LOOM Impact AG
In accordance with the legal requirements of data protection law (in particular the Federal Data Protection Act (BDSG) as amended and the European Data Protection Regulation (DS-GVO)), we would like to inform you about the type, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. With regard to the definition of terms such as “personal data” or “processing”, we refer to Art. 4 DS-GVO.
Name and contact details of the person(s) responsible
Hereinafter referred to as “responsible person” within the meaning of Art. 4 no. 7 DS-GVO:
LOOM Impact AG
Torstrasse 201
10115 Berlin
Germany
Managing directors: Ilko Thun, Rene Wienholtz
Register number: HRB 139761
Court of the register of companies: Local court of Munich
Email address: loomimpact_site.access@loomimpact.com
Types of data, purposes of processing and categories of affected
In the following we inform you about the type, scope and purpose of the collection, processing and use of personal data.
1. Types of data we process
- Usage data (access times, websites visited, etc.)
- Inventory data (name, address etc.)
- Contact information (phone number, email, fax, etc.)
- Payment data (bank data, account data, payment history etc.)
- Contract data (subject of the contract, duration etc.)
- Content data (text input, videos, photos etc.)
- Communication data (IP address etc.)
2. The purposes of the processing pursuant to Art. 13 (1) c) DS-GVO
- Processing of contracts, evidence purposes / preservation of evidence
- Optimize website technically and economically
- Provide easy access to the website
- Fulfillment of contractual obligations
- Contact in case of legal complaints by third parties
- Fulfillment of legal storage obligations
- Optimization and statistical evaluation of our services
- Support commercial use of the website
- Improve user experience
- Design a user-friendly website
- Economic operation of advertising and website
- Marketing / Sales / Advertising
- Creation of statistics
- Determine copy probability of texts
- Avoidance of SPAM and abuse
- Handling of an application procedure
- Customer service and customer care
- Handling contact requests
- Provide websites with features and content
- Security measures
- Uninterrupted, secure operation of our website
3. Categories of persons concerned under Article 13 (1) e) DS-GVO
- Visitors/users of the website
- Customers
- Suppliers
- Interested parties
- Applicants
- Employees
- Employees of customers or suppliers
Legal bases of the processing of personal data
In the following we would like to inform you about the legal bases of the processing of personal data:
- If we have obtained your consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) DS-GVO is the legal basis.
- If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures taken in response to your request, Art. 6 para. 1 sentence 1 letter b) DS-GVO is the legal basis.
- If the processing is necessary for the fulfilment of a legal obligation to which we are subject (e.g. statutory storage obligations), Art. 6 para. 1 sentence 1 lit. c) DS-GVO is the legal basis.
- If the processing is necessary to protect vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 lit. d) DS-GVO is the legal basis.
- If the processing is necessary to protect our interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not prevail in this respect, Art. 6 Paragraph 1 S. 1 lit. f) DS-GVO is the legal basis.
Passing on personal data to third parties and contracted processors
In general we do not pass on your personal data without your consent to third parties. Should this be the case, however, the transfer of data will take place on the basis of the aforementioned legal bases, e.g. when data is passed on to online payment providers for the purpose of fulfilling a contract or due to a court order or due to a legal obligation to surrender the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights.
We also use contract processors (external service providers e.g. for web hosting of our websites and databases) to process your data. If data is passed on to the processors within the framework of an agreement for order processing, this is always done in accordance with Art. 28 DS-GVO. We select our processors carefully, check them regularly and have been granted the right to issue instructions regarding the data. In addition, the processors must have taken suitable technical and organizational measures and comply with the data protection regulations according to BDSG and DS-GVO.
Data transmission in non-EU-member countries
By the adoption of the European data protection basic regulation (DS-GVO) a uniform basis for data protection in Europe was created. Your data is therefore processed primarily by companies to which the DS-GVO applies. If, however, processing is carried out by services of third parties outside the European Union or the European Economic Area, they must comply with the special requirements of Art. 44 ff. DS-GVO. This means that the processing is carried out on the basis of special guarantees, such as the EU Commission’s officially recognized determination of a level of data protection corresponding to that of the EU or compliance with officially recognized special contractual obligations, the so-called “standard contractual clauses”. In the case of U.S. companies, submission to the so-called “privacy shield”, the data protection agreement between the EU and the U.S., fulfils these requirements.
Deletion of data and storage period
If not expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the consent given for processing is revoked by you or the purpose for storing the data no longer applies or the data is no longer required for the purpose, unless its further storage is required for evidence purposes or this is opposed by statutory storage obligations. This includes, for example, commercial storage obligations for business letters according to § 257 para. 1 HGB (6 years) and tax storage obligations according to § 147 para. 1 AO of receipts (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion or fulfillment of a contract.
