1. Data Protection, Controller, and Data Protection Officer
In the following, we inform you about the collection of personal data when using our website. Personal data includes all data that can be related to you personally, e.g., name, address, email addresses, user behavior.
The controller for the processing of your personal data by this website is:
BAGSIDE (hiframes® GmbH)
Romaneystr. 18
D-51063 Cologne
Email: support[at]bagside.de
You can reach our data protection officer at the email address hello[at]hiframes.de or our postal address with the addition "The Data Protection Officer."
2. Cookies
We use functional cookies to facilitate usability and for the reach measurement of our website, in which we store, for example, your language settings. The use of these functional cookies represents a legitimate interest on our part. The legal basis for this is also Art. 6 para. 1 lit. f GDPR.
Cookies are small text files that are stored on your hard drive and automatically deleted depending on your browser settings or after a specified period. Cookies cannot execute programs or transmit viruses to your computer. They are used to make the internet offering as a whole more user-friendly and effective.
You can configure your browser settings at any time to allow or exclude the use of cookies, require confirmation for the use of cookies, and automatically delete them after the end of the session. If you do not allow cookies, it is possible that not all functions of the website will be available.
You can find information on tracking cookies in section 5 below.
3. Notice Regarding Data Transfer to the USA
Tools from companies based in the USA are integrated on our website. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to disclose personal data to security authorities without you being able to take legal action against this as a data subject. It cannot therefore be ruled out that US authorities (e.g., intelligence agencies) may process, evaluate, and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
4. Personal Data
(1) When you use the website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
-
IP address
-
Date and time of the request
-
Time zone difference to Greenwich Mean Time (GMT)
-
Content of the request (specific page)
-
Access status/HTTP status code
-
Amount of data transferred in each case
-
Website from which the request comes
-
Browser
-
Operating system and its interface
-
Language and version of the browser software.
Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes are exempted from deletion until the final clarification of the respective incident. The legal basis is Art. 6 para. 1, lit. f GDPR.
(2) Personal data is only collected by us beyond this and only to the extent that you provide this data to us voluntarily, e.g., as part of contact or job application. We treat this data confidentially and only use it for the original purpose and purpose of the transmission, usually for the processing and handling of your request. In principle, the data is not transmitted to third parties unless this is legally required or permitted, you have given us your consent, or there is an official order to do so. If your request is directed to one of our group companies, we will of course forward your request to this company. If you contact us by email, your email will be stored in our email system. We can store your request and the associated data in our CRM system. The emails themselves are not stored in encrypted form. Our contact form is SSL/TLS transport encrypted, which you can recognize by the "https" before the URL. Our mail server also supports the common transport encryption protocols. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
5. Data Protection for Job Applications
(1) In the event of an application, we process the data voluntarily transmitted to us by you for the purpose of conducting and processing the application process. The recipients of the data are exclusively the persons in the personnel department who are involved in the application process with us, who can pass on your application to other group companies if you have applied directly to these group companies or we believe that your application might be of interest to one of our group companies. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
(2) In the event of rejection of your application, the storage period is 6 months beyond the end of the application process. This storage period results from the possible assertion of claims under the AGG (General Equal Treatment Act) and our associated legitimate interest in being able to defend ourselves against such claims. The legal basis for this is Art. 6 para. 1 lit. f GDPR.
(3) If you have voluntarily consented to be included in our applicant pool, we can also agree on a different period with your consent. You can revoke this consent at any time with effect for the future. The legal basis for this is Art. 6 para. 1 lit. a GDPR.
6. Google Analytics
This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used, and the origin of the user. This data may be aggregated by Google into a profile that is assigned to the respective user or their device. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If consent has been requested (e.g., consent to the storage of cookies), processing will be carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the European Commission.
You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
IP Anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information on how user data is handled by Google Analytics, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.
Data Processing Agreement
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic Characteristics in Google Analytics
This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain information about the age, gender, and interests of the site visitors. This data comes from interest-based advertising by Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this feature at any time in the ad settings in your Google Account or generally prohibit Google Analytics from collecting your data as described in the "Objection to data collection" section.
7. Hosting with Amazon Web Services (AWS)
We host our website with AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter: AWS).
When you visit our website, your personal data is processed on AWS servers. Personal data may also be transferred to the parent company of AWS in the USA. The data transfer to the USA is based on the EU standard contractual clauses. Details can be found here:
https://aws.amazon.com/compliance/eu-data-protection/.
For more information, please refer to AWS's privacy policy: https://aws.amazon.com/privacy/?nc1=f_pr.
The use of AWS is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a reliable presentation of our website. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Conclusion of a Data Processing Agreement
We have concluded a data processing agreement with AWS. This is a legally required contract that ensures that AWS processes the personal data of our website visitors only on our instructions and in compliance with the GDPR.
8. Vimeo without Tracking (Do-Not-Track)
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This informs the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. However, we have configured Vimeo not to track your user activities and not to set any cookies.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests." Details can be found here: https://vimeo.com/privacy.
For more information on how user data is handled, please refer to Vimeo's privacy policy: https://vimeo.com/privacy.
9. Facebook Fan Page
We operate the Facebook fan page https://www.facebook.com/hiframes to interact with users who use Facebook. The data generated when using this fan page is processed by Facebook outside the EU. Facebook compensates for the resulting deficits through Privacy Shield certification (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Facebook regularly uses the personal data generated when using our fan page for its own advertising, analysis, and market research purposes, such as profiling regarding your interests and user behavior, to display tailored advertisements to you. If you are registered with Facebook, Facebook may also directly associate your activities on our fan page with you. Facebook also provides us with various aggregated data. We regularly cannot draw conclusions about individual persons from this insight data. We use this insight data to make our offer more relevant to you. The legal basis is Art. 6 para. 1 lit. f GDPR. Targeted and thus effective communication with our users is our legitimate interest.
10. Your Rights
(1) You have the right at any time to request information pursuant to Art. 15 GDPR as to whether we process personal data about you. If this is the case, this will result in further information obligations on our part.
(2) You also have the right to correct the data pursuant to Art. 16 GDPR, to delete the data pursuant to Art. 17 GDPR, and to restrict the processing of the data pursuant to Art. 18 GDPR, unless there are no further legal requirements to the contrary.
(3) Of course, you can revoke your consent given pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR for the processing of the data at any time without giving reasons. The legality of the processing up to the revocation is not affected by this.
(4) In addition, you have the right to data portability pursuant to Art. 20 GDPR.
(5) In addition, especially in the case of processing based on Art. 6 para. 1 lit. e or f GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of the data. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adjust the data processing or show you our compelling legitimate reasons on the basis of which we will continue the processing.
(6) You also have the right to lodge a complaint with the supervisory authority responsible for you, which you can find here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Last updated: November 2019
