Privacy Statement

Company: Marketing Factory Digital GmbH
Street, No.: Marienstraße 14
Postcode, City, Country: 40212 Düsseldorf, Germany
Company registry number: HRB 54502
Managing Directors: Christoph Allefeld, Ingo Schmitt
Phone number: +49 211 36 11 76 0
E-mail address: info@marketing-factory.de

IITR Datenschutz GmbH

Dr. Sebastian Kraska
Marienplatz 2
80331 Munich

E-Mail: email@iitr.de, Phone: 089-18917360

1. This privacy statement informs you on the kind, scope and purpose of personal data processing within the scope of our online offering and websites to which our online offering provides hyperlinks, as well as on functions and content (hereinafter jointly referred to as “Online Offering” or “Website”). This privacy statement applies independent of the used domains, systems, platforms or devices (e.g. desktop or mobile devices) to provide or access the Online Offering.
2. Regarding the used terms, such as e.g. “personal data” or “processing” of personal data, we refer to the definitions in Article 4 General Data Protection Regulation (GDPR).
3. Personal data of users that is processed within the scope of this Online Offering includes user data (e.g. name and address of customers), usage data (e.g. visited Websites of our Online Offering, interest in our services) and content data (e.g. entered data in contact forms).
4. The term “user” includes all categories of data subjects that are affected by data processing. This includes our business partners, customers, prospects and other visitors of our Online Offering. The used terms, such as e.g. “user” are to be interpreted in a gender-neutral manner.
5. We only process personal user data in compliance with relevant data protection provisions. This means that user data is only processed if the user has provided its consent as required by law. I.e., in particular, that user data is only processed, if the processing of data is necessary or required by law to perform our contractual obligations / services (e.g. order processing) and to provide our online services or if the user has provided his consent, but also, if processing of user data is based on our legitimate interests (i.e. Interest in the analysis, optimization and economic operation and security of our Online Offering in terms of Art. 6 Para 1 lit. f. GDPR, in particular for media coverage measurement purposes, preparation of profiles for advertising and marketing purposes, as well as access data collection and use of third-party services).
6. We expressly note that the legal basis for the provision of consent is Art. 6 Para 1 lit. a. and Art. 7 GDPR, that the legal basis for the processing of data to fulfil our service obligations and to perform contractual measures is Art. 6 Para 1 lit. b. GDPR, that the legal basis for the processing of data to meet our legal obligations is Art. 6 Para 1 lit. c. GDPR and that the legal basis for the processing of data to safeguard our legitimate interests is Art. 6 Para 1 lit. f. GDPR.

1. We apply organisational, contractual and technical security measures with regard to the state of the art to ensure compliance with data protection law provisions and the protection of the data we process against accidental or intentional manipulations, loss, destruction or access by unauthorised individuals.
2. These security measures include, in particular, encrypted data transmission between your Browser and our server.

1. Data is only disclosed to third parties to the extent permitted by law. We only disclose user data to third parties, if such disclosure is necessary, e.g., for contractual purposes in accordance with Art. 6 Para 1 lit. b. GDPR or based on our legitimate interests in accordance with Art. 6 Para 1 lit. f. GDPR to operate our business in an economic and effective manner.
2. In those case where we engage sub-contractors to provide our services, we take appropriate legal precautions, as well as adequate technical and organisational measures to provide for the protection of personal data in accordance with relevant statutory provisions.
3. If within the scope of this privacy statement content, tools or other means of other providers (hereinafter jointly referred to as “third-party providers”) are used and their stated principal place of business is located in a third country, one has to expect that data will be transferred to the countries of the third-party providers’ principal place of business. Third countries are to be understood as countries, where the GDPR is not directly applicable law, i.e. in general any country outside of the EU / European Economic Area. Data is transmitted to third countries, if an appropriate data protection level is implemented or if such data transmission is permitted by law.

If you contact us (using the contact form or via e-mail), we will process your information in accordance with Art. 6 Para 1 lit. b. GDPR to deal with and process your contact inquiry.

1. Based on our legitimate interests in terms of Art. 6 Para 1 lit. f. GDPR, we collect data on each access to the server on which our service is located (so-called server log files). This access data includes, name of the accessed website, file name, access date and time, transmitted data volume, successful data transmission message, Browser type and version, the user’s operating system, referrer URL (previously visited page), IP address and requesting provider.

2. All log file information is stored for a period of seven days at a maximum for security reasons (e.g. investigation and clarification of abuse or fraudulent acts). After this period, log files are anonymised, so that the identity of website visitors can no longer be concluded from these log files. Data that must be kept for evidence purposes is excepted from anonymisation until the relevant incident is finally solved.

1. A cookie is information that is transmitted from our web server or third-party web servers to the users’ web Browsers and stored on the user’s computer to support future visits. Cookies can be small files or other types of information storage.

