LAST UPDATED: DECEMBER 03, 2023
Privacy Policy

The following privacy policy is intended to inform you about the types of your personal data (hereinafter also referred to shortly as “Data”) we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “Online Offering”).

The terms used are not gender-specific.

Table of Contents

Controller

Sylvia Szulc
c/o 105 VIERTEL Impact Hub GmbH
Gänsemarkt 33
20354 Hamburg


Email Address: info@brand-journey.de


Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of Data Processed
  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Event data (Facebook).

Categories of Data Subjects
  • Customers.
  • Prospects.
  • Communication partners.
  • Users.
  • Business and contractual partners.
  • Participants.

Purposes of Processing
  • Provision of contractual services and customer support.
  • Contact inquiries and communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Remarketing.
  • Web Analytics (e.g., access statistics, recognition of returning visitors).
  • Interest-based and behavioral marketing.
  • Profiling (creating user profiles).
  • Conversion measurement (measurement of the effectiveness of marketing activities).
  • Targeting (creating target group profiles).
  • Remarketing.

Relevant Legal Bases

In the following, we provide you with the legal basis of the General Data Protection Regulation (GDPR) on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions may apply in your country or our country of residence or domicile.

  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Compliance with a legal obligation (Art. 6 para. 1 p. 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Protection of vital interests (Art. 6 para. 1 p. 1 lit. d GDPR) – Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 p. 1 lit. e GDPR) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Legitimate interests pursued by the controller or by a third party (Art. 6 para. 1 p. 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

Transfer of Personal Data

The data collected by us will only be passed on to third parties insofar as this is necessary for the fulfillment of contractual obligations, for billing purposes, or for the execution of a contract to which the data subject is a party, or based on a legitimate interest of us, or if the data subject has consented to this. Third parties may also be service providers, such as payment service providers, logistics companies, or providers of services or content that are integrated into a website.

International Data Transfers

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only occur if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. of the German Data Protection Act (GDPA) are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g., for the USA by the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Data Deletion

The data processed by us will be deleted or their processing restricted in accordance with legal requirements. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Rights of Data Subjects

You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data in accordance with legal requirements.
Furthermore, you have the right to correction or completion of incorrect or incomplete data in accordance with legal requirements.
In accordance with legal requirements, you have the right to demand that the data concerned be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with legal requirements.
You have the right to receive the data concerning you that you have provided to us and to demand that it be transmitted to other responsible persons without hindrance from us, insofar as this is also possible in accordance with legal requirements.
Furthermore, in accordance with legal requirements, you have the right to lodge a complaint with the competent supervisory authority.

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be stored. The term “permanent” or “persistent” refers to cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. Likewise, the interests of users used for range measurement or marketing purposes can be stored in such a cookie. Third-party cookies” are cookies that are offered by providers other than the person responsible for operating the online offer (otherwise, if it is only their cookies, it is called “first-party cookies”).
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies used for online marketing purposes

can be declared for many of the services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case not all functions of this online offer can be used.

Erasure of Data

The data processed by us will be deleted or their processing restricted in accordance with legal requirements. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

  • Online shop, order forms, e-commerce, and delivery: We process the data of our customers to enable them to select, purchase, or order the chosen products, goods, and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, freight, and shipping companies, to carry out delivery or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The necessary information is marked as such in the context of the ordering or similar purchasing process and includes the information required for delivery, provision, and billing, as well as contact information to facilitate any inquiries; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Use of online platforms for promotional and sales purposes

We offer our services on online platforms operated by other service providers. In this context, the data protection notices of the respective platforms also apply in addition to our data protection notices. This applies in particular to the execution of the payment process and the procedures used on the platforms for reach measurement and interest-based marketing.

  • Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract object, term, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Persons concerned: Customers.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Marketing.
  • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, procedures, and services:

  • elopage: Online marketplace for e-commerce; Service provider: elopay GmbH, Skalitzer Straße 138, 10999 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://elopage.com/. Privacy Policy: https://elopage.com/privacy.

Payment processing

Within the framework of contractual and other legal relationships, based on legal obligations or otherwise on the basis of our legitimate interests, we offer affected persons efficient and secure payment options and use additional service providers in addition to banks and credit institutions (collectively “payment service providers”).

The data processed by the payment service providers includes inventory data, such as names and addresses, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed by the payment service providers and stored by them. In other words, we do not receive any account- or credit card-related information, but only information confirming or negatively confirming the payment. Under certain circumstances, the data may be transmitted to credit reporting agencies by the payment service providers. This transmission serves the purpose of identity and credit assessment. In this regard, we refer to the terms and conditions and data protection notices of the payment service providers.