Existence of an automated decision making
We do not use automatic decision making or profiling.
Provision of our website and creation of log files
- If you use our website for informational purposes only (i.e. no registration or other transmission of information), we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data:
– IP-address
– Internet service provider of the users
– Date and time of the requests
– Browser type
– Language and browser version
– Content of the requests
– Time zone
– Access status / HTTP status code
– Data volume
– Website URLs from which the request came from
– Operating system
We do not store this data together with other personal data of you. - This data serves the purpose of user-friendly, functional and secure delivery of our website to you with functions and contents as well as their optimization and statistical evaluation.
- The legal basis for this is our justified interest in data processing in accordance with Art. 6 Para. 1 S.1 lit. f) DS-GVO, which is also based on the above-mentioned purposes.
- For security reasons, we store this data in server log files for the storage period of 14 days. After this period has elapsed, they are automatically deleted, unless we need to keep them for evidence in case of attacks on the server infrastructure or other legal violations.
Cookies
- We use so-called cookies when you visit our website. Cookies are small text files that your internet browser places and saves on your computer. When you visit our website again, these cookies provide information to automatically recognize you. Cookies also include the so-called “user IDs”, where user information is stored using pseudonymized profiles. When you visit our website, we will inform you about the use of cookies for the aforementioned purposes and how you can object to or prevent their storage (“opt-out”) by referring to our data protection declaration.
The following types of cookies exist:
Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for the operation of the website in order to store certain website functions such as logins, shopping cart or user entries, e.g. regarding the language of the website.
Session cookies: Session cookies are used to recognize multiple use of an offer by the same user (e.g. if you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offers and make it easier for you to access our site. When you close the browser or log out, the session cookies are deleted.
Persistent cookies: These cookies remain stored even after closing the browser. They are used to store the login, to measure the reach and for marketing purposes. They are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
Cookies from third parties (third-party cookies, especially from advertisers): According to your wishes, you can configure your browser settings and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out at this point that you may not be able to use all functions of this website. Please read more about these cookies in the respective third-party privacy policies. - Data categories: User data, cookie, user ID (including the pages visited, device information, access times and IP addresses).
- Purposes of processing: The information obtained in this way serves the purpose of optimising our web offers both technically and economically and of enabling you to access our website more easily and securely.
- Legal basis: If we process your personal data with the help of cookies on the basis of your consent (“opt-in”), then Art. 6 para. 1 sentence 1 lit. a) DSGVO is the legal basis. Otherwise we have a legitimate interest in the effective functionality, improvement and economic operation of the website, so that in this case Art. 6 para. 1 sentence 1 lit. f) DS-GVO is the legal basis. In addition, the legal basis is Art. 6 Para. 1 S. 1 lit. b) DS-GVO, if the cookies are used to initiate a contract, e.g. when placing an order.
- Duration of storage/ Deletion: The data will be deleted as soon as they are no longer required for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended; otherwise, cookies are stored on your computer and transmitted from it to our site. Therefore you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
Hier you will find information on deleting cookies by browser:
Chrome: https://support.google.com/chrome/answer/95647
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Internet Explorer: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09 - Objection and “opt-out”: You can generally prevent cookies from being stored on your hard drive, regardless of consent or legal permission, by selecting “do not accept cookies” in your browser settings. However, this may result in a functional limitation of our offers. You can object to the use of third-party cookies for advertising purposes by means of a so-called “opt-out” via this American website (https://optout.aboutads.info) or this European website (https://www.youronlinechoices.com).
Cookie Consent Solutions / Consent Manager Provider
- We have implemented the CookieBot (service provider: Cybot A/S, Havnegade 39,
1058 Copenhagen, Denmark / Website: https://www.cookiebot.com) as consent management service. - Data categories and description of data processing: cookies, date and time of visit, device information, browser information, anonymized IP address, opt-in and opt-out data. Through this service we can obtain your consent to the storage of cookies and also document this. In addition, a cookie is stored in your browser to enable us to assign the consent you have given or to revoke it. Below you will find further information in the data protection declaration of the data processor Cybot A/S: https://www.cookiebot.com/de/privacy-policy.
- Purposes of data processing: compliance with legal obligations, storage of consent.
- Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above-mentioned purposes in accordance with Art. 6 Para. 1 S. 1 lit. f) DS-GVO and the fulfilment of legal obligations in accordance with Art. 6 Para. 1 S. 1 lit. c) DS-GVO.
