Imprint & Data Privacy

We are pioneers in the field of fraud prevention. Of course, that means we also know our limits. People are never perfect. That makes us unique, lovable and – vulnerable.

As a responsible and reliable company, we want to behave in accordance with the rules at all times. If we disregard statutory regulations or internal company rules, we not only put our good reputation at risk, but also risk financial damage.

This applies not only to us, but to the entire Otto Group.

That is why everyone associated with the Otto Group – whether employees, business partners, suppliers or customers – has a responsibility to report possible compliance violations. Only with everyone’s help can we identify and counteract violations at an early stage.

Whistleblower system

Our digital whistleblower portal is a protected and secure reporting channel for all employees and for external stakeholders. The platform can be used anonymously, guaranteeing maximum protection for whistleblowers and sensitive data. Every piece of information fed into the system is checked at several stages by proven experts – so no tip-off leads to a hasty reaction or prejudgement.

Within the whistleblower system, you can decide whether your report should go to RISK IDENT’s compliance staff or be checked directly by our parent company.

You can reach our whistleblower system here:
https://www.bkms-system.com/ottogroup-speakup

Ombudsman

Alternatively, you have the option of contacting the Otto Group Ombudsman in confidence: Attorney at Law Dr. Rainer Buchert. As a lawyer, he is subject to the legally recognized duty of confidentiality and is not allowed to pass on any information to third parties without consent.

Attorney at Law Dr. Rainer Buchert

Tel: +49 69 71033330 or +49 6105-921355

dr-buchert@dr-buchert.de

Responsible for Content:
Risk.Ident GmbH
Am Sandtorkai 50
20457 Hamburg, Germany
Phone: +49 40 60945 2590
Email: contact@riskident.com
VAT Identification No.: DE287875226
Commercial Register No.: Amtsgericht Hamburg HRB 124968
Represented by the Managing Directors:
Frank Heisel, Dr. Marcel Mayr

Privacy information of Risk.Ident GmbH, Am Sandtorkai 50

20457 Hamburg, Germany for the website www.riskident.com

In the following privacy information, we inform you about the processing of personal data by Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg (“RiskIdent” and/or “we” and/or “controller”) in accordance with the GDPR and the German Federal Data Protection Act (BDSG 2018).

Please read our privacy information carefully. If you have any questions or comments about our privacy information, please feel free to contact us at datenschutz@riskident.com.

1 Name and contact details of the controller responsible for processing
2 Contact details of the data protection officer
3 Your Rights Regarding Data Protection
4 Online presence and website optimization (using cookies) including consent

4.1 Log Files

4.2 Contacting Us

5 Use of Cookies

5.1 General Information about Cookies

5.2 Intervention Options / Browser Settings

5.3 Borlabs

6 Website Optimization

6.1 Google Tag Manager

6.2 Google Analytics

6.3 HubSpot

6.4 Mouseflow

6.5 LinkedIn Insights Tag / LinkedIn Ads

6.6 Microsoft Ads

6.7 Meta Pixel

6.8 Hey Sid (SID Pixel)

6.9 YouTube – Enhanced Data Protection Mode

6.10 Google reCAPTCHA

7 Social Media

7.1 Social Media Corporate Presence and Use of Social Plugins

7.2 Data Processing by Us

7.3 Insight Tags & Retargeting by Social Media Services

8 Recipients Outside the EU
9 Data Retention Period

1 Name and contact details of the controller responsible for processing

This privacy information applies to data processing by:

Risk.Ident GmbH
Am Sandtorkai 50
20457 Hamburg
Germany
represented by the managing directors:
Frank Heisel
Dr. Marcel Mayr

for the following websites: www.riskident.com and www.onlinefraudforum.com.

2 Contact details of the data protection officer

You can reach our external Data Protection Officer at:
Datenschutzteam, Intersoft consulting services AG, Am Strohhause 17, 20095 Hamburg.

Email: datenschutz@riskident.com.

