When using the website, personal data about you may be processed by us as the data controller and stored for the period necessary to fulfil the specified purposes and legal obligations. In the following, we inform you about what data is involved, how it is processed and what rights you have in this regard.

According to Art. 4 No. 1 of the European General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”).

1. Name and contact details of the data controller

This Privacy Policy applies to data processing on the website by the data controller:

CROSSMEDIA GmbH
represented by the managing directors Markus Biermann, Matthias Bade, Stefan Happe, Gero Maskow, Armin J. Schroeder, Georg Tiemann
Hildebrandtstraße 24A
40215 Düsseldorf, Germany

(hereinafter referred to as “CROSSMEDIA”)

Phone: +49 (0) 211.86652.0
Fax: +49 (0) 211.86652.200
email: datenschutz@crossmedia.de

CROSSMEDIA has appointed an internal data protection officer, who can be reached under the following contact details:

CROSSMEDIA GmbH
(Mr. Maik Erkelenz)
Hildebrandtstraße 24 A
D-40215 Düsseldorf, Germany
Tel.: +49 211 86652 234
email: dsgvo@crossmedia.de

2. Processing of personal data and purposes of the processing

a) External web hosting

This website was created via www.wordpress.org. For more information, please refer to the WordPress privacy policy at: https://de.wordpress.org/about/privacy/ .

This website is hosted by an external service provider (hoster). The personal data collected on the website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

For the provision of this website, we use the web hosting service of Fancy Chap, Inc., D/B/A Flywheel. 1405 Harney Street #201 Omaha, NE 68102 (hereinafter referred to as “Flywheel”). Flywheel stores this website on its servers (hosting). The hosting takes place on servers in the European Union.

In connection with the hosting, Flywheel processes personal data on our behalf that arises from the following actions of users:

• When visiting the website;
• When using the form to apply.

We have entered into a Data Processing Agreement (DPA) with Flywheel. Through this contract, Flywheel ensures that they process the data in accordance with the GDPR and ensure the protection of the rights of the data subject. In the event that Flywheel transfers personal data to a country outside the EU, we have agreed with Flywheel on the so-called standard contractual clauses of the European Commission. Flywheel undertakes to ensure a level of data protection that is adequate for the EU.

In order to offer a website, the commissioning of a web hosting service is required. The use of Flywheel takes place in accordance with Art. 6 para. 1 f) GDPR due to our legitimate economic interest in keeping our services on this website available.

Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

For more information on Flywheel, please see their Privacy Policy: https://getflywheel.com/legal/privacy-policy/ and the published model DPA: https://getflywheel.com/pdf-viewer/?file=https://getflywheel.com/wp-content/uploads/2018/05/Flywheel-Customer-Data-Processing-Addendum.pdf.

b) When visiting the website

You can visit the website without having to disclose any information about your identity. The browser used on your end device only automatically sends information to the server of our website (e.g. the operating system of your computer and the browser you are using, the name of your internet access provider, the name and URL of the file accessed, the date and time of access, the website from which access was made).

This also includes the IP address of your requesting end device. This IP address is temporarily stored in a so-called log file and automatically deleted after 7 days.

The IP address is processed for technical and administrative purposes of connection establishment and stability, in order to ensure the security and functionality of our website and, if necessary, to be able to pursue any illegal attacks on it.

The legal basis for the processing of the IP address is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows results from the aforementioned security interest and the necessity of a trouble-free provision of our website.

We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.

In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations of this in sections 4 and 5 of this privacy policy.

c) Contact Us

When contacting us (via contact form or e-mail), the user’s details are processed for the purpose of handling the contact request and its fulfilment pursuant to Art. 6 para. 1 lit. b. GDPR.

The user’s details may be stored in our customer relationship management system (“CRM system”) or comparable enquiry organisational systems.