- Storage duration: Storage of the data until you delete the CookieBot-Cookie in your browser yourself or the purpose for the data storage no longer applies. The revocation document of a previously granted consent is kept for a period of three years. The storage is based on our accountability according to article 5 paragraph 2 DSGVO.
- Data transmission/recipient category: The consent management service we use is a provider in Europe. We have therefore concluded a contract for order processing with the data processor in accordance with Art. 28 DS-GVO.
Processing of contracts
- We process inventory data (e.g. company, title/academic degree, names and addresses as well as contact data of users, email), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) for the purpose of fulfilling our contractual obligations (knowing who is the contractual partner; justification, content and processing of the contract; checking the plausibility of the data) and services (e.g. contacting customer service) in accordance with Art. 6 Para. 1 S. 1 lit b) DS-GVO. The entries marked as mandatory in online forms are required for the conclusion of the contract.
- In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims (e.g. transfer to a lawyer for collection) or to fulfill the contract (e.g. transfer of the data to payment providers) or if there is a legal obligation to do so in accordance with Art. 6 Para. 1 S. 1 lit. c) DS-GVO.
- We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you emails with technical information.
- The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case for the inventory and contract data when the data is no longer necessary for the execution of the contract and no more claims can be asserted under the contract because they are time-barred (warranty: two years / standard limitation period: three years). We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, if the contract is terminated after three years, we will restrict processing, i.e. your data will only be used to comply with legal obligations. Details in the user account remain until it is deleted.
Contact via contact form / email / fax / mail
- If you contact us by contact form, fax, post or email, your data will be processed for the purpose of processing your contact request.
- The legal basis for the processing of the data is Art. 6 Paragraph 1 S. 1 lit. a) DS-GVO, if you have given your consent. The legal basis for the processing of data transmitted in the course of a contact inquiry or email, letter or fax is Art. 6 Paragraph 1 S. 1 letter f) DS-GVO. The person responsible has a legitimate interest in the processing and storage of the data in order to be able to respond to user inquiries, to secure evidence for liability reasons and, if necessary, to be able to comply with his or her legal obligations to retain business letters. If the purpose of the contact is the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) DS-GVO.
- We may store your information and contact request in our customer relationship management system (“CRM system”) or similar system.
- The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with you has ended. The conversation ends when it is clear from the circumstances that the matter in question has been finally clarified. Inquiries from users who have an account or a contract with us will be stored for a period of two years after termination of the contract. In the case of legal archiving obligations, deletion takes place after their expiry: end of commercial law (6 years) and tax law (10 years) retention obligation.
- You have the option of withdrawing your consent to the processing of personal data in accordance with Art. 6 Paragraph 1 S. 1 lit. a) DS-GVO at any time. If you contact us by email, you can object to the storage of your personal data at any time.
Contact by phone
- When contacting us by phone, your phone number will be processed and temporarily stored or displayed in the RAM / cache of the phone device / display for the purpose of processing the contact request and its handling. The storage is done for liability and security reasons to be able to prove the call and for economic reasons to enable a call back. In case of unauthorized advertising calls, we block the phone numbers.
- The legal basis for the processing of the telephone number is Art. 6 para. 1 sentence 1 lit. f) DS-GVO. If the aim of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) lit. b) DS-GVO.
- The device cache stores the calls for days and successively overwrites or deletes old data. When the device is disposed of, all data is deleted and the memory is destroyed if necessary. Blocked phone numbers are checked annually to see if they need to be blocked.
- You can prevent the phone number from being displayed by calling with the phone number suppressed.
Newsletter
- You can subscribe to our newsletter with your voluntary consent by entering your email address. Only this is mandatory. The provision of further data is voluntary and only serves the purpose of a personal contact. We use the so-called “double opt-in procedure” for registration. After you have registered with your email address, you will receive an email from us to confirm your registration with a confirmation link. If you click this confirmation link, your email will be added to the newsletter distribution list and stored for the purpose of sending emails. If you do not click on the confirmation link within hours, your registration data will be blocked and automatically deleted after days.
- In addition, we log your IP address used during registration and the date and time of the double opt-in (registration and confirmation). The purpose of this storage is to fulfill legal requirements regarding proof of your registration and to prevent misuse of your email.
- Within the scope of your declaration of consent, the contents (e.g. advertised products/services, offers, advertising and topics) of the newsletter are described in concrete terms.
