferred to the United States.
A transfer of data to a third country takes place. In the USA there is no legal protection system comparable to European data protection law. The European Commission has rejected an adequacy decision for the US. We have therefore taken other appropriate precautions to protect your personal data. This is possible via the standard data protection clauses of the European Commission for the protection of personal data acc. Art. 46 para. 1, 2 lit. c GDPR (the 2021 standard data protection clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en). Please contact our Data Protection Officer if you would like to receive further information.
For more information about SurveyMonkey’s privacy, visit https://www.surveymonkey.de/mp/legal/privacy/.
Applications, especially via HCM4all
We process your personal data in accordance with the applicable data protection regulations on the basis of § 26 BDSG. We process the data that you disclose to us in the context of your (online) application solely for the purpose of selecting applicants. No data is processed for other purposes.
You determine the scope of the data you wish to transmit to us in the context of your application. Applications are sent electronically to our human resources department and processed there as quickly as possible. This transmission is encrypted. As a rule, applications are forwarded to the heads of the relevant departments in our company. In addition, your data will not be passed on. Your information will be treated confidentially in our house. If your application is unsuccessful, your documents will be deleted after 6 months.
If you give your explicit consent, we will include your data in an applicant pool or talent pool for a further 24 months in order to be able to take it into account in future job advertisements.
The talent pool is operated by the entire //CRASH Group. This includes the following companies:
- Ashampoo GmbH & Co. KG
- Personizer GmbH & Co. KG
- CleverReach GmbH & Co. KG
In the event that your application for another vacancy at //CRASH Group of Companies is considered, we will forward your application documents to the respective department and, if necessary, contact you afterwards by phone or e-mail. Your data is processed on the basis of Art. 6 para. 1 lit. a, 7 GDPR in conjunction with § 26 para. 2 BDSG. Your declaration of consent includes the processing of all data that you have provided to us as part of the application process. In addition, such data are processed and stored as were necessary for the processing of the application process (correspondence, handwritten records of job interviews, etc.). In addition, we may process professional information that you have made publicly available, such as a profile on professional social media networks or online job portals. Your data is only accessible to selected employees of the //CRASH Group who are involved in filling vacancies. Your data will only be passed on within the //CRASH group of companies, limited to the extent required in the application process. It will not be passed on to third parties or used for other purposes. Unless you revoke your consent to the processing of your data in the talent pool, your data will be completely deleted after 24 months at the latest. There will be no communication about the deletion of your data. You may withdraw your consent at any time without any form. For example, you can declare your revocation by e-mail to hr@crash.immo
For the implementation of the application process, we use the software solution HCM4all GmbH, Trogerstraße 48, 81675 Munich. We have also entered into appropriate data protection agreements with HCM4all (including in accordance with the EU standard data protection clauses), whereby we oblige the provider to process the data of our applicants strictly according to instructions, to protect it and not to disclose it to third parties. HCM4all takes further technical precautions to protect personal data. A transfer of personal data to third parties within the meaning of Art. 4 No. 10 GDPR does not take place.
X. Safety measures
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure compliance with the provisions of data protection laws and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
Connection security
We use an encryption procedure on our pages. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can recognize this by the fact that in the status bar of your browser the lock icon is closed and the address bar starts with https://.
Data security
The personal data of the user are protected by technical and organizational security measures in order to minimize risks related to their loss, misuse, unauthorized access, unauthorized disclosure and modification. For example, we use firewalls and data encryption, but also physical access restrictions for our data centers and authorization controls for data access.
Administrative access
As part of customer service and error tracking, Personizer employees may have access to the administrative area of our websites on a case-by-case basis. This provides insight into all areas of the corresponding website, e. g. also the password-protected areas. All our employees are regularly sensitized to data protection and are committed to data protection.
XI. Duration of storage of personal data
The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer necessary for its purpose and deletion does not conflict with statutory retention obligations and/or there is no legitimate interest on our part in further storage. Unless the data is deleted because it is necessary for other and legally permissible purposes, its processing is restricted. I. e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.
According to legal requirements in Germany, storage takes place in particular for 6 years in accordance with § 257 para. 1 Commercial Code (trading books, inventories, opening balances, annual accounts, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
XII. Rights of the Affected
When processing your personal data, the GDPR grants you certain rights as a website user:
Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to information about these personal data and to the information specified in Art. 15 GDPR.
Right to rectification and erasure (Art. 16 und 17 GDPR)
You have the right to immediately request the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data. You also have the right to demand that personal data concerning you be erased without delay if one of the reasons listed in detail in Art. 17 GDPR applies, e. g. if the data are no longer needed for the purposes pursued.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e. g. if you have lodged an objection to processing, for the duration of a possible examination.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of such data to a third party.
Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 para. 1 lit. f GDPR (data processing to safeguard legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data, unless there are demonstrably compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defense of legal claims.
Right of appeal to a supervisory authority
You have according to Art. 77 GDPR the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right of appeal may be invoked with a supervisory authority in the Member State of your residence, place of work or place of the alleged infringement.
XIII. Changes to our privacy policy
We reserve the right to amend this privacy policy from time to time to ensure that it always complies with current legal requirements or to implement changes to our Services in the privacy policy, e. g. when introducing new Services. The current data protection declaration always applies.
XIV. Contact
Your trust is important to us. Therefore, we would like to answer you at any time regarding the processing of your personal data. If you have any questions that this data protection declaration could not answer or if you would like more detailed information on a point, please contact us or our data protection officer at any time.
