1. Introduction
With the following information, we would like to give you an overview of how your personal data is processed by Masterplan com GmbH and the rights you hold in accordance with the data protection law. Use of our website is, in general, possible without entering personal data. However, for particular services provided by our company via our website, it may be necessary to process personal data in order to use them.
The processing of personal data, such as your name, address, or e-mail address, is always carried out in accordance with the current data protection law, specifically the General Data Protection Regulation (GDPR). With this data protection policy, we would like to provide you with transparency and inform you about both the extent and purpose of personal data processed by us, as well as the rights you are entitled to.
2. Person Responsible
The following is responsible in matters concerning the GDPR:
Masterplan com GmbH
Dircksenstraße 47,
10178 Berlin, Deutschland
Phone:
+49 234 810 502 00E-Mail:
info@masterplan.com
Legal representatives of those responsible: Stefan Peukert
3. Data Protection Officer
You can contact the data protection officer through the following means:
Sascha Kremer
c/o KREMER RECHTSANWÄLTE
Brückenstraße 21
50667 Köln
Please use
privacy@masterplan.com to also access our form and relay any concerns, such as inquiries from anyone affected. You can contact our data protection officer directly at any time with any questions or comments regarding data protection.
4. Definitions
This data protection declaration uses the terminology used in the General Data Protection Regulation (GDPR). Our data protection policy should be easy to read and understand for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
The terms we use in this data protection policy include:
- Personal Data:
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. - Affected Person:
An affected person is any identified or identifiable natural person whose personal data is processed by those responsible for processing. - Processing:
Processing is any operation or set of operations, carried out with or without automated assistance, relating to personal data such as collection, recording, organization, filing, storage, adaptation or alteration, reading, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion, or destruction. - Restriction of Processing:
Restriction of processing refers to the marking of stored personal data with the aim of restricting their future processing.
- Profiling:
Profiling is any automated processing of personal data to evaluate and analyze certain personal aspects that relate to a natural person, particularly aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts, or any change of location for that natural person. - Pseudonymization:
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure the personal data is not assigned to an identified or identifiable natural person. - Processor:
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. - Recipient:
The recipient is a natural or legal person, authority, institution, or other body to whom personal data is disclosed, regardless of whether it is a third party. However, public authorities that may receive personal data in the course of a specific investigation mandate under EU or national law shall not be considered recipients. - Third Party:
Third party means any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data. - Consent:
Consent means any freely given, informed, and unambiguous expression of the data subject’s wishes, in the form of a statement or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.
5. Lawfulness of Processing
According to the principle of legality of the data protection law, personal data may only be processed if an appropriate legal basis allows it. Masterplan com GmbH processes personal data in virtue of the following legal bases:
Article 6, paragraph 1, item (a) of the GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary to fulfill a contract to which you are a party, the processing is based on article 6, paragraph 1, item (b) of the GDPR. The same applies to such processing operations that are required to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as certain retention requirements, the processing is based on article 6, paragraph 1, item (c) of the GDPR.
Furthermore, processing operations could be based on article 6, paragraph 1, item (f) of the GDPR. Processing operations are based on this legal foundation if the processing is necessary to safeguard a legitimate interest of our company or a third party, and do not outweigh the interests, fundamental rights, and freedoms of the data subject. Typically, such legitimate interests include cases where processing operations have been mentioned by the European legislator. According to this, a legitimate interest for data processing can be assumed if you are a customer of our company (recital 47, sentence 2 of the GDPR).
6. Transfer of Data to Third Parties
The transfer of your personal data to third parties also constitutes a processing operation for which one of the above-mentioned legal bases is required. We only pass on your personal data to third parties if:
- according to article 6, paragraph 1, page 1, item (a) of the GDPR, you have expressed your consent to this,
- the transfer is permitted according to article 6, paragraph 1, page 1, item (f) of the GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- there is a legal obligation for disclosure according to article 6, paragraph 1, page 1, item (c) of the GDPR, and
- this is legally permissible and, according to article 6, paragraph 1, S. 1, item (b) of the GDPR, necessary for the processing of contractual relationships with you.