- We evaluate your user behavior when sending the newsletter. For this purpose, the newsletters contain so-called “web beacons” or “tracking pixels”, which are called up when the newsletter is opened. For the analysis we link the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. The data is collected pseudonymously, so the IDs are not linked to your other personal data, a direct personal reference is excluded. With this data we can determine if and when you opened the newsletter and which links in the newsletter were clicked. This serves the purpose of optimizing and statistically evaluating our newsletter.
- The legal basis for sending the newsletter, measuring success and storing the email is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a) DS-GVO in conjunction with § 7 Para. 2 No. 3 UWG and for the recording of consent in accordance with Art. 6 Para. 1 S. 1 lit. f) DS-GVO, as this serves our legitimate interest of legal provability.
- You can object to the tracking at any time by clicking the unsubscribe link at the end of the newsletter. In this case, however, the receipt of the newsletter would also be terminated. If you deactivate the display of images in your email software, tracking is also not possible. However, this may have limitations with regard to the functions of the newsletter and contained images will not be displayed.
- You can revoke your consent to receive the newsletter at any time. You can exercise the revocation by clicking on the unsubscribe link at the end of the newsletter, sending an email or sending a message to our contact details above. We store your data as long as you have subscribed to the newsletter. After unsubscribing, your data will only be stored anonymously for statistical purposes.
Google AdWords with conversion tracking
- We use the service “Google Ads with Conversion Tracking” (Service Provider: Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to advertise third party websites by displaying ads on our website.
- Data categories and description of data processing: Usage data / communication data. When you click on a Google ad from us, a cookie is stored in your browser, which is valid for about 30 days. If you then visit our website, we and Google can use the cookie to evaluate whether you have visited our website and which of our pages you have visited. Google creates statistics about this. The data is also transferred to the U.S. and analyzed there. If you are logged in with a Google account, the data can be assigned to your account by AdWords. If you do not wish this to happen, you must log out before visiting our website.
- Purpose of data processing: This conversion tracking serves the purpose of analysis/success measurement, optimization and economic operation of our advertising and website.
- Legal basis: If you have given your consent (“opt-in”) to the processing of your personal data by means of “Google Ads with conversion tracking”, then Art. 6 (1) sentence 1 lit. a) DS-GVO is the legal basis. Otherwise, the legal basis for the processing of your data is our legitimate interest in the analysis, optimization and efficient economic operation of our advertising and website in accordance with Art. 6 para. 1 sentence 1 lit. f) DS-GVO.
- Data transfer/recipient category: Google Ireland, U.S.; Google U.S. is certified according to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
- Storage period: up to 540 days.
- Objection and removal options (“Opt-Out”): You can object to or prevent the installation of cookies by Google in various ways:
– You can disable cookies in your browser by selecting the “do not accept cookies” setting, which includes third-party cookies;
– You can disable conversion tracking directly from Google by clicking on the https://adssettings.google.com link, but this setting will only last until you delete your cookies. You can disable the personalized ads of the third party advertisers participating in the “About Ads” advertising self-regulation initiative via the link https://optout.aboutads.info for US sites or for EU sites at
http://www.youronlinechoices.com – this setting will only last until you delete all your cookies;
– You can permanently disable cookies by using a browser plug-in for Chrome, Firefox or Internet Explorer at the link https://support.google.com/ads/answer/7395996. This deactivation may mean that you can no longer use all the functions of our website to their full extent. - For more information, please see Google’s privacy policy at https://policies.google.com/privacy?hl=de&gl=de and https://services.google.com/sitestats/de.html.
Google AdWords Remarketing / “Similar target groups”
- We use the application Google Analytics Remarketing / “similar target groups” (Service Provider: Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to draw attention to third-party websites and other Internet offerings by displaying ads on our website.
- Data categories and description of data processing: Usage data / communication data. With the remarketing or “similar target groups” function in Ads, we can reach you there if you have already visited our website and address you with a suitable message in each case via an advertisement. With remarketing we can bring our former visitors back to our website with a click. If you then call up other websites or Internet offers, we and Google can use the cookie to evaluate whether you have already visited our website and whether your website also displays our advertising there. Google creates statistics about this. The full extent of data processing is not known to us. The data is also transferred to the U.S. and analyzed there. According to Google, the data collected through remarketing is not merged with any personal data stored by Google, but is processed using a pseudonym.
- Purpose of processing: This remarketing serves the purpose of analysis, optimization and economic operation of our advertising and website.
- Legal basis: If you have given your consent (“opt-in”) to the processing of your personal data by means of Google Ads Remarketing / “similar target groups”, then Art. 6 Para. 1 S. 1 lit. a) DS-GVO is the legal basis. Otherwise, the legal basis for the processing of your data is our legitimate interest in the analysis, optimization and efficient economic operation of our advertising and website in accordance with Art. 6 para. 1 sentence 1 lit. f) DS-GVO.
