Privacy Policy

  1. Privacy Policy

    This privacy policy clarifies the way, volume and purpose of data processing on our website, its correlating tools and contents and by extension our social media channels. Concerning terms like “processing” and “accountable party” please refer to definitions from Art.4 of the General Data Protection Regulation (GDPR).Accountable PartyImpact Agentur für Kommunikation GmbH
    Holzhausenstraße 73
    60322 Frankfurt am Main
    GermanyMail: agentur@impact.ag
    CEO: Uwe A. Kohrs.
    Link to imprint: https://impact.ag/en/impressum/

     

    Privacy FAQ

    Please contact our data protection officer Harald Bücker concerning any questions you may have regarding our privacy policy.

    Mail: h.buecker@impact.ag

     

    Form of processed data

    • Inventory data (i.e. names, addresses)
    • Contact data (i.e. mail addresses, phone numbers)
    • Content data (i.e. text entries, photos, videos)
    • Usage data (i.e. visited websites, interest in content, access times)
    • Meta- / Communication data (i.e. device information, IP-addresses)

    Categories of people concerned

    Visitors and users of our website and social media channels (consecutively described as “users”)


    Purpose of processing

    • Deployment of our online presence, its tools and contents
    • Processing of contact requests and communication with users
    • Security measures
    • Reach measurement / marketing

    Used terminology

    The term “personal data” combines all information that refers to an identified or identifiable natural person (consecutively ‘person concerned’). Identifiability is defined, as the assignment of a natural person to an identifier such as a name, code number, location data, online identifiers (i.e. cookies) or one or more features that reflect the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person.

    The term “processing” is defined as all automated and non-automated procedures and set of operations that are used in connection with personal data. The term comprises practically all handlings of personal data.

    The term “accountable party” describes the natural or legal person, authority or institution that decides over the aim and means of personal data processing, with or without the help of third parties.


    Legal basis

    In accordance with Art.13 GDPR we disclose the legal basis of our data processing. If the legal basis isn’t disclosed in the privacy policy the following applies: For the obtaining of compliance and consent Art. 6 para.1 lit.a and Art.7 GDPR apply. For data processing in order of the fulfillment of our services, the execution of contractual means as well as the reply to inquiries Art.6 para. 1 lit.b GDPR applies. For data processing for the fulfillment of our legal responsibilities Art.6 para.1 lit.c GDPR applies. For data processing for the protection of out legitimate interests Art.6 para.1 lit. f GDPR applies. If the processing of personal data is required in accordance to the vital interest of the person concerned or any other natural person Art.6. para.1 lit.c GDPR applies.

     

    Cooperation with data processors and third parties

    We only ever share or authorize the use of personal data for another person or corporation (processors or third parties) in cases that are unprohibited by law, (i.e. if the transmission of data to a third party, i.e a payment service provider is necessary for contractual performance. Art. 6 para.1 lit.b GDPR applies), you have consented to, are required by legal obligations or are part of the protection of our legitimate interests (i.e. when using agents, webhosts, etc.). If we instruct the processing of personal data by a third party as part of an order processing contract Art.28 GDPR applies.

     

    Transmission to third countries

    If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special requirements of Art. 44 et seq. GDPR.  This means that the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

     

    User rights

    • You have the right to request a confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
    • According to Art. 16 GDPR you have the right to demand the completion of your personal data or the correction of incorrect data that concerns you.
    • In accordance with Art.17 GDPR you have the right to demand the immediate deletion of your data or, alternatively, demand a restriction of the processing of data in accordance with Art. 18 GDPR
    • In accordance to Art.20 GDPR you have the right to demand the provision of the data in question as well as the transmission of the data to another responsible party.
    • Furthermore, you have the right to file a complaint with the responsible supervisory authorities in accordance with Art.77 GDPR.

    Withdrawal

    In accordance to Art.7 para.3. GDPR you have the right to withdraw your issued consent with effect for the future.

     

    Cancellation right

    You may at any time object to the future processing of your data in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.

     

    Cookies and cancellation rights concerning direct advertising

    “Cookies” are little pieces of data that are saved on the users device. Within the cookies various data and information can be saved. They primarily function as a memory tool, that saves information about the individual user (or the device on which the cookie is saved) while or after the website is used. Temporary cookies that are deleted immediately after the user leaves a website and closes his browser are also called “Session Cookies” or “Transient Cookies”. In these cookies information like shopping basket contents or log in statuses can be saved. “Permanent” or “Persistent” cookies save information even after the user closes an application. This way a login status can be saved even if the user revisits the website days after his initial log in. Permanent cookies can also save individual interests of the user. The gathered data is used for reach measurements and marketing/advertising purposes. “Third-Party-Cookies” are, as the name implies, cookies of a third party that is not the website operator (first party).

