PRIVACY POLICY
We take the protection of your personal data very seriously when collecting, processing and using it on the occasion of your visit to our website and want you to know when we collect which data and how we use it. We have taken the technical and organizational measures to ensure that the regulations on data protection are observed both by us and by any service providers.
​
This data protection declaration informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our website and its associated websites, functions and content, as well as our external online presences, such as our social media profile
(hereinafter: "online offer").
Person responsible
The person responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 DSGVO is.
​
public imaging GmbH
Goldbekplatz 3
22303 Hamburg
Tel.: +49 (0)40 40 19 99- 0
E-Mail: info@publicimaging.de
Name and address of the data protection officer
The data protection officer of the controller is:
​
Rechtsanwalt
Michael H. Heng
Am Kaiserkai 69
20457 Hamburg
dsb@advocatus.de
​
Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
​
Types of data processed
-
Inventory data (e.g. your name, address)
-
Contact data (e.g. your e-mail address, telephone number)
-
Content data (e.g. your text entries on our site, photographs, videos you upload)
-
Usage data (e.g. the subpages you visit, access times)
-
Meta/communication data (e.g., device information, IP addresses)
Categories of data subjects
Visitors and users of the online offer (hereinafter: "users"), customers, interested parties, business partners.
​
Purpose of the processing
-
Provision of the online offer, its functions and contents
-
Answering contact requests and communication with users
-
Security measures
-
Reach measurement/marketing
Terminology used
-
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4(1) GDPR).
-
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4(2) GDPR).
-
"Profiling" means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location (Art. 4(4) GDPR).
-
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person
(Art. 4 No. 5 GDPR). -
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data (Art. 4(7) GDPR).
-
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4(8) GDPR).
Relevant legal bases
Art. 13 DSGVO stipulates that we inform you of the legal basis for our data processing activities. Unless the legal basis is explicitly stated within the following privacy policy, the following applies:
-
The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO.
-
The legal basis for processing for the fulfillment of our services and implementation of contractual measures as well as answering inquiries is Art. 6 (1) lit. b DSGVO.
-
The legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c DSGVO.
-
The legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f DSGVO.
-
The legal basis in the event that vital interests of the data subject or another natural person make processing of personal data necessary is Art. 6 (1) lit. d DSGVO.
Security measures
To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 DSGVO, which we continually adapt to the state of the art.
The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data.
We have established procedures to ensure the exercise of data subject rights, deletion of data and response to data compromise.
Furthermore, we take into account the protection of personal data through technology design (privacy by design) and through data protection-friendly default settings (privacy by default), Art. 25 DSGVO.
Your personal data is transmitted encrypted with us. This applies to all communication conducted via our website. We use the SSL (Secure Socket Layer) coding system. However, we would like to point out that data transmission on the Internet, e.g. when communicating by e-mail, can have security gaps.
​
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to order processors or third parties, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission, e.g. if you have consented, Art. 6 para. 1 lit. a DSGVO, the transfer to third parties pursuant to Art. 6 para. 1 lit. b DSGVO is necessary for the performance of a contract, a legal obligation provides for this, Art. 6 para. 1 lit. c DSGVO, or on the basis of our legitimate interests, Art. 6 para. 1 lit. f DSGVO.
In the case of processors, the transfer takes place on the basis of the order processing contract concluded with the processor in accordance with Art. 28 DSGVO.
​
Transfer to third countries
A transfer of data to a third country, e.g. when using third-party services, only occurs if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests according to the aforementioned legal grounds. Subject to other legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 et seq. DSGVO (e.g. on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses")).
​
Rights of the data subjects
-
Right to confirmation and information: according to Art, 15 DSGVO, you have the right to receive confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to request from us free information about the personal data stored about you, together with a copy of this data.
-
Right to rectification: Pursuant to Art. 16 DSGVO, you have the right to demand that we rectify any inaccurate personal data relating to you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
-
Right to erasure: Under Article 17 of the GDPR, you have the right to request that personal data concerning you be erased without undue delay.
-
Right to restriction of processing: under the conditions of Art. 18 DSGVO, you have the right to request restriction of the processing of personal data.
