1.2. The provider of the Websites, and the party responsible for data protection and privacy issues in regard to the Websites, is the company Audisto GmbH, Hans-Thoma-Str. 4, 76593 Gernsbach, managing directors: Sören Bendig, Tobias Schwarz, Gerd Riesselmann, email: email@example.com (hereinafter referred to as "we", "us" and "our"). For further information about us and contact details please refer to our legal information: https://audisto.com/imprint.
1.3. Our privacy officer, Dr. Thomas Schwenke, can be also contacted at the following email address: firstname.lastname@example.org.
2.1. The personal data of the users processed in the context of our Service include inventory data (e. g., names and addresses of customers), contract data (e. g., services used, names of staff, payment information), usage data (e. g., the websites visited, interest in our products), Meta/communication data (device IDs, IP addresses, location data) and content data (e. g., entries in the contact form).
2.3. All the personal User data we collect is processed in accordance with the relevant data protection regulations. That means we only process User data where this is permitted by law. This applies, in particular, if data processing is required or prescribed by law in order to furnish our contractual services (e.g. to process orders) and provide online services, or if the User has provided their consent, or if it is for the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a secure and commercially viable manner within the meaning of Art. 6 (1) f. of the General Data Protection Regulation (GDPR)).
2.4. In regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), please note that the legal basis for the data subject giving consent is Art. 6 (1) a. and Art. 7 GDPR, the legal basis for processing data in order to perform our contractual services and discharge our contractual obligations is Art. 6 (1) b. GDPR, the legal basis for processing data in order to comply with our legal obligations is Art. 6 (1) c. GDPR, and the legal basis for processing data for the purposes of our legitimate interests is Art. 6 (1) f. GDPR.
3.1. We apply state-of-the-art organizational, contractual and technical security measures to ensure compliance with the provisions of data protection legislation and thereby to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
3.2. These security measures include, in particular, the encrypted transmission of data between your browser and our server.
4.1. Data is only forwarded to third parties to the extent permitted by law. We only forward User data to third parties if, for example, this is necessary in order to fulfil our contractual obligations towards the users or if we make use of third party services within the scope of our legitimate interests. Furthermore, data is transferred within the companies of our group of companies, in particular for the purpose of fulfilling administrative tasks, legal obligations or for reasons of business interests.
4.2. Insofar as we make use of third-party services to furnish our own services, we ensure appropriate legal safeguards are in place and take appropriate technical and organizational steps to ensure that personal data is protected in compliance with applicable statutory requirements.
5.1. We process inventory data (e. g., names and addresses as well as contact data of users) and contract data (e. g., services used, names of contact persons, payment information) of our customers, interested parties as well as attendees of trade fairs and events for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 (1) b. GDPR.
5.2. Furthermore, we process the data of our customers and attendees (e. g., the visited websites of our online offer, interest and attendance at our events, as well as in the use of products and orders) on the basis of our legitimate interests in advertising and market research purposes in accordance with Art. 6 (1) f. GDPR, in order to offer customers and attendees services based on their previous contractual interests or the events they have attended, to make events pleasant and secure or to analyse the development of our business operations. Furthermore, we process the data insofar as we are legally required to do so, e. g. due to commercial and tax obligations, in accordance with Art. 6 (1) c. GDPR, are obligated.
5.3. If a User gets in touch with us via the contact form or by email, we process the User’s details in order to respond to and deal with the query or request. The User’s details may be stored in our customer relationship management (CRM) system or a comparable enquiry system.
6.1. For the purposes of our legitimate interests, we collect data every time the server on which the service is located is accessed. This data is collected in the form of server log files. These access logs include the name of the webpage and/or file accessed by the User, the date and time of access, the amount of data transferred, notification of successful retrieval, details of the web browser used (including the version), the User’s operating system, the referrer URL (of the previous page linking to our website), the IP address and the requesting provider.
6.2. Log file information is retained for security reasons (e.g. to detect improper use or fraud) for a maximum of seven days before being deleted. Data that is to be retained as evidence shall be excluded from deletion until the relevant case has been finalized.
7.1. Cookies are data packets that are transferred from our web server or third parties’ web servers to the User’s web browser and stored there for later retrieval. Cookies may comprise small files or any other kinds of information storage. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity. We use so-called "session cookies", which information are only stored for the duration of the current visit to our Website (e. g. to enable your login status). A session cookie stores a randomly generated unique identification number, a so-called session-ID. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when users have finished using my online offer and, for example, log out or close the browser.