3 Your Rights Regarding Data Protection

You may exercise the following rights by contacting Risk.Ident GmbH or the external Data Protection Officer as specified in Sections 1 and 2. If you assert your rights as listed below, you will be requested to provide certain additional information (e.g., your name, your contract and/or samples of communications you are complaining about, etc.) so that your identity can be verified. This is intended to prevent the unlawful processing of relevant personal data on behalf of an unauthorized person. Within the scope of this verification, the data received will be processed for the purpose of the inquiry and retained for as long as it serves that purpose.

In the context of your request, you may exercise and assert the following statutory rights:

Right of access and review (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to correction and erasure (Right to be forgotten) (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)

What rights do you have in the event of data processing based on your legitimate or public interest? Pursuant to Art. 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) sentence 1 lit. e) GDPR (data processing in the public interest) or on the basis of Art. 6 (1) sentence 1 lit. f) GDPR (data processing for the purposes of a legitimate interest).

You may object to the use of your data for advertising purposes via electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.

In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

You may withdraw your consent to the processing of personal data at any time. Please note that the withdrawal only takes effect for the future.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the option at any time to assert your right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).

4 Online Presence and Website Optimization (via Cookies) including Consents

In the case of purely informational use of the website—meaning if you do not register or otherwise transmit information to us—we only collect the personal data that your browser transmits to our server.

4.1 Log Files

Each time you access websites or applications, information is sent by the respective internet browser of your respective end device to our website’s server and temporarily stored in log files. The data records stored in this process contain the following data: date and time of access, name of the page accessed, IP address of the requesting device, referrer URL (originating URL from which you came to our websites), the amount of data transferred, loading time, as well as product and version information of the browser used in each case, and the name of your access provider.

The legal basis for the processing of this data is Article 6 (1) sentence 1 lit. f GDPR. Our legitimate interest arises from:

ensuring a smooth connection setup,
ensuring comfortable use of our website/application,
evaluating system security and stability.

As a rule, we (and our service provider) do not know who is behind an IP address. We do not merge the data listed above with other data.

The data is stored and automatically deleted after the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.

4.2 Contacting Us

When you contact us by email, telephone, mail, or via a contact form, the data you provide (your email address, your telephone number, your postal address, your name) will be stored and processed by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 (1) sentence 1 lit. f GDPR.

Insofar as we request information via our contact form that is not required for contacting you, we have always marked these fields as optional. This information serves to specify your request and to improve the processing of your inquiry. The provision of this information is explicitly on a voluntary basis and with your consent, Art. 6 (1) sentence 1 lit. a GDPR. Insofar as this involves information on communication channels (e.g., email address, telephone number), you also consent to us contacting you via this communication channel, if necessary, to answer your request. You can, of course, withdraw your consent at any time with effect for the future.

The data we receive when you contact us will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed, and no further communication with you is necessary or desired by you.

As the controller responsible for data protection, our company has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted emails is not secure. We therefore ask that you do not send sensitive data via unencrypted email, but instead use either encrypted communication channels (e.g., our contact form) or the postal service.

5 Use of Cookies

5.1 General Information about Cookies

Cookies are used on this website. Cookies are small text files that your browser creates automatically and that are stored on your end device (laptop, tablet, smartphone, etc.). Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we immediately gain knowledge of your identity. Some of the cookies we use are deleted after the end of the browser session (so-called session cookies). These allow, for example, cross-page information/settings to be retained. Other cookies remain on your computer and enable us to recognize your computer on your next visit (so-called permanent or cross-session cookies). These cookies, in particular, serve to make our offer more attractive to you. Thanks to these files, it is possible, for example, for you to be shown information on this website that is specifically tailored to your interests.

The legal bases for the potential processing of personal data using cookies and their storage duration may vary. Insofar as you have given us your consent, the legal basis is Art. 6 (1) sentence 1 lit. a GDPR and Section 25 (1) TDDDG. Insofar as data processing is based on our predominant legitimate interests, the legal basis is Art. 6 (1) sentence 1 lit. f GDPR and Section 25 (2) No. 2 TDDDG. The stated purpose then corresponds to our legitimate interest.

