Privacy policy for our website

In the following we inform about the collection of personal data when using our website. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour. The purpose of processing is the operation of an internet site for the purpose of offering marketing and advertising services. We only process users’ personal data insofar as it is necessary to enable us to provide a functional website as well as our content and services. Users’ personal data is processed only with users’ consent. An exception to this rule is when the processing of data is permitted by law.

1. Who is responsible for data processing and who can you contact?

Responsible is:

.diff communications GmbH
Bucher Str. 79a
90419 Nuremberg,
Germany represented by the managing directors:

Markus Hupfer
Florian Gruettner
Phone: +49 (0) 911-21 79 72 0
info@diff.de

You can also reach us via our data protection officer:
Christian Hammerbacher
SPH IT + Consulting GmbH & Co. KG
Phone: +49 (0) 911-21 77 480
datenschutz@sph-consulting.de

You can also reach him by post at our address with the addition "the data protection officer".

2. Your data protection rights

You have the following rights with regard to your personal data:

- Right to information (Article 15 GDPR)

- Right to rectification or erasure (Articles 16 and 17 GDPR)

- Right to restriction of processing (Article 18 GDPR)

- Right to object to processing (Article 21 GDPR)

- Right to data portability (Article 20 GDPR)

- Right to withdraw consent (Article 7(3) GDPR)

If you have any questions on this matter, please contact us or our Data Protection Officer using the contact details provided. You also have the right to complain to a data protection supervisory authority about us processing your data.

3. Which data do we collect when you visit our website?

When use of our website is for information purposes only, we collect only personal data transferred to our server by your browser. This data is stored in our system’s log files. This data is not saved together with any other personal data. The data is deleted as soon as the respective session has ended. The collection of data in order to provide the website and the storage of the data in log files is essential for the operation of the website. It is not possible to object to this.

Should you wish to use our website for information purposes, we collect the data that is technically necessary to present our website to you and to guarantee its stability and security. The legal basis for this is Article 6(1)(1)(f) GDPR:

- Date and time of access

- Names of websites visited

- Names of downloaded files

- Data volume transferred

- Access status code (successful/unsuccessful)

- Type and version of browser used

- User’s operating system

- URL of the website from which our website was accessed

- IP address of the accessing computer

- Provider used to access our website

4. Which cookies are saved on your computer?

Our website uses cookies. These are small text files saved by your browser and stored on your end device. They are used to make our service more user-friendly, effective and secure. We use temporary cookies, which are automatically deleted when you close your browser (session cookies), as well as persistent cookies.

You can choose whether you wish to allow certain cookies to be placed. You can make changes in your browser settings. If you choose to do this, you may not be able to make full use of our website.

When using cookies, a distinction must be made between necessary cookies and cookies for other purposes (measuring access figures, advertising purposes).

4.1 Necessary cookies when using the website

We use cookies to make our website functional. Some elements on our website require the browser to be identified even after you have moved to a different page.

The cookies save and transmit the following data:

Language settings

Log-in information

The purpose of using technically necessary cookies is to allow users to use a website. Some features of our website cannot be offered without the use of cookies. For these features, it is necessary to recognise the browser, even after moving to a different page.

The user data collected through technically necessary cookies is not used to create user profiles. The legal basis for processing personal data using technically necessary cookies is Article 6(1)(f) GDPR.

4.2 Tracking cookies

The use of tracking cookies allows us to recognise a user when they re-access our website and associate use behaviour with an internally assigned identifier (pseudonym). This allows us to record repeated visits to our website and analyse them in connection with each other.

The following use occurrences can be transmitted:

Search terms used, frequency of site visits, utilisation of website functions.

When accessing our website, you will be informed of the use of cookies for analytical purposes and have the opportunity to consent to the use of optional cookies. The utilised service can only save information to your end device in any way or access this information with your consent, which you can grant via the cookie settings.