- Data transfer/recipient category: Google Ireland, U.S.; Google U.S. is certified according to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
- Storage period: When you visit certain pages of our website, a cookie is stored in your browser, which is valid for 30 days.
- Objection and removal options (“Opt-Out”): You can object to or prevent the installation of cookies by Google in various ways:
– You can disable cookies in your browser by selecting the “do not accept cookies” setting, which includes third-party cookies;
– You can disable personalized ads directly from Google by clicking on the https://adssettings.google.com link, but this setting will only last until you delete your cookies. You can disable the personalized ads of the third party advertisers participating in the advertising self-regulation initiative “About Ads” via the link https://optout.aboutads.info for US sites or for EU sites at
http://www.youronlinechoices.com – this setting will last only until you delete all your cookies;
– You can permanently disable cookies by using a browser plug-in for Chrome, Firefox or Internet Explorer at the link https://support.google.com/ads/answer/7395996. This deactivation may mean that you can no longer use all the functions of our website to their full extent. - For more information, please see Google’s privacy policy at https://policies.google.com/privacy?hl=de&gl=de.
YouTube videos
- We have integrated YouTube videos from youtube.com on our website using the embedded function, so that they can be accessed directly on our website. YouTube belongs to Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland.
- Data category and description of the data processing: usage data (e.g. website accessed, contents and access times). We have integrated the videos in the so-called “extended data protection mode” without using cookies to record usage behavior in order to personalize video playback. Instead, the video recommendations are based on the video currently playing. Videos played in an embedded player in enhanced privacy mode have no effect on which videos are recommended to you on YouTube. When you start a video (click on the video), you agree to allow YouTube to track the information that you visited the corresponding subpage or video on our website and use this information for advertising purposes.
- Purpose of processing: To provide a user-friendly service, to optimize and improve our content.
- Legal basis: If you have given your consent (“opt-in”) for the processing of your personal data using “etracker” from the third-party provider, then Art. 6 Para. 1 S. 1 lit. a) DS-GVO is the legal basis. The legal basis is also our legitimate interest in data processing for the above purposes in accordance with Art. 6 Para. 1 S.1 lit. f) DS-GVO. In the case of services provided in connection with a contract, tracking and analysis of user behaviour is carried out in accordance with Art. 6 Para. 1 sentence 1 lit. b) DS-GVO in order to be able to use the information thus obtained to offer optimised services in order to fulfil the purpose of the contract.
- Data transfer/recipient category: Third party providers in the U.S.. The acquired data is transferred to the U.S. and stored there. This is also done without a user account at Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not wish this, you must log out of your Google account. Google creates user profiles from such data and uses these data for the purpose of advertising, market research or optimization of its websites. Google is certified according to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and therefore obliged to comply with European data protection laws.
- Storage period: Cookies up to 2 years or until the cookies are deleted by you as a user.
- Objection: You have a right of objection to Google against the creation of user profiles. Therefore, please contact Google directly via the data protection declaration below. You can make an opt-out objection regarding advertising cookies here in your Google account: https://adssettings.google.com/authenticated
- See the YouTube Terms of Use at https://www.youtube.com/t/terms and the Google Advertising Privacy Policy at https://policies.google.com/technologies/ads for more information on the use of Google cookies and their advertising technologies, storage duration, anonymization, location data, functionality and your rights. Google’s general privacy policy: https://policies.google.com/privacy.
Google ReCAPTCHA
- We have installed on our website the anti-spam function “reCAPTCHA” from “Google” (provider: Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) integrated on our website.
- Data category and description of data processing: usage data (e.g. website accessed, IP). By using “reCAPTCHA” in our forms, we can determine whether the input was made by a machine (robot) or a human being. When using the service, your IP address and any other data required for this purpose may be transmitted to Google servers in the U.S..
- Purpose of processing: Avoidance of spam and misuse as well as our economic interest in optimizing our website.
- Legal basis: If you have given your consent (“opt-in”) for the processing of your personal data by means of “reCaptcha” from the third party provider, then Art. 6 para. 1 sentence 1 lit. a) DS-GVO is the legal basis. The legal basis is also our legitimate interest in data processing for the above purposes in accordance with Art. 6 Para. 1 S.1 lit. f) DS-GVO.
- Data transfer/recipient category: Third party providers in the U.S.. Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework). This ensures that European data protection law is observed.
- Storage period: until the cookies are deleted by you as the user.
- For more information about Google ReCAPTCHA, please visit https://www.google.com/recaptcha/ and Google’s privacy policy at https://policies.google.com/privacy.
