Privacy Policy
Introduction and Terms
1. Introduction
In operating our website www.f7.de (hereinafter referred to as the ‘website’), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new). With our privacy policy, we want to inform you which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data privacy.
2. Terms
Our privacy policy contains technical terms that are used in the GDPR and the new BDSG. For your better understanding, we would like to explain these terms in simple words in advance:
2.1 Personal Data
‘Personal data’ means any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Details of an identified person can be, for example, their name or email address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining your own or third-party information to find out who the person is. A person can be identified, for example, by providing their address or bank details, their date of birth or user name, their IP addresses and/or location data. All information that can be used to identify a person in any way is relevant here.
2.2 Processing
Art. 4 No. 2 GDPR defines ‘processing’ as any operation relating to personal data. This applies in particular to the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Responsible Company and Data Protection Officer
3. Person Responsible
Responsible for data processing is
The company
F7 Media GmbH (‘we’)
Legal representatives
Claas Wulff, Joachim Wulff-Nielsen (Managing Directors)
Address
Humboldtstr. 67a, 22083 Hamburg
Telephone
+49 40 2384000 30
E-Mail
info@f7.de
4. Datenschutzbeauftragter
Unternehmen
HABEWI GmbH & Co. KG
Gesetzlicher Vertreter
Komplementärin HABEWI Beteiligungs GmbH,
diese vertreten durch den Geschäftsführer Arne Platzbecker
Anschrift
Palmaille 96, 22767 Hamburg
Telefon
+49 40 18189800
Fax
+49 40 181898099
E-Mail
datenschutz@habewi.de
Processing Frame
5. Website
As part of the website with the URL www.f7.de, we process the personal data of you listed in detail in sections 6-15 below. We only process data that you actively provide on our website (e.g. by filling in forms) or that you automatically provide when using our website.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. We use external service providers to operate our website for hosting, maintenance, care and further development. If other external service providers are used for individual processing operations listed in sections 6-15, they will be named there.
Data transfer to third countries does not take place and is not planned. We will provide information about exceptions to this principle in the processing operations described below.
The Processing in Detail
6. Provision of the Website and Server Log Files
6.1 Description of the Processing
Each time you visit the website, we automatically collect information that your browser transmits to our server (so-called log files). This involves the following data:
- your IP address
- the browser software you are using, as well as its version and language
- the operating system you are using
- the website from which you accessed our website (so-called referrer)
- the subpages you have accessed on our website
- the date and time you accessed our website
- your internet service provider
- amount of data transferred
- country and location from which you visited our website
- the length of your visit to our website
This data is also stored in our system's log files. The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to a user's end device. For this purpose, the user's IP address must remain stored for the duration of the session. Your IP address is only recorded in the log files in truncated form by the last three digits.
6.2 Purpose
The processing is carried out to enable the website to be accessed and to ensure its stability and security. In addition, the processing serves to statistically analyse and improve our online offering.
6.3 Legal Foundation
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 6.2.
6.4 Storage Duration
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
7. Contact Form and Contact by E-mail
7.1 Description of the Processing
We have provided a contact form on our website for contacting us. In this form, you will be asked to enter your e-mail address, your surname, your first name, your telephone number and a message to us. The mandatory fields marked with an asterisk ‘*’ must be completed by you. When you click the ‘Send’ button, the data will be transmitted to us using SSL encryption (see section 16). The contact form can only be transmitted if you accept our privacy policy by clicking on the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.
7.2 Purpose
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your enquiry.
7.3 Legal Foundation
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 7.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the fulfilment of the contract (Art. 6 para. 1 lit. b GDPR).
7.4 Storage Duration
The data will be deleted by us as soon as it is no longer required to fulfil the purpose for which it was collected. This is usually the case when the respective communication with you has ended. Communication is ended when it can be inferred from the circumstances that your request has been conclusively clarified. If statutory retention periods prevent deletion, the data will be deleted immediately after the statutory retention period has expired.
8. Cookies
8.1 Description of the Processing
Our website uses cookies. Cookies are small text files that are stored on the user's device when they visit a website. Cookies contain information that makes it possible to recognise an end device and possibly certain functions of a website.
Necessary Cookies
Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Cookies for Marketing and Statistics
We do not use cookies for marketing and statistics. We use Matomo (see 10) as an analysis tool in a configuration without cookies.
8.2 Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 8.1.
8.3 Legal Foundation
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 8.2.