5.1 General Information about Cookies

Of course, you can set up your browser so that it does not store our cookies on your end device. The “Help” function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie, or how to delete all cookies already received and block them for all future visits.

To do this, please proceed as follows:

In Internet Explorer:

Select “Internet Options” from the “Tools” menu.
Click on the “Privacy” tab.
You can now adjust the security settings for the internet zone. Here you can set whether and which cookies should be accepted or rejected.
Confirm your settings with “OK.”

In Firefox:

Select “Settings” from the “Tools” menu.
Click on “Privacy & Security.”
In the drop-down menu, select the entry “Use custom settings for history.”
You can now set whether cookies should be accepted, how long you want to keep these cookies, and add exceptions for which websites you want to always or never allow to use cookies.
Confirm your settings with “OK.”

In Google Chrome:

Click on the Chrome menu in the browser toolbar.
Select “Settings.”
Click on “Show advanced settings.”
Under “Privacy,” click on “Content settings.”
Under “Cookies,” you can configure the following settings:

Delete cookies
Block cookies by default
Delete cookies and website data by default after closing the browser
Allow exceptions for cookies from specific websites or domains

If you wish to delete individual cookies set in your browser or find out which service providers/vendors have placed cookies in your browser, you can also do this via a “preference manager.” Such a tool is available, for example, at www.youronlinechoices.com.

5.3 Borlabs

To obtain consent for the use of cookies via our website, we use the service Borlabs, a software provided by Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany.

Borlabs checks whether a user has already consented to cookie usage via the consent tool during a previous visit to our website. For this purpose, a cookie is set and a log file is created to provide proof of consent. The following information is stored in the “borlabs-cookie”:

Cookie duration
Cookie version
Domain and path of the WordPress website
Consents
UID

The UID is a randomly generated ID and is not personal information.

The purpose of the data processing is to comply with legal obligations and to store the consent. The legal basis is Art. 6 (1) sentence 1 lit. c GDPR and Section 25 (2) No. 2 TDDDG, insofar as your end device is accessed. Our legal obligation lies in complying with statutory requirements and the documentation of consent. The storage duration of the information listed above is based on the storage duration of the cookie – if the cookie is deleted, the information specified above is also deleted.

6 Website Optimization

For the purpose of analyzing and optimizing our websites, we use various services, which are described below. These allow us, for example, to analyze how many users visit our site, which information is most in demand, or how users find our offerings. Among other things, we collect data about which website a data subject came from to reach our website (so-called referrer), which subpages of the website were accessed, or how often and for what duration a subpage was viewed. This helps us to design and improve our offerings in a user-friendly manner.

6.1 Google Tag Manager

For the sake of transparency, we point out that we use the Google Tag Manager. This is a tag management system for managing JavaScript and HTML tags used for the implementation of tracking and analysis tools. It is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The controller in the EU/EEA is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The Tag Manager facilitates the integration and management of our tags. Tags are small code elements used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites. If you have opted out, this deactivation will be taken into account by the Google Tag Manager.

Recipients of the data are:

Google Ireland Limited, EU,
Google LLC, USA,
Alphabet Inc., USA.

Insofar as data is processed outside the EU/EEA, Google LLC has certified itself under the Data Privacy Framework (DPF) program and is listed on the Data Privacy Framework List of the International Trade Administration (ITA). This means that Google LLC has publicly committed to complying with DPF obligations and any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission dated July 10, 2023.

You have the option to withdraw a consent once granted with effect for the future by opening your [consent preferences] and changing your settings. The lawfulness of the data processing up to the point of withdrawal remains unaffected.

Further information on the Google Tag Manager can be found at: https://www.google.com/intl/en/tagmanager/use-policy.html.

6.2 Google Analytics

Insofar as you have given your consent, Google Analytics, a web analysis service provided by Google LLC, is used on this website. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of Processing Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.

We use the User-ID function. With the help of the User-ID, we can assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and analyze user behavior across devices.

