The protection of data is of particular concern to us. Our efforts to meet the requirements under data protection law primarily aim to respect your privacy and personal privacy. 

 

While electronic data processing systems (EDP) are indispensable to today’s innovative companies, it is beyond doubt that we apply the highest level of compliance with the statutory regulations. 

 

You may use our website without providing any personal information. If you want to use specific services our company provides through our website, however, the processing of personal data might become necessary. If this is the case and there is no legal basis for such processing, we generally request the consent of the person whose data this concerns, called the “data subject.”

 

Under no circumstances do we sell or rent your personal information to third parties for their marketing or other purposes. If you do not agree with the terms of our Privacy Policy, please do not send any personal data to us.

 

This Privacy Policy is intended to provide data protection information in accordance with the GDPR (General Data Protection Regulation) and the Swiss Data Protection Act (Datenschutzgesetz; DSG). To ensure transparency and comprehensibility, we use the following terms from the GDPR. 

This Privacy Policy is based on terms used in the GDPR and is meant to be easy to read and understand for everyone. Therefore, we would like to explain various terms in advance:

Personal data is any information relating to an identified or identifiable natural person (hereinafter the “data subject”). An identifiable person is a natural person who can be identified, directly or indirectly, in particular by means of the assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller, the party that is responsible for the data.

Processing means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, querying, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Restriction of processing means to identify stored personal data with the goal of limiting its processing in the future.

Profiling is any form of automated processing of personal data consisting of using the personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, residence, or movements.

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Data controller refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for their nomination may be stipulated by Union or Member State law.

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.

Recipient means a natural or legal person, public authority, agency, or another body, which personal data is disclosed to, whether they are a third party or not. However, public authorities that may receive personal data in the context of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.

Third party means a natural or legal person, public authority, agency, or body other than the data subject, data controller, processor, and persons who are authorized to process personal data under the direct authority of the data controller or processor.

Consent is any statement of intent voluntarily and unambiguously provided by the data subject in an informed and unambiguous manner in the form of a statement or other unambiguous confirming act that indicates that the data subject has consented to the processing of their personal data.

(1) Below you will find all the information relating to the collection of personal data when you use our website. Personal data is all data personally referable to you, e.g., name, address, e-mail addresses, user behavior, etc.

(2) The data controller is  

BSI Business Systems Integration AG 

Täfernstrasse 1 

CH-5405 Baden

Legally required data protection officer

We have appointed a data protection officer for our company.

IDR – Weller

Institut für Datenschutzrecht

Ziegelbräustraße 7, 85049 Ingolstadt

idr-datenschutz.de

Phone: +49 841 885167 15

E-mail: ra-weller@idr-datenschutz.de

(3) You may contact our data protection officer at any time using the contact details provided in Section 2 (2) above or by sending an e-mail to: datenschutz@bsi-software.com

(4) Our representative in the EU in accordance with Article 27 GDPR is: 

BSI Business Systems Integration Deutschland GmbH

Rheinstrasse 97

DE-64285 Darmstadt

Phone +49 6151 493 54 00

Fax +49 6151 493 54 97

(5) When you contact us via e-mail or a contact form, we will automatically store the data you provide (your e-mail address and, if applicable, your name and phone number) to answer your questions. Such personal data transmitted voluntarily by a data subject to the data controller will be stored exclusively for processing purposes or for purposes of contacting the data subject. We will delete the data collected within this context once storing it is no longer necessary or will limit its processing, if any obligation of statutory retention exists.

(6) If we use contracted service providers for individual activities within the scope of our services, or if we would like to use your data for promotional purposes, please see detailed information about the relevant processes further down in this text. There, we also specify the defined criteria for the storage period.

(7) As the data controller responsible for processing the data, we have implemented numerous technical and organizational measures to ensure that all personal data processed through this website is protected as thoroughly as possible. Nevertheless, internet-based data transmission can have security gaps, and, therefore, an absolute level of protection cannot be guaranteed. For this reason, every data subject has the option to send personal data to us by other means, for example, by phone.

(8) As a responsible-minded company, we do not use automatic decision-making or profiling.

