Privacy statement

With this Privacy statement We inform you about the processing of personal data in connection with our Activities and activities including our webpage under the domain name postresidenzamsee.ch. In particular, we provide information on why, how and where we process which personal data. We also provide information about the rights of people whose data we process.

For individual or additional activities and activities, we may publish further privacy statements or other data protection information.

We are subject to Swiss law and any applicable foreign law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

The European Commission recognized with Decision of 26 July 2000that Swiss data protection law ensures adequate data protection. With Report from January 15, 2024 the European Commission confirmed this adequacy decision.

Table of contents

• 1. Contact addresses
  • 1.1 Data protection officer or data protection consultant
  • 1.2 Data Protection Representation in the European Economic Area (EEA)
• 2. Terms and legal bases
  • 2.1 Terms
  • 2.2 Legal bases
• 3. Type, scope and purpose of processing personal data
• 4. Automation and Artificial Intelligence (AI)
• 5. Disclosure of personal data
• 6. Communication
• 7. Applications
• 8. Data security
• 9. Personal data abroad
• 10. Rights of data subjects
  • 10.1 Data protection claims
  • 10.2 Legal protection
• 11. Use of the website
  • 11.1 Cookies
  • 11.2 Logging
  • 11.3 Tracking pixels
• 12. Notifications and notifications
  • 12.1 Measurement of success and reach
  • 12.2 Consent and objection
  • 12.3 Service providers for notifications and communications
• 13. social media
• 14. Third party services
  • 14.1 Digital infrastructure
  • 14.2 Automating and Integrating Apps and Services
  • 14.3 Audio and video conferences
  • 14.4 Online collaboration
  • 14.5 Social media features and social media content
  • 14.6 Map material
  • 14.7 Digital content
  • 14.8 Fonts
  • 14.9 E-commerce
  • 14.10 Payments
  • 14.11 Advertising
• 15. Measuring success and reach
• 16. video surveillance
• 17. Final information on the privacy policy

1. Contact addresses

Responsible in terms of data protection law is:

BO Arosa AG
Oberseepromenade 28
7050 Arosa
switzerland

info@postresidenzamsee.ch

In individual cases, third parties may be responsible for processing personal data or there may be joint responsibility with third parties. On request, we are happy to provide affected persons with information about their respective responsibilities.

1.1 Data protection officer or data protection consultant

We have the following data protection officer or data protection consultant as a point of contact for data subjects and authorities for inquiries in connection with data protection:

Pier Consani
BO Arosa AG
Oberseepromenade 28
7050 Arosa
switzerland

info@postresidenzamsee.ch

1.2 Data Protection Representation in the European Economic Area (EEA)

We have the following data protection representation in accordance with Art. 27 GDPR:

VGS Data Protection Partner GmbH
Am Kaiserkai 69
20457 Hamburg
germany

info@postresidenzamsee.ch

The data protection representative serves data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) as additional Contact point for inquiries related to the GDPR.

2. Terms and legal bases

2.1 Terms

Affected person: Natural person about whom we process personal data.

personal data: All Information relating to an identified or identifiable natural person.

Particularly sensitive personal data: Data on trade union, political, religious or ideological views and activities, data on health, privacy or ethnicity or race, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or persecutions, and data on social assistance measures.

Edit: Everyone handling of personal data, independently of the means and procedures used, such as querying, comparing, adapting, archiving, storing, reading, disclosing, collecting, deleting, disclosing, ordering, organizing, storing, modifying, disseminating, linking, destroying and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway.

2.2 Legal bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DSG) and the Data Protection Regulation (Data Protection Regulation, DSV).

If and insofar as the European General Data Protection Regulation (GDPR) is applicable, we process personal data or personal data in accordance with at least one of the following legal bases:

• Art. 6 para. 1 lit. b GDPR for the processing of personal data necessary to fulfill a contract with the data subject and to carry out pre-contractual measures.
• Art. 6 para. 1 lit. f DSGVO for the processing of personal data necessary to protect legitimate interests — including the legitimate interests of third parties — unless the fundamental freedoms and fundamental rights as well as the interests of the data subject prevail. Such interests include in particular the long-term, people-friendly, secure and reliable performance of our activities and activities, ensuring information security, protection against misuse, enforcing our own legal claims and compliance with Swiss law.
• Art. 6 para. 1 lit. c GDPR for the processing of personal data necessary to fulfill a legal obligation to which we are subject in accordance with any applicable law of member states in the European Economic Area (EEA).
• Article 6 (1) (e) GDPR for the processing of personal data necessary to perform a task that is in the public interest.
• Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the person concerned.
• Art. 6 para. 1 lit. d GDPR for the processing of personal data necessary to protect the vital interests of the data subject or of another natural person.
• Article 9 (2) et seq. of the GDPR for the processing of special categories of personal data, in particular with the consent of the persons concerned.

