Data Privacy Statement
Herein, we inform the reader, pursuant to legal requirements, and to the EU General Data Protection Regulation (GDPR, accessible via https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU) in particular, about the data processing procedures in our company.
Content:
-
General information and provisions
-
Important terms
-
Scope
-
Responsible person
-
Data protection officer
-
-
Data processing in detail
-
Provision of the website and of log files
-
Email contact and chat window
-
Analysis
-
Our activities in social networks
-
-
Rights of the data subject
-
Right to object
-
Right of access
-
Right to rectification
-
Right to erasure
-
Right to restriction of processing
-
Right to data portability
-
Right of revocation of consent
-
Right to appeal
-
1. General information and provisions
In this section of the data privacy statement you will find information on its scope of application, on the person responsible for data processing, the data protection officer and on data security. Additionally, we provide definitions of important terms used in the data privacy statement.
1.1. Important terms
Analytics: procedure to statistically measure the scope of an online service, which includes information on how long users visit a particular website, on the device and system software used, on language settings, on origin, region, location and activities of the user. It comprises a statistical analysis.
Browser: computer program for the rendering of websites (e. g. Chrome, Firefox, Safari)
Cookies: text files stored on the user’s computer by a web server through the used browser. The stored cookie information may contain a cookie ID that allows recognition; it may also contain information on application status or on websites previously visited by the user. The browser sends the cookie information to the web server when the website is revisited later. Most browsers accept cookies automatically. Cookies can be administered through the browser functions (mainly via “options“ or “settings”). Thus, the storage of cookies can be deactivated; it can also be made dependent on your approval on a case-by-case basis or limited otherwise. Cookies can be deleted at any time.
Third countries: countries that are not members of the European Union (EU)
GDPR: EU regulation 2016/679, ratified by the European Parliament and the European Council in April 2016 for the protection of natural persons in the context of processing their personal data, for free data traffic and to repeal directive 95/46/EG (General Data Protection Regulation), accessible via https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU
Personal data: all information that refers to an identified or identifiable natural person. A natural person is considered identifiable if he/she can either directly or indirectly be identified, particularly by tracing certain identifiers such as name, identification number, location data, online identifier or one or several unique identifiers that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that particular natural person.
Profiling: every sort of automated processing of personal data that implies using these personal data to assess certain characteristics of a natural person. Of particular relevance are the analysis and prediction of aspects regarding performance, economic situation, health, personal interests and preferences, reliability, behavior, location of residence, or change of the location of residence of that particular natural person.
Services: our offers to which this data privacy statement applies (cf. scope)
Tracking: the collection of data and their analysis with reference to the behavior of users over a longer period of time in order to subsequently attribute individual characteristics and interests
Tracking technologies: Tracking can be carried out by activity logs saved on web servers (log files) as well as by data collection on your device via pixels, cookies or similar tracking technologies.
Processing: every process carried out with or without the support of automated procedures, or every sequence of processes in relation to personal data, such as collection, gathering, organization, sorting, saving, adaptation or change, reading, querying, usage, disclosing by transfer, distribution or any other kind of provision, merging or linking, limitation, deletion, or elimination
Pixels: Pixels are also called count pixels, tracking pixels, web beacons, or web bugs. They are small, invisible charts in HTML emails or on websites. Whenever a document is opened, this small chart is loaded by an internet server; the download is registered there. Thus, the host of the server can see if and when an email was opened or a website visited. This function is mostly realized by running a minor program (Javascript). Certain kinds of information can thus be identified on the user’s computer and be passed on, such as the content of cookies, time and date of the website access as well as a description of the website on which the tracking pixel can be found.
1.2. Scope
This data privacy statement applies to the following services:
• our online services, accessible via https://www.nytromarketing.com/
• whenever one of our offers (e.g. websites, web services or embedded in third party websites) refers to this data privacy statement, independent from the way the user accesses or applies the respective offer.
All these offers are collectively called “services”.
1.3. Responsible person
The responsible person for data processing in the context of the services, i.e. the person who decides on the means and ends of processing personal data, is:
Nytro Marketing Inc.
Managing Director: Tom Pfister
145 North 2nd Street
Philadelphia | PA 19106 | USA
Tel: +1 215 715 9986
Email: tpfister@nytromarketing.com
1.4. Data protection officer
The data protection officer of our company is:
Franziska Eberius
Nytro Marketing Gmbh
Brüder-Grimm Str. 28
Hirschberg | 69493 | Germany
Email: feberius@nytromarketing.com
2. ata processing in detail
In this section of the data privacy statement, we would like to inform the reader in detail about the processing of personal data in the context of our services. For greater clarity and to facilitate reading, we subdivide the information according to the different functions of our services. During the regular usage of the services, various functions and thus various ways of processing can be effective consecutively or simultaneously.
