Privacy

Data Protection Notice

This Privacy Policy satisfies the disclosure requirements according to Art. 12 ff. of the EU General Data Protection Regulation (“GDPR”) and provides a summary of the processing of your personally identifiable information (“personal data”, “personal information”) on this website.

1. Who is accountable for the use of my data?

direct services Gütersloh GmbH

An der Autobahn 300

E-Mail: info@campaign-services.de

Phone: 05241 – 80 40 685

Fax: 05241 – 80 640 685

The above indicated company is accountable for the use of personal data on this website (hereinafter referred to as “we”). Every processing of personal data on this website is conducted in compliance with the GDPR as well as possibly applicable other legislation.

You can contact our designated Data Protection Officer at the address indicated above by using the reference “For the attention of the Data Protection Officer” or by writing to: datenschutz@bertelsmann.de. 

2. What data are concerned?

When you visit our website, the data of the computer you use to access our website is automatically logged (“access data”). This access data includes server log files that generally consist of information pertaining to your web browser type and version, your operating system, your internet service provider (ISP), the date and time you used the website, the websites previously visited by you and the websites you accessed from our website, in addition to the IP address of your computer. With the exception of your IP address, the information contained in the server log files is not personally identifiable. An IP address is personally identifiable when it is static (permanently allocated when using internet access) and the ISP is able to attribute it to a specific person.

If you use features of our website, a pseudonymized user profile will be created and, where you provide information by your use (e.g. search words, log in data, ratings, contract details, clicks, etc.), such data will be collected. 

Some features of our website require that you divulge personal information to us. In this case, the information provided by you is used to provide the service requested by you or process a matter submitted by you (e.g. search queries, entries made in forms or contracts, click data).

3. Which cookies are used?

Cookies are used on our website. Cookies are small text files that are saved to your computer when visiting a website. The cookies that are saved can be attributed to the web browser used by you. When the website is visited again, the web browser returns the content of the cookies, thus enabling you, the user, to be recognized. Certain cookies are deleted when you log out or end the browser session (“transient cookies” or “session cookies”). Other cookies are saved for a specific period of time (“temporary cookies”) or indefinitely (“persistent cookies”). These cookies are automatically deleted when the defined period lapses. The privacy and security settings of your browser enable cookies to be deleted at any time and also enable you to configure the use of cookies in accordance with your preferences. However, you may not be able to use all the features of our website if you delete the cookies used by our website.

As a general principle, cookies enable online recognition without reference to a specific person. Cookies may become personally identifiable when the information they contain is merged with other information apart from the information generated by the cookies themselves. Here a distinction is made between cookies that are necessary for the provision of website features, and cookies that are required for other purposes, e.g. analysis of user behaviour or displaying advertising-related content.

The cookies that are required for the provision of website features include the following in particular:

  • Cookies that are used to identify or authenticate the user;
  • Cookies used to temporarily store user input (e.g. the content of a shopping cart or online form);

  • Cookies used to store user preferences (e.g. search or language settings);

  • Cookies that store data to enable the trouble-free rendering of video or audio content.

Cookies that are needed for other purposes of the website include analytics cookies to record the usage behaviour of our users and evaluate it in the form of statistics (e.g. advertising banners clicked, sub-pages visited, search queries conducted).

4. Which data are used for which purpose?

The purpose of data processing may be based on technical, contractual or statutory requirements or result from consent having been given by the user.

We use the data listed above in sec. 2 for the following purposes:

  • To provide website features and content and ensure technical security in troubleshooting technical issues and also to ensure that unauthorized persons do not gain access to our website systems;
  • To conduct marketing reach measurements and web analyses in order to make our website more efficient and interesting for you, and for market research purposes;
  • For communication, completion of precontractual procedures, and customer care purposes;

You can find further information about each used feature as well as the underlying purposes in the following sections.

4.1 Technical provision

4.1.1 Description and extent of the processing

direct services Gütersloh GmbH takes great care to ensure the security of personal data. Your data is conscientiously protected from loss, destruction, distortion/falsification, manipulation and unauthorized In order to enable the proper functioning of our website, security analyses to be conducted, and denial-of-service attacks to be prevented and stopped, server log files are automatically collected and saved on a short-term basis as an integral part of access data that is created by the system of the visiting computer upon accessing our website and while using it (see section 2). The content of the server log files is not merged with other data. We use the server log files for statistical analyses to troubleshoot and remedy technical issues, prevent and defend against denial-of-service attacks and attempted fraud, and to optimize the proper functioning of our website.

4.1.2 Purposes and legal basis for the use of personal data

The legal basis for the creation of server log files follows from Art. 6(1)(f) GDPR. Our legitimate interests lie in the proper functioning of our website, conducting security analyses and defending against threats.