We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data), and ads can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of “events.” Events may include:

Page views
First visit to the website
Start of the session
Your “click path,” interaction with the website
Scrolls (whenever a user scrolls to the end of the page (90%))
Clicks on external links
Internal search queries
Interaction with videos
Ads seen / clicked

In addition, the following is recorded:

Your approximate location (region)
Your IP address (in shortened form)
Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
Your internet provider
The referrer URL (via which website/advertising medium you came to this website)

Purposes of Processing On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns.

Recipients Recipients of the data are/can be:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor pursuant to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Insofar as data is processed outside the EU/EEA, Google LLC has certified itself according to the Data Privacy Framework (DPF) program and is maintained in the Data Privacy Framework List of the International Trade Administration (ITA). This means that Google LLC has publicly committed to compliance with DPF obligations, and any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission of July 10, 2023.

Storage Duration The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Legal Basis The legal basis for this data processing is your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR.

Withdrawal You can withdraw your consent at any time with effect for the future by accessing the [Consent Preferences] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until withdrawal remains unaffected.

Alternatively, you can prevent the storage of cookies from the outset by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may result in limited functionality on this and other websites. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by: a. Not giving your consent to the setting of the cookie, or b. Downloading and installing the browser add-on for deactivating Google Analytics [here].

Further information on the terms of use of Google Analytics and data protection at Google can be found at https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.

6.3 HubSpot

We use the HubSpot service on this website for our online marketing activities. HubSpot is a software company from the USA with a subsidiary in Ireland (HubSpot European Office, Ground Floor, Two Dockland Central, Guild St, Dublin 1, Ireland). HubSpot is used by us as an integrated software solution (a so-called marketing automation system) to cover various aspects of our online marketing and customer management. This includes, among other things, content management, email marketing, reporting, and contact management (CRM). The HubSpot tracking code implemented on this website collects data about the use of our website by visitors on our behalf in order to analyze traffic and provide functions such as “Buyer Intent” (identification of companies visiting our website). The following data categories are processed:

IP address: This is collected and stored by the HubSpot tracking code. This serves on the one hand for security and statistical analysis of traffic and on the other hand for the identification of companies from which the access to our website takes place (“Buyer Intent”).
Company domain: This is collected when you identify yourself by filling out a form (e.g., newsletter registration or contact request).
Visitor behavior: The full paths of the subpages accessed and the duration of the visit.
Timestamp: Date and time of the page view to ensure the accuracy and recency of the analyses.
VID: A numerical identifier (Visitor ID) used to distinguish visitors as long as they have not yet been personally identified.
Technical information: Information on browser type, operating system, and demographic locations.

These data enable us to create reports on the use of the website and to optimize our marketing measures and our web offering for you. A merging of this usage data with your personal information (e.g., name or email address) only takes place if you actively communicate this to us via a form (e.g., for contacting us according to Section 4.2) and have consented to this. The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR and Section 25 Para. 1 TDDDG. The HubSpot tracking code takes into account the settings of our consent management tool (Borlabs). Consent can be revoked at any time for the future .

Data processing and third-country transfer: The processing of data is carried out on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR. To the extent that data is transferred to HubSpot, Inc. in the USA, this is done on the basis of the EU-U.S. Data Privacy Framework (DPF), for which an adequacy decision of the European Commission is in place. Further information on data processing by HubSpot on behalf of customers can be found in the specific HubSpot documentation for end users at: https://legal.hubspot.com/privacy-policy (Section “Customer Data”) and in the tracking code overview: https://knowledge.hubspot.com/reports/data-collected-by-the-hubspot-tracking-code.

6.4 Mouseflow

This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record randomly selected individual visits (using anonymized IP addresses only). This creates a log of mouse movements, mouse clicks, and keyboard interactions with the intention of playing back individual visits to this website as random samples in the form of so-called “session replays,” as well as evaluating them in the form of so-called “heatmaps” to derive potential improvements for this website. The storage and processing of the collected data take place within the EU.

The legal basis for this processing is Article 6 (1) sentence 1 lit. a GDPR, i.e., your consent. This consent is voluntary. You can withdraw your consent at any time with effect for the future by accessing the [Consent Preferences] and changing your selection there.