The European General Data Protection Regulation (GDPR) describes the processing of personal data as processing of personal data and the processing of particularly sensitive personal data as processing of special categories of personal data (Art. 9 GDPR).

3. Type, scope and purpose of processing personal data

We process the personal data that requisite are in order to be able to carry out our activities and activities permanently, humanely, safely and reliably. The processed personal data may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data. The personal data may also represent particularly sensitive personal data.

We also process personal data that we receive from third parties, obtain from publicly available sources or collect when carrying out our activities and activities, insofar as such processing is permitted.

Where necessary, we process personal data with the consent of the persons concerned. In many cases, we can process personal data without consent, for example to comply with legal obligations or to protect overriding interests. We may also ask data subjects for their consent if their consent is not required.

We process personal data for perpetuity, which is necessary for the respective purpose. We anonymize or delete personal data in particular in accordance with legal storage and limitation periods.

4. Automation and Artificial Intelligence (AI)

We can process personal data automatically or use artificial intelligence to process personal data.

We can use profiling to automatically evaluate certain personal aspects relating to data subjects. Profiling is used, for example, to analyse or predict interests, behaviours or personal preferences.

In individual cases, we provide information about decisions that are based exclusively on automated processing of personal data and entail legal consequences for data subjects or significantly affect them (automated individual decisions).

5. Disclosure of personal data

We can personal data Disclose to third parties, have it edited by third parties or edit it together with third parties. Such third parties may, for example, be specialized providers whose services we use.

As part of our activities and activities, we may, in particular, send personal data to banks and other financial service providers, public authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and credit agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance and payment service providers announce.

6. Communication

We process personal data in order to be able to communicate with individuals as well as with authorities, organizations and companies. In particular, we process data that a data subject transmits to us when contacting us, for example by letter or e-mail. We can store such data in an address book or with comparable tools.

Third parties who provide us with data about other persons are required to independently ensure the data protection of these data subjects. In particular, they must ensure that such data is correct and may be transmitted.

We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. With such services, we can also manage and otherwise process the data of data subjects beyond direct communication.

In particular, we use:

• Mews: Property management system (PMS) for hotels and other accommodation; provider: Mews System B.V. (Netherlands); data protection information: Privacy statement, “Data Privacy”.

7. Applications

We process personal data about applicants insofar as it is necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The required personal data is derived in particular from the information requested, for example as part of a job advertisement. We can publish job advertisements with the help of suitable third parties, for example in electronic and printed media or on job portals and job platforms.

We also process the personal data that applicants volunteered share or publish, in particular as part of a cover letter, curriculum vitae and other application documents as well as of online profiles.

We process — if and insofar as the General Data Protection Regulation (GDPR) applies — personal data about applicants in particular in accordance with Art. 9 para. 2 lit. b GDPR.

We can enable applicants to submit their information in our Talent pool to deposit so that they can be taken into account for future vacancies. We may also use such information to maintain contact and provide updates. If we believe that an applicant is eligible for a vacancy based on the information provided, we can inform the applicant accordingly.

We use selected services from suitable third parties to provide jobs via e-recruitment to be able to advertise and enable and manage applications.

8. Data security

We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. With our measures, we ensure in particular the confidentiality, availability, traceability and integrity of the processed personal data, but without being able to guarantee absolute data security.

Access to our website and other digital presence is carried out using transport encryption (SSL/TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting a website without transport encryption.

Our digital communication is subject to — how fundamentally any digital communication — mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, in the United States of America (USA) and in other countries. We cannot directly influence the corresponding processing of personal data by secret services, police stations and other security agencies. Nor can we rule out the possibility that a data subject is being specifically monitored.

9. Personal data abroad

We process personal data fundamentally in Switzerland and the European Economic Area (EEA). However, we can also export or transfer personal data to other countries, in particular to process or have it processed there.