    We can use and apply temporary and permanent cookies and inform users about this in our privacy policy.

    If users do not wish to have cookies saved on their device they are advised to deactivate the correlating option in their browser settings. Saved cookies can also be deleted in the browser settings. The rejection of cookies can lead to limited website function and access.

    A general withdrawal from cookie applications for marketing purposes can be declared via the US-website http://www.aboutads.info/choices/ Or the EU-Website http://www.youronlinechoices.com . This especially applies for tracking cookies. Furthermore, the saving of cookies can be deactivated permanently in the browser settings. Please note, that in this case not all website functions can be used.

     

    Data Deletion

    In accordance to Art.17 and 18 GDPR the data gathered by us will be deleted or limited in its processing. If not otherwise explicitly mentioned within this privacy policy processed data will be deleted if no longer purposeful or restricted by a legal obligation to preserve records. If data isn’t deleted for other legally purposes its processing will be limited. This applies for example to data that needs be preserved for fiscal or commercial law purposes.

    According to legal requirements in Germany, data is saved for six years according to § 257 para. 1 HGB (German commercial code) (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years according to § 147 para. 1 AO (books, records , Management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

     

    Hosting

    The hosting services utilized by us are used to provide the following services: infrastructure and platform services, computing capacity, storage space as well as database services, securities and technical maintenance services we use to operate this website.

    Our hosting provider is ALL-INKL.COM – Neue Medien Munich – Hauptstraße 68 – 02742 Friedersdorf

    We, or our hosting provider, process inventory data, contact information, content data, contract data, usage data, meta-and communication data from customers, prospective customers and visitors of this website based on our legitimate interests in making this website available in an efficient and secure manner.

     

    Collection of access data and log files

    We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

    Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes are excluded from deletion until the final clarification of the incident.

     

    Contact

    Data provided by users by contacting us via contact sheet, e-mail, phone or social media will be processed for the handling and processing of the contact request according to Art.6 para.1 lit.b) GDPR. The information provided by the users can be saved in a Customer Relationship Management System (“CRM System”) or comparable request application.

    We delete the requests, if they are no longer required. We check the requirement every two years; Furthermore, the legal archiving obligations apply.

     

    Comments and posts

    If users leave comments or other contributions, their IP addresses are saved for 7 days based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR This is for our own safety, if someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In this case, legal action might be filed against us for the comment or post and we are therefore interested in the identity of the author.


    Google Analytics

    On the basis of our legitimate interests (meaning our interest in the analysis, optimization and the economic operation of our website within the meaning of Art.6 para. 1 lit.f. GDPR) we use Google Analytics, a web analytic tool by Google LLC. Google also uses cookies.  Data generated by the usage of these cookie is usually transmitted and saved to a Google server in the United States.

    Google is certified under the Privacy Shield Agreement, providing a guarantee to comply with European privacy legislation

    (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

    Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this website and internet usage. In this case, pseudonymous user profiles of the processed data can be created.

    We only use Google Analytics with an active IP anonymization in place. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

    The IP address submitted by the user’s browser will not be merged with other data provided by Google. The user can prevent the saving of cookies within their browser settings. Users may also prevent the collection and processing of personal data generated by cookies for website use purposes by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

    You can find further information on data use by Google, setting and withdrawal options under the following links:

    https://www.google.com/intl/de/policies/privacy/partners

    http://www.google.com/policies/technologies/ads

    http://www.google.de/settings/ads

     

    Opt-Out-Cookies prevent the future gathering of information on this website. To prevent acquisition of data by Universal Analytics on all your devices, you have to apply the Opt-Out option on all used systems. If you click here the Opt-Out Cookie will be activated: deactivate Google Analytics.

     

    Social Media

    We maintain an online presence on social networks and platforms to communicate with active customers, prospective customers and users and to inform about our services. Those are @impact.agentur on Instagram and @impact.agentur on Facebook.

    Wie inform you that by using these platforms user data processing outside of the European Union can occur. This may pose some risks for the users as the enforcement of user rights may be complicated. In respect to US providers that are certified by the Privacy-Shield, we inform you, that these providers are obligated to oblige EU data security standards.

