Data Privacy Statement
This data privacy statement sets out the nature, extent and purpose of the personal data (hereinafter "data") we process within our online offering and the websites, functions and content associated with it as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). The terminology we use, e.g. "processing" or "controller", is based on the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Localization Factory Munich
Email address: info[bei]loctory[punkt]de
Owners: Florian Nedwed und Horst Hösel
Types of data processed:
- Inventory data (e.g. name, address)
- Contact data (e.g. email, telephone numbers)
- Content data (e.g. text input, photographs, videos)
- Usage data (e.g. websites visited, interest in content, access times)
- Metadata/communication data (e.g. device information, IP addresses).
Purpose of processing
- Making the online offering, its functions and its content accessible
- Answering enquiries and communicating with users
- Security measures
- Reach measurement/marketing
"Personal data" are any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is wide-ranging and covers virtually every aspect of data handling.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Applicable legal bases
Art. 13 GDPR stipulates that we must inform you about the legal bases of our data processing procedures. If the legal basis is not specified in the data privacy statement, the following applies: The legal basis for obtaining consent is point (a) of Art. 6 (1) and Art. 7 GDPR, the basis for the processing of data that are necessary to perform a contract or to answer enquiries is point (b) of Art. 6 (1) GDPR, the basis for the processing of data that are necessary for compliance with our legal obligations is point (c) of Art. 6 (1) GDPR and the basis for the processing of data that are necessary for the purposes of our legitimate interests is point (f) of Art. 6 (1) GDPR. Point (d) of Art. 6 (1) GDPR serves as the legal basis in cases where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person.
Please check the content of our data privacy statement on a regular basis. We will amend the data privacy statement as and when this is necessitated by any changes to our data processing procedures. We will inform you immediately if the changes necessitate an act of cooperation on your part (e.g. consent) or any other individual notification.
Cooperation with commissioned processors and third parties
If we disclose or transmit data to other persons and companies (commissioned processors or third parties) or otherwise grant access to the data within the scope of our processing, this will only be done on the basis of statutory consent (e.g. if the transmission of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to point (b) of Art. 6 (1) GDPR), if you have given your consent, if we have a legal obligation to do so or on the basis of our legitimate interests (e.g. appointment of officers, web hosting services, etc.).
If we instruct third parties to process data on the basis of a commissioned data processing contract, this will be done on the basis of Art. 28 GDPR.
Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs within the scope of the use of third-party services or the disclosure or transmission of data to third parties, this will only be done if it is necessary for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, by reason of a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual consent, we will only process the data or have the data processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. This means that processing will be carried out on the basis of special guarantees, for instance, such as the official recognition of an EU-equivalent data protection standard (e.g. the Privacy Shield in the USA) or adherence to officially recognised contractual obligations ("standard contractual clauses").
Rights of data subjects
You have the right to obtain confirmation as to whether or not personal data are being processed, and, where that is the case, access to these data as well as further information and a copy of the data pursuant to Art. 15 GDPR.
According to Art. 16 GDPR you have the right to ask for incomplete personal data to be completed and for inaccurate personal data to be rectified.
You have the right to ask for personal data to be erased without delay according to Art. 17 GDPR and/or to ask for the processing of data to be restricted in accordance with Art. 18 GDPR.
According to Art. 20 GDPR you have the right to ask to receive the personal data which you have provided to us and to transmit those data to other controllers.
According to Article 77 GDPR you also have the right to lodge a complaint with the competent supervisory authority.
Right of cancellation
You have the right, with future effect, to withdraw consent that you had given previously in accordance with Art. 7 (3) GDPR.
Right to object
According to Art. 21 GDPR, you may object at any time to the future processing of your personal data. In particular, you have the right to object to the processing of your data for direct marketing purposes
Cookies and right to object to direct marketing
Cookies are small text files that are stored on users' computers. Various details can be stored inside the cookies. The primary purpose of a cookie is to store the details of a user (or of the device on which the cookie is stored) during or after his or her visit to an online offering. Temporary cookies (also known as session cookies or transient cookies) are deleted once a user leaves an online offering and closes his or her browser. Such cookies can be used to store the content of a shopping basket in an online shop, for example, or a login status. Cookies that are still stored after the browser has been closed are known as permanent or persistent. The login status can thus be saved, for example, if the user searches for it several days later. In the same way, the interests of users can be stored in such cookies and used for the purposes of reach measurement and marketing. Third-party cookies are those cookies installed by providers other than the controller which operates the online offering (the term first-party cookies is used if the cookies are installed by the latter only).