4.1.3 Duration of storage

When the pages of our website are accessed, information is logged to server log files that are stored on our web server; the IP address contained in them is deleted after 7 days at the latest. No analysis is conducted during this time unless there is a denial of service or other attack.

4.1.4 Options for lodging an objection and having your data removed

You are entitled to object the use of your personal data pursuant to Art. 21 GDPR on grounds that relate to your particular situation. If you want to exercise that right contact the Data Protection Officer via the means of contact indicated in section 1 above.

4.2 Contact form, Email or phone contact

4.2.1 Description and extent of the processing

On our website you have the option of contacting us by way of a contact form, by email or by telephone using the designated email address and phone number. If you take advantage of this option, the information you enter in the contact form, your email address and/or your phone number are disclosed to us. Depending on the reason you are contacting us (questions about our products and services, pursuing your rights as a data subject, e.g. submitting a request for information) your contact details are processed (with the assistance of service providers). If necessary for processing your request, this information may be shared with third parties (e.g. partner companies).

4.2.2 Purposes and legal basis for the use of personal data

The legal basis for using data in this regard is to be found in Art. 6 sec. 1 lit. f GDPR. Our shared interest is that you receive an adequate answer. Hence, for the time necessary for this endeavor, there is no overriding interest that prevails and excludes the data processing. Where your contact is directed towards the conclusion of a contract, the processing is based on Art. 6 sec. 1 lit. b GDPR instead.

4.2.3 Duration of storage or criteria applied in defining this period

After responding to your request and the end of possibly further communication, your information provided for the purpose of the query will be erased unless your query was directed towards the conclusion of a contract or where you contacted us in order to exercise one of your data subjects rights. In that situation we will keep records as long as necessary for the performance of a contract or as long as we have to demonstrate our compliance with your request for your rights.

4.2.4 Right to object

You are entitled to object the use of your personal data pursuant to Art. 21 GDPR on grounds that relate to your particular situation. If you want to exercise that right contact the Data Protection Officer via the means of contact indicated in section 1 above. Where you object the use of your data, we might not be able to respond to your request anymore, unless it is necessary for the performance of a contract or you want to exercise one of your rights.

4.3 Web tracking

Our website uses features to measure and evaluate user behavior and interaction. These features will utilize your access data (see section 2 above) and analyze your interactions with our website by means of tracking cookies (see section 3 above). This kind of analysis does usually not require personal data. Your IP address will therefore be shortened for the last octet what leads to anonymous user profiles which will not be combined with other data we store. Identifiable user profiles will only be created if you have consented to it.

Web tracking is usually conducted by involvement of external providers (Processors). With such processors we have concluded data processing agreements; contracts, which strictly bind them to our instructions and oblige them to process the collected data on our behalf and in a substantially limited way only. Where such a Processor is established outside of the EU, there might occur a so-called third country transfer. This is lawful, if the Processor offers an adequate level of data protection, which can be achieved by different means (additional safeguards). We ensure that every Processor provides at the time of his involvement such a level.

Which additional safeguard is applicable respectively, is indicated below.

4.3.1 Google Analytics

This website uses Google Analytics (GA). Provider of GA is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA is configured by use of the ‘_anonymizeIP’-code in a way that it deletes the last octet of your IP address, hence only creating pseudonymous user profiles, which cannot identify you as a person. These non-personal user profiles will be subject to analysis and evaluation. Google is contractually obliged not to merge these profiles with any data they might possibly hold from other instances.

Any occurring third country transfer (see section 4.3) is covered by Google’s certification under the US-EU Privacy Shield, which ensures that Google adheres to European standards of data protection.

You can find more information about the data processing by Google, including GA, in Google’s Data Protection Statement: https://policies.google.com/privacy?hl=de.

4.3.2 Purposes and legal basis of data processing

The legal basis for the creation and utilization of pseudonymous user profiles follows from Art. 6 sec. 1 lit. f GDPR. Our legitimate interest in creating such profiles is to increase the success of our website, measure its geographical scope and develop a better understanding of our audience. Where user profiles are capable of identifying a natural person, the legal basis is the consent of that person, Art. 6 sec. 1 lit. a, otherwise such profiles will not be created.

4.3.3 Duration of storage or criteria applied in defining this period

Data collected by use of web tracking tools will be stored in pseudonymous form. You can object the collection with effect for the future. Where profiles do identify a natural person the duration of storage is determined by the continued existence of a valid consent. After withdrawal the data will be deleted or anonymized.