Further information on data protection can be found at: https://mouseflow.com/privacy/.

6.5 LinkedIn Insights Tag / LinkedIn Ads

This website uses the “LinkedIn Insights Tag,” an analysis tool from the social network LinkedIn of the LinkedIn Corporation, 599 N Mathilda Ave, Sunnyvale, CA 94085, USA. The responsible entity in the EU is the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The LinkedIn Insights Tag enables the collection of data regarding visits to our website, including URL, referrer URL, IP address, device and browser characteristics, timestamps, and page views. This data is encrypted and deleted within 90 days. The use of the LinkedIn Insights Tag serves the purpose of tracking the success of campaigns, displaying targeted advertising outside our website (retargeting), and gaining additional information about LinkedIn members who view our advertisements.

We only receive aggregated reports from LinkedIn concerning the demographics of our target audience and the performance of our ads. In this process, we receive information on criteria such as:

Industry,
Job title,
Company size,
Career level, and
Location of the website visitors.

The legal basis for the processing of personal data is your consent pursuant to Article 6 (1) sentence 1 lit. a GDPR. Your consent is voluntary; you can withdraw it at any time with effect for the future by accessing the [Consent Preferences] and changing your selection there.

Insofar as data is processed outside the EU/EEA, LinkedIn has certified itself under the Data Privacy Framework (DPF) program and is listed on the Data Privacy Framework List of the International Trade Administration (ITA). This means that LinkedIn has publicly committed to complying with DPF obligations, and any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission dated July 10, 2023.

Further information can be found in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.

We only receive aggregated reports from LinkedIn concerning the demographics of our target audience and the performance of our ads. In this process, we receive information on criteria such as:

Industry,
Job title,
Company size,
Career level, and
Location of the website visitors.

Further information can be found in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.

6.6 Microsoft Ads

Our website uses the Microsoft Ads service (formerly Bing), an advertising service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The responsible entity for users in the EU/EMEA is Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland).

The purpose of the data processing is to draw attention to our products. We have integrated a conversion tracking tag (a small code snippet) into our website. This is the so-called Universal Event Tracking (UET) tag, through which cookies are also stored in or accessed from your browser. UET Insights is activated for the UET tag, which allows additional data to be collected. Through conversion tracking, we learn, for example, which keyword or advertisement brought you to us, which subpages you particularly like, and which actions you perform on our website. This allows us to better adapt our website, our advertisements, and our offers to your needs.

The collected data includes:

browser language settings,
interactions (clicks, scrolling),
digital signature,
GUID generated by the UET tag,
IP address,
Microsoft Click ID,
User ID, Visitor ID,
Microsoft cookie,
page title,
referrer URL, page URL,
screen color depth, height, and width,
UET tag ID,
page performance,
publisher/URL,
traffic with a breakdown of users and sessions by country and device,
number of visits per page, and
duration of the visit.

Detailed information on data and cookies can be found at: https://help.ads.microsoft.com/#apex/ads/en/53056/2-500.

The legal basis for data processing is Art. 6 (1) sentence 1 lit. a GDPR and Section 25 (1) TDDDG. You can withdraw your consent at any time with effect for the future by accessing the [Consent Preferences] and changing your selection there.

You can also control the use of your data for personalized advertising from Microsoft by visiting Microsoft’s opt-out page: https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings.

Recipients of the data may include:

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft processes the data to optimize its own advertising offerings and other services. If you have a Microsoft account yourself, the collected data may be linked to your account. Information on Microsoft’s privacy policy can be found at: https://privacy.microsoft.com/en-us/privacystatement.

Insofar as data is processed outside the EU/EEA, Microsoft Corporation has certified itself under the Data Privacy Framework (DPF) program and is listed on the Data Privacy Framework List of the International Trade Administration (ITA). This means that Microsoft Corporation has publicly committed to complying with DPF obligations, and any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission dated July 10, 2023.