7. Data Collected during Visits to the Website
When using our website for informational purposes only (i.e. if you do not register or otherwise provide us with information), we only collect the data that your browser sends to our server (in so-called “server log files”). Our server collects a range of general data and information each time a page is accessed. This general data and information is stored in the server’s log files. Data that can be collected includes
- types and versions of browsers used,
- the operating system used by the accessing computer,
- the website from which an accessing system reaches our website (so-called referrer),
- the sub-sites that are accessed via an accessing system on our website,
- the date and time of access to the website,
- a shortened internet protocol address (anonymized IP address),
- the internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about you as an individual. Rather, this information is needed to
- deliver the content of our website correctly,
- optimize the content of our website, as well as the advertising for it,
- to ensure the long-term functionality of our IT systems and the technology of our website, and
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack
The data and information collected is therefore evaluated by us statistically, while also with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for data processing is the legitimate interest according to article 6, paragraph 1, S. 1, item (f) of the GDPR. We have an overriding legitimate interest in being able to offer our services in a technically accurate manner.
Use of SalesViewer® technology
On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH on the basis of legitimate interests of the website operator (GDPR Art. 6(1)(f)). For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website. The data stored as part of Salesviewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. The collection and storage of data can be objected to at any time with effect for the future by please following this link
https://www.salesviewer.com/opt-out click to prevent the collection by SalesViewer® within this website in the future. In doing so, an opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you must click this link again.
8. Cookies
The Masterplan website uses cookies. These are text files that are stored on your computer. The data processed by cookies, which are required for the proper functioning of the website, are thus necessary to protect our legitimate interests, as well as those of third parties in accordance with article 6, paragraph 1, page 1, item (f) of the GDPR.
For all other cookies, it applies that you have given your consent to this via our opt-in cookie banner in accordance with article 6, paragraph 1, item (a) of the GDPR. The settings for cookies can be managed in the cookie settings.
9. Processing of Data That You Transfer to Us
9.1 Data Processing When Registering an Account
You can create a test account or a business test account with a registration. Within this account, you have access and control over the personal data you have provided at any time. Which data is collected can be seen from the respective input forms. We store and use the data provided by you for the purpose of processing the contract in accordance with article 6, paragraph 1, item (b) of the GDPR. You may delete your account at any time and can do so by sending a message to the address mentioned above of the person responsible. After complete processing of the contract or deletion of your account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired.
9.2 Establishing Contact/Contact Form
When contacting us (e.g. via contact form or e-mail), personal data is collected. This is inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers) and content data (e.g. entries in online forms). This data is stored and used for the purpose of responding to your request or for contacting you and the associated technical administration and, if desired, for initiating a contractual relationship. The legal basis for the processing of data in connection with responding to requests and maintaining user or business relationships is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified, no contractual relationship has been entered into and provided that there are no statutory retention obligations to the contrary. If your request is aimed at a business relationship, we store your contact data in our Customer Relation Management System, by Salesforce.com Deutschland GmbH, c/o: Salesforce.com Sarl, Route de la Longeraie 9, Morges, 1110, Switzerland, on servers in Germany. We have entered into a Data Processing Agreement and the EU Standard Contractual Clauses (EU) 2021/915 with Salesforce. You can request a copy of the contract at any time via privacy[at]masterplan.com.
9.3 Application Management/Job Exchange
We collect and process applicants’ personal data for the purpose of executing the application procedure. The processing can also be done electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, such as by e-mail or through a form on our website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. In this case, the legal basis is processing for purposes of the employment relationship in accordance with § 26 of the Federal Data Protection Act.
If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests on our part. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (GETA). The data processing then takes place solely on the basis of our legitimate interest in accordance with article 6, paragraph 1, item (f) GDPR.
9.4 Registration for User Tests
We give interested HR managers the opportunity to register for user tests and workshops. This gives you the opportunity to work with us to develop new functions and test new versions of our product. The data collected with the registration form is used to contact interested parties for these purposes. The legal basis for this data processing is, in accordance with article 6, paragraph 1, page 1, item (f) of the GDPR, our predominant interest in an exchange with interested parties and customers to improve our product. We use Google Forms for registration, so that Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA is the recipient of this data. In some cases, data is transferred to third countries for this purpose. This data transfer is made possible by the so-called standard data protection clauses, which you can view here. The data will be deleted as soon as the person concerned no longer wishes to participate in the program or we have discontinued the offer.
10. Newsletter Dispatch
If you have provided us with your e-mail address when signing-up for our services, we reserve the right to regularly send you offers for services from our product range by e-mail. In accordance with § 7 (3) UWG, we do not need to obtain separate consent from you for this. In this respect, the data processing takes place solely on the basis of our predominantly legitimate interest in personalized direct mail as per article 6, paragraph 1, item (f) of the GDPR. If you initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with future effect by notifying the person responsible, named at the beginning of this document. For this, you will only incur transmission costs according to basic tariffs. After receipt of your objection, the use of your e-mail address for advertising purposes will be immediately discontinued.