The legal basis for the use of cookies to process personal data for analytical purposes is your express prior consent, Article 6(1)(a) GDPR. You can prevent your data being processed at any time by withdrawing the consent you granted us, which you can do using the contact details provided in section 1 or here.

4.2.1 Newsletter tracking

To send our newsletter, we use Mailchimp by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp). This allows us to contact subscribers directly. We analyse your user behaviour in order to evaluate the effect of the newsletter and optimise our content.

As part of this, Mailchimp uses cookies and other tracking methods to collect the following personal data: information about your end device (IP address, device information, operating system, browser ID); information about the application you use to read emails; further information about your hardware and internet connection. Mailchimp collects this data to guarantee the security and reliability of the systems, the compliance with terms of use and the prevention of misuse. This is done in the legitimate interests of Mailchimp (in accordance with Article 6(1)(f) GDPR) and serves to execute their contract with us. The legal basis for this is Article 6(1)(b) GDPR.

The following user data is also collected: deliverability; open rate; unsubscribe rate; click rate and individual clicks on elements. Mailchimp also evaluates performance data, such as the distribution statistics for emails and other communication data. This information is used to generate use and performance statistics of the services. The legal basis for this processing is your consent in relation to our newsletter in accordance with Article 6(1)(a) GDPR.

For further information on objecting to or removing Mailchimp, please see: https://www.intuit.com/privacy/statement/#3._Privacy_for_Contacts

You can withdraw your consent at any time. All emails will include a link to unsubscribe from the newsletter. Otherwise you can withdraw using the contact options provided. The withdrawal of consent shall not affect the lawfulness of the processing before its withdrawal.

4.2.2 Analysis by Google: Google Analytics and Google AdWords Conversion Tracking

We use Google Analytics to analyse and statistically evaluate the use of our website. The data collected as part of this is used to optimise our website and advertising activities. Google Analytics is a web analytics service operated and provided by Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, email: support-de@google.com; for Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The basis for processing your data is your given consent in accordance with Article 6(1)(a) GDPR. Data will be recorded during your visit to the website, including:

a) Visitor data:

IP anonymisation with “anonymizeIP” masking function, so that no clear identification is possible,

origin (country and town/city), language, operating system, device (PC, tablet or smartphone), browser and all add-ons used

b) Traffic sources:

the source of your visit (i.e. which website or advertising material led you to us)

c) User behaviour:

Google processes data about website use on our behalf and is contractually bound to take measures in order to guarantee the confidentiality of the processed data. Google also processes this data for its own purposes (e.g. to create a profile or links to possible Google accounts). The data about your website use that is collected using cookies is usually transmitted to and stored on a Google server in the United States.

Google Analytics saves cookies on your web browser for the duration of 14 months after your last visit. These cookies contain a randomly generated user ID that can be used to recognise you should you visit the website in future.

The recorded data is saved together with a randomly generated user ID that enables the evaluation of anonymous user profiles. We automatically delete this user-related data after 14 months.

We also use the technical extension “Google Signals”, which enables cross-device tracking. This can be used to identify individual website visitors with various end devices. However, this only happens if the visitor is logged into a Google service during website visits and has also activated the “Personalised ads” option in their Google account settings. Even then, we have no access to personal data or user profiles; they remain anonymous to us. If you do not want “Google Signals” to be used, you can deactivate the “Personalised ads” option in your Google account settings.

You can disable cookies by setting your browser accordingly; however, if you do this you may not be able to use the full functionality of this website. You can also prevent the data generated by the cookie and related to your use of this website (including your IP address) being transmitted to and processed by Google by downloading and installing the browser plug-in available here: tools.google.com/dlpage/gaoptout

IP anonymisation is used on this website (“anonymizeIP” masking function). Within the EU and the European Economic Area, the IP addresses of users are truncated and only transmitted anonymously. Only by way of exception will the full IP address be transmitted to a Google server in the United States and truncated there. Google will use this information on behalf of the operator of this website for the purposes of analysing how you use the website, compiling reports on website activity and providing further services related to website and internet use to the website operator.