For payment transactions, the terms and conditions and data protection notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and for the assertion of revocation, information, and other data subject rights.

  • Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., contract object, term, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Persons concerned: Customers. Interested parties.
  • Purposes of processing: Provision of contractual services and fulfillmentof contractual obligations. Security measures. Administration and answering of inquiries.
  • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Provision of online marketplaces for e-commerce
We process the data of our users who enter or use our marketplace for the purpose of concluding contracts for services or products with the providers registered there, i.e., we make the platform available to the users and providers and process the data of the users and providers within the framework of the contractual agreements concluded between them. For this purpose, the necessary data (e.g., inventory data) and usage data (e.g., access times) are collected and stored. The data collected is used by the providers to provide and improve their services and by the users to find and contract services. Legal basis for data processing in the context of the provision of the marketplace is Art. 6 para. 1 sentence 1 lit. b) GDPR, insofar as the marketplace is provided within the framework of contractual relationships. If the marketplace is offered as part of the communication with other users or is used to facilitate the initiation of contracts, the legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. In this case, we have a legitimate interest in providing a platform for the initiation and fulfillment of contracts between users.

Newsletter and electronic communications
We send newsletters, e-mails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.

  • Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta, communication, and process data (e.g., IP addresses, time information).
  • Persons concerned: Communication partner.
  • Purposes of processing: Direct marketing (e.g., by email or postal).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Opt-out: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Online presence in social media

We maintain online presences within social networks and platforms to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

  • Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., text input, photographs, videos); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information).
  • Persons concerned: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact requests and communication. Tracking (e.g., interest/behavioral profiling, use of cookies). Remarketing. Range measurement (e.g., access statistics, recognition of returning visitors).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Provision of online services and web hosting
We use web hosting services to provide the following services: infrastructure and platform services, computing capacity, storage space, and database services, security and technical maintenance services that we use for the purpose of operating this online offering.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta, and communication data of customers, interested parties, and visitors to this online offering based on our legitimate interests in an efficient and secure provision of this online offering in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing agreement).

Collection of access data and log files
We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR on each access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to investigate abusive or fraudulent activities) for a maximum period of 7 days and then deleted. Data, the further storage of which is necessary for evidence purposes, is excluded from deletion until the respective incident has been finally clarified.

Surveys and Questionnaires

We conduct surveys and questionnaires to collect information for the respective communicated survey or questionnaire purpose. The surveys conducted by us (hereinafter referred to as “surveys”) are evaluated anonymously. Personal data is only processed to the extent necessary for the provision and technical implementation of the surveys (e.g., processing the IP address to display the survey in the user’s browser or enabling the resumption of the survey using a cookie).

  • Processed data types: Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Persons concerned: Communication partners. Participants.
  • Purposes of processing: Feedback (e.g., collecting feedback via online form).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, procedures, and services:

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate visitor flows to our online offering and may include pseudonymous values regarding visitor behavior, interests, or demographic information, such as age or gender. With the help of reach analysis, we can, for example, determine at what time our online offering or its functions or contents are most frequently used or invite reuse. We can also track which areas require optimization.

In addition to web analysis, we can also use test procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, cookies are generally stored for a period of two years.

  • Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Persons concerned: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Tracking (e.g., interest/behavioral profiling, use of cookies); Marketing. Profiles with user-related information (creating user profiles).
  • Security measures: IP masking (pseudonymization of the IP address).

Online Marketing

We process personal data for the purposes of online marketing, which may include the marketing of advertising space or displaying advertising and other content (collectively referred to as “content”) based on potential user interests and measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (known as a “cookie”) or similar procedures are used, whereby information relevant to the display of the aforementioned content is stored about the user. This information may include viewed content, visited websites, online networks used, as well as communication partners and technical details such as the browser used, the computer system used, and information on usage times and functions used. If users have consented to the collection of their location data, this data may also be processed.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

  • Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
  • Persons concerned: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Tracking (e.g., interest/behavioral profiling, use of cookies); Marketing. Profiles with user-related information (creating user profiles).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Opt-out: We refer to the privacy policies of the respective providers and the opt-out options provided for by the providers (so-called “opt-out”). If no explicit opt-out option has been specified, there is the possibility to disable cookies in the settings of your browser. However, this may restrict the functions of our online offering. Therefore, we also recommend the following opt-out options, which are offered in summary for respective areas:a) Europe: https://www.youronlinechoices.eu.
    b) Canada: https://youradchoices.ca/choices.
    c) USA: https://www.aboutads.info/choices.
    d) Cross-region: https://optout.aboutads.info.