Google Maps
- We have on our website maps from “Google Maps” (provider: Google Ireland Limited, Register No.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) integrated on our website.
- Data category and description of data processing: usage data (e.g. IP, location, page accessed). With Google Maps, we can display the location of addresses and directions directly on our website in interactive maps and enable you to use this tool. When you call up our website, where Google Maps is integrated, a connection to the Google servers in the U.S. is established. Your IP and location can be transmitted to Google. Google also receives the information that you have called up the corresponding page. This is also done without a user account at Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not want this, you must log out of your Google account. Google creates user profiles from such data and uses these data for the purpose of advertising, market research or optimization of its websites.
- Purpose of processing: To provide a user-friendly, economical and optimized website.
- Legal basis: If you have given your consent (“opt-in”) for the processing of your personal data using “Google Maps” by the third-party provider, then Art. 6 (1) sentence 1 lit. a) DS-GVO is the legal basis. The legal basis is also our legitimate interest in data processing for the above purposes in accordance with Art. 6 Para. 1 S.1 lit. f) DS-GVO.
- Data transfer/recipient category: Third party providers in the U.S.. Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework). This ensures that European data protection law is observed.
- Storage period: Cookies up to 6 months or until you delete them. Otherwise as soon as they are no longer needed for processing purposes.
- Objection and removal possibility: You have a right of objection to Google against the creation of user profiles. Therefore, please contact Google directly via the data protection declaration below. You can make an opt-out objection regarding advertising cookies here in your Google account:
https://adssettings.google.com/authenticated. - Please refer to the Google Maps Terms of Use at https://www.google.com/intl/de_de/help/terms_maps.html and the Google Advertising Privacy Policy at https://policies.google.com/technologies/ads for more information on the use of Google cookies and their advertising technologies, storage duration, anonymization, location data, functionality and your rights. Google’s general privacy policy: https://policies.google.com/privacy.
Presence in social media
- We maintain profiles or fan pages in social media. When you use and access our profile in the respective network, the respective data protection notices and terms of use of the respective network apply.
- Data categories and description of data processing: usage data, contact data, content data, inventory data. Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the usage behavior and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks. Also in the case of requests for information and the assertion of data subject rights, we would like to point out that these can most effectively be asserted with the providers. Only the providers have access to the data of the users in each case and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.
- Purpose of the processing: Communication with the users connected and registered on the social networks; information and advertising for our products, offers and services; presentation and image cultivation; evaluation and analysis of the users and contents of our presence in the social media.
- Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above-mentioned purposes in accordance with Art. 6 para. 1 sentence 1 letter f) DS-GVO. If you have given us or the person responsible for the social network your consent to process your personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. a) in conjunction with Art. 7 DS-GVO.
- Data transmission/recipient category: social network. Insofar as the US providers are certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework), it is ensured that European data protection law is complied with.
- You can find the data protection information, information options and opt-out options of the respective networks / service providers here:
– Facebook – service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com; Opposition: https://www.facebook.com/help/contact/2061665240770586; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Agreement on joint processing of personal data on Facebook pages (Art. 26 DS-GVO): https://www.facebook.com/legal/terms/page_controller_addendum, Privacy Notice for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
– Instagram – service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy/ Opt-Out: https://help.instagram.com/519522125107875, Opposition: https://help.instagram.com/contact/186020218683230; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Agreement on joint processing of personal data on Instagram pages (Art. 26 DS-GVO): https://www.facebook.com/legal/terms/page_controller_addendum.
– Twitter – Service provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.) – Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
– XING – Service Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Policy / Opt-Out: https://privacy.xing.com/en/privacy-policy.
– LinkedIn – Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy and Opt-Out: https://www.linkedin.com/legal/cookie-policy, Privacy Shield of US company LinkedIn Inc.: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
Social media plug-ins
- We use social media plug-ins from social networks on our website. We use the so-called “two-click-solution” Shariff from c’t or heise.de: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html; service provider: Heise Medien GmbH & Co KG, Karl-Wiechert-Allee 10, 30625 Hannover, Germany; Privacy policy: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html.
- Data category and description of data processing: usage data, content data, inventory data. When our website is called up, “Shariff” does not transmit any personal data to the third party providers of the social plug-ins. In addition to the logo or brand of the social network, you will find a slider with which you can activate the plug-in with a click. This activation represents your consent in the form that the respective provider of the social network receives the information that you have called up our website and your personal data is transmitted to the provider of the plug-in and stored there. These are so-called Thirdparty Cookies. With some providers such as Facebook and XING, your IP address is anonymized immediately after the collection. The data collected about the user is stored by the plug-in provider as user profiles. You can revoke your consent at any time by deactivating the slider.