-
Right to data portability: under Art. 20 DSGVO, you have the right to request that the personal data concerning you that you have provided to us be received in a structured, commonly used and machine-readable format and to request that it be transferred to other data controllers, insofar as this is technically feasible.
-
Right of withdrawal: In accordance with Art. 7 (3) DSGVO, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
-
Right to object: In accordance with Art. 21 DSGVO, you have the right to object at any time to the processing of personal data relating to you that is carried out on the basis of Art. 6 (1) (e) or (f) DSGVO for reasons arising from your particular situation.
You may assert the aforementioned rights at any time vis-à-vis the aforementioned data controller or the aforementioned data protection officer.
-
Right to lodge a complaint with a supervisory authority: Pursuant to Art. 77 DSGVO, you have the right to lodge a complaint with the competent supervisory authority.
Deletion of data
Unless otherwise expressly stated, the data stored by us will be deleted in accordance with Art. 17 DSGVO as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted in accordance with Art. 18 DSGVO, i.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law. According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 para. 1 No. 1, 4 and 4a, para. 3 AO, 257 para. 1 No. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years according to §§ 147 para. 1 No. 2, 3 and 5, para. 3 AO, 257 para. 1 No. 2 and 3, para. 4 HGB (commercial letters).
​
Operation of the website and access to the website
The hosting services we use from our hosting provider serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating the website.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 p. 1 f) DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO.
We, or our hosting provider, also process access data. These include:
-
Name and URL of the retrieved file
-
Date and time of the retrieval
-
amount of data transferred
-
message about successful retrieval (HTTP response code)
-
browser type and version
-
Operating system
-
Referrer URL (i.e. the previously visited page)
-
Websites that are called up by the user's system via our website
-
Internet service provider of the user
-
IP address and the requesting provider
We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of operating, securing and optimizing our online offering, but also to anonymously record the number of visitors to our website and the extent and type of use of our website and services, as well as for billing purposes to measure the number of "clicks" received from cooperation partners. Based on this information, we can provide personalized and location-based content and analyze traffic, search for and fix errors, and improve our services.
This is also our legitimate interest according to Art 6 (1) lit. f DSGVO.
We reserve the right to review the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is required for security purposes or necessary for the provision of services or the billing of a service, e.g. if you use one of our offers. After cancellation of the order process or after receipt of payment, we delete the IP address if it is no longer necessary for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website.
​
Cookies
We use so-called session cookies on our pages in order to optimize our online offer. A session cookie is a small text file that is sent by the respective servers when you visit a website and is temporarily stored on your hard drive. This file as such contains a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. These cookies are deleted after you close your browser.
​
Our legitimate interest in the use of cookies pursuant to Art 6 (1) p. 1 f) DSGVO is to make our website more user-friendly, effective and secure and easier to use for you.
When the cookie is activated, it is assigned an identification number and an assignment of your personal data to this identification number is not made. Your name, IP address or similar data that would enable the cookie to be assigned to you are not placed in the cookie. Based on the cookie technology, we only receive pseudonymized information, for example, about which pages were visited.
​
You can set your browser so that you are informed in advance about the setting of cookies and can decide on a case-by-case basis whether you want to exclude the acceptance of cookies for certain cases or generally, or that cookies are prevented completely. Stored cookies can be deleted in the system settings of the browser. This may restrict the functionality of the website.
​
Contacting
When contacting us (e.g. by e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DSGVO. In answering your inquiry also lies our legitimate interest in the processing of your transmitted data according to Art. 6 para. 1 lit. f) DSGVO.
​
We delete the requests if they are no longer necessary. We review the necessity on a regular basis, at the latest every two years. Furthermore, the legal archiving obligations apply.
​
Online presence in social networks
Our company maintains online presences within various social networks in order to be able to communicate with our customers, interested parties and other users there as well and to inform them about our range of products and services.
​
In this context, we would like to point out that data may also be processed outside the EU, in particular in the USA. In this respect, we expressly point out that it is possible that processing in the USA could make it more difficult for you to enforce your rights as a user.
