Privacy Policy

This Privacy Policy will explain to you the type, scope and purpose of the processing of personal data (subsequently abbreviated as “data”) within our online range and the associated websites, functions and contents, as well as external online presences, such as our social media profile. With regard to the terms used, such as “processing”, or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller
Geraldine Kahl & Sarah Andersen
AWAKE Communications GmbH
Ehrenbergstrasse 33
22767 Hamburg

mail@awake-communications.com

Management Board: Geraldine Kahl & Sarah Andersen
Link to Legal Notice: https://www.awake-communications.com/impressum/
Contact Data Protection Officer: mail@awake-communications.com

Types of data processed:
– Inventory data (e.g. names, addresses)
– Contact data (e.g. email, telephone numbers)
– Contents data (e.g. text entries, photographs, videos)
– Use data (e.g. websites visited, interest in contents, access times)
– Meta/Communications data (e.g. device information, IP addresses)

Categories of persons affected
Visitors and users of the online range.

Purpose of processing
– Providing the online range, its functions and contents
– Answering contact enquiries and communicating with users
– Security measures
– Reach measurement/Marketing

Terms used
“Personal data” is all information that relates to an identified or identifiable natural person (in the following “data subject”); a natural person is seen to be identifiable if they can be identified, directly or indirectly, in particular by allocation to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, financial, cultural or social identity of this natural person.
“Processing” is every procedure carried out with or without the help of automatic processes or every such range of procedures in connection with personal data. This term is wide-ranging and encompasses practically all data handling.
“Pseudonymisation” is the processing of personal data in a manner so that the personal data cannot be allocated to a specific data subject without drawing on additional information, if this additional information is separately stored and subject to technical and organisational measures that guarantee that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” is every type of automated processing of personal data that consists of this personal data being used in order to evaluate certain personal aspects that relate to a natural person, in particular in order to analyse or forecast aspects regarding work performance, their financial situation, health, personal preferences, interests, reliability, conduct, place of stay or change of location of this natural person.

The “controller” or data controller describes the natural person or legal entity, public authority, institution or other centre that decides on the purpose and means of processing personal data alone or together with others.
The “order processor” is a natural person or legal entity, public authority, institution or other centre that processes personal data on behalf of the controller.

Relevant legal basis
In accordance with Art. 13 GDPR we are informing you of the legal basis of our data processing. If the legal basis is not specified in the Privacy Policy, the following applies: the legal basis for obtaining consent is Art. 6 (1) a and Art. 7 GDPR; the legal basis for processing to fulfil our services, carry out contractual measures and answer enquiries is Art. 6 (1) b GDPR; the legal basis for processing to fulfil our legal obligations is Art. 6 (1) c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 (1) f GDPR. If vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 (1) d GDPR serves as the legal basis.

Security measures
In accordance with Art. 32 GDPR and taking the current status of technology into account, the implementation costs and the type, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, we take suitable technical and organisational measures to guarantee a level of protection appropriate to the risk. These measures include in particular securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input and transferral, as well as securing the availability and the separation relating to these. Moreover, we have set up procedures that guarantee the safeguarding of the rights of data subjects, the erasure of data and to react to dangers to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection by the design of technology and through data protection-friendly pre-settings (Art. 25 GDPR).

Cooperation with order processors and third parties
If within the scope of our processing we disclose data to other persons and companies (order processors or third parties), transmit the data to these or otherwise grant them access to the data, this will only occur on the basis of legal permission (e.g. if transmission of the data to a third party, such as a payment services provider, is required as per Art. 6 (1) b GDPR to fulfil the contract), you have given consent, a legal obligation requires this or on the basis of our legitimate interest (e.g. when using representatives, web hosts etc.). If we commission third parties to process data on the basis of a so-called “order processing agreement”, this will be done on the basis of Art. 28 GDPR.

Rights of data subjects
You have the right to demand a confirmation of whether relevant data is processed and to information about this data, as well as to further information and copies of the data in accordance with Art. 15 GDPR. According to Art. 16 GDPR you have the right to demand the completion of data relating to you or the rectification of inaccurate data relating to you. In accordance with Art. 17 GDPR you have the right to demand that relevant data is erased without delay or alternatively, in accordance with Art. 18 GDPR to demand the restriction of processing of the data. You have the right to demand that you receive data relating to you that you have provided to us in accordance with Art. 20 GDPR and request its transmission to another controller. Furthermore, as per Art. 77 GDPR you have the right to submit a complaint to the supervisory authorities responsible.