2.1 Provision of the website and of log files
2.1.1. Description and scope of data processing
Whenever our website is accessed, our system, i.e. the web server, initiates the automated collection of information on the user’s computer or device.
The following data are collected in this context:
-
information on the type of browser and the applied version
-
the operating system of the user’s device
-
the screen resolution of the used display
-
the user’s internet service provider
-
the user’s IP address
-
date and time of access
-
the previously visited website from which the user accesses our website
2.1.2 Legal basis of data processing
The legal basis of the temporary storage of these data and the log files is Art. 6 (1) lit. f GDPR
(our legitimate interest as the responsible provider of the website).
2.1.3 Purpose of data processing
The collection of data for the provision of the website and the storage of data in log files is indispensable for securely operating the website. As a consequence, the user does not have any possibility to object. An analysis of the data, however, is not carried out in this context.
2.1.4 Duration of data storage
The data mentioned above are deleted as soon as they are no longer required to gain the end of their collection. With reference to the collection of data for the provision of the website, the data are deleted when the respective session has been terminated.
2.2 Email contact and chat window
2.2.1 Description and scope of data processing
We can be contacted via our chat window and the email address provided. In this case, the user’s personal data transferred with the inquiry are stored until the user’s request has completely been processed.
2.2.2 Legal basis of data processing
The legal basis of processing data transmitted in a contact request is Art. 6 (1) lit. f GDPR
(our legitimate interest as the responsible provider of the website).
If the request aims at the conclusion of a contract, Art. 6 (1) lit. b GDPR is an additional legal basis of data processing (contract initiation).
2.2.3 Purpose of data processing
The processing of personal data acquired through the contact initiation exclusively serves the handling of the inquiry.
2.2.4 Duration of data storage
The data mentioned above are deleted as soon as they are no longer required to gain the end of their collection. This is the case when it becomes obvious that the respective issue has been clarified finally and data storage is not required anymore for potential inquiries of the person concerned.
2.2.5 Possibility to object
The user has the possibility to object to data processing at any time. In this case, however, the conversation cannot be continued. The objection is to be addressed to
All personal data stored through the contact initiation will be deleted in this case.
2.3 Analysis
Below we describe how your personal data are processed, supported by analysis technologies, to analyze and improve our services.
The description of the analysis procedure also contains information on how you can prevent data processing or object to it. Please notice that the so-called “Opt-out”, i.e. the refusal of data processing, is generally stored via cookies. Consequently, you have to declare your refusal again and carry out “Opt-out” manually again if you use our services on a new device or access them via a different browser or if you have deleted cookies set previously by your browser.
The applied analysis procedure processes personal data only as pseudonymous data. Thus, a connection to a concrete, identified natural person, i.e. a relation between collected data and information about the carrier of the pseudonym, is not established.
With the support of this analysis procedure and information directly transferred, as for example cookie ID or abbreviated IP address, further information is attributed to the pseudonym. Typically, this is technical information on the device applied in order to gather information on the user’s behavior in the internet, his interests and his location.
2.3.1 Description and scope of data processing
On our website, we apply the analysis tool of the provider Matomo. In Matomo, the user’s interactions are primarily gathered and analyzed systematically with the support of cookies. If individual pages of our website are visited, the following data are stored:
-
three bytes of the IP address of the user’s system (anonymous IP address)
-
the website visited
-
the website from which the user has been directed to the respective page of our website
-
the screen resolution of the used display
-
the subpages opened from the website visited
-
the period of time the user visits the website
-
the frequency of visiting the website
The software has been adjusted in a way that the IP address is not saved completely, but the last 8-bit byte of the IP address is masked (e.g. 251.4.71.xxx). Thus, establishing a connection between the abbreviated IP address and the user’s computer or device is not possible any longer.
2.3.2 Legal basis of data processing
The legal basis of processing the user’s personal data is Art. 6 (1) lit. a GDPR (consent).
2.3.3 Purpose of data processing
Processing personal data with the support of Matomo allows us to statistically analyze our users’ browsing habits. Thus, we are enabled to gather information on how single components of our website are used. This helps us to continuously improve our website, its user-friendliness and our product range.
2.3.4 Duration of data storage
Stored data are deleted as soon as they are no longer required for our purposes. In our case, the deletion is carried out after 14 months.
2.3.5 Possibility to object
In order to enable the deactivation of the statistical recording of your visiting behavior, we offer an “Opt-out” by default. As soon as this option is activated and the respective cookie has been set, no further recording of your visiting behavior by Matomo will take place.
