The controller under Article 4 No. 7 GDPR is the owner of Brandfolks, Mr Oliver Heimburger, Rellinger Str. 1, 20257 Hamburg (see our legal notice – Link). A data protection officer has not been appointed and brandfolks is not legally required to appoint one. The data controller has implemented numerous technical and organisational measures in order to ensure as seamless protection as possible of the personal data processed through this website. Nevertheless, Internet-based data transmissions may be subject to security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, you are free to provide us with personal data via alternative channels, for example by telephone.
Personal data is any data that can be related to you personally (e.g. name, address, e-mail address, user behaviour).
COLLECTION AND STORAGE OF PERSONAL DATA AND THE TYPE AND PURPOSE OF THE USE THEREOF
(1) Informational use and visits to the website
When our website is used for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser automatically transmits to our server. That information is temporarily stored in a so-called ”log file”.
If you would like to view our website we collect the following data, which is recorded without your cooperation and stored until it is automatically erased:
– IP address of the requesting computer;
– date and time of the request / access;
– the website from which the access occurs (referrer URL);
– time zone difference relative to GMT;
– the content of the request (specific page);
– access status/HTTP status code;
– the quantity of data transferred;
– the website from which the request originates;
– the browser / browser type used, possibly the operating system of your computer, its interface and the name of your access provider;
– language and version of the browser software;
– other similar data and information that serves the purpose of averting threats in the event of attacks against our information technology systems.
The data is recorded by us for the following purposes:
– to ensure problem-free establishment of a connection with the website;
– to ensure convenient use of our website;
– to evaluate system security and stability; and
– to ensure that our information technology systems and website technology always function properly;
– in order to provide prosecuting authorities with the information necessary for criminal prosecution in the event of a cyber attack;
– for further administrative purposes.
The legal basis for the data processing is Article 6(1) sentence 1 point (f) GDPR. Our legitimate interest follows from the above-mentioned purposes of the data collection. In using that general data and information, we make no inferences regarding the data subject. This anonymously collected data and information is therefore on the one hand statistically evaluated by us and also analysed with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.
(2) Contacting us by e-mail / contact form
When you contact us by e-mail or via our contact form, we collect from you by web form the necessary personal data (surname, given name, address, e-mail address, telephone number (fixed-line network and/or mobile phone)). That data is collected and stored so that you as the customer can be identified, in order to answer your questions and possibly for the purposes of the conclusion or performance of a contract. The data processing for the purpose of contacting us occurs upon your contact request and is necessary under Article 6(1) sentence 1 point (b) GDPR for the above-mentioned purposes, for the appropriate processing of your non-binding request or your contract enquiry and for the fulfilment of reciprocal obligations under a contract.
The personal data entered by the data subject is collected and stored exclusively for internal use by the data controller and for our own purposes. The data controller may arrange to pass the data on to one or more contract processors, which will also use the personal data exclusively for internal use being attributable to the data controller.
As a result of registration on the data controller’s website, the IP address assigned by the data subject’s Internet service provider (ISP), the date and the time of registration are also stored (only in this way can misuse of our services be prevented, and if necessary that data also enables committed criminal offences to be clarified). The storage of that data is therefore necessary to protect the data controller. As a rule, that data will not be passed on to third parties, unless there is a statutory obligation to disclose it or the disclosure serves the purpose of criminal prosecution.
The registration of the data subject with voluntary provision of personal data enables the data controller to offer the data subject content or services which due to their nature can only be provided to registered users. Registered persons are free to change the personal data that they provide upon registration or have it completely erased from the data controller’s database at any time.
The data controller will provide any data subject at any time on request with information on what personal data concerning the data subject is stored. The data controller will also rectify or erase personal data at the request or upon a notice of the data subject, unless statutory retention requirements are opposed to this. All the employees of the data controller are available as a contact for the data subject in this context, at e-mail address email@example.com.
This data received from you is collected, processed and used by us to enable you to use our online service (usage data) and insofar as this is necessary for establishing, implementing or terminating the contract (performance of the contract) and for customer care. That data will not be passed on to any third parties without your explicit consent.
ERASURE OF DATA AND STORAGE PERIOD
All personal data will only be stored as long as this is necessary for the above-mentioned purpose (processing of your enquiry or handling transactions) and for the performance of the contract. We shall erase that data once storage is no longer necessary or restrict the processing if statutory retention requirements exist. The criterion for the period of storage of personal data is the respective statutory retention period. After the end of that period, the data in question will be erased as a matter of routine, provided that it is no longer required for the performance or initiation of a contract.
You may object to the use or processing of your data for the purposes of advertising, marketing research or opinion polling by sending a message to firstname.lastname@example.org.
If we make use of commissioned service providers for individual functions of our service or would like to use your data for advertising purposes, we inform you below in § 4 et seq. of the respective processes. We also specify the established criteria for the storage period.
If there is no legal basis for the processing of your personal data, we obtain consent from the data subject.
YOUR RIGHTS AS A USER
You have the following right under Article 7(3) GDPR:
– the right to withdraw any consent that you have granted us at any time, whereupon we will not be permitted to continue the data processing which is based on that consent in the future.