We can transfer personal data to all Countries on Earth and elsewhere in universe export, provided that local law is in accordance with Resolution of the Swiss Federal Council and — if and to the extent that the General Data Protection Regulation (GDPR) is applicable — also in accordance with Decision of the European Commission ensures adequate data protection.

We may transfer personal data to countries whose law does not guarantee adequate data protection, provided that data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or with other appropriate guarantees. As an exception, we may export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, such as the express consent of the persons concerned or a direct connection with the conclusion or execution of a contract. On request, we are happy to provide data subjects with information about any guarantees or provide a copy of any guarantees.

10. Rights of data subjects

10.1 Data protection claims

We grant data subjects all claims in accordance with applicable law. In particular, data subjects have the following rights:

• Information: Data subjects can request information as to whether we process personal data about them and, if so, which personal data is involved. Data subjects also receive the information necessary to assert their data protection claims and to ensure transparency. This includes the processed personal data as such, but also information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries and the origin of the personal data.
• Correction and restriction: Data subjects can correct incorrect personal data, complete incomplete data and have the processing of their data restricted.
• Opportunity for personal opinion and human review: When making decisions that are based exclusively on automated processing of personal data and entail a legal consequence for them or significantly affect it (automated individual decisions), data subjects can express their own position and request that they be reviewed by a person.
• Deletion and objection: Data subjects can have personal data deleted (“right to be forgotten”) and object to the processing of their data with effect for the future.
• Data release and data transfer: Data subjects may request the release of personal data or the transfer of their data to another person responsible.

We may postpone, restrict or deny the exercise of the rights of data subjects to the extent permitted by law. We can inform data subjects of any requirements that must be met for the exercise of their data protection claims. For example, we may refuse to provide information in whole or in part with reference to confidentiality obligations, overriding interests or the protection of other persons. For example, we can also refuse to delete personal data in whole or in part, in particular with reference to legal storage obligations.

We can for the exercise of rights Exceptionally foresee costs. We will inform affected persons in advance of any costs.

We are required to identify data subjects who request information or assert other rights with appropriate measures. Affected persons are required to participate.

10.2 Legal protection

Data subjects have the right to enforce their data protection claims by legal process or to file a complaint or complaint with a data protection supervisory authority.

The data protection supervisory authority for private managers and federal bodies in Switzerland is Federal Data Protection and Information Commissioner (FDPÖB).

European data protection supervisory authorities are as Members of the European Data Protection Board (EDSA) organized. In some Member States in the European Economic Area (EEA), data protection supervisory authorities are federally structured, especially in Germany.

11. Use of the website

11.1 Cookies

We may use cookies. Cookies — our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) — are data that is stored in the browser. Such stored data need not be limited to traditional cookies in text form.

Cookies can be stored in the browser temporarily as “session cookies” or for a specific period of time as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. In particular, cookies make it possible to recognize a browser the next time you visit our website and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

Cookies can be completely or partially deactivated, restricted or deleted in the browser settings at any time. The browser settings often also allow automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We actively seek express consent to the use of cookies, at least to the extent and to the extent necessary in accordance with applicable law.

In the case of cookies that are used to measure success and reach or for advertising, there is a general objection (“opt-out”) for numerous services via the AdChoices (Digital Advertising Alliance of Canada), which Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) is possible.

11.2 Logging

We can log at least the following information for each access to our website and other digital presence, provided that this information is determined or transmitted as standard when such accesses to our digital infrastructure occur: date and time, including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed, including the amount of data transferred, website last accessed in the same browser window (referrer or referrer).

We log such information, which may also represent personal data, in log files. The information is required in order to be able to provide our digital presence permanently, in a people-friendly and reliable way. The information is also required to ensure data security — including by third parties or with the help of third parties.

11.3 Tracking pixels

We can integrate tracking pixels into our digital presence. Tracking pixels are also known as web beacons. Tracking pixels — including from third parties whose services we use — are usually small, invisible images or scripts written in JavaScript that are automatically retrieved when you access our digital presence. Tracking pixels can be used to collect at least the same information as when logging in log files.

12. Notifications and notifications

12.1 Measurement of success and reach

Notifications and messages can contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked on. Such web links and tracking pixels can also record the use of notifications and messages on a personal basis. We need this statistical recording of usage to measure success and reach in order to be able to send notifications and messages based on the needs and reading habits of recipients effectively and in a human-friendly manner as well as permanently, securely and reliably.