We currently use the CRM system “Hubspot”, from the provider Hubspot Inc. (25 First St, Cambridge, Massachusetts 02141, USA) on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR (efficient and fast processing of user enquiries). For this purpose, we have concluded an Data Processing Agreement with Hubspot including the so-called standard contractual clauses, in which Hubspot undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level pursuant to the GDPR.

d) Comments and Postings

When a user comments on posts on the website, their IP address is stored. This is done for the security of the provider in case someone writes unlawful content in comments and posts (insults, forbidden political propaganda, etc.). In this case, the provider itself can be prosecuted for the comment or post and is therefore dependent on collecting the identity of the users who write a comment.

e) Newsletter

If you would like to subscribe to our newsletter, we would be pleased if you would register using the form provided for this purpose. All you have to do is enter your e-mail address. Further personal details (e.g. name, so that we can address you personally) are optional. In order o ensure that you really want to receive our newsletter (and that your e-mail address has not been entered by someone else) and to record that you agree to the processing of your personal data in the context of sending the newsletter, we use the so-called double opt-in procedure. This means that after entering your e-mail address (and possibly other data), you will receive a confirmation e-mail from us. Only after you have clicked on the activation link in the confirmation e-mail are you registered for our newsletter.

Since we only process your data for sending the newsletter if you agree to this, i.e. you have given us your consent (in accordance with Art. 6 para. 1 lit. a GDPR), we must store the data required for the corresponding documentation. For these purposes, in addition to your e-mail address, we also store the time and date of your registration, the time and date of your confirmation and the relevant IP address.

You can revoke your consent at any time with effect for the future by using the corresponding unsubscribe link, which you can find at the end of every newsletter.

As soon as you revoke your consent, we will no longer send you the newsletter. Based on our legitimate interest (Art. 6 para. 1 lit. f. GDPR) in the verifiability of legally compliant data processing, we reserve the right to store your e-mail address together with logging data of your consent for a further 3 years. In this case, we will retain the aforementioned data exclusively for this purpose and block it for other processing.

Dispatch service provider:

The dispatch of the newsletter is carried out by Hubspot Inc. (25 First St, Cambridge, Massachusetts 02141, USA), hereinafter referred to as the “dispatch service provider”. You can view the privacy policy of the dispatch service provider here:

https://www.hubspot.de/data-privacy/gdpr. Hubspot has signed the so-called standard contractual clauses of the European Commission to ensure an appropriate level of data protection, including in exchanges with third countries. Furthermore, according to its own information, the dispatch service provider may use this data in pseudonymous form, i.e. without assigning it to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletter or for statistical purposes to determine which countries the recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.

The dispatch service provider is used on the basis of our legitimate interest (Art. 6 para. 1 lit. f. GDPR) in the implementation and optimisation of our newsletter and customer relations.

3. Transfer of personal data to third parties

Insofar as it is legally permissible and is necessary in accordance with Art. 6 para. 1 sentence 1 lit. b. GDPR for the processing of contractual relationships with you or in accordance with Art. 6 para. 1 lit. f. GDPR for the protection of our interests or those of third parties, your personal data will be passed on to third parties. The data passed on may only be used by the third party for the purposes stated.

In addition, personal data may only be transferred if

• you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a. GDP, and
• in the event that there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 sentence 1 lit. c. GDPR.

Transfer of personal data to third countries

If data is transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area, we ensure before the transfer that, outside of exceptional cases permitted by law, an adequate level of data protection exists at the recipient (e.g. through an adequacy decision by the European Commission or through suitable guarantees such as the agreement of so-called EU standard contractual clauses of the European Union with the recipient) and insofar as you have given your consent to the data transfer.

This website is also aimed at interested parties and users from third countries. In order to guarantee our interested parties from the EU secure handling and processing of their personal data, we take technical measures to ensure that processing only takes place in the EU. Data of users from third countries, in particular from the UK and the USA, are passed on separately to our affiliated companies and subsidiaries in the USA or UK if the data protection laws allow it.

Personal data of users from the EU are generally not passed on to third countries. Exceptions can only exist if you have given us your informed consent regarding the transfer of data to third countries. Such consent can be revoked by you at any time with effect for the future (see section 8 below).

4. Cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already been to our site and which entries and settings you have made so that you do not have to enter hem again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you (see section 5). These cookies enable us to automatically recognise that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with art. 6 (1) para. 1 lit. f. GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions on our website.

5. Web analysis: Google Analytics

We use Google Analytics on our website, a web analysis service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”). In this context, pseudonymised usage profiles are created and cookies are used (see section 4). The information generated by the cookie about your use of this website, such as

• Browser type/version,
• Operating system used,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address),
• Time of the server request,

are transmitted to a Google server in the USA and stored there. Google complies with European data protection regulations and has therefor submitted to the so-called standard contractual clauses of the European Commission. In addition, we have concluded a Data Processing Agreement with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the GDPR and ensure the protection of the rights of data subjects.

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law of if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking).

You can prevent the installation of cookies by setting your browser software accordingly. However, we would like to point out that in this case not all functions of this website can be used to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser-add-on.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics-Help.

The tracking measures by Google Analytics are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f. GDPR. In this way, we want to ensure a needs-based design and the ongoing optimisation of our website. On the other hand, we use Google Analytics to statistically advertising content. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

We use the Google Tag Manager on our website in order o be able to manage different so-called website tags via a single platform. Website tags are services and tools that are played out on a website in the form of programming code and pixels in order o collect data. The Google Tag Manager itself does not collect any personal data but only serves to centrally manage the carious tags (e.g. Google analytics) and to display them on the website. If you have objected to the collection/processing of data by a tool implemented by means of Google Tag Manager (deactivation), this objection remains effective even if the tag is played via Google Tag Manager. Further information on the processing of personal data when integrating Google services and the terms of use of the Google Tag Manager can be found under the following external links:

https://policies.google.com/privacy,
https://www.google.com/intl/de/tagmanager/use-policy.html.

YouTube- and Vimeo Player (video player)

We use components (videos) of YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter: “YouTube”), a Google Inc. company, and Vimeo, Inc., 555 West 18th Street New York, New York 10011, USA (hereinafter: “Vimeo”, both together also “video player”) on our website on the basis of consent pursuant to Art. 6 para. 1 sentence 1 lit. a. GDPR

In doing so, we use the “extended data protection mode” option provided by YouTube. When you call up a page that has an embedded video, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser. According to YouTube’s information, in “extended data protection mode” your data – in particular which of our internet pages you have visited as well as device-specific information including the IP address – is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission. If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Google and Vimeo comply with European data protection regulations and have therefore submitted to the so-called standard contractual clauses of the European Commission.

You can find further information on Vimeo’s data processing at:
https://vimeo.com/privacy

6. Data subject rights

You have the right:

• in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future;
• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, conclusive information about its details;
• in accordance with Art. 16 GDPR, to demand the immediate correction of inaccurate or incomplete personal data stored by us
• in accordance with Art. 17 of the GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
• in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, nut you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
• pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller; and
• complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

7. Information about your right to object according to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e. GDPR (data processing in the public interest) and Art. 6 para. 1 lit. f. GDPR (data processing on the basis of a balance of interests): this also applies to Art. 4 para. GDPR profiling based on this provision.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interest, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If you object to the processing of data for the purpose of direct marketing, we will immediately stop the processing. In this case, it is not necessary to specify a particular situation. This also applies to profiling, insofar as it is connected with such direct advertising.

If you would like to exercise your right to object, it is sufficient to send an e-mail
dsgvo@crossmedia.de

8. Data security

All data transmitted by you personally will be encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that is also used, for example, in online banking. You can recognise a secure TLS connection by the s appended to the http (i.e. https://…) in the address bar of your browser or by the lock symbol in the lower area of your browser.

We also use appropriate technical and organisational security measures to protect your data against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

9. Updating and amendment of this privacy policy

This privacy policy is currently valid and was updated in March 2021.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be viewed, downloaded and printed at any time on the website at:

https://www.crossmedia.de/datenschutz.