You have the following rights under Article 15 GDPR:
– the right to receive information on the personal data processed by us and the purposes of the processing, the category of the personal data, the recipients or categories of recipients to which that data has been or will be disclosed, the planned storage period, or on
– the right to rectification or erasure (“right to be forgotten”),
– the right to restriction of the processing,
– the right to object to the processing,
– the right to data portability,
– the right to learn the origin of your data insofar as it was not collected by us,
– the right to request information on the existence of automated decision-making including profiling and where appropriate meaningful information on the details thereof.
You have the following right under Article 16 GDPR:
– the right to request prompt rectification of incorrect or incomplete personal data concerning you which is stored by us.
You have the following right under Article 17 GDPR:
– the right to request the erasure of your personal data stored by us if the processing is not necessary for exercising the right of freedom of expression and information, compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
You have the following right under Article 18 GDPR:
– the right to request the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful and you oppose its erasure and we no longer need the data but you need it for the establishment, exercise or defence of legal claims or you have objected to the processing under Article 21 GDPR.
You have the following right under Article 20 GDPR:
– the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or request its transmission to another controller; and
You have the following right under Article 77 GDPR:
– the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us. As a rule, you may contact the supervisory authority of your place of habitual residence or place of work or at the location of our registered office.
RIGHT TO OBJECT
If your personal data is processed on the basis of legitimate interests in accordance with Article 6(1) sentence 1 point (f) GDPR, you have the right under Article 21 GDPR to object to the processing of your personal data, provided that there are grounds for this relating to your particular situation. You can exercise your revocation right or your right to object at the address email@example.com.
Please also feel free to contact us at the above-mentioned address or at firstname.lastname@example.org for the purpose of exercising the above rights or to obtain information, inform us of your wishes or submit suggestions on the subject of data protection.
PASSING ON DATA TO THIRD PARTIES
We will not pass your personal data on to any third parties for any purposes other than those specified below. We will only pass your personal data on to third parties, if:
– you have explicitly consented to this in accordance with Article 6(1) sentence 1 point (a) GDPR;
– the disclosure is necessary under Article 6(1) sentence 1 point (f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest which requires protection in your data not being passed on;
– if a legal obligation exists for disclosure under Article 6(1) sentence 1 point (c) GDPR, and
– if this is legally permitted and necessary under Article 6(1) sentence 1 point (b) GDPR for the purpose of implementing contractual relationships with you.
The cookies that we use help us to determine the frequency of use of our website and the number of users and enable you to make full use of the service. Cookies cannot execute any programmes or transfer viruses into your computer. They serve the purpose of making the Internet service generally more user-friendly and effective.
This website uses transient cookies and persistent cookies.
Transient cookies are automatically deleted when you close your browser. They include session cookies, for example, which store a so-called session ID allowing different requests of your browser to be ascribed to the common session. As a result your computer can be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a prescribed period of time, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
The data processed through cookies is necessary for the above-mentioned purposes, in order to protect our legitimate interests and those of third parties under Article 6(1) sentence 1 point (f) GDPR.
Most browsers are set up to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it notifies you when cookies are transmitted or automatically deletes them. You can also subsequently delete the stored cookies from your hard drive at any time.
Please note that if you delete cookies, you must expect restrictions on the presentation of the website and restricted user guidance. However, in principle this restricted use of our services is also possible without cookies.
The tracking measures specified below and used by us are implemented on the basis of Article 6(1) sentence 1 point (f) GDPR. The purpose of the tracking measures that we use is to design our website in line with your needs and ensure its ongoing optimisation. We also use the tracking measures to statistically record the use of our website and analyse it for the purpose of optimising our service for you. These interests should be considered legitimate in the meaning of the above-mentioned provision of law.
The respective data processing purposes and data categories are shown in the relevant tracking tools.
In order to design our website in line with your needs and for its ongoing optimisation we use Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). We use that service within the framework of a contract data processing relationship.
– browser type/version
– the operating system used
– the referrer URL (the previously visited page)
– the host name of the accessing computer (IP address)
– the time of the server request
are transferred to and stored on a Google server in the USA.
Because our website uses the anonymisation function of Google Analytics, the IP address is first abbreviated by Google within the European Union or the European Economic Area. In exceptional cases only the full IP address is transferred to a Google server in the USA and abbreviated there.
Google uses that information on our behalf to analyse your use of the website, to draw up reports on the website activities for the website operator and to provide other services to us associated with the use of the website and the use of the Internet. That information may also be transferred to third parties if it is required by law or if third parties process that data as contract data processors.
Google is registered with the “Safe Harbor” programme of the US Department of Commerce.
Google will not on any account combine your IP address transmitted within the framework of Google Analytics with any other Google data. The IP addresses are anonymised so that they cannot be ascribed (IP masking).
You can prevent the installation / storage of the cookies by setting your browser software accordingly (see § 5). However, please note that if you do so you may not be able to use all the functions of this website to their full extent.