12.2 Consent and objection

They must fundamentally consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. We can use the “double opt-in” procedure to obtain double-confirmed consent. In this case, you will receive a message with instructions for double confirmation. We may obtain consents including IP address and timestamp record for evidentiary and security reasons.

They can fundamentally Opt out of receiving notifications and communications, such as newsletters, at any time. With such an objection, you can at the same time object to the statistical recording of use for measuring success and reach. We reserve the right to receive necessary notifications and notifications in connection with our activities and activities.

12.3 Service providers for notifications and communications

We send notifications and messages with the help of specialized service providers.

In particular, we use:

• Mailchimp: Communication platform; provider: The Rocket Science Group LLC DBA Mailchimp (USA) as Subsidiary by Intuit Inc. (USA); data protection information: Privacy Policy (Intuit) including “Country and Region-Specific Terms”, “Mailchimp Privacy FAQs” (“Mailchimp Privacy FAQs”), “Mailchimp and European Data Transfers”, “Safety”, cookie policy, “Inquiries about data protection rights”, “Legal Provisions”.

13. social media

We are present on social media platforms and other online platforms in order to be able to communicate with interested people and to provide information about our activities and activities. In connection with such platforms, personal data can also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC) and terms of use as well as data protection declarations and other provisions of the individual operators of such platforms also apply. In particular, these provisions provide information on the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.

For our Social media presence on Facebook Including so-called page insights, we are responsible — if and insofar as the General Data Protection Regulation (GDPR) applies — together with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of Meta companies (including in the USA). The page insights provide information about how visitors interact with our Facebook presence. We use page insights to be able to provide our social media presence on Facebook in an effective and people-friendly way.

Further information on the type, scope and purpose of data processing, information on the rights of data subjects and the contact details of Facebook as well as Facebook's data protection officer can be found in Facebook privacy policy. With Facebook, we have the so-called “Amendment for responsible persons” concluded and thus agreed in particular that Facebook is responsible for ensuring the rights of data subjects. For the so-called page insights, the corresponding information can be found on the page “Information about page insights” including “Information about page insights data”.

14. Third party services

We use services from specialized third parties in order to be able to carry out our activities and activities permanently, in a people-friendly, safe and reliable way. With such services, we can, among other things, embed features and content into our website. When embedding in this way, for technically compelling reasons, the services used record at least temporarily the IP addresses of users.

For necessary safety-related, statistical and technical purposes, third parties whose services we use may aggregate, anonymize or pseudonymize data in connection with our activities and activities. This includes, for example, performance or usage data in order to be able to offer the respective service.

In particular, we use:

• Services from Google: Providers: Google LLC (USA)/Google Ireland Limited (Ireland) partly for users in the European Economic Area (EEA) and Switzerland; general information on data protection: “Privacy and Security Principles”, “More information about how Google uses personal data”, Privacy statement, “Google is committed to complying with applicable data protection laws”, “Google Product Privacy Guide”, “How we use data from websites or apps that use our services”, cookie policy, “Advertising that you have control over” (personalized advertising settings).
• Microsoft services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland and the United Kingdom/ Microsoft Corporation (USA) for users in the rest of the world; general information on data protection: “Data protection at Microsoft”, “Data protection and privacy”, Privacy statement, “Data and privacy settings”.

14.1 Digital infrastructure

We use services from specialized third parties to make use of the necessary digital infrastructure in connection with our activities and activities. This includes, for example, hosting and storage services from selected providers.

In particular, we use:

• Amazon Web Services (AWS): Storage space and other infrastructure; providers: Amazon Web Services Inc. (USA) for users in Switzerland/Amazon Web Services EMEA SARL (Luxembourg) for users in the European Economic Area (EEA); data protection information: Privacy statement, “Privacy Center”, “Frequently asked questions about data protection”, “General Data Protection Regulation (GDPR) Center”.
• Exigo: Hosting; provider: exigo ag (Switzerland); data protection information: Privacy statement, “Data protection/security”.
• jsDelivr: Content Delivery Network (CDN) for open source software, such as npm and WordPress; provider: Volentio JSD Limited (UK); data protection information: Privacy statement.
• Webflow: Website builder; provider: Webflow Inc. (USA); data protection information: Privacy Policy for users in the European Economic Area, Switzerland and the UK (“EU & Swiss Privacy Policy”), Privacy Policy for users in the rest of the world (“Global Privacy Policy”), cookie policy.