8.4 Storage Duration, Withdrawal of Consent
Cookies are automatically deleted at the end of a session or at the end of the specified storage duration. As cookies are stored on your end device, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent. If we obtain consent to the use of cookies via a cookie banner or a cookie consent tool, you can withdraw this consent at any time within the settings of the cookie banner or the cookie consent tool with effect for the future.
9. Social Networks
9.1 Description of the Processing
Our website does not use any social media plugins. The logos of the social networks Facebook, Twitter, Instagram and Xing displayed on our website are merely linked to the corresponding profiles of our company. If you click on one of the logos, you will be redirected to the external website of the respective social network.
However, our profiles within the social networks also constitute data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. ‘share’, ‘like’ or ‘retweet’ a post, this information is also stored in your user account. We have the option of obtaining statistical data via the so-called ‘Insights’ on our Facebook page. These statistics are provided by Facebook. The ‘Insights’ function cannot be disabled. We cannot decide to switch this function on or off. It is available to all Facebook fan page operators, regardless of whether you use Facebook's Insights function or not. We are provided with data for a selectable period of time and for the following groups of people: Fans, subscribers, people reached and interacting people. This involves the following categories of personal data: Total number of page views, ‘Like’ information including origin, page activity, post interactions, reach, post reach (divided into organic, viral and paid interactions), comments, shared content, replies and demographic analyses, i.e. country of origin, gender and age. Due to the Facebook terms of use - which every user must have agreed to in order to use Facebook - we are able to identify subscribers and fans of our site and view their profiles.
The social networks with which you communicate store your data using pseudonyms as user profiles and use them for advertising and market research purposes. For example, you may be shown adverts within the social network and on other third-party websites that match your presumed interests. As a rule, cookies are used for this purpose, which the social network stores on your end device. Further information on cookies can be found in section 8. You have the right to object to the creation of these user profiles, and you must contact the social networks directly to exercise this right.
9.2 Purpose
We maintain profiles on the aforementioned social networks for the purpose of up-to-date and supportive public relations and corporate communication with customers and interested parties.
We use the ‘Facebook Insights’ function to make our posts on our Facebook fan page more attractive to our visitors. This enables us, for example, to use visitors' preferred visiting times to optimise the timing of our posts.
9.3 Legal Foundation
The legal foundation for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in Section 9.2. If you are asked by us for consent in the context of a cookie banner or cookie consent tool, the legal foundation is Art. 6 para. 1 lit. a GDPR. Such consent is voluntary. If you are asked for consent by the respective operator of a social network, the legal foundation is Art. 6 para. 1 lit. a GDPR. With regard to our Facebook fan page, data processing is also carried out on the basis of an agreement on joint responsibility in accordance with Art. 26 GDPR between us and Facebook, which you can view here: www.facebook.com/legal/terms/page_controller_addendum.
9.4 Recipients and Transfer to Third Countries
The respective social networks are operated by the companies listed below. Further information on data privacy with regard to our profile on the social networks can be found in the linked privacy policies.
- Facebook: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. Datenschutzbestimmungen: www.facebook.com/policy.php; www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other sowie www.facebook.com/about/privacy/your-info.
- Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; Privacy policy: twitter.com/privacy.
- Instagram: Instagram LLC, 1601 Willow Rd, Menlo Park, California 94025, USA; Privacy policy: help.instagram.com/155833707900388/.
- Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany; Privacy policy: privacy.xing.com/de/datenschutzerklaerung.
The social networks also process your personal data in the USA. If standard contractual clauses are in place, these are the basis for the transfer of personal data from the European Union to the USA.
10. Matomo
(before “Piwik”)
10.1 Description of the Processing
Our website uses ‘Matomo’, a web analytics service provided by Innocraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo is an open source software that we have installed on our server. Matomo uses cookies (see section 8), which are required for operation. The Matomo integration is configured so that no cookies are used for marketing or analysis purposes. The statistics compiled by Matomo record in particular how many users visit our website, the country or location from which access is made, which subpages are accessed and which links or search terms visitors use to reach our website. These data are not passed on to third parties. Your IP address is not associated with other data relating to you. The IP addresses are only recorded in anonymised form so that they cannot be assigned (so-called IP masking).
10.2 Purpose
The processing takes place in order to be able to analyse the use of our website. The information obtained is used to improve and customise our online presence.
10.3 Legal Foundation
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 13.2. If you are asked by us for consent in the context of a cookie banner or cookie consent tool, the legal foundation is Art. 6 para. 1 lit. a GDPR. Such consent is voluntary.