The storage duration of data collected by UET is 390 days. Microsoft cookies have an expiration date of 13 months.

6.7 Meta Pixel

As part of our usage-based online advertising, we use the “Custom Audiences” service provided by Meta Platforms, Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”).

For this purpose, we define target groups of users in the Facebook Ads Manager based on certain characteristics, who are subsequently shown advertisements within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through the use of Facebook. If a user clicks on an advertisement and subsequently arrives at our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel integrated into our website.

In principle, a non-reversible and non-personal checksum (hash value) is generated from your usage data and transmitted to Facebook for analysis and marketing purposes. In the process, a Facebook cookie is set. This cookie collects information about your activities on our website (e.g., surfing behavior, subpages visited, etc.). Your IP address is also stored and used for the geographic targeting of advertising.

Further information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your settings options for protecting your privacy, can be found in Facebook’s data policy. Settings regarding which advertisements are displayed to you on Facebook can be adjusted at [this link] and in your Facebook account settings.

For more information on data processing and storage duration, please contact the provider or visit https://www.facebook.com/about/privacy.

Logged-in users can deactivate the “Facebook Custom Audience” function at https://www.facebook.com/settings/?tab=ads#_.

You can also prevent the storage of cookies entirely by adjusting your browser software settings accordingly. However, we would like to point out that in this case, you may not be able to use all the functions of our website to their full extent. Further options for deactivating third-party cookies can be found at www.networkadvertising.org/managing/opt_out.asp or on the Digital Advertising Alliance Opt-Out platform at http://optout.aboutads.info/?c=2&lang=en.

The legal basis for this data processing is your consent pursuant to Art. 6 (1) lit. a GDPR. You can withdraw your consent or refuse to grant it by opening [Consent Preferences] via our consent management system and deselecting the “Marketing Cookies” category.

Meta Platforms Inc. is certified under the Data Privacy Framework and is listed on the Data Privacy Framework List of the International Trade Administration (ITA). This means that Meta has publicly committed to complying with DPF obligations, and any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission dated July 10, 2023.

6.8 Hey Sid (SID Pixel)

We use the SID Pixel on our website, a service provided by Hey Sid AB, Västra Hamngatan 11, 411 17, Gothenburg, Sweden.

This service allows us to reach our target audience with advertising campaigns on the social media channels LinkedIn and Meta (Instagram and Facebook). Based on interactions with our website, it also enables us to display advertisements to our target audience and website visitors outside of our website via retargeting campaigns. For this purpose, user interactions with our website are analyzed to create interest profiles.

When you access a page that contains the SID Pixel, a connection to the servers of SID Marketing is established. The pixel includes information about your user behavior on our website.

Typically, the following data is collected:

IP address
Information about your browser, operating system, and end device
The subpages you visit and actions performed on our website
Date and time of the visit
Unique identifiers (e.g., via cookies or similar technologies) to recognize you on other websites

This data is processed to create user profiles (profiling) and to assign you to target groups for advertising campaigns. The purpose is to analyze and optimize the effectiveness of our advertising measures on LinkedIn and Meta, as well as to display relevant advertising to you outside of our website.

The legal basis for the processing of personal data is your consent pursuant to Article 6 (1) sentence 1 lit. a GDPR. Insofar as information is stored on or read from your end device by the service (e.g., cookies), this is also done on the basis of your consent pursuant to Section 25 (1) TDDDG. You can withdraw your consent with effect for the future or refuse the use of the SID Pixel by opening [Consent Preferences] and deselecting the “Marketing Cookies” category. The lawfulness of the processing carried out on the basis of the consent until withdrawal remains unaffected.

The initial recipient of the data collected via the pixel is SID Marketing, Västra Hamngatan 11, 411 17, Gothenburg, Sweden.

Since the advertising campaigns are displayed on the platforms of Meta and LinkedIn, the data or the created target groups are shared with the following companies:

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

It is to be assumed that, as part of the processing, a data transfer to the US parent companies of these entities (Meta Platforms, Inc. and LinkedIn Corporation) takes place. Both Meta and LinkedIn Inc. are certified under the Data Privacy Framework and are listed on the Data Privacy Framework List of the International Trade Administration (ITA). This means that Meta and LinkedIn have publicly committed to complying with DPF obligations, and any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission dated July 10, 2023.