14.2 Automating and Integrating Apps and Services

We use specialized platforms to integrate and connect existing apps and services from third parties. With such “no-code” platforms, we can also automate processes and activities with apps and services from third parties.

14.3 Audio and video conferences

We use specialized audio and video conferencing services to communicate online. For example, we can hold virtual meetings or conduct online lessons and webinars. For participation in audio and video conferences, the legal texts of the individual services, such as data protection declarations and terms of use, also apply.

Depending on your life situation, when participating in audio or video conferences, we recommend muting the microphone by default, blurring the background or letting a virtual background appear.

In particular, we use:

• Google Meet: video conferences; provider: Google; Google Meet-specific information: “Google Meet — Security and Privacy for Users”.
• Zoom: Platform for collaborative work, in particular with video conferences; provider: Zoom Video Communications Inc. (USA); data protection information: “Privacy at Zoom”, Privacy statement, “Legal compliance”.

14.4 Online collaboration

We use services from third parties to enable online collaboration. In addition to this privacy policy, there are also any directly apparent conditions of the services used, such as terms of use or data protection declarations.

In particular, we use:

• Microsoft Teams: Platform for productive collaboration, in particular with audio and video conferences; provider: Microsoft; teams-specific information: “Security and Compliance in Microsoft Teams,” in particular “Data Protection”.

14.5 Social media features and social media content

We use services and plug-ins from third parties to embed features and content from social media platforms and to enable content sharing on social media platforms and other means.

In particular, we use:

• Facebook (social plugins): embedding Facebook features and Facebook content, such as “Like” or “Share”; providers: Meta Platforms Ireland Limited (Ireland) and more meta companies (including in the USA); data protection information: Privacy statement.
• Instagram platform: Embedding Instagram content; providers: Meta Platforms Ireland Limited (Ireland) and more meta companies (including in the USA); data protection information: Privacy statement (Instagram), Privacy statement (Facebook).
• LinkedIn Consumer Solutions Platform: Embedding features and content from LinkedIn, for example with plugins Like the “Share Plugin”; Provider: Microsoft; Linkedin-specific information: “Data Protection” (“Privacy”), Privacy statement, cookie policy, Cookie management/ Objection to email and SMS communication from LinkedIn, Objection to interest-based advertising.

14.6 Map material

We use third-party services to embed maps on our website.

In particular, we use:

• Google Maps including Google Maps Platform: Map service; provider: Google; Google Maps-specific information: “How Google Uses Location Information”.

14.7 Digital content

We use services from specialized third parties to integrate digital content into our website. Digital content includes in particular image and video material, music and podcasts.

In particular, we use:

• Vimeo: Video platform; provider: Vimeo Inc. (USA); data protection information: Privacy statement, “Private video hosting”.

14.8 Fonts

We use third-party services to embed selected fonts as well as icons, logos and symbols into our website.

In particular, we use:

• Google fonts: fonts; provider: Google; Google fonts-specific information: “Your Privacy and Google Fonts”, “Data Protection and Data Collection” (Google Fonts).

14.9 E-commerce

We conduct e-commerce and use services from third parties to successfully offer services, content or goods.

14.10 Payments

We use specialized service providers to process payments securely and reliably. The legal texts of the individual service providers, such as general terms and conditions (GTC) or data protection declarations, apply in addition to the processing of payments.

In particular, we use:

• Adyen: Processing of payments; provider: Adyen NV (Netherlands); data protection information: Privacy statement, cookie policy.
• Apple Pay: Processing payments; providers: Apple Inc. (USA)/Apple Distribution International Limited (Ireland); data protection information: Privacy statement, “Privacy Policy”, “Apple Pay & Privacy”.
• Payrexx: Processing of payments; provider: Payrexx AG (Switzerland); data protection information: “Guidelines” including privacy policy.
• PostFinance: Processing of payments; provider: PostFinance AG (Switzerland); data protection information: “Legal Information and Accessibility”, “Privacy” (including privacy statements).
• Stripe: Processing payments; providers: Stripe Inc. (USA)/Stripe Capital Europe Limited (Ireland)/Stripe Payments Europe Limited (SPEL, Ireland)/Stripe Payments UK Limited (UK); data protection information: “Stripe Privacy Center” (“Stripe Privacy Center”), Privacy statement, cookie policy.
• TWINT: Processing of payments in Switzerland; provider: TWINT AG (Switzerland); data protection information: Privacy statement, “Safety in accordance with Swiss standards”.
• Worldline: Processing of payments, in particular with mobile payment solutions; providers: Worldline SA (France), Worldline Schweiz AG (Switzerland) and other Worldline companies around the world (including in the USA); data protection information: Privacy statement, “Responsible use of data program”, cookie policy.