11. Our Activity on Social Networks
In order to communicate in social networks with you and inform you about our services, we are represented there with our own profiles. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform in terms of the processing operations triggered by this, which involve personal data, in accordance with article 26 of the GDPR.
We are not the original provider of these pages, but only use them within the scope of possibilities offered to us by the respective providers. Therefore, as a precautionary measure, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Any use may therefore entail data protection risks for you, as it may be difficult to protect your rights to, for example, information, deletion, objection, etc., and processing in social networks is often carried out directly by the providers for advertising purposes or for the analysis of user behavior, without this being influenced by us. If user profiles are created by the provider, cookies are often used or the user behavior is directly assigned to your own member profile of the social networks (provided you are logged in here).
The described processing operations of personal data are carried out in accordance with article 6, paragraph 1, item (f) of the GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a contemporary manner or inform you about our services. If you have to give consent to data processing as a user with the respective provider, the legal basis concerns article 6, paragraph 1, item (a) of the GDPR in conjunction with article 7 of the GDPR.
Since we do not have access to the providers’ data files, we point out that your rights (e.g. to information, correction, deletion, etc.) are best exercised directly with the respective provider. For further information on the processing of your data in social networks and the possibility to make use of your right to objection or revocation (also referred to as opt-out) is listed below for the respective provider of social network platforms we use:
11.1 Facebook
(Co-)responsible for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
11.2 Instagram
(Co-)responsible for data processing in Germany:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
11.3 LinkedIn
(Co-)responsible for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
11.4 Twitter
(Co-)responsible for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
11.5 YouTube
(Co-)responsible for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
11.6 XING
(Co-)responsible for data processing in Germany:
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
12. Web Analysis
12.1 Facebook Pixel (Custom Audience)
This website uses the “Facebook pixel” of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). If explicit consent is given, this allows us to track the users’ behavior after they have seen or clicked on a Facebook advertisement. This process is used to evaluate the effectiveness of Facebook Ads for statistical and market research purposes and may help optimize future advertising efforts.
The collected data is anonymous for us, so we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy (
https://www.facebook.com/about/privacy/). You can enable Facebook and its partners to place ads on and off of Facebook. A cookie may also be stored on your computer for these purposes. These processing operations are only carried out when explicit consent is given in accordance with article 6, paragraph 1, item (a) of the GDPR.
To deactivate the use of cookies on your IT system, you can set your Internet browser so that cookies can no longer be stored on your IT system in the future or cookies that have already been stored are deleted. However, switching off all cookies may mean that some functions on our website can no longer be carried out. You can opt out of the use of cookies through third parties, such as Facebook, found on the following website for the Digital Advertising Alliance:
https://www.aboutads.info/choices/In addition, you can deactivate cookies for measuring reach and advertising purposes via the following websites:
- http://optout.networkadvertising.org/
- http://www.youronlinechoices.com/uk/your-ad-choices/
Please keep in mind that this setting will also be deleted if you delete your cookies.
12.2 Google Analytics
On our websites, we use Google Analytics, a web analysis service from Google Ireland Limited (
https://www.google.com/intl/en/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; in the following “Google”). In this context, pseudonymized user profiles are created and cookies (see item “Cookies”) are used. The information generated by the cookie about your use of this website, such as
- browser type/version,
- operating system used,
- referrer-URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server inquiry,
is transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities, and to provide other services related to both website and Internet usage, for the purposes of market research and the design of these Internet pages in line with requirements. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are made anonymous so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by setting the browser software accordingly; however, we would like to point out that, if you do this, you may not be able to use the full functionality of this website. These processing operations shall only be carried out if explicit consent is granted in accordance with article 6, paragraph 1, item (a) of the GDPR. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, and thus revoke your consent by downloading and installing a browser add-on (
https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data or withdraw your consent by clicking on the following link:
Deactivate Google Analytics. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser, only for our website, and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (
https://support.google.com/analytics/answer/6004245?hl=en).