4.2.3 Google AdWords Conversion Tracking

We use “Google AdWords” on our website, including the Google AdWords Conversion Tracking extension provided by Google Inc (see above). The use of the Google AdWords service serves to show this website in the advertising space on “Google”.

If you click on one of these advertisements, Google registers this access and places a cookie on your browser. The cookie does not collect any personal data and will be deleted automatically after 30 days. The information we receive allows us to examine the quality and success of our advertising. If you have an appropriate program or if you deactivate the cookie in your browser, you will not be registered.

4.2.4 Withdrawal from / objecting to tracking by Google:

You can prevent processing as part of the Google services described above by taking the following actions:

It is possible to set your browser so that no cookies are stored. To deactivate these cookies on our website (“opt-out”), click here. However, this may mean that our website will not be fully functional. You can also prevent the data generated by the cookie and related to your use of this website (including your IP address) being transmitted to and processed by Google by downloading and installing the browser plug-in available here: tools.google.com/dlpage/gaoptout

As an American company, Google is subject to the CLOUD Act. This allows American governmental authorities to gain access to the data stored by Google. We have no influence over this.

You can find further information on Google’s privacy policy at policies.google.com/privacy and in particular about the use of user data by Google Analytics at: https://support.google.com/analytics/answer

4.2.5 LinkedIn Insight Tag

Our website uses the “LinkedIn Insight Tag” conversion tool provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This company belongs to LinkedIn Corporation, Attn: Legal Dept. (Privacy Policy and User Agreement), 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

We use the LinkedIn Insight Tag to gather information about visitors to our website. If a visitor is registered with LinkedIn, we can analyse, among other things, the career details (e.g. career level, company size, country, location, industry and profession) of our visitors and by doing so better aim our website towards the respective target audiences. Furthermore, we can use LinkedIn Insight Tags to measure the actions of visitors to our website (conversion measurement). Cross-device conversion measurement is also possible (e.g. from PC to tablet).

LinkedIn Insight Tag also has a retargeting function that we can use to show targeted advertisements to visitors to our website outside the website; according to LinkedIn, the advertising recipients are not identified. In addition, LinkedIn itself generates log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are truncated or (if they are used to reach LinkedIn members across devices) anonymised. The direct identifications of LinkedIn members are deleted by LinkedIn after seven days. The remaining anonymised data is then deleted within 180 days. The data collected by LinkedIn cannot be assigned to certain individuals by us as the website operator. LinkedIn will store the personal data collected about the website visitor on its servers in the USA and use them as part of its own advertising measures. Details can be found in LinkedIn’s privacy policy at

linkedin.com/legal/privacy-policy/choices

As an American company, LinkedIn is subject to the CLOUD Act. This act allows American governmental authorities to gain access to the data stored by LinkedIn. We have no influence over this.

Legal basis and option to withdraw consent

The basis for the use of LinkedIn Insight is Article 6(1)(f) GDPR. As the website operator, we have a legitimate interest in effective advertising measures including social media. If the corresponding consent was requested (e.g. consent to store cookies), the exclusive basis for processing is Article 6(1)(a) GDPR; consent can be withdrawn at any time in our Consent Tool.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:linkedin.com/legal/l/dpa and linkedin.com/legal/l/eu-sccs

You can object to LinkedIn’s analysis of user behaviour and targeted advertising via the following link: linkedin.com/settings/opt-out.

Furthermore, LinkedIn members can manage the use of their personal data for advertising purposes in their account settings. To avoid data collected on our website by LinkedIn being linked with your LinkedIn account, you should log out of your LinkedIn account before visiting our website.