You can also prevent the recording of the data generated by the cookie that relates to your use of the website (including your IP address) and the processing of that data by Google by downloading and installing a browser add-on:
You can object to the collection and processing of data within the framework of Google Analytics at any time with effect for the future. You can use the plug-in provided by Google for that purpose:
As an alternative to the installation of the plug-in, you can use this link in order to prevent recording by Google Analytics on this website in the future. An opt-out cookie will then be installed on your device. If you delete the cookies in your browser, you must click on this link again in order to renew the opt-out cookie.
This website uses Google Analytics with the extension “_anonymizeIp ()”. As a result, IP addresses are further processed in abbreviated form and a direct personal reference can therefore be excluded.
Google Analytics is used in accordance with the requirements agreed between the German data protection authorities and Google. You can find further information on data protection in connection with Google Analytics in the Google Analytics help function:
We use Google Analytics with the inclusion of the functions of Universal Analytics. Universal Analytics enables us to analyse the activities on our website across devices (for example access by way of a laptop and later via a tablet). This is enabled through pseudonymous ascription of a user ID to a user. Such ascription occurs, for example, if you register for a customer account or log into your customer account. However, no personal data is passed on to Google. Even if Universal Analytics adds additional functions to Google Analytics, this does not mean that this involves any restriction of data protection measures, such as IP masking or the browser add-on.
Google AdWords (INCLUDING AdWords Conversion and Dynamic Remarketing)
This website uses services of Google AdWords (Google AdWords Conversion and Google AdWords Dynamic Remarketing) in order to create pseudonymised usage profiles for advertising and market research purposes. For that purpose, Google AdWords installs a cookie (see § 5) in your computer, if you have reached our website via a Google advertisement. Also, data transmitted by your browser (for example information on the browser you use or the search history, as well as data from cookies) is collected and processed by Google within the framework of pseudonymous usage profiles.
For Google AdWords Conversion a tracking cookie is installed if a user clicks on an advertisement displayed by Google. These cookies expire after 30 days and do not serve the purpose of personal identification. If the user visits certain pages of the website of the AdWords client (brandfolks) and the cookie has not yet expired, Google and the client can detect the fact that the user clicked on the advertisement and was redirected to that page. Each client receives a different cookie, so cookies cannot be tracked via websites of AdWords clients.
The information which is obtained with the aid of the cookie serves the purpose of preparing conversion statistics for AdWords clients. As a result, we learn the total number of users who have clicked on an advertisement and were redirected to a page equipped with a conversion tracking tag. However, we receive no information allowing users to be personally identified. A connection between your personal data and your usage data is therefore not possible.
You will find further information on the subject of “data protection” within the framework of Google AdWords by following this link:
If you do not wish to participate in the tracking process you can refuse the cookie installation required for this, for example through your browser settings, which generally deactivates the automatic installation of cookies. You can deactivate cookies for conversion tracking by setting your browser so that cookies from the domain “googleadservices.com” are blocked. You can also object to the data collection and processing within the framework of Google AdWords by changing your Google display settings at https://www.google.com/settings/ads. Alternatively, you can install an opt-out cookie through the deactivation page of the Network Advertising Initiative (https://www.networkadvertising.org/managing/opt_out.asp), which prevents the processing by Google AdWords.
You can find Google’s privacy notice for conversion tracking at:
Adope Typekit Webfonts
Social Media Plug-Ins
On our website we use, on the basis of Article 6(1) sentence 1 point (f) GDPR, social plug-ins of the social networks LinkedIn, Xing and Instagram, in order to make our company better known to the public. The underlying marketing objective should be considered a legitimate interest in the meaning of the GDPR. The respective provider is responsible for ensuring that the plug-ins operate in compliance with data protection regulations. We integrate the plug-ins by the so-called “purpose-click” method, in order to provide visitors to our website with the best possible protection.
You will find on our website plug-ins of the social network LinkedIn / the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). You can recognise the LinkedIn plug-ins by the relevant logo or the “Recommend” button. Please note that when you visit our website the plug-in creates a connection between your Internet browser and the LinkedIn server. LinkedIn will thus be informed that you have visited our website with your IP address. If you click on the LinkedIn “Recommend” button and at the same time are logged into your LinkedIn account, you can link content of our website to your profile page with LinkedIn Profile. You thus enable LinkedIn to attribute your visit to our website to you or your user account. Please note that we do not obtain any information on the content of the transmitted data and its use by LinkedIn.
You can find further details on the collection of the data and your legal possibilities and setting options at LinkedIn, at:
On our website we also use so-called social plug-ins (“plug-ins”) of Instagram. Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.
If you access a page of our website containing such a plug-in, your browser creates a direct connection with Instagram’s servers. The content of the plug-in is transferred by Instagram directly to your browser and integrated into the website. Due to the integration of the plug-in, Instagram receives the information that your browser has accessed the relevant page of our website, even if you have no Instagram profile or are not logged into Instagram at that time.
This information (including your IP address) is transferred by your browser directly to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can directly attribute the visit to our website to your Instagram account. If you interact with the plug-ins, for example if you press the “Instagram” button, that information will also be directly transferred to a server of Instagram and stored there.
The information will also be published in your Instagram account and displayed to your contacts there.
If you do not want Instagram to attribute the data collected via our website directly to your Instagram account, you must log out of Instagram before you visit our website.