(1) You have the following rights with regard to your personal data:

Every data subject has the right, granted by the GDPR, to obtain, at any time and free of charge, information from the data controller concerning any stored personal data relating to them as well as a copy of that information. Furthermore, the European regulator has granted the data subject disclosure of the following information:

1. the purposes of the processing
2. the categories of personal data being processed
3. the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or at international organizations
4. where possible, the expected period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period
5. the existence of the right to correct or delete the personal data concerning the data subject or to restrict its processing by the data controller or to object to such processing
6. the existence of the right of appeal to a supervisory authority
7. if the personal data has not been obtained directly from the data subject: all available information about the origin of the data
8. the existence of automated decision-making, including profiling, in accordance with Article 22 (I) and (IV) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and pursued consequences of such processing for the data subject.

Furthermore, the data subject has the right to information as to whether their personal data has been transferred to a third country or an international organization. If this is the case, the data subject also has the right to obtain information about the suitable guarantees made in connection with the transfer.

If a data subject wishes to exercise this right of access to information, they may contact one of the data controller’s employees at any time.

Each data subject whose personal data is processed has the right to revoke their consent to the processing of their personal data at any time. 

If a data subject wishes to exercise this right to revoke their consent, they may contact one of the data controller’s employees at any time and through any communication channel.

The data subject has the right to request that the data controller promptly correct any incorrect personal data that concerns them. Taking into consideration the purposes of processing, the data subject has the right to request the completion of incomplete personal data, even through a supplementary declaration.

If a data subject wishes to exercise this right to access to information, they may contact one of the data controller’s employees at any time.

The data subject has the right to require the data controller to delete personal data concerning them without delay, and the data controller is obliged to delete personal data without delay if any of the following reasons apply:

1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
2. The data subject revokes their consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a), and there is no other legal basis for the processing.
3. The data subject opposes the processing in accordance with Article 21 (1), and there are no overriding legitimate grounds for processing, or the data subject opposes the processing in accordance with Article 21 (2).
4. The personal data has been processed unlawfully.
5. The personal data must be deleted in compliance with a legal obligation according to the Union or Member State law the data controller is subject to.
6. The personal data was collected regarding services the information society offered in accordance with Article 8 (1).
7. If a data subject wishes to exercise this right to erasure/right to be forgotten, they may contact one of the data controller’s employees at any time.

If we, as the data controller, have made the personal data public and are obligated to delete the data in accordance with Article 17 (1) GDPR, we will take appropriate measures, including technical measures, taking into account the technology available and the implementation costs, to inform the data processors that a data subject has requested that they delete any links to this personal data or any copies or replications of this personal data. Our employees will take the necessary actions.

The data subject has the right to request that the data controller restrict the processing if one of the following conditions is met:

1. If the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data.
2. If the processing is unlawful and the data subject objects to the erasure of their personal data and instead requests a restriction on the use of the personal data.
3. If the data controller no longer needs the personal data for the purposes of processing but the data subject needs the data for the establishment, exercise, or defense of legal claims.
4. If the data subject has objected to the processing in accordance with Article 21 (1), pending determination of whether the data controller’s legitimate grounds prevail over those of the data subject.

If a data subject wishes to exercise this right to restrict processing, they may contact one of the data controller’s employees at any time.

Each data subject has the right granted by the GDPR to object, on grounds relating to their particular situation, at any time, to the processing of personal data concerning them, which is based on Article 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data, unless we can prove compelling reasons that the processing is worthy of protection, which outweigh the interests, rights, and freedoms of the data subject, or the processing serves to establish, exercise, or defend legal claims.

If we process personal data to engage in direct advertising, the data subject has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to any profiling in connection with such direct advertising. If the data subject objects to our processing for direct advertising purposes, we will no longer process the personal data for these purposes.

Furthermore, the data subject has the right, on grounds relating to their particular situation, to object to our processing of personal data concerning them for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, unless the processing is necessary for the performance of a task performed for reasons of public interest.

To exercise the right to object to the processing, the data subject may contact any employee directly. Furthermore, the data subject is free, in connection with the use of services provided by the information society, notwithstanding Directive 2002/58/EC, to exercise their right to object by means of automated procedures using technical specifications.

The data subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, current, and machine-readable format and to transmit this data to another data controller without interference by the data controller to whom the personal data was initially provided, given that

1. The processing is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or based on a contract in accordance with Article 6 (1) (b) GDPR and
2. The processing is done by using automated procedures.

In exercising their right to data portability according to Article 20 (1) GDPR, the data subject has the right to have the personal data transferred directly from one data controller to another, where technically feasible and the rights and freedoms of others are not affected.

If a data subject wishes to exercise this right to data portability, they may contact one of the data controller’s employees at any time.