4.2.6 Facebook Conversion Events

The Facebook Conversion Event function can be activated on our website with the help of a Meta pixel. “Facebook Conversion Event” is a service operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

The Facebook pixel allows Facebook to specify visitors to our website as a target group for displaying advertisements (Facebook advertisements). The Facebook pixel should also ensure that our Facebook advertisements are in line with the potential interests of users and are not annoying. In addition, the Facebook pixel measures the efficacy of our Facebook advertisements for statistical and market research purposes by showing us whether the user was forwarded to our website after clicking on a Facebook advertisement (“conversion”). The basis for the use of the Facebook pixel and the storage of conversion cookies is your explicit consent, Article 6(1)(a) GDPR. Consent can be withdrawn at any time. To deactivate the Facebook Conversion Event on our website (“opt-out”), click “object” in our Cookie Consent Tool.

The purpose and scope of data collection and the further processing and use of the data by Facebook as well as your rights in this regard and settings for protecting your privacy can be found in Facebook’s privacy policy: facebook.com/policy

As an American company, Facebook and its services are subject to the CLOUD Act. This law allows American governmental authorities to gain access to the data stored by Facebook. This also includes the data of non-US citizens. We have no influence over this.

4.2.7 Conversion measurement with the Facebook “visitor action” pixel

With your consent, we use the “visitor action pixel” provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. We can use this to track the actions of users after they have seen or clicked on a Facebook advertisement. This enables us to record the efficacy of the Facebook advertisements for statistical and market research purposes. Data recorded this way is anonymous to us, i.e. we do not see individual user’s personal data. However, this data is stored and processed by Facebook; we inform you about this based upon the information available. Facebook can link this data with your Facebook account and also use it for its own advertising purposes in accordance with Facebook’s data usage policy https://www.facebook.com/about/privacy/. The data can enable Facebook and its partners to place advertisements on and outside of Facebook. Furthermore, a cookie could be stored on your computer for these purposes.

You can withdraw your consent to this pixel in our Cookie Consent Tool.

As an American company, Facebook is subject to the CLOUD Act. This law allows American governmental authorities to gain access to the data stored by Facebook. This also includes the data of non-US citizens. We have no influence over this.

5. Subscribing to our newsletter via Mailchimp

To send our newsletter, we use Mailchimp by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp). This allows us to contact subscribers directly. We also analyse your user behaviour in order to optimise our content.

By subscribing to our newsletter, you agree to receive the newsletter and to the described procedure, Article 6(1)(a) GDPR. When you sign up for the newsletter, the data from the input screen is transmitted to us. The following personal data is collected: title, first name, surname, company, language, email address. The user’s email address is collected so that the newsletter can be sent.

The following data is also collected when you sign up: the IP address of the accessing computer and date and time of registration

5.1 Subscribing to the newsletter

We use the double opt-in process for subscriptions to our newsletter. After subscribing, we will send you an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone subscribing using email addresses that are not their own. Newsletter subscriptions are logged in order to prove that the subscription process meets the legal requirements. This includes storing the IP address and the time of subscription and confirmation.

The legal basis for processing data is the consent of the newsletter recipient in accordance with Article 6(1)(a) GDPR. The collection of other personal data as part of the sign-up process serves to prevent misuse of services or of the email address used.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. As such, the user’s email address will be stored for as long as the newsletter subscription is active. The data will be deleted when the user unsubscribes from the newsletter. Other personal data collected within the framework of the subscription process will usually be deleted after seven days.

5.2 Unsubscribing from the newsletter

The newsletter subscription may be cancelled by the user at any time. A link to do so can be found in every newsletter.

5.3 Our newsletter service providers

The newsletter is sent using the “Mailchimp” emailing service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA. You can read the emailing service’s privacy policy here: https://mailchimp.com/de/help/about-the-general-data-protection-regulation/

As an American company, Rocket Science Group LLC is subject to the CLOUD Act. This allows American governmental authorities to gain access to the data stored by Google. We have no influence over this.

6. Google Maps route planner

We incorporate the route planner provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive maps and geographic information. It is used to show you our location so that you can easily find your way to us. When Google Maps is used, Google also collects, processes and uses data about visitors’ use of the map function.