2. We use "Session-Cookies” that are only temporarily stored for the duration of the current visit on our online presence. A randomly created unique identification number is stored in a session cookie, a so-called session ID. A cookie contains, in addition, the information on its origin and the storage period. These cookies cannot store any other data. Session-Cookies will be erased, when you have ended the use of our online offering and e.g. close your Browser.

3. This privacy statement informs you on the use of cookies within the scope of pseudonymous media coverage measurement.

4. If you do not wish that cookies are stored on your computer, please deactivate the respective option in the system settings of your Browser. Stored cookies can be erased using the system settings of the Browser. If storage of cookies is blocked, this may restrict functionality of this online offering.

5. You may object to the use of cookies used for media coverage measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and also the American web page in the USA (http://www.aboutads.info/choices) or the European web page (http://www.youronlinechoices.com/uk/your-ad-choices/).

We use various web analysis services on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR).

We understand web analysis as a component of our internet service. We want to use it to further improve the website and adapt it more to the needs of the users. Data on the behavior of users is collected to identify and improve possible problems such as pages not found, crawling problems by search engine bots or particularly popular or unpopular content.

As a digital agency, we also have an interest in understanding how web analytics programs work and how we can report usage data in a privacy-compliant and effective manner. Therefore, we have installed different variants of web analyitcs programs on our own servers in parallel, which we explain individually below.

Some of these analysis services set cookies on the end devices of the users in order to recognize sessions. This data storage is only carried out after consent has been given in the consent banner (see detailed information on use).

Matomo (PIWIK)

For statistical analysis, we use “Matomo” (formerly “PIWIK”) on this website. This is an open source web analytics tool developed by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769.

For more information on Matomo's terms of use and data protection regulations, please visit: https://matomo.org/privacy/

We host Matomo on a shared server in Germany, with whose operator we have concluded an AV contract. No data is transmitted to servers that are outside of our control. We do not share the data obtained with the Matomo tool with any third party, the data is processed exclusively in the EU.

When tracking, we only collect your IP address anonymously by removing the last 2 bytes/octets in each case (e.g. 197.15.0.0 instead of 197.15.107.24).

The data is deleted as soon as it is no longer needed for our recording purposes (currently, the deletion of anonymized raw access data takes place after 90 days).

Matomo without cookies (without consent query)

We use a version of the Matomo tracker without cookies on this website. This version is delivered without prior consent query, since no data is stored on your end device.

Matomo with cookies (only after consent query)

We alternatively use a version of the Matamo tracker with session tracking cookies on this website. This version is only used if you have previously explicitly agreed to the purpose of "analysis cookies" in the consent management layer (cookie layer). The Matomo cookies we set are explained in detail in the consent layer.

Google Analytics
If you have given consent to tracking for web analytics services, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics

Google Analytics 4 (GA4)

Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

Scope of processing

Google Analytics 4 does not currently use cookies.

During your website visit, your user behavior is recorded in the form of "events".

Events can be:

• Page views
• First visit to the website
• Start of session
• Click path and interaction with the website
• Scroll events
• Clicks on external links
• Internal search queries
• Interaction with videos
• file downloads
• ads seen / clicked
• language setting

Also recorded:

• Your approximate location (region)
• Your IP address (in shortened form)
• technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• Your Internet service provider
• the referrer URL (via which website/advertising medium you came to this website)
• The purpose of the processing
• Recipients
• Recipients of the data are/could be

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Recipients

Recipients of the data are/could be

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection.

The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

1. Data stored with us are erased as soon as data is no longer needed for their intended purpose and such erasure does not conflict with statutory retention obligations. If user data is not erased, because it is required for other purposes permitted by law, processing of such data is restricted. I.e. such data is locked and will not be used for other purposes. This applies e.g. for user data that must be kept for commercial or tax law reasons.
2. In accordance with statutory requirements data is kept for six years according to Section 257 Para 1 HGB [German Commercial Code] (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records etc.), as well as for ten years according to Section 147 Para 1 AO [German Tax Code] (books, records, management reports, accounting records, commercial and business letters, tax relevant documents etc.).

You may object to future processing of your personal data at any time in accordance with statutory provisions. You may, in particular, object to data processing for direct advertising purposes.

1. We reserve the right to amend this privacy statement to adapt this privacy statement to changed legal situations or in the case our services or processing of data changes. This applies, however, only in relation to statements regarding data processing. If your consent is required or if components of the privacy statement contain arrangements of the contractual relationship with you, amendments to the privacy statement are only performed with your consent.
2. We kindly ask you to routinely check the privacy statement’s content.

The competent supervisory authority is the

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf

Phone: 0211/38424-0
Fax: 0211/38424-10

E-mail: poststelle{at}ldi.nrw.de