The personal data collected by the SID Pixel is stored as long as necessary to achieve the aforementioned purposes. We do not currently have precise information on the storage duration of the data by SID Marketing, Meta, or LinkedIn. As soon as this information becomes available to us, we will add it here.

6.9 YouTube – Enhanced Data Protection Mode

We use services from YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a subsidiary of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users whose habitual residence is in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, is the controller responsible for your data.

To protect your personal data, we use the “enhanced data protection mode” option provided by YouTube. When you access a page in which a YouTube video is embedded, a connection to the YouTube servers is established, and the content is displayed on the website by notifying your browser. According to YouTube’s information, in “enhanced data protection mode,” data is only transmitted to the YouTube server if you actively start the video. If you are logged into YouTube at that time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Insofar as data is processed outside the European Economic Area / the EU, Google LLC has certified itself under the Data Privacy Framework (DPF) program and is listed on the Data Privacy Framework List of the International Trade Administration (ITA). This means that Google LLC has publicly committed to complying with DPF obligations, and any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission dated July 10, 2023.

Further information on YouTube’s data protection is provided by Google at the following link: https://www.google.com/intl/en/policies/privacy/

6.10 Google reCAPTCHA

We use “Google reCAPTCHA” on this website. reCAPTCHA is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94042, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to distinguish whether inputs in our contact form are made by a natural person or abusively by automated machines (bots).

When you access one of our webpages in which reCAPTCHA is integrated, a connection to Google’s servers is established. A reCAPTCHA cookie is set, and your IP address is transmitted to Google.

In addition, reCAPTCHA collects the following data via “fingerprinting”:

browser plugins used,
cookies set by Google in the last 6 months,
the number of mouse clicks and touches you have made on this screen,
CSS information for the page accessed,
Javascript objects,
the date, and
the browser language.

You can prevent the storage of cookies and fingerprinting by selecting the appropriate technical settings in your browser software; however, we point out that in this case, you may not be able to use all functions of this website to their full extent.

Google’s privacy policy and terms of use can be found here: https://www.google.com/policies/privacy/ and here: https://policies.google.com/terms.

The legal basis for this data processing is your consent, Art. 6 (1) lit. a GDPR. You can withdraw your consent with effect for the future or refuse the use of Google reCAPTCHA by opening [Consent Preferences] via our consent management system and deselecting the “External Media” category.

7 Social Media

We use various social media channels to draw attention to our company. The website also uses social plugins from these social media channels. The protection of your data is very important to us on these channels as well. In the following, we inform you about the processing of personal data when using these channels. Should you have any further questions regarding the handling of your personal data, please feel free to contact our Data Protection Officer.

7.1 Social Media Corporate Presence and Use of Social Plugins

We operate social media pages and use social plugins from the following providers:

Facebook (Operator: Meta Platforms, Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA; hereinafter referred to as “Facebook”)
LinkedIn (Operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

The operators of the following channels are jointly responsible (joint controllers) with us:

Facebook
LinkedIn

These plugins typically collect data from you by default and transmit it to the servers of the respective provider. To ensure the protection of your privacy, we have taken technical measures to ensure that your data cannot be collected by the providers of the respective plugins without your consent. When you access a page where the plugins are integrated, they are initially deactivated. Only by clicking on the respective icon are the plugins activated, thereby giving your consent for your data to be transmitted to the respective provider.

The legal basis for the use of these plugins is your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG for the storage of information on your end device, such as a laptop or smartphone, as well as access to such information already stored on your end device.

Where our influence on data processing ends, the limit of our responsibility is reached. At these points, it is not possible for us to influence the data processing carried out by the operator of the channel. We therefore cannot provide information on which personal data is processed by them. For further information on the processing of the collected personal data and the options for objection, we refer you to the respective privacy policies of the channel operators.