Every data subject is entitled under the GDPR not to be subject to a decision exclusively based on automated processing, including profiling, which has legal effect against them or significantly affects them in an equivalent manner, provided that the decision 

1. is not necessary for entering into, or for the performance of, a contract between the data subject and the data controller, or 
2. is permissible due to the legal provisions of the Union or Member States the data controller is subject to, and these legal provisions also contain suitable measures to safeguard the rights and freedoms as well as legitimate interests of the data subject or 
3. is made with the express consent of the data subject.

If the decision is necessary for the conclusion or performance of a contract between the data subject and the data controller or is made with the express consent of the data subject, we will take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including, at a minimum, the right to obtain the intervention of an individual on the part of the data controller, to state their own position, and to challenge the decision.

If the data subject wishes to exercise their rights in regard to automated decision-making, they may  contact one of the data controller’s employees at any time.

(2) You also have the right to file a complaint with a data protection supervisory authority concerning our processing of your personal data. The supervisory authority responsible for our company is:

Federal Data Protection and Information Commissioner (FDPIC) (http://www.edoeb.admin.ch)

Feldeggweg 1

CH-3012 Bern, Switzerland

(1) If you use our website solely for information purposes, that is, if you do not register or otherwise provide information to us, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis for this is Article 6 (1) (1) (f) GDPR):

• IP address
• Date and time of inquiry
• Time zone difference from Greenwich Mean Time (GMT)
• Internet service provider of the accessing system
• Content of the request (specific page)
• Access Status/HTTP status code
• Volume of data transferred each time
• Website where the request originates (the so-called referrer)
• Browser
• Operating system and its interface
• Language and version of the browser software

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in association with the browser you are using and through which the party setting the cookie (in this case, this is us) receives certain information. Cookies cannot run programs or transfer viruses to your computer. They serve to make our website more user-friendly and effective overall.

(3) Use of cookies:

1. In principle, there are the following cookie types, each with a specific function:
   1. Transient cookies are automatically deleted when you close your browser. In particular, these include session cookies. They store a so-called session ID, which helps assign various requests from your browser to the joint session. As a result, your computer can be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
   2. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
   3. Necessary cookies are those that are strictly necessary for the operation of a homepage.
   4. Analytical, marketing, or personalization cookies are used, among other things, in the context of a range measurement and, for example, also when the interests of a user or their behavior are to be stored in a user profile. This procedure is also known as “tracking.” To the extent that we use cookies or “tracking” technologies, we inform you separately of these in our Privacy Policy or within the context of obtaining consent.
   5. You can configure your browser settings as desired and can, for instance, refuse to accept third-party cookies or any cookies. Please note that in this case, you may not be able to use all the features of this website.
   6. We also use cookies to identify you when you return to our website if you have an account with us. Otherwise, you would have to log in again for each visit.
2. In principle, the data processed using cookies is processed on the basis of our legitimate interests (Article 6 (1) (f) or, if the use of cookies is necessary to fulfill our contractual obligations (Article 6 (1) (b). If we ask for your consent, the legal basis for processing the data is the declared consent (Article 6 (1) (a)).
3. You always have the option to revoke your consent at any time or to object to the processing of your data through cookie technologies (“opt-out”). You can declare your objection first by using your browser settings. You can also declare an objection to the use of cookies for online marketing purposes through a wide range of services, particularly, in the case of tracking, through the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ or, more generally, on/at http://optout.aboutads.info.

(1) On our website, we use a personalization banner in order to provide you with content tailored to your interests and industry. When visiting our site, you can select an industry (e.g., banking, insurance & health, retail, energy & utilities). Based on this selection, we show you relevant content and give you optimized access to our offers. To do this, we set a so-called session cookie “preference” for the duration of your current session. It does not contain any personal data, only technical information about your selected industry. The session cookie is deleted as soon as you close your browser.

(2) If you activate your selection under “Yes, I would like to save settings” and then click on “Agree”, we set a cookie called “preference” on your device. This cookie stores your selection for one year. It does not contain any personal data, only technical information about your selected industry. The cookie is stored on the basis of your consent in accordance with Art. 6 (1) (a) GDRP. You can change or revoke your selection at any time. To do this, simply deactivate the selection under “Yes, I would like to save settings”.

(1) In addition to the purely informational use of our website, we offer assorted services you can use if you are interested. To do so, you typically have to provide additional personal data, which we will use to provide the relevant service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. They have been carefully selected and commissioned by us, are bound by our instructions, and are monitored regularly.