​
The data of visitors to our online presences are generally processed for market research and advertising purposes and usage profiles are created from this, which are used to place advertisements both within and outside of the social networks that correspond to the presumed interest of the user. For this purpose, cookies containing information about the usage behavior and interests of the respective user are usually stored on the user's computer. If the user is also logged into the social network, it is also possible that further data is stored in the respective user profiles.
​
The processing of the users' personal data is based on our legitimate interests in effective information of the users and communication with the users pursuant to Art. 6 para. 1 lit. f. DSGVO.
For a detailed overview of the respective processing and the options for an objection (opt-out), we refer to the privacy statements of the respective social networks.
​
Requests for information and your user rights can be asserted most effectively directly with the provider of the social network. Only they have access to the data of their users and can take appropriate measures and provide information directly. Of course, you can also contact us if you need help.
The types of data processed in the online presences are contact data, such as e-mail address or telephone numbers, content data, such as your entries in online forms, usage data, such as access times or subpages visited, or ultimately meta or communication data, such as device information and IP addresses. Data subjects are you as a user of the social network. The purpose of processing the data is to enable you to get in touch with us, such as via contact requests and feedback, as well as marketing.
​
Online presence on Facebook
We are joint controllers, together with Facebook Ireland Ltd, with respect to the collection of data from visitors to our Facebook fan page, but not with respect to the further processing of the data. This data includes information about what the user is looking at, who they are interacting with, whether they are commenting and what they are commenting on, furthermore device information such as IP addresses, browser type, operating system, cookies and language settings. More information can be found in the Facebook Data Policy at https://www.facebook.com/policy.
​
Facebook also uses analytics tools, so-called page insights, which they provide to the page operator to gain insights about the visitors of Facebook pages, e.g. how the user handles and interacts with the information contained on the page. We have entered into a special agreement with Facebook for this purpose (see https://www.facebook.com/legal/terms/page_controller_addendum), which sets out exactly which security measures Facebook must observe and which obligations Facebook must fulfill with regard to data subjects' rights (in particular, requests for information and notifications of deletion). This does not restrict the rights of users. Further information can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.
​
The contact details of the social network Facebook are: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, the parent company is Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA. The website of the social network can be found at https://www.facebook.com, their privacy policy at https://www.facebook.com/about/privacy. An opt-out option and other settings for advertisements can be found at https://www.facebook.com/adpreferences/ad_settings, whereby a login to Facebook is required here.
​
Online presence at LinkedIn
The contact details of the social network LinkedIn are: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The website of the social network can be found at https://www.linkedin.com, their privacy policy at https://www.linkedin.com/legal/privacy-policy. An opt-out option can be found at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
​
Online presence on Twitter
The contact details of the social network Twitter are: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, the parent company is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; The website of the social network can be found at https://www.twitter.com, their privacy policy at https://twitter.com/de/privacy and the privacy settings at https://twitter.com/settings/privacy_and_safety , whereby a login to Twitter is required here.
​
Online presence on XING
The contact details of the social network XING are: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The website of the social network can be found at : https://www.xing.de, its privacy policy at https://privacy.xing.com/de/datenschutzerklaerung.
​
Google Analytics and Google Tag Manager
Via the Google Tag Manager, we use Google Analytics, a web analytics service provided by Google LLC ("Google"), based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 (1) lit. f. DSGVO) Google Analytics, a web analytics service provided by Google LLC ("Google"). Cookies are not set by this. However, the information about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there. This is access data, such as the type and version of browser you are using, the operating system, the country from which the page was accessed, a possible referrer URL, the number of times the page was accessed and the date and time of access.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and Internet use. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with IP anonymization activated. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
No profiles are created with the tag manager and likewise no cookies are stored. Google only receives the user's IP address in order to run the tag manager.
The service provider of both services is Google Ireland Limited, Gordon House, Barrow Street, Dublin4, Ireland, belonging to the parent company, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, the website can be found at https://marketingplatform.google.com/intl/de/about/analytics/, the privacy policy at https://policies.google.com/privacy.
Status of the data protection declaration 23.08.2021.