We may use temporary and permanent cookies and will clarify this in our data privacy statement.
Any users who do not wish cookies to be stored on their computer are asked to disable the relevant option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may restrict the full functionality of this online offering.
Erasure of data
The data we process will be erased or their processing will be restricted in accordance with Art. 17 and 18 GDPR. Unless otherwise specified in this data privacy statement, the data we store will be erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with any statutory duties of retention. If the data are not deleted because they are required for other legally admissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained under tax and commercial law.
According to statutory provisions in Germany, data must be retained for 10 years pursuant to section 147 (1) of the Tax Code (Abgabenordnung - AO) and section 257 (1) no. 1 and 4 and (4) of the German Commercial Code (Handelsgesetzbuch - HGB) (books, records, annual reports, accounting records, commercial books, tax documentation etc.) and six years pursuant to section 257 (1) no. 2 and 3 and (4) HGB (business letters).
According to statutory provisions in Austria, data must be retained for seven years pursuant to section 132 (1) of the Federal Tax Code (Bundesabgabenordnung – BAO)(accounting records, receipts/invoices, accounts, supporting documents, business papers, statements of income and expenditure etc.), for 22 years in connection with land and for 10 years in the case of documents in connection with electronic services, and telecommunications, radio and television services which are provided for non-entrepreneurs in EU Member States and for which the Mini One Stop Shop (MOSS) is used.
We use hosting services to enable us to provide the following services: infrastructure and platform services, computing capacity, storage space, database services, security services and technical maintenance services, which we use for the purpose of operating this online offering. In this connection we and/or our hosting service provider process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to this online offering on the basis of our legitimate interests in providing an efficient and secure online offering in accordance with point (f) of Art. 6 (1) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing contract).
Collection of access data and log files
We and/or our hosting service provider collect data every time there is access to the server on which this service is located (in what are known as server log files) on the basis of our legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Access data include the name of the accessed website, file, date and time of retrieval, volume of data transferred, report on successful retrieval, browser type and version, user operating system, referrer URL (the previously visited site), IP address and the requesting provider.For security reasons (e.g. in order to identify any fraud or abuse), information in the log files will be stored for a maximum of seven days and then erased. Data whose further retention is required for evidential purposes are excluded from erasure until the relevant matter has been finally resolved.
We process our customers' data within the scope of contractually agreed services, which include conceptual and strategic advice, campaign planning, software and design development/support or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consultancy services and training services.In this connection we process inventory data (e.g. customer master data such as names and addresses), contact data (e.g. email, telephone numbers), content data (e.g. text input, photographs, videos), contract data (e.g. subject matter, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. in the context of evaluating and measuring the success of marketing activities). We never process certain categories of personal data unless specifically instructed to do so. The data subjects include our customers, interested parties and their customers, users, website visitors, employees and third parties. The purpose of processing is the performance of contract, billing and our customer service. The legal bases of processing arise from point (b) of Art. 6 (1) GDPR (performance of contract) and point (f) of Art. 6 (1) (analysis, statistics, optimisation, security measures). We process data that are required to establish and fulfil the contractual services; please note that these details are essential for that purpose. No data will be disclosed to third parties unless this is necessary within the scope of an order. When processing data sent to us within the scope of an order, we act in accordance with the instructions of the client and the statutory provisions of commissioned data processing pursuant to Art. 28 GDPR. We do not process the data for any purposes other than those of the order.We will erase the data on expiry of legal warranty obligations and similar duties and review the necessity of data retention every three years; any data in connection with legal archiving obligations will be erased on expiry (six years under section 257 (1) HGB, 10 years under section 147 (1) AO). If any data are disclosed to us by the client within the scope of an order, we will erase them in accordance with the provisions of the order or on completion of the order.
Administration, financial accounting, office organisation, contact management
We process data within the scope of the administrative and organisational requirements of our business, financial accounting and compliance with statutory obligations such as archiving. In this connection we process the same data as we process for the performance of a contract. Processing is based on point (c) of Art. 6 (1) GDPR and point (f) of Art. 6 (1) GDPR. Customers, interested parties, business partners and website visitors are the subjects of processing. The purpose of and our interest in processing lies in administration, financial accounting, office organisation and archiving of data, i.e. tasks which help us to sustain our business activities, perform our duties and provide our services. The erasure of data in respect of contractual services and contractual communication is carried out as specified in the case of these processing activities.In this connection we disclose or transmit data to the financial authority, consultants such as tax advisers or auditors, other billing centres and payment service providers.We also store details of suppliers, event organisers and other business partners in case we subsequently need to contact them on the basis of our business interests, for instance. In principle we store these data, most of which are business-related, permanently.