12.3 Google Analytics Remarketing
We have integrated Google Remarketing services on this website. Google Remarketing is a function of Google AdWords that enables a company to show advertisements to Internet users who have previously been on the company’s website. The integration of Google Remarketing therefore allows a company to create user-related advertising and consequently show interest-relevant advertisements to the Internet user. The company operating the Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of Google Remarketing is enabling a fade-in of interest-relevant advertising. Google Remarketing allows us to display advertisements via the Google advertising network or have them displayed on other Internet sites, which are tailored to the individual needs and interests of Internet users. Google Remarketing sets a cookie on the IT system of the person concerned. By setting the cookie, Google is able to recognize the visitor to our website when he or she subsequently accesses websites that are also members of the Google advertising network. With each call to a website on which the Google Remarketing service has been integrated, your Internet browser automatically identifies itself to Google. Within the scope of this technical procedure, Google receives knowledge of personal data, such as your IP address or surfing behavior, which Google uses, among other things, to display interest-relevant advertising. The cookie is used to store personal information, such as the websites you have visited. Every time you visit our website, personal data, including your IP address, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass this personal data collected through the technical process on to third parties.
You can prevent the setting of cookies by our website, as described above, at any time by means of a corresponding setting in the Internet browser you are using, and thus permanently object to the setting of cookies. Such a setting of the Internet browser you are using would also prevent Google from setting a cookie on your IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs. You also have the option of objecting to interest-relevant advertising by Google. To do this, you must access the link
www.google.com/settings/ads in every Internet browser you are using and organize the desired settings there.
In particular, these processing operations are only carried out if explicit consent has been given in accordance with article 6, paragraph 1, item (a) of the GDPR.
Further information and Google’s applicable data protection provisions can be found under
https://www.google.com/intl/en/policies/privacy/.
13. Advertising
13.1 Google Ads (formerly AdWords)
Our website uses the functions of Google Ads, with which we advertise our website in Google search results, as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, Google places a cookie in the browser of your end device, which automatically enables interest-relevant advertising by means of a pseudonymous cookie ID and based on the pages you have visited. These processing operations only take place if explicit consent is given in accordance with article 6, paragraph 1, item (a) of the GDPR.
Any further data processing will only take place if you have given Google permission to link your internet and app browser history to your Google account, and to use information from your Google account to personalize advertisements that you view on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to form target groups.
You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plug-in available under the following link:
https://www.google.com/settings/ads/onweb/.
Alternatively, you can obtain information about the setting of cookies from the Digital Advertising Alliance under the address
www.aboutads.info and manage the settings for this. Finally, you can set your browser so that you are informed about the setting of cookies and individually decide whether to accept them or reject them for certain cases or in general. If you do not accept cookies, the functionality of our website may be restricted. Further information and the data protection provisions regarding advertising and Google can be viewed here:
https://www.google.com/policies/technologies/ads/.
13.2 Google AdSense
We have integrated Google AdSense on this website. Google AdSense is an online service that enables advertising to be placed on third-party sites. Google AdSense is based on an algorithm that selects the advertisements displayed on third-party sites according to the content of the respective third party site. Google AdSense allows interest-based targeting of the Internet user, which is implemented by generating individual user profiles. The operating company of the Google AdSense component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of the Google AdSense component is to integrate advertisements on our website. Google AdSense sets a cookie on your IT system. By setting the cookie, Alphabet Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is enabled to analyze the use of our website. Each time you access one of the individual pages of this website, which is operated by us and on which a Google AdSense component has been integrated, the Internet browser on your IT system is automatically prompted by the respective Google AdSense component to transmit data to Alphabet Inc. for the purposes of online advertising and the billing of commissions. As part of this technical process, Alphabet Inc. obtains knowledge of personal data, such as your IP address, which is used by Alphabet Inc. to, among other things, trace the origin of visitors and clicks, and subsequently enable commission invoicing.
You can prevent the setting of cookies by our website at any time through a corresponding setting in the Internet browser you are using and thus permanently object to the setting of cookies. Such a setting on the Internet browser you are using would also prevent Alphabet Inc. from setting a cookie on your IT system. In addition, a cookie already set by Alphabet Inc. can be deleted at any time via the Internet browser or other software programs. Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in Internet pages to enable log file recording and log file analysis, which allows statistical evaluation. The embedded pixel-code enables Alphabet Inc. to recognize whether and when an Internet page was opened by your IT system and which links were clicked on by you. Counting pixels are used, among other things, to evaluate the flow of visitors to a website.
Through Google AdSense, personal data and information, which includes IP addresses and is necessary for the collection and billing of the ads displayed, is transferred to Alphabet Inc. in the United States of America. This personal data is stored and processed in the United States of America. Under certain circumstances, Alphabet Inc. may, via technical processes, pass on this collected personal data to third parties. Google AdSense is explained in detail under this link:
https://www.google.com/intl/en/adsense/start/.