Right of withdrawal
You have the right to withdraw any consent you have given as per Art. 7 (3) GDPR with effect in the future.

Right to object
You can object to the future processing of data relating to you at any time in accordance with Art. 21 GDPR. Such an objection can be made against processing for purposes of direct advertising.

Cookies and the right to object to direct advertising
“Cookies” are small files stored on users’ computers. Different disclosures can be stored within cookies. A cookie primarily serves to store disclosures about a user (or the device on which the cookie is stored) during or also after their visit to an online range. Temporary cookies or “session cookies” or “transient cookies” are cookies that are erased after a user leaves an online range and closes their browser. Such a cookie can e.g. store the contents of a shopping basket in an online shop or a login status. “Permanent” or “persistent” cookies are those that also remain stored after closing the browser. For example, the login status can be stored if the user visits again after several days. Such a cookie can also store a user’s interests, which can be used to measure reach or for marketing purposes. A “third-party cookie” is a cookie offered by providers other than the controller that operates the online range (otherwise, if these are only the controller’s cookies, these are called “first-party cookies”). We can use temporary and permanent cookies and provide clarification of this within the scope of our Privacy Policy. If users do not want to store cookies on their computer, we would ask them to deactivate the corresponding option in the system settings of their browser. Stored cookies can be erased in the system settings of the browser. Excluding cookies can lead to restrictions of the function of this online range. A general objection to the use of cookies utilised for the purposes of online marketing can be made with a variety of services, primarily in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Moreover, the storage of cookies can be prevented by switching them off in the browser settings. Please note that then you might not be able to use all the functions of this online range.

Erasing data
The data we process is erased or its processing is restricted in accordance with Art. 17 and 18 GDPR. If nothing is explicitly stated in this Privacy Policy, the data we store will be erased as soon as it is no longer required for its purpose and no legal storage obligations contradict such erasure. If the data is not erased because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be blocked and will not processed for other purposes. This applies, for example, to data that has to be stored for reasons of commercial or tax law. According to legal requirements in Germany, storage is made for 10 years in particular as per sections 147 (1) AO, 257 (1) 1 and 4, (4) HGB (books, records, management reports, account receipts, trading books, documents relevant for taxation etc.) and 6 years as per section 257 (1) 2 and 3, (4) HGB (commercial letters).

Data protection information for application procedures
We only process applicant data for the purpose and within the scope of the application procedure in harmony with legal requirements. Applicant data is processed to fulfil our  (pre-) contractual obligations within the scope of the application procedure in accordance with Art. 6 (1) b. GDPR  6 (1) f. GDPR, if the data processing is required of us, e.g. within the scope of legal proceedings (in Germany section 26 BDSG applies in addition). A condition of the application procedure is that applicants inform us of their applicant data. By transmitting their application to us, applicants declare they agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope of processing detailed in this Privacy Policy.

Hosting and sending emails
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, sending emails, security services and technical maintenance services that we use for the purposes of operating this online range. Here, we or our hosting provider process inventory data, contact data, contents data, contractual data, usage data, meta and communications data from customers, potential customers and visitors to this online range on the basis of our legitimate interest in efficient and secure provision of this online range as per Art. 6 (1) f GDPR in combination with Art. 28 GDPR (concluding an order processing agreement).

Collecting access data and logfiles
We or our hosting provider collect, on the basis of our legitimate interest in accordance with Art. 6 (1) f. GDPR, data about every access made to the server on which this service can be found (so-called server logfiles). Access data includes the name of the website called up, file, date and time of the call-up, the data quantity transmitted, a report that the call-up was successful, browser type and version, the user’s operating system, referrer URL (the site previously visited), IP address and the requesting provider.

For security reasons (e.g. clarifying cases of misuse or fraudulent actions), logfile information is stored for a maximum of 7 seven days and then erased. Data that has to be stored for longer periods for evidence purposes will be excluded from erasure until the relevant incident has been conclusively clarified.