    Furthermore, user data will be processed for market research and marketing purposes in most cases. By doing so user behavior and resulting user interest may be used to create user profiles. These profiles could then be used to run ads outside of the platforms that speak to individual user interests. For these purposes cookies that save user behavior and interests will be saved on user devices as a rule. Furthermore, data independent from the used user device can be saved in the user profiles. This especially applies if users are members and logged into the platform.

    The processing of personal data ensues as a result of our legitimate interest to inform and communicate with users in an effective manner according to Art.6 para. 1 lit.f. GDPR. If users are asked to consent to the before mentioned data processing by the respective platforms Art. 6 para. 1 lit.a., Art. 7 GDPR applies.

    For a detailed account of the respective processing and dissent options (Opt-Out) please refer to the following linked provider information.

    We also advise to request disclosure and claim user rights with the respective provider for the most effective results. Only the respective provider has access to the individual user data and can therefore initialize needed measures or provide requested information. If you should still need help beyond this, please contact us.

     

    Facebook, -sites, -groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) as a basis of an agreemnet of joint personal data processing – privacy policy: https://www.facebook.com/about/privacy/, for sites: https://www.facebook.com/legal/terms/information_about_page_insights_data , Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

    Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.

     

    Integration of third party services and contents

    On the basis of our legitimate interests (meaning our interest in the analysis, optimization and the economic operation of our website within the meaning of Art.6 para. 1 lit.f. GDPR) we utilize service and content packages of third party providers to integrate their services and contents (consecutively “content” such as Videos or fonts.

    This always implies that the third party content provider can view the IP address of the respective user. Otherwise the contents could not be provided to the respective browser. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes

    The “pixel tags” can also be used to evaluate information, such as visitor traffic, on the pages of this website. The pseudonymous information may also be saved in cookies on the user’s device and may include, but are not limited to, technical information about the browser and operating system, referring web pages, time of visit, and other information regarding the use of our online offer.

    1. Vimeo

    We utilize the videos of video platform “Vimeo” provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA.

    Vimeo privacy policy: https://vimeo.com/privacy

    1. YouTube

    We utilize the videos of video platform “YouTube” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

     

    YouTube-privacy policy: https://www.google.com/policies/privacy/

    Opt-Out: https://adssettings.google.com/authenticated.

     

    1. Google Fonts

    We utilize the fonts of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

     

    Google-Fonts-privacy policy: https://www.google.com/policies/privacy/

    Opt-Out: https://adssettings.google.com/authenticated.

     

    Social Sharing

    We use Shariff social sharing buttons on impact.ag. We do so to protect your privacy. Other than regular social media buttons Shariff does not require the automated transmission of user data to the respective social network. Only if the user clicks on the social sharing button contact between the user and the respective social network will be made. Further information on Shariff here.

     

    Word Press Plug-Ins

     

    1. Limit Login Attempts Reloaded

    Security is very important on this website as well. In order to protect this website against hacker attacks, we use the plug-in “Limit Login Attempts Reloaded”, developed by wpchefgadget and obtained via the WordPress plugin repository. For this purpose, IP addresses and other personal data are stored on our server. This is necessary and based on Art. 6 para. 1 lit. f DSGVO also justified. More information at https://en.wordpress.org/plugins/limit-login-attempts-reloaded/.

     

    1. Antispam Bee

    We use the plug-in Antispam-Bee, which is an open-source software developed by “pluginkollektiv”, developed by Simon Kraft, Friedberger Anlage 8, 60314 Frankfurt am Main, in Germany and Switzerland. The plug-in is used to prevent spam in the comments below the posts. The plug-in can filter out comments sent by a spam bot. The plug-in does not collect user data (e.g., IP address).

    More information about the plug-in “Antispam Bee” can be found here https://pluginkollektiv.org/plugins/ and here https://wordpress.org/plugins/antispam-bee/.

     

    1. Redirection

    We want you to find the information you were looking for on our website. Therefore, we also track requests that go nowhere with the “Redirection” plug-in, developed by John Godley and sourced via the WordPress plugin repository. For this purpose, your IP address is stored anonymously. For more information, visit https://en.wordpress.org/plugins/redirection/ and https://github.com/johngodley/redirection.

     

    1. Yoast SEO

    We use the Yoast SEO plugin on our website. This is an offer from Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands, Tel: +31 (0) 24 82 00 337 (Chamber of Commerce / KvK: 55404367, VAT Number: NL851692540B01). This plugin is part of the technical optimization of our website for search engines and also supports the SEO-optimized content development. For more information, please refer to the privacy policy of Yoast BV, which can be viewed at https://yoast.com/privacy-policy/.