- Purpose of the data processing: Improvement and optimization of our website; increase of our awareness via social networks; possibility to interact with you and the users among each other via social networks; advertising, analysis and/or design of the website according to your needs.
- Legal basis: The legal basis for the processing of personal data is our legitimate interest in the above-mentioned purposes in accordance with Art. 6 para. 1 sentence 1 letter f) DS-GVO. If you have given us or the person responsible for the social network your consent to process your personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. a) in conjunction with Art. 7 DS-GVO. In the case of pre-contractual inquiries or the use of your personal data for the fulfilment of the contract, the legal basis is Art. 6 Paragraph 1 S. 1 lit. b) DS-GVO.
- Data transmission/recipient category: social network; to the extent that US providers are certified under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework), it is ensured that European data protection law is complied with.
- Used social networks and contradiction: We refer to the respective data protection declarations of the social networks regarding the purpose and scope of data collection and processing. In addition, you will also find information on your rights and setting options for the protection of your personal data there. You have the right to object to the creation of these user profiles, whereby you can contact the respective plug-in provider directly to exercise these rights.
- On our website, we have integrated plug-ins from the social network Facebook.com (company headquarters in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) as part of Shariff’s so-called “two-click solution”, which you can recognize by the Facebook logo “f” or the addition of “Like”, “Like” or “Share”.
- As soon as you voluntarily activate the Facebook plug-in, a connection is established from your browser to the Facebook servers. During this process, Facebook receives information, including your IP address, that you have accessed our website and transmits this information to Facebook servers in the U.S., where this information is stored. If you are logged into your account on Facebook, Facebook can associate this information with your account. If you use the functions of the plug-in, e.g. pressing the “Like” button, this information is also transmitted from your browser to Facebook servers in the U.S. and stored there and displayed in your Facebook profile and, if applicable, with your friends.
- The purpose and scope of data collection and its further processing and use by Facebook, as well as your rights and settings options for protecting your privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/. Data collection at the “Like” button: https://www.facebook.com/help/186325668085084. You can manage and object to your settings regarding the use of your profile data for advertising purposes on Facebook here: https://www.facebook.com/ads/preferences/.
- If you log off from Facebook before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on Facebook when the plug-in is activated.
- Facebook has submitted to the Privacy Shield and thus ensures that European data protection laws are observed: https://www.privacyshield.gov/EU-US-Framework.
- Agreement on the joint processing of personal data on Facebook pages (Art. 26 DS-GVO): https://www.facebook.com/legal/terms/page_controller_addendum, Privacy Policy for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
- We have integrated plug-ins of the social network Twitter.com (Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, U.S.) on our website as part of Shariff’s so-called “two-click solution”. You can recognize these plug-ins by the Twitter logo with a white bird on a blue background. An overview of Twitter buttons or tweets can be found at: https://developer.twitter.com/en/docs/twitter-for-websites/overview.
- If you are logged in to your Twitter account while you are voluntarily activating the Twitter plug-ins, Twitter can associate the call from our website with your Twitter profile.
- If you would like to exclude data transfer when activating the plug-in to Twitter, please log out of Twitter before visiting our website and delete your cookies.
- The purpose and scope of the data collection and its further processing and use by Twitter as well as your rights and settings options to protect your privacy can be found in the Twitter privacy policy: https://twitter.com/de/privacy. Opposition (opt-out): https://twitter.com/personalization.
- Twitter has submitted to the Privacy Shield and thus ensures that European data protection laws are observed: https://www.privacyshield.gov/EU-US-Framework.
- We have integrated plug-ins from the social network XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) on our website as part of the so-called “two-click solution” from Shariff. You can recognize them by the Share button with white XING logo and the “X” symbol on a green background.
- If you deliberately activate the Share Button of XING on our website, this will cause your browser to connect to the XING server when you visit the respective website. According to XING, no data about the call is stored from which XING could derive a direct personal reference. In particular, XING does not store any of your IP addresses or use cookies. When you click on the Share button, you will be redirected to the XING homepage, where – if you are logged in – you can recommend our site, which serves the purpose of increasing our awareness and reach. With regard to these activities on the XING platform, the XING privacy policy stated below applies.
- If you log off from XING before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on XING when the plug-in is activated.
- The purpose and scope of data collection and its further processing and use by XING, as well as your rights and settings options for protecting your privacy, can be found in the XING data protection information on the Share button at https://dev.xing.com/plugins/share_button/privacy_policy and the general XING privacy policy at https://privacy.xing.com/en/privacy-policy.