Data protection information in application procedures
We will only process applicant data for the purpose of and within the scope of the application procedure in compliance with statutory provisions. Applicant data will be processed in order to fulfil our (pre-)contractual obligations in the application procedure within the meaning of Art. 6 (1) (b) GDPR and point (f) of Art. 6 (1) GDPR to the extent that data processing is necessary for us, e.g. for the purposes of legal proceedings (section 26 of the German Data Protection Act applies additionally in Germany).The application procedure requires applicants to send us their details. If we provide an online form, the requisite applicant details are marked on it. If not, they are shown in the job descriptions and normally include personal details, postal address and other contact details, and accompanying documentation such as covering letter, curriculum vitae and references. Applicants can also volunteer additional information.When the applicant sends the application to us, he or she will give consent to the data being processed for the purpose of the application procedure in accordance with the type and scope set out in this data privacy statement.If special categories of personal data within the meaning of Art. 9 (1) GDPR are given voluntarily within the scope of the application procedure, such data will be processed additionally in accordance with point (b) of Art. 9 (2) GDPR (e.g. data concerning health, such as a serious disability for instance, or ethnic origin). If special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants within the scope of the application procedure, such data will be processed additionally in accordance with point (a) of Art. 9 (2) GDPR (e.g. data concerning health if these are required in order to practice a profession).If an online form is provided on our website, applicants can use this to send us their applications. The data will be transmitted to us in encrypted form, taking into account the state of the art.Applicants can also send us their applications by email. Please note, however, that emails are generally not sent in encrypted form and that applicants are themselves responsible for encryption. We are therefore unable to assume any responsibility for the transmission path between the sender and our server and thus recommend using an online form or the postal service. Applicants have the option of using the online form and email, or sending us their application by post.Any data provided by successful applicants may be processed by us for the purposes of the contract of employment. The data of unsuccessful job applicants will be erased. Applicants are entitled to withdraw at any time. If they do so, their data will likewise be erased.Subject to legitimate withdrawal of consent by the applicant, data will be erased after a period of six months to allow us to answer any follow-up questions to the application and meet our evidential obligations under the Equal Treatment Act. Any invoices for the reimbursement of travel expenses will be archived in accordance with the provisions of tax law.
The details of any user who contacts us (by contact form, email, telephone or social media, for example) will be duly processed in order to deal with the enquiry pursuant to point (b) of Art. 6 (1) GDPR. Users' details may be saved in a customer relationship management system (CRM system) or similar enquiry system.We will erase the enquiries as soon as they are no longer required. We will check whether they are still required every two years; the legal archiving obligations will continue to apply.
Online presence in social media
We maintain an online presence on social networks and platforms to enable us to communicate with active customers, interested parties and users and tell them about our services. The general terms and conditions and the data processing guidelines of the respective operators will apply when accessing these networks and platforms. Unless otherwise indicated in our data privacy statement, we will process users' data if they communicate with us on social networks and platforms, by writing articles on our pages or sending us messages for example.
Embedding of third-party services and content
We use content and services provided by third parties in our online offering on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offering within the meaning of point (f) of Art. 6 (1) GDPR) in order to embed their content and services, such as videos or fonts, (hereinafter collectively referred to as "content"). This always requires the third-party providers of this content to use the IP address of users as they could not send the content to their browser without the IP address. The IP address is thus necessary to display this content. We will strive only to use content from providers who supply content solely through the IP address. Third-party providers may also use what are known as pixel tags (invisible graphics, also called web beacons) for statistical and marketing purposes. The pixel tags can be used to evaluate information, such as traffic on the pages of this website. Information given under a pseudonym may also be stored in cookies on users' devices and may contain, among other things, technical information on the browser and operating system, referring web pages, time of visit and further details on the use of our online offering and may be linked with such information from other sources.
We embed maps from Google Maps, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include in particular the IP addresses and location data of users, but these cannot be collected without their consent (normally done in the settings of their mobile devices). The data may be processed in the USA. Data privacy statement: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Reach measurement with Matomo