These processing operations only take place if explicit consent is given in accordance with article 6, paragraph 1, item (a) of the GDPR.
13.3 Google Ads with Conversion Tracking
We have integrated Google Ads on our website. Google Ads is an internet advertising service that allows advertisers to place ads in Google’s search engine results, as well as in the Google advertising network. Google Ads allows an advertiser to specify predefined keywords that will display an ad in Google’s search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are distributed to topic-relevant Internet pages by means of an automatic algorithm and in accordance with the previously defined keywords. The operating company for Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of Google Ads is to advertise our website by displaying interest-based advertising on the websites of third-party companies as well as in the search engine results of the Google search engine, and by displaying third-party advertising on our website. If you reach our website via a Google ad, a so-called conversion cookie is stored on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used for your identification. If the cookie has not expired, the conversion cookie is used to determine whether certain sub-sites, such as the shopping cart from an online store system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a user who has reached our website via an AdWords ad generated sales, i.e. whether he or she has completed or cancelled a purchase.
The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via ads, i.e. to determine the success or failure of the respective ads and to optimize our ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could be used to identify you.
The conversion cookie is used to store personal information, such as the Internet pages you visit. Whenever you visit our website, personal data, including the IP address of the Internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may, via technical processes, pass on this collected personal data to third parties.
You can prevent the setting of cookies by our website at any time through a corresponding setting of the Internet browser you are using and thus permanently object to the setting of cookies. Such a setting of the Internet browser you are using would also prevent Google from setting a conversion cookie on your IT system. In addition, a cookie already set by Google Ads can be deleted at any time via the Internet browser or other software programs. Furthermore, you have the opportunity to object to interest-based advertising by Google. To do so, you must access this link
www.google.com/settings/ads from the Internet browser you are using and organize the desired settings there.
These processing operations only take place if explicit consent is given in accordance with article 6, paragraph 1, item (a) of the GDPR. Further information and Google’s applicable data protection provisions can be found under this link:
https://www.google.com/intl/en/policies/privacy/.
13.4 Google Optimize
Our website uses the web analysis and optimization service “Google Optimize” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use Google Optimize to increase the attractiveness and functionality as well as the content of our website by introducing new functions and content to a proportion of our users and statistically evaluating the changed user behavior (A/B tests). Google Optimize is a sub-service of Google Analytics (section 13.2). Google Optimize uses cookies that enable us to optimize and analyze the use of our website. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We use Google Optimize with IP anonymization enabled, so that if you are within the Member States of the European Union or the European Economic Area, your IP address will be truncated by Google. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google uses this information for the purpose of evaluating your use of the website, compiling reports on website optimization tests and website activity in this context, and providing other services relating to website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 Para. 1 lit. a GDPR.
14. Plugins and Other Services
14.1 Google Tag Manager
This website uses Google Tag Manager, a cookie-free domain that does not collect any personal data. With this tool, “website tags” (i.e. keywords that are integrated into HTML elements) can be implemented and managed via an interface. By using the Google Tag Manager, we can automatically track which button, link, or personalized image you have actively clicked on and can then record which content of our website is particularly interesting for you.
The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have deactivated it at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. These processing operations only take place if explicit consent is given in accordance with article 6, paragraph 1, item (a) of the GDPR.
14.2 Google WebFonts
Our website uses so-called web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our website. These processing operations are only carried out when explicit consent is given in accordance with article 6, paragraph 1, item (a) of the GDPR. Further information on Google Web Fonts can be found under
https://developers.google.com/fonts/faq as well as in Google’s data protection policy:
https://www.google.com/policies/privacy/.
14.3 Vimeo (Videos)
Our website includes plugins from the Vimeo video portal of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. When you access a page from our website that contains such a plug-in, your browser establishes a direct connection to the Vimeo servers. The content of the plugin is transmitted by Vimeo directly to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted by your browser directly to a Vimeo server in the USA and stored there.
If you are logged in to Vimeo, Vimeo can immediately assign your visit to our website to your Vimeo account. If you interact with the plugins (such as pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.
The data processing operations described are only carried out in accordance with article 6, paragraph 1, item (a) of the GDPR, based on Vimeo’s legitimate interest in market research and the needs-based design of the service.
If you do not want Vimeo to assign the data collected through our website directly to your Vimeo account, you must log out of Vimeo before visiting our website.
For the purpose and extent of data collection and the further processing and use of the data by Vimeo, as well as your rights and settings options for protecting your privacy, please refer to Vimeo’s data protection information:
https://vimeo.com/privacy.