10.4 Storage Duration and Right to Object
We have explained the storage duration as well as your control and setting options for cookies in section 8. If we obtain consent to the use of Matomo via a cookie banner or a cookie consent tool, you can revoke such consent at any time within the settings of the cookie banner or the cookie consent tool with effect for the future. The analysis data processed and stored with Matomo is automatically deleted by us after one year.
11. Processing of Applicant Data
11.1 Description of the Processing
We process the data that you provide in connection with your application in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process. This includes general personal data (such as your name, address and contact details), information about your professional qualifications and schooling, information about further professional training, knowledge and skills, as well as other information that you disclose to us in connection with your application. As a rule, this is done by means of a letter of application, CV, certificates, correspondence, telephone or verbal information from you.
We would like to assess all applicants only according to their qualifications and therefore ask you to refrain from disclosing ‘special categories of personnel data’ in accordance with Art. 9 of the General Data Protection Regulation in your application (e.g. a photo that reveals your ethnic origin, information about severe disabilities, etc.). If your application contains such information, please send us a corresponding declaration of consent, as otherwise your application cannot be considered. If your application is successful, we will transfer your data to your personal file and use it to implement and terminate your employment relationship.
If we are currently unable to offer you employment, we will continue to process your data after the rejection has been sent in order to defend ourselves against any legal claims, in particular due to alleged discrimination in the application process.
If you are not selected for the vacant position, we will transfer your data to our applicant pool, provided we have your consent to do so.
11.2 Purpose
The processing is carried out to fulfil the application procedure, to decide on the establishment of an employment relationship with us and to document compliance with legal provisions in the application procedure.
11.3 Legal Foundation
Data processing in connection with the application process has its legal foundation in § 26 para. 1 sentence 1 BDSG and Art. 6 para. 1 para. 1 lit. b GDPR. If your application is successful, further data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR in conjunction with Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 BDSG for the purpose of establishing, implementing and terminating the employment relationship. If you have given your consent, e.g. for the inclusion of your data in our applicant pool, the data processing is carried out on the basis of Art. 6 para. 1 para. 1 lit. a GDPR. The legal basis for data processing after a rejection is also Art. 6 para. 1 para. 1 lit. f GDPR. Our legitimate interest lies in the defence against legal claims.
11.4 Storage Duration
If your application is successful, your data will be transferred to your personnel file and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after sending the rejection. If we transfer your data to our applicant pool after completion of the application process, we will delete it from the applicant pool if an employment relationship is subsequently established or otherwise two years after acceptance.
11.5 Recipients of Your Data, Disclosure of Data to Third Parties and Transfer to Third Countries
Your application data will be reviewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. The next steps are then agreed. Within the company, only those persons have access to your data who need it for the proper conduct of our application process. Data is not transferred to third parties. Data is also not transferred to third countries, nor is this planned.
Security Measures
12. Security Measures
To protect your personal data from unauthorised access, we have provided our website with an SSL or TLS certificate. SSL stands for ‘Secure Sockets Layer’ and TLS for ‘Transport Layer Security’ and encrypts the communication of data between a website and the user's end device. You can recognise active SSL or TLS encryption by the small padlock logo displayed on the far left of the browser's address bar.
Your Rights
13. Data Subject Rights
With regard to the data processing described above by our company, you have the following rights as a data subject:
13.1 Information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to the further information listed in Art. 15 GDPR under the conditions specified in Art. 15 GDPR.
13.2 Rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data.
13.3 Deletion (Art. 17 GDPR)
You have the right to demand that we delete personal data concerning you immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes we are pursuing.
13.4 Restriction of Data Processing (Art. 18 GDPR)
You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that enables us to verify the accuracy of your data.
13.5 Data Portability (Art. 20 GDPR)
You have the right, under the conditions set out in Art. 20 GDPR, to demand the surrender of the data concerning you in a structured, common and machine-readable format.
13.6 Withdrawal of Consent (Art. 7 para. 3 GDPR)
You have the right to withdraw your consent at any time in the case of processing based on consent. The revocation applies from the time of its assertion. In other words, it is effective for the future. Withdrawal of consent therefore does not retroactively render the processing unlawful.
13.7 Complaint (Art. 77 GDPR)
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right with a supervisory authority in the EU Member State of your place of residence, your place of work or the place of the alleged infringement.
13.8 Prohibition of automated Decision-Making/Profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you may not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
13.9 Objection (Art. 21 GDPR)
If we process your personal data on the basis of Art. 6 para. 1 lit. f GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies if there are grounds relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case - regardless of a particular situation - you have the right to object to the processing of your personal data for direct marketing purposes at any time.
As of: June 2024