Contact details of our data protection officer
Dr. Uwe Schläger
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Website: https://www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de
Phone: 0421/696632-0
XV. List of our subcontractors
Amazon Web Services
Purpose of processing: provision of infrastructure and technical Services, as well as storage, processing and transfer of data of various kinds
Categories of personal data: inventory data, content data, traffic data
Affected: Personizer user
Legal basis: Contract performance, Art. 6 para. 1 lit. b GDPR
Provider: Amazon Web Services EMEA Sàrl, Ave J-F Kennedy 38, 1855 Luxembourg, Luxembourg
Privacy Policy: https://aws.amazon.com/de/privacy/
Stripe
Purpose of processing: Payment processing
Categories of personal data: inventory data, payment data, contract data
Affected: Personizer user
Legal basis: Contract performance, Art. 6 para. 1 lit. b in conjunction with Art. 44 GDPR
Provider: Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA
Privacy Policy: https://stripe.com/de/privacy
Pathway Solutions – Stripe to Datev
Purpose of the processing: Payment processing
Categories of personal data: Inventory data, payment data, contract data
Affected: Personizer user
Legal basis: Contract execution, Art. 6 para. 1 lit. b in conjunction with Art. 44 ff. GDPR
Provider: Pathway Solutions, Alstertwiete 3, 20099 Hamburg, Germany
Privacy policy: https://www.pathway-solutions.de/pages/datenschutzerklaerung
Profitwell
Purpose of processing: Analysis of metrics to optimize our SaaS offering
Categories of personal data: inventory data, contract data
Affected: Personizer user
Legal basis: Consent, Art. 6 para. 1 lit. a in conjunction with Art. 44 GDPR
Provider: Profitwell, Price Intelligently, 109 Kingston Street Fl 4, Boston, MA, USA
Privacy Policy: https://www.profitwell.com/privacy-policy
Google Analytics
Purpose of processing: Statistical evaluation of the website of Personizer GmbH & Co. KG.
Categories of personal data: Usage data
Affected: Personizer users, interested parties or visitors to the Personizer website.
Legal basis: Consent, Art. 6 para. 1 lit. a in conjunction with Art. 44 GDPR
Provider: Google LLC, 1600, Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://policies.google.com/privacy
Google Tag Manager
Purpose of processing: Tag Manager to trigger other tags that may collect data
Categories of personal data: none
Affected: Personizer users, interested parties or visitors to the website
Legal basis: Legitimate interest, Art. 6 para. 1 lit. f in conjunction with Art. 44 GDPR
Provider: Google LLC, 1600, Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://www.google.com/analytics/tag-manager/use-policy/
CleverReach
Purpose of processing: Sending the newsletter, notifications.
Categories of personal data: inventory data, e-mail address
Affected: Personizer users, interested parties or visitors to our website
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, Legitimate interest, Art. 6 para. 1 lit. f GDPR
Supplier: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany
Privacy Policy: https://www.cleverreach.com/de/datenschutz
Mailgun
Purpose of processing: Sending order confirmations, contract renewal notifications, billing information as well as notifications and newsletters
Categories of personal data: inventory data, contract data
Affected: Personizer users, interested parties or visitors to our websites
Legal basis: Contract performance, Art. 6 para. 1 lit. b in conjunction with Art. 44 GDPR
Provider: Mailgun Technologies, Inc., 548 Market St. 43099, San Francisco, CA 94104, USA
Privacy Policy: https://www.mailgun.com/privacy-policy
Crisp
Purpose of processing: Provision of customer support systems
Categories of personal data: Content data, Inventory data, Usage data
Affected: Personizer users, interested parties or visitors of the Personizer website
Legal basis: Contract performance, Art. 6 para. 1 lit. b GDPR, Legitimate interest Art. 6 para. 1 lit. f GDPR
Provider: Crisp IM SARL., 2 Boulevard de Launay, 44100 Nantes, France
Privacy Policy: https://crisp.chat/de/privacy
YouTube
Purpose of processing: YouTube embedding function for viewing and playing videos of the provider YouTube
Categories of personal data: Inventory data
Affected: Personizer users, interested parties or visitors of the Personizer website
Legal basis: Legitimate interest, Art. 6 para. 1 lit. f in conjunction with Art. 44 GDPR
Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://www.google.de/intl/de/policies/privacy
SurveyMonkey
Purpose of processing: We use SurveyMonkey for surveys
Categories of personal data: Inventory data
Affected: Personizer users, prospective customers or newsletter subscribers
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, Legitimate interest Art. 6 para. 1 lit. f GDPR
Provider: SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland
Privacy Policy: https://www.surveymonkey.de/mp/policy/privacy-policy
Purpose of processing: Conversion tracking and retargeting
Categories of personal data: User data
Affected: LinkedIn users, interested parties or visitors to the LinkedIn website
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, Legitimate interest Art. 6 para. 1 lit. f GDPR
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
KnockApp
Purpose of processing: Improving communication between Personizer, the customer and its employees
Categories of personal data: inventory data, contract data
Affected: Personizer user
Legal basis: Legitimate interest Art. 6 para. 1 lit. f in conjunction with Art. 44 GDPR
Supplier: Knock Labs Inc. 175 Varick St, 413 New York, NY 10014, United States
Privacy policy: https://knock.app/legal/privacy-policy
Sentry
Purpose of processing: Improving the stability and reliability of our Services
Categories of personal data: first name and surname, e-mail address
Affected: Personizer user
Legal basis: Contract performance Art. 6 para. 1 lit. b GDPR, Legitimate interest Art. 6 para. 1 lit. f in conjunction with Art. 44 GDPR
Provider: Sentry io., 45 Fremont St, San Francisco, CA 94105, USA
Privacy Policy: https://sentry.io/privacy/