2.4 Our activities in social networks
2.4.1 Description of data privacy risks when using social networking platforms
To be able to communicate with you in social networks and to inform about our services, we are active on several social networking sites.
We are not the original provider (responsible) of these sites, but we merely use them in the scope of the opportunities offered by the respective provider. For reasons of precaution, we would like to point out that your data may also be processed outside the European Union or the European economic region. Using social networking platforms can thus bear data privacy risks because protecting your rights, e.g. the right to access, deletion, objection etc., might be impeded and because data processing in social networks is often carried out by providers for advertising purposes or to analyze user behavior without us being able to influence these processes. If usage profiles are created by the provider, cookies are often applied or the usage behavior is related directly to your member profile of the social networking platforms (if you are logged in).
2.4.2 Legal basis of data processing
The data processing procedures described above are carried out pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in an up-to-date way and to inform you about our services. If you as a user have to agree to data processing with the respective provider, the legal basis refers to Art. 6 (1) lit. a GDPR in conjunction with Art. 7 GDPR.
As we do not have access to data sets of providers, we would like to point out that your rights (e.g. to access, rectification, deletion, etc.) are best asserted with the respective provider. Further information on the processing of your data in social networks can be found below:
2.4.2.1 Facebook and Instagram
Responsible person for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Data privacy statement (privacy policy):
https://www.facebook.com/about/privacy
https://help.instagram.com/519522125107875
Opt-Out and advertising settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Facebook has joined the EU-U.S. Privacy Shield Agreement:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
https://de-de.facebook.com/about/privacy/
2.4.2.2 Twitter
Responsible person for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland
Information on which data are processed by Twitter and on the purposes for which the data are used can be found in the data privacy statement of Twitter: https://twitter.com/de/privacy
Twitter Inc. has joined the EU-U.S. Privacy Shield Agreement:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
2.4.2.3 LinkedIn
Responsible person for data processing in Europe: LinkedIn Ireland Unlimited Company
Information on which data are processed by LinkedIn and on the purposes for which the data are used can be found in the data privacy statement of LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
LinkedIn Ireland Unlimited Company has joined the EU-U.S. Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0
2.4.2.4 Youtube
Responsible person for data processing: Google Ireland Limited
Information on which data are processed by Youtube and on the purposes for which the data are used can be found in the data privacy statement of Youtube: https://policies.google.com/privacy?hl=de
3. Rights of the data subject
3.1 Right to object
If we process your personal data for advertising purposes, you have the right to object to the processing of your personal data for such purposes for the future at any time; this also applies to profiling, as far as it is related to direct advertising.
Furthermore, you have the right to object to the processing of your personal data carried out in line with Art. 6 (1) lit. e or f GDPR for the future at any time for reasons that result from your individual situation; this also applies to profiling based on these provisions.
Our data protection officer can be contacted under the address provided in section 1.4. of this data privacy statement. You can also write an email to feberius@nytromarketing.com.
3.2 Right of access
You have the right to be informed about if your personal data are processed by us. Additionally, you have the right to receive information about these personal data and further information provided in Art. 15 GDPR.
3.3 Right to rectification
You have the right to immediate correction of your personal data should they prove to be incorrect (Art. 16 GDPR). In consideration of the purposes of processing, you have the right to demand the completion of incomplete personal data.
3.4 Right to erasure
You have the right to have your personal data deleted by us immediately if one of the reasons mentioned in Art. 17 (1) GDPR applies and if data processing is not required for one of the purposes regulated by Art. 17 (3) GDPR.
3.5 Right to restriction of processing
You have the right to demand a restriction of the processing of your personal data if one of the conditions regulated by Art. 18 (1) lit. a to d GDPR applies.
3.6 Right to data portability
Pursuant to the conditions mentioned in Art. 20 (1) GDPR, you have the right to receive the personal data with which you provided us in a structured, established, and machine-readable format. Furthermore, you have the right to pass on these data to another responsible person without being impeded by us. When exercising the right to data portability, you have the right to have your personal data transmitted by us directly to another responsible institution as far as this is technically feasible.
3.7 Right of revocation of consent
If data processing is based on your permission, you have the right to revoke your permission at any time. The legitimacy of the processing carried out on the basis of your permission until the revocation of the permission remains unaffected.
3.8 Right to appeal
You have the right to appeal at the supervisory authority responsible for you. An up-to-date list of European authorities of data and information security can be found here: https://edpb.europa.eu/about-edpb/board/members_en
Status: June 24, 2019