7.2 Data Processing by Us

Data you enter, such as comments, videos, images, likes, and public messages that you leave on our social media channels, may be published by the social media platforms. These are used or processed by us only for the following purposes.

Personal data transmitted to us via social media through private messages, such as documents or communication data, will not be published by us; however, it cannot be ruled out that the social media operator may process or publish this data.

Please note that we do not wish to receive job applications via messenger services, such as Facebook Messenger, as these cannot guarantee the protection of your personal data to the extent required and desired by us.

Furthermore, we reserve the right to delete content if this should be necessary. If applicable, we may share your content on our page if this is a function of the social media platform and is permissible, and we communicate with you via the social media platform.

The legal basis for our data processing within the scope of our social media channels is Art. 6 (1) sentence 1 lit. f GDPR. The data processing is carried out in the interest of our public relations and modern communication.

Some of the social media providers are located in the USA and other countries outside the EU and the EEA. Therefore, data may also be processed by the provider of the respective platform in countries outside the EU and the EEA. We point out that companies in these countries may be subject to data protection laws that do not offer the same level of protection for your personal data as is the case in the EU member states.

We further point out that we have no influence on the scope, type, and purpose of data processing by the provider of the social media platform. More detailed information on the processing of your data by social media providers can be found in the privacy policy of the respective platform provider.

7.3 Insight Tags & Retargeting by Social Media Services

Once activated, these services also collect personal data (such as your IP address, device information, referrer URL, timestamp, time zone, browser information, ad visibility, clicks on ads, conversion tracking, user network, user agent, language, and website visited) and send this to the servers of the respective provider, where it is stored.

In addition, once activated, social plugins set a cookie with a unique identifier when the relevant website is accessed. This allows the providers to create profiles of your usage behavior and enables us to display personalized advertisements to these users. We also receive reports for our use that are pseudonymous regarding the performance of the advertisements as well as information on website interaction. This occurs even if you are not a member of the respective provider’s social network. If you are a member of the provider’s social network and are logged into that network during your visit to this website, your data and information about the visit to this website can be linked to your profile on the social network.

We have no influence over the exact scope of the data collected from you by the respective provider. For further information on the scope, type, and purpose of the data processing and on rights and setting options for the protection of your privacy, please refer to the privacy policies of the respective social network provider. These can be accessed at the following addresses:

Facebook: https://www.facebook.com/privacy/policy/
LinkedIn: https://www.linkedin.com/legal/privacy-policy

Insofar as data is processed outside the EU/EEA, Meta Platforms Inc. (Facebook) and LinkedIn Corporation have certified themselves under the Data Privacy Framework (DPF) program and are listed on the Data Privacy Framework List of the International Trade Administration (ITA). This means that Meta Platforms, Inc. and LinkedIn Corporation have publicly committed to complying with DPF obligations, and any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission dated July 10, 2023.

8 Recipients Outside the EU

With the exception of the processing activities for which we explain the possibility of transferring data to recipients based outside the EU in this data protection information, we do not pass on your data to recipients based outside the European Union or the European Economic Area. Data transfers are carried out on the basis of so-called Standard Contractual Clauses of the EU Commission.

9 Data Retention Period

The duration for which the data collected about you is stored depends on the purpose for which we process the data. Data is stored as long as it is necessary to achieve the intended purpose. Insofar as we are required to store certain categories of data for a specified period due to legal obligations (e.g., tax law requirements), the continued storage of the data—after its storage is no longer necessary for the achievement of the respective purpose—is carried out exclusively for the purpose of fulfilling the legal obligation. In these cases, the data is blocked from further access.

Examples of retention periods:

Use of data for marketing purposes (without tracking): 3 years.
Consents: Permanent storage for as long as the consents are continuously used (e.g., ongoing sending of email newsletters).
Tracking data: 2 years.
Data for the purpose of implementing (advertising) objections: Unlimited storage.

Last updated: March 2026

Compliance

Imprint & Data Privacy

Compliance

Imprint & Data Privacy

Table of Contents