14.11 Advertising

We use the opportunity to specifically Advertising with third parties such as social media platforms and search engines for our activities and activities.

In particular, we want to use such advertising to reach people who are already interested in or might be interested in our activities and activities (Remarketing and Targeting). For this purpose, we may transfer appropriate — possibly also personal — information to third parties who enable such advertising. We can also determine whether our advertising is successful, i.e. in particular whether it leads to visits to our website (Conversion Tracking).

Third parties with whom we advertise and with whom you are registered as a user can only associate the use of our website with your profile there.

In particular, we use:

• Google Ads: search engine advertising; provider: Google; Google Ads-specific information: advertising based, among other things, on search queries, with various domain names — in particular doubleclick.net, googleadservices.com and googlesyndication.com — being used for Google Ads Advertising privacy policy, “Manage displayed ads directly from ads”.
• LinkedIn Ads: Social media advertising; providers: LinkedIn Corporation (USA)/LinkedIn Ireland Unlimited Company (Ireland); data protection information: remarketing and targeting, in particular with the LinkedIn Insight Day, “Data protection”, Privacy statement, cookie policy, Objection to personalized advertising.
• Meta ads: Social media advertising on Facebook and Instagram; providers: Meta Platforms Ireland Limited (Ireland) and more meta companies (including in the USA); data protection information: Targeting, including retargeting, in particular with Meta-pixel and with Custom Audiences including Lookalike Audiences, Privacy statement, “Advertising preferences” (User login required).

15. Measuring success and reach

We try to measure the success and reach of our activities and activities. In this context, we can also measure the impact of third-party suggestions or check how different parts or versions of our digital presence are being used (“A/B testing” method). In particular, based on the results of measuring success and reach, we can correct errors, strengthen popular content or make improvements.

To measure success and reach, in most cases, the IP addresses collected by individual users. In this case, IP addresses are fundamentally abbreviated (“IP masking”) in order to follow the principle of data economy through appropriate pseudonymization.

Cookies can be used to measure success and reach and user profiles can be created. Any user profiles created include, for example, the individual pages visited or content viewed on our digital presence, information about the size of the screen or browser window and the — at least approximate — location. Basically Any user profiles are created exclusively pseudonymized and not used to identify individual users. Individual services from third parties with which users are registered can only assign the use of our online offer to the user account or user profile with the respective service.

In particular, we use:

• Google Marketing Platform: Measuring success and reach, in particular with Google Analytics; Provider: Google; Google Marketing Platform-specific information: Measurement also across different browsers and devices (Cross-device tracking) with pseudonymized IP addresses that only Exceptionally are transferred in full to Google in the USA Google Analytics Privacy Policy, “Browser add-on to disable Google Analytics”.
• Google Tag Manager: Integration and administration of services from Google and third parties, in particular for measuring success and reach; provider: Google; Google Tag Manager-specific information: Google Tag Manager privacy policy; further information on data protection can be found in the individual integrated and managed services.

16. video surveillance

We use video surveillance to prevent crime, to preserve evidence of crimes, to exercise and assert our own legal claims, to defend against third-party legal claims and to exercise our house rights. These are — if and to the extent that the General Data Protection Regulation (GDPR) applies — overriding legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO, in the case of particularly sensitive personal data with reference to Art. 9 para. 2 lit. f DSGVO.

We store recordings from our video surveillance for as long as they are necessary to obtain evidence or for another specified purpose.

We can secure recordings from our video surveillance and transfer them to competent authorities, in particular judicial or law enforcement authorities, provided that the transfer is necessary for a specified purpose, in our other legitimate overriding interest or due to legal obligations.

17. Final information on the privacy policy

We have created this privacy policy with Privacy generator of Data protection partners created.

We may update this privacy statement at any time. We will inform you about updates in an appropriate form, in particular by publishing the latest privacy policy on our website.

‍