- We have on our website plug-ins from the social network Instagram (service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) as part of Shariff’s so-called “two-click solution”. You can recognize them by the Instagram logo in the shape of a square camera.
- If you choose to activate the plug-in, it will connect from your browser to Instagram’s servers. Instagram receives information, including your IP address, that you have visited our site and transmits the information to Instagram servers in the United States, where the information is stored. If you are logged into your account with Instagram, Instagram can associate this information with your account and you can click the Instagram button to share and store the contents of our pages in your Instagram account and display them to your friends there. We have no knowledge of the exact content of the information submitted, how Instagram uses it, or how long it is stored.
- If you log out of Instagram before visiting our site and delete your cookies, no information about your visit to our site will be associated with your profile on Instagram when you activate the plug-in.
- For more information, please refer to Instagram’s Privacy Policy/ Opt-Out: / Opt-Out: https://help.instagram.com/519522125107875, Opposition: https://help.instagram.com/contact/186020218683230; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Agreement on joint processing of personal data on Instagram sites (Art. 26 DS-GVO): https://www.facebook.com/legal/terms/page_controller_addendum.
Data protection for applications and in the application process
- Applications sent to the responsible person by electronic means or by post are processed electronically or manually for the purpose of handling the application procedure.
- We expressly point out that application documents containing “special categories of personal data” in accordance with Art. 9 DS-GVO (e.g. a photograph which allows conclusions to be drawn about your ethnic origin, religion or marital status) are undesirable, with the exception of any severe disability which you may wish to disclose of your own free will. You should submit your application without these data. This has no effect on your chances of applying.
- The legal basis for the processing is Art. 6 Para. 1 S.1 lit. b) DS-GVO and § 26 BDSG as amended.
- If an employment relationship is entered into with the applicant after completion of the application procedure, the applicant’s data will be stored in accordance with the relevant data protection regulations. If you are not offered a position after the end of the application process, your submitted letter of application including documents will be deleted 6 months after the rejection has been sent, in order to meet any possible claims and obligations to provide evidence according to AGG.
Rights of the data subject
- Objection or revocation against the processing of your data
As far as the processing is based on your consent under Article 6 paragraph 1 sentence 1 lit. a), Article 7 DS-GVO, you have the right to revoke your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of your consent until revocation. If we base the processing of your personal data on the weighing of interests in accordance with Art. 6 Para. 1 S. 1 lit. f) DS-GVO, you can lodge an objection to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either stop or adapt the data processing or show you our compelling reasons for continuing the processing which are worthy of protection. You can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can exercise the right of objection free of charge. You can inform us about your objection to advertising at the following contact details:
LOOM Impact AG
Torstrasse 201
10115 Berlin
GermanyManaging directors: Ilko Thun, Rene Wienholtz
Email address: loomimpact_site.access@loomimpact.com
Register number: HRB 139761
Court of the register of companies: Local court of Munich - Right to information
You have the right to obtain confirmation as to whether personal data concerning you are being processed. If this is the case, you have the right to information about your personal data stored with us in accordance with Art. 15 DS-GVO. This includes, in particular, information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you. - Right to notice
You have a right to correct incorrect data or to complete correct data according to article 16 DS-GVO by sending a notice. - Right for deletion
You have a right to delete your data stored with us in accordance with Art. 17 DS-GVO, unless legal or contractual retention periods or other legal obligations or rights to further storage are opposed to this. - Right for restriction
You have the right to request a restriction in the processing of your personal data if one of the conditions in Art. 18, Paragraph 1, Letters a) to d) of the DS-GVO is fulfilled:
– if you dispute the accuracy of the personal data concerning you for a period of time that allows the data controller to verify the accuracy of the personal data;
– if the processing is unlawful and you oppose the deletion of the personal data and instead request the restriction of the use of the personal data;
– if the data controller no longer needs the personal data for the purposes of the processing, but you need them for the purpose of asserting, exercising or defending legal claims; or
– if you object to the processing in accordance with Art. 21 Paragraph 1 of the DS-GVO and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons. - Right for data transfer
You have a right to data transfer in accordance with Art. 20 DS-GVO, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or request that it be transferred to another person responsible. - Right to complain
You have a right to appeal to a regulatory body. As a rule, you can contact the supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the suspected infringement.
Data security
In order to protect all personal data transmitted to us and to ensure that the data protection regulations are observed by us and our external service providers, we have taken appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server is transmitted in encrypted form via a secure SSL connection.
State of: 05.01.2022