For videos from Vimeo that are embedded on our site, the tracking tool Google Analytics is automatically integrated. This is Vimeo’s own tracking, which we do not have access to and which cannot be influenced by our site. Google Analytics uses so-called “cookies” for tracking purposes. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. These processing operations only take place if explicit consent is given in accordance with article 6, paragraph 1, item (a) of the GDPR.
14.4 YouTube (Videos)
We have integrated components from YouTube on this website. YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users to view, rate, and comment on them free of charge. YouTube permits the publication of all types of videos, which is why complete film and television programs, but also music videos, trailers, or videos made by users themselves, can be accessed via this Internet portal. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Each time you access one of the individual pages of this website that is operated by us and on which a YouTube component (YouTube video) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. Further information on YouTube can be found at
https://www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google receive information about which specific subpage of our website is visited by you.
If the person concerned is logged in at the same time on YouTube, YouTube will recognize which specific subpage of our website you are visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.
YouTube and Google will receive information through the YouTube component that you have visited our website whenever you are logged in to YouTube at the same time when you visit our website, regardless of whether you click on a YouTube video or not. If you do not want this information to be sent to YouTube and Google, you can prevent it from being sent by logging out of your YouTube account before you visit our website.
The data processing operations described are only carried out if explicit consent is given in accordance with article 6, paragraph 1, item (a) of the GDPR.
The data protection regulations published by Youtube, which can be accessed under
https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing, and use of personal data by Youtube and Google.
15. Your Rights as a Data Subject
15.1 Right to Confirmation
You have the right to ask us to confirm whether personal data concerning you is being processed.
15.2 Right to Information Article 15 of the GDPR
You have the right to receive, at any time, free information from us about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions. 15.3 Right to Rectification Article 16 of the GDPR You have the right to request the correction of incorrect personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
15.3 Right to rectification Art. 16 DSGVO
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
15.4 Deletion Article 17 of the GDPR
You have the right to demand from us that the personal data concerning you be deleted immediately if one of the reasons provided by law applies and if the processing or storage of this data is not necessary.
15.5 Restriction of Processing Article 18 of the GDPR
You have the right to demand that we restrict processing if one of the legal requirements is met.
15.6 Data Transferability Article 20 of the GDPR
You have the right to receive the personal data concerning you which you have provided to us in a structured, common, and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from us, to whom the personal data was provided, provided that the processing is based on consent in accordance with article 6, paragraph 1, item (a) of the GDPR or article 9, paragraph 2, item (a) of the GDPR, or on a contract pursuant to article 6, paragraph 1, item (b) of the GDPR, and provided that the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to us.
Furthermore, when exercising your right to data portability in accordance with article 20, paragraph 1 of the GDPR, you have the right to have the personal data transmitted directly from one person responsible to another, insofar as this is technically feasible and insofar as this does not give affect the rights and freedoms of other people.
15.7 Objection Article 21 of the GDPR
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is based on article 6, paragraph 1, item (e) (data processing in the public interest) or item (f) (data processing based on a weighing of interests) of the GDPR. This also applies to profiling based on these provisions within the meaning of article 4, paragraph 4 of the GDPR. If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
In individual cases, we process personal data in order to operate direct mail. You can object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is related to such direct mail. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, for reasons that arise from your particular situation, to object to the processing of personal data concerning you that we use for scientific or historical research purposes or for statistical purposes in accordance with article 89, paragraph 1 of the GDPR, unless such processing is necessary to fulfill a task in the public interest.
In connection with the use of information society services, regardless of Directive 2002/58/EC, you are free to exercise your right of objection by means of automated procedures in which technical specifications are used.
15.8 Revocation of Data Protection Consent
You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
15.9 Complaint to a Supervisory Authority
You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.
16. Routine Storage, Deletion, and Blocking of Personal Data
We process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by the legal provisions to which our company is subject. If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.
17. Duration of Storage of Personal Data
The criterion for the duration of storage of personal data is the respective legal retention period. After this period has expired, the corresponding data is routinely deleted if it is no longer required for the fulfillment or initiation of a contract.
18. Currentness and Changes to the Data Protection Policy
This data protection policy is currently valid and was last updated in September 2020. It may become necessary to amend this data protection declaration as a result of further development on our websites and offers, or due to changes in legal or official requirements. You can access and print out the current data protection policy at any time on the website: “
https://masterplan.com/en/privacy-policy”.