Google Analytics
On the basis of our legitimate interest (i.e. interest in analysing, optimising and efficiently operating our online range in accordance with Art. 6 (1) f. GDPR), we use Google Analytics, a web analysis service from Google LLC (“Google”). Google uses cookies. The information generated by the cookie about use of the online range by the user is usually sent to a Google server in the USA and stored there. Google is certified under the Privacy Shield Framework and thus offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google uses this information on our behalf in order to evaluate the use of our online range by the user, to compile reports about activities within this online range and to provide additional services to us that are connected with the use of this online range and internet use. In the process, pseudonymised use profiles can be made for users from the processed data. We only use Google Analytics with activated IP anonymisation. This means, the user’s IP address will be shortened by Google within member states of the European Union or in other contracting states to the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptions. The IP address transmitted by the user’s browser will not be brought together with other data by Google. Users can prevent the storage of cookies by setting their browser software accordingly; furthermore, users can prevent the recording of the data generated by the cookie relating to their use of the online range by Google and the processing of this data by Google by downloading and installing the browser plugin available on the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You will find further information about data use by Google, and about setting and objection possibilities in the Google Privacy Policy (https://policies.google.com/technologies/ads) and in the setting for showing advertising inserts by Google (https://adssettings.google.com/authenticated). The user’s personal data will be erased or anonymised after 14 months.

Jetpack (WordPress Stats)
On the basis of our legitimate interest (i.e. interest in analysing, optimising and efficiently operating our online range in accordance with Art. 6 (1) f. GDPR), we use the plugin Jetpack (here the sub-function “Wordpress Stats”), which includes a tool for statistical evaluation of user accesses and is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this online range is stored on a server in the USA. In the process, user usage profiles can be drawn up from the data processed, which will only be used for analysis and not for advertising purposes. You will find further information in the Automattic Privacy Policy: https://automattic.com/privacy/ and information about Jetpack cookies: https://jetpack.com/support/cookies/.

Online presences in social media
We maintain online presences within social networks and platforms in order to be able to communicate there with active customers, potential customers and users and to inform them about our services there. When calling up the relevant networks and platforms the terms and conditions and data processing of the respective operator apply.

Inclusion of third-party services and contents
Within our online range and on the basis of our legitimate interest (i.e. interest in analysing, optimising and efficiently operating our online range in accordance with Art. 6 (1) f. GDPR), we use contents or service ranges from third-party providers in order to include their contents and services, such as videos or fonts (subsequently referred to as “contents”). The condition for this is always that the third-party provider of these contents becomes aware of the user’s IP address, because without the IP address they would not be able to send the contents to their browser. Thus, the IP address is required to present these contents. We make efforts only to use contents whose providers merely use the IP address to deliver the contents. Furthermore, third-party providers can use so-called Pixel tags (invisible graphics, also known as “Web Beacons”) for statistical or marketing purposes. Using the “Pixel tags” information, such as visitor traffic on the pages of this website, can be evaluated. Furthermore, the pseudonymous information in cookies can be stored on the user’s device and receive among others technical information about the browser and operating system, referring websites, visit time and further disclosures about the use of our online range, and also be connected with such information from other sources.

Vimeo
We can include videos from the platform “Vimeo” from the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy Policy: https://vimeo.com/privacy. We must point out that Vimeo can use Google Analytics and refer here to the Privacy Policy (https://www.google.com/policies/privacy) and  Opt-Outpossibilities for Google-Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or the Google settings for data use for marketing purposes (https://adssettings.google.com/.).

YouTube
We include videos from the platform “YouTube” from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Fonts
We include fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Instagram
Within our online range functions and contents can be included from the service Instagram, which is offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This can include contents such as pictures, videos, texts and buttons with which users of this online range can share contents within Instagram. If users are members of the platform Instagram, Instagram can allocate the call-up of the contents and functions detailed above to the user profiles there. Instagram Privacy Policy: http://instagram.com/about/legal/privacy/.

Pinterest
Within our online range functions and contents can be included from the service Pinterest, offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. This can include contents such as pictures, videos, texts and buttons with which users of this online range can share contents within Pinterest. If users are members of the platform Pinterest, Pinterest can allocate the call-up of the contents and functions detailed above to the user profiles there. Pinterest Privacy Policy: https://about.pinterest.com/de/privacy-policy.

Drawn up by Data Protection Generator.de from RA Dr. Thomas Schwenke