4.3.4 Options for lodging an objection and having data removed

You can object to the use of web tracking tools and their collection of personal data by adjusting your browser settings accordingly, and/or using the following links to deactivate the tools respectively.

If the data are collected based on your consent, you are entitled to withdraw this consent at any time with effect for the future. To withdraw, please use this link info(at)campaign-services.de or address your withdrawal to the attention of our Data Protection officer (see address in section 1 above).

4.4 Online Lottery

4.4.1 Description and extent of the processing

Our website offers you the opportunity to participate in our lotteries. We collect your data via the application form as a part of the terms of use. We need to process your data in order to determine and announce a winner as well as demonstrate compliance that we have collected your data validly. Participation is completely voluntary. If you win, we will process your data to contact you and deliver your reward, possibly by involvement of Processors. As a rule, your data will not be transferred to any third party.

4.4.2 Purposes and legal basis for the use of personal data

Use of your data is required in order to determine and announce a winner. The legal basis for this is to be found in Art. 6 sec. 1 lit. b GDPR for the lottery is a contract-like situation.

4.4.3 Duration of storage or criteria applied in defining this period

After the winner has been announced your data will be stored up to six months for investiga-tion and fraud prevention reasons, and then deleted, unless there are withstanding regulatory obligations.

4.4.4 Options for lodging an objection and having data removed

Processing your personal data is required to determine and announce a winner. You can ex-ercise your right to object at any time addressing it to the attention of our Data Protection Of-ficer (see section 1 above). Note that objection to the processing of your personal data will lead to your exclusion from the lottery.

5. Who gets my data?

Within our company only those departments will have access to your data who need them in order to fulfil the purposes (see section 4 above). This applies accordingly to any involved Processors, if any, who might process data on our behalf (e.g. hosting and operations, mail delivery, etc.). All our Processors are contractually bound to our instructions which adheres to the high standard of data protection set out under the GDPR.

Outside our company, to so-called third parties (e.g. advertising partners, providers of social media services or credit institutions), your data will be transferred only if this is mandatory from the law, based on a legal basis, or where you have consented. The following third parties can receive data about you, where one of these situations (legal obligation, legal basis or consent) applies:

  • Providers of web analysis tools, who process data for their own purposes and are not bound to our instructions as a Processor.

For more information about third parties who might receive your data, if any, see Sec. 4 above.

6. Are my data transferred outside of the EU (Third country transfer)?

Where any of the providers indicated in section 5 above are located outside the EU/EEA this might lead to the result that your data are processed in a country that does not maintain a level of data protection similar or equal to the one within the EU. Therefore such a level of data protection must be established by the data exporter (this is us for our website) by means of additional safeguards, which raise the level of data protection of the data importer. Additional safeguards can be an official adequacy decision by the European Commission, additional contractual clauses, also issued by the Commission, or a certification under a mechanism that is approved by the Commission (such as the US-EU Privacy Shield for the USA). You can request a copy of the applied additional safeguards by using our contacts from Sec. 1 above.

The following providers are processing your data outside the EU/EEA under application of the following additional safeguards:

  • For the embedment of their analytics cookie, Google has self-certified under the US-EU Privacy Shield. They process your personal data outside the EU or they could access them from outside the EU.

7. What are my rights?

You have the right to request access to your personal data that is currently stored by us. If this data is incorrect or not up to date, you have the right to request rectification. You also have the right to have your personal data erased and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. You also have the right to request a copy of the personal data provided by you in a structured, commonly-used, machine-readable format (right to data portability).

If you have given your consent to the processing of your personal information for specific purposes, you can revoke that consent at any time for the future. Your notice of revocation is to be addressed to us by writing to the contact address indicated in section 1.

Pursuant to Art. 21 GDPR, you also have the right for reasons relating to your specific situation to raise an objection to the processing of your data that is done on the basis of Art. 6(1)(f) GDPR. You also have the right to lodge an objection to the processing of your personal information for direct marketing purposes. The same applies to automated processes involving the use of individual cookies, unless they are required for providing the functionality of our website.

You also have the right to lodge a complaint with the competent data protection authority. The authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf, Germany

Phone: 0211/38424-0

Fax: 0211/38424-10

Email: poststelle@ldi.nrw.de 

You also have the right to contact the data protection authority at your place of residence and request support in pursuing your matter.

8. Is there any automated decision-making (including profiling)?

For the purposes indicated in Section 4 above, we do not use automated decision making (including profiling).

9. Is profiling done?

No profiling takes place for any of the purposes set out in section 4.

10. Final information / Version

This website is subject to constant improvement and change. This may affect the herein given information about any processing of personal data. The information given reflect the “as-is” situation on August 2018.