When you visit the subpage on which the route planner is incorporated, information about your use of our website (such as your IP address) will be transmitted to and stored by Google’s servers. This could include the transfer of data to the servers of Google LLC in the US. This happens regardless of whether Google provides a user account that you can log in to or whether a user account exists. If you are logged in to your Google account, your data is directly associated with this account.

When using the route planner, you can enter your starting address manually or provide permission for Google to access your location. If you do not wish data to be associated with your Google profile, you should log out of your Google profile before using the route planner. Google will store your data (even for non-logged-in users) as usage profiles, which it then analyzes. The collection, storage and evaluation are carried out in accordance with Article 6(1)(f) GDPR on the basis of Google’s legitimate interests in the display of personalised advertising, market research and/or the customised design of Google websites. You have the right to object to the creation of these user profiles; you must contact Google in order to exercise this right.

Detailed information on data protection in connection with the use of Google Maps can be found at support.google.com/accounts/answer and at google.de/intl/de/policies/privacy.

7. Do we pass your data on to third parties?

Should we disclose data to other persons and companies within the framework of our processing (order processing by third parties), transmit it to them or grant them other access to the data, this is done on the basis of your consent (e.g. newsletter), a legal obligation or on the basis of our legitimate interests (e.g. web hosting).

Should we commission third parties to process data, this will be done on the basis of an “order processing contract” in accordance with Article 28 GDPR.

8. Social media links

We are represented on Instagram, Facebook, LinkedIn, XING and Vimeo in order to communicate with customers, users and interested parties who are active there, and to provide information about our services.

The logos of these social media companies embedded on our website are social media links. These are simple text links. If you click on one of the links you will be forwarded directly to our respective fan page. The operator of the respective platform then processes the users’ data in accordance with the operator’s own privacy policy. No data is exchanged between this website and the respective platform in this context.

Instagram  

Instagram is a service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. As an American company, Instagram is subject to the CLOUD Act and other US laws with various authorisations for access to the personal data of non-US citizens. This legal situation allows American governmental authorities to gain access to the data stored by Instagram. We have no influence over this. More information can be found in Instagram’s privacy policy at:  http://instagram.com/about/legal/privacy/

Facebook Our website includes the Facebook social media button, a service provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The purpose and scope of data collection and the further processing and use of the data by Facebook as well as your rights in this regard and settings for protecting your privacy can be found in Facebook’s privacy policy:  http://www.facebook.com/policy.php

As an American company, Facebook is subject to the CLOUD Act. This law allows American governmental authorities to gain access to the data stored by Facebook. This also includes the data of non-US citizens. We have no influence over this.

LinkedIn

You can also access our LinkedIn fan page from our website. The provider of this service is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. More information can be found in LinkedIn’s privacy policy at: linkedin.com/legal/privacy-policy.

As an American company, LinkedIn is subject to the CLOUD Act. This law allows American governmental authorities to gain access to the data stored by LinkedIn. This also includes the data of non-US citizens. We have no influence over this.

XING

We are represented on XING. The provider of this service is XING AG, Dammtorstrasse 29–32, 20354 Hamburg, Germany. You can find more information about data protection and the XING share button in XING’s privacy policy at: xing.com/data_protection.

VIMEO

You can access our fan page on the Vimeo video portal from our website. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

As an American company, Vimeo is subject to the CLOUD Act. This law allows American governmental authorities to gain access to the data stored by Vimeo. This also includes the data of non-US citizens. We have no influence over this.

You can find more information about how user data is processed in Vimeo’s privacy policy at: vimeo.com/privacy.

9. Final remarks

Our business operations require data to be collected and processed. Data protection and data security must be guaranteed wherever data is collected and processed. For us, this is not only a legal requirement but a fundamental concern.

Please do not hesitate to contact us using the contact details provided above should you have any questions or suggestions about data protection regarding our services.