(3) The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services, as well as technical maintenance services, which we use for the purpose of operating these online services. 

In this regard, either we or our hosting provider process the master data, contact data, content data, contract data, and usage data, as well as the meta and communication data of customers, interested parties, and visitors of these online services based on our legitimate interests in the efficient and secure provision of this online service according to Article 6 (1) (f) GDPR in conjunction with Article 28 GDPR. 

(4) Furthermore, we may disclose your personal data to third parties if we offer promotions, sweepstakes, contracts, or similar services together with partners. For more information, please provide your personal data or see the description of the service below.

(5) If our service providers or partners are located in a country outside of the European Economic Area (EEA), information about the consequences of this fact is included in the description of the service.

Transatlantic Data Privacy Framework (TADPF): Within the context of the so-called “Transatlantic Data Privacy Framework” (TADPF), the EU Commission has also recognized the data protection level for certain companies in the United States. You can find the list of certified companies as well as additional information on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/. Please see the following website of the EU Commission for information in German and other languages: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_de. Additionally, we will inform you about any companies we use that are certified under the Transatlantic Data Privacy Framework.

The data controller collects and processes the personal data of job applicants for the purpose of managing the application process. The processing may also be performed electronically. This is the case, in particular, if an applicant sends relevant application documents to the data controller electronically, for example, by e-mail or through a contact form on our website. If the data controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of executing the employment contract in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted, provided the data controller has no other legitimate interests that preclude deletion. Examples of other legitimate interests in this context are a duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz; AGG).

We process the applicant data to fulfill our precontractual and contractual obligations in the context of the application process within the meaning of Article 6 (1) (b) GDPR, and Article 6 (1) (f) GDPR if the data processing becomes a requirement for us, e.g., in the context of legal proceedings (in Germany, Article 26 of the Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG) also applies).

(1) If you have given your consent for the processing of your data, you may revoke it at any time using any communication channel. If you exercise this right of revocation, it will affect our ability to process your personal data for which you previously gave your consent.

(2) Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing of your personal data. This is the case if the processing is not necessary, in particular for fulfilling a contract with you and is described in the following descriptions of the services. When you exercise such objection, we ask that you provide reasons why we should not be processing your personal data as done by us. In the event your objection is justified, we will examine the situation and either stop or adjust the data processing or indicate to you our compelling reasons worthy of protection on the basis of which we will continue the processing the data.

(3) It is understood that you may object to the processing of your personal data for promotional and data analysis purposes at any time. You may inform us of your objection to promotional purposes at the contact details listed in Section 2 (2).

(1) We would like to inform you that, in some cases, the provision of personal data is required by law. However, it may also be possible that a data subject needs to provide personal data to us for a contract to be performed. A failure to provide personal data would mean that the contract could not be concluded. Our staff will be happy to assist you with questions regarding specific circumstances. 

(2) The data processed by us will be deleted or their processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us will be deleted as soon as it is no longer needed for the intended purpose and the deletion does not conflict with any statutory storage obligations. If the data is not deleted because it is required for other legally permissible purposes, the processing of the data will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

According to legal requirements, data is stored, in particular, for 10 years in accordance with Paragraph 147 (1) of the Tax Code (Abgabenordnung; AO), Paragraph 257 (1) (1) and (4) and Paragraph 257 (4) of the Swiss Commercial Code (Handelsgesetzbuch; HGB) (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with Paragraph 257 (1) (2) and (3) and Paragraph 257 (4) HGB (commercial letters).

(1) If you wish to use our portal/the registration feature on our website, you must register. For the registration, we use the so-called “double opt-in” method, i.e., your registration will not be complete until you have confirmed it through a confirmation e-mail sent to you for this purpose by clicking on the link included therein. If your confirmation does not arrive within 24 hours, your registration will be automatically deleted from our database. While it is obligatory to provide certain data, you may provide any additional information voluntarily by using our portal.

(2) If you use our portal/the registration feature on our website, we will store the data about you that is required for the contract performance until you ultimately delete your access. Furthermore, we will store the optional data provided by you for the duration of your use of the portal, unless you delete the data prior to this. In the event of the existence of a contract, the legal basis is Article 6 (1) (1) (b) GDPR; otherwise, it is Article 6 (1) (1) (f) GDPR.

(3) By registering on the data controller’s website, the IP address assigned by the data subject’s Internet Service Provider (ISP), as well as the date and time of registration are also stored. This data storage takes place to prevent the misuse of our services, and, because this data, if necessary, facilitates the resolution of committed offenses. In this respect, storing this data is necessary to protect the data controller. In principle, this data will not be passed on to third parties unless a transfer is required by law or for the purposes of criminal prosecution.

(4) To prevent unauthorized third-party access to your personal data, and specifically financial data, the connection is encrypted using TLS technology.

(1) If you provide your consent, you may subscribe to our newsletter, which we use to inform you about interesting current offers. 

(2) To register for our newsletter, we use the so-called “double opt-in” method. This means that after you have registered, we will send an e-mail to the e-mail address you provided, asking you to confirm that you would like to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. We will also store your IP addresses, and the computer system used, as well as the times of your registration and confirmation. The purpose of this process is to be able to verify your registration and, if necessary, resolve any potential misuse of your data.

(3) The personal data collected as part of the newsletter registration will be used exclusively to send out our newsletter. In addition, where necessary for operating the newsletter service or registering for it, subscribers to the newsletter might receive notifications by e-mail. This might be the case in the event of changes to the newsletter service or technical changes. The personal data collected in the context of the newsletter service will not be transferred to third parties. 

(4) Mandatory information for sending out the newsletter is the salutation, your first and last name, and your e-mail address. Providing additional data is voluntary and is used to engage with you on a more individual level. After your confirmation, we will store your e-mail address for the purpose of sending the newsletter to you. The legal basis is Article 6 (1) (1) (a) GDPR.

(5) You may revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation using any communication channel, for instance, by clicking on the link provided in every newsletter e-mail, by sending an e-mail to newsletter@bsi-software.com, or by using the contact data provided in the legal notice.

(6) We would like to note that we evaluate your user behavior when sending out our newsletter. To conduct this evaluation, the e-mails we send contain so-called “web beacons” and/or tracking pixels. For evaluation purposes, we link the data described in Section 4 above and the web beacons to your e-mail address and a unique ID. Links included in the newsletter also contain this ID. 

You can object to this tracking at any time by contacting us through any communication channel. The information will be stored as long as you subscribe to the newsletter. After you unsubscribe, we store your data statistically and anonymously only. In addition, such tracking is not possible if you have deactivated the display of pictures in your e-mail program by default. In this case, you will not be able to view the newsletter in its entirety and will potentially not be able to use all of its features. 

(1) When you use our website, we want to process as few personal data as possible. That is why we selected Fathom Analytics, which does not use cookies and is compliant with GDPR, ePrivacy (including the Privacy and Electronic Communications Regulations; PECR), COPPA (Children’s Online Privacy Protection Act), and CCPA (California Consumer Privacy Act). The provider is Conva Ventures Inc., 26 Bastion Square, Third Floor, Burnes House, Victoria, British Columbia, V8W 1H9, Canada. 

(2) With this privacy-friendly website analysis software, your IP address is only processed briefly, and we (as the operator of this website) have no way of identifying you. Your personal data is anonymized. Additional information is available on Fathom Analytics’ website, at https://usefathom.com/legal/privacy or at https://usefathom.com/legal/compliance/gdpr-compliant-website-analytics.

(3) We use this software to understand the traffic on our website in the most privacy-friendly way possible to allow us to continuously improve our website. 

(4) The legal basis for this is Article 6 (1) (1) (f) GDPR. Our legitimate interest is the continuous improvement of our website. 

(1) We have included YouTube videos in our online services that are stored on http://www.YouTube.com and can be played directly from our website. These videos are all part of the “Extended Privacy Mode,” i.e., no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data stated in Section 2 be transmitted. We have no control over this data transfer. 

(2) When you visit our website, YouTube is informed that you have accessed the corresponding sub-page of our website. In addition, the data stated in Section 4 of this Privacy Policy is transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged into Google, your data will be assigned directly to your account. If you do not wish to have this assignment to your YouTube profile, you must first log out before clicking the play button. YouTube stores your data as a user profile and uses it for the purposes of advertising, market research, and/or the needs-based design of its website. This type of evaluation is conducted (even for users who are not logged in), in particular, to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To do so, you must contact YouTube.

(3) The legal basis is Article 6 (1) (1) (f) GDPR (legitimate interests) and Article 6 (1) (1) (a) GDPR (consent).

(4) Additional information on the purpose and scope of the data collection and processing by YouTube is available in YouTube’s Privacy Policy. There, you will also find more information about your rights and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United Stated and has submitted to the Transatlantic Data Privacy Framework.

© https://idr-datenschutz.de