7.3. If the User does not wish cookies to be stored on their computer, we hereby request that they disable the relevant option in their browser settings. Stored cookies can be deleted in the browser settings at any time. Disabling cookies may prevent the user from enjoying the full functionality of these Websites.
7.4. Users can block cookies that are used for tracking and online advertising by visiting the opt-out page of the network advertising initiative (http://optout.networkadvertising.org/) and also by managing their preferences on the U.S. website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad-choices/.
8.2. Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
8.3. Google will use this information on our behalf for the purpose of evaluating use of our Websites by the User, compiling reports on activity on the Websites, and providing us with other services relating to the use of the Websites and use of the Internet. This process may involve creating pseudonymized usage profiles of Users from the processed data.
8.4. We use Google Analytics to display the ads placed by Google and its partners within advertising services, only to those users who have shown an interest in our online offers or who have particular characteristics (e. g. interests in certain topics or products determined by the websites visited) that we transmit to Google (so-called Remarketing or Google Analytics audiences). With the help of remarketing audiences, we would also like to ensure that our advertisements are in line with the potential interest of the users and do not have a nuisance effect.
8.5. We only use Google Analytics with IP anonymization enabled. That means Google truncates the User’s IP address within Member States of the European Union and in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
8.6. The IP address transmitted by the User’s browser is not associated with any other data held by Google. Users can prevent cookies from being installed on their computer by adjusting their browser settings accordingly. Users can also prevent Google from collecting data generated by cookies concerning their use of the Websites and can prevent Google from processing this data by downloading and installing a browser plug-in from the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
8.7. For more information on how Google uses data and how to opt out, please refer to Google’s websites: https://www.google.com/intl/en/policies/privacy/partners ("How Google uses data when you use our partners' sites or apps"), https://www.google.com/policies/technologies/ads ("How Google uses data in advertising"), https://www.google.com/settings/ads ("Control the information Google uses to show you ads").
9.1. For the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR), we use the marketing and remarketing services (hereinafter referred to as "Google marketing services") provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
9.2. Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. Google marketing services enable us to display ads for and on our website in a more targeted fashion, helping us to only show ads to Users that are potentially of interest to them. The method we use, known as remarketing, involves, for example, showing Users ads for products in which they have already shown an interest on other websites. For this purpose, our Websites – and other websites on which Google marketing services are active – contain a snippet of code, which is executed directly by Google. This integrates what are known as (re)marketing tags in the website (invisible image files or code, also known as web beacons). With the help of these tags, an individual cookie, i.e. a small file, is saved on the User’s device (comparable technologies may also be used instead). These cookies may be set from a few different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file notes which sites the User visits, which content interests the User, and which offers he or she clicked, as well as technical information on the browser and operating system, referring websites, visit duration and other data on the use of the Websites. The User’s IP address is also recorded, though we wish to make it clear that, within the context of Google Analytics, the IP address is truncated within European Union Member States and in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to the US-based Google server and truncated there. The IP address is not merged with User data within other Google offerings or services. The information referred to above may also be linked to comparable information from other sources. If the User subsequently visits other websites, they may be presented with ads tailored to them according to their interests.
9.4. User data is processed in a pseudonymized manner within the context of Google marketing services, i.e. Google does not store and process details such as the name or email address of the User, but instead processes the relevant data within pseudonymized usage profiles based on cookies. This means that, from Google’s perspective, the ads are not managed for and displayed to a named or otherwise identifiable person, but rather for and to the cookie holder, regardless of who this cookie holder is. That is not, however, the case if a User has expressly granted Google permission to process their data in a non-pseudonymized manner. Information collected on Users by Google marketing services is transmitted to Google and stored on Google’s servers in the USA.
9.5. One of the Google marketing services we use is the online advertising service "Google AdWords". In the case of Google AdWords, each AdWords client receives a different "conversion cookie". Thus, cookies cannot be tracked across the websites of AdWords clients. The information collected by the conversion cookies is used to provide aggregate conversion statistics for AdWords clients who have opted in to conversion tracking. AdWords clients are informed of the total number of users who clicked on the ad and were forwarded to a conversion tracking tag page. However, they do not receive any information that would enable them to identify users personally.
9.7. We use "Google Optimize" a service that allows us to track the effects of various changes to a website (e. g. changes in input fields, design, etc.) within the framework of so-called "A/B tests".
9.8. We may also use the Google Tag Manager to incorporate and manage Google analysis and marketing services in our Websites.
9.10. If you wish to opt out of personalized advertising by Google marketing services, you can adjust your preferences and opt-out settings by visiting the following page: https://www.google.com/ads/preferences.
10.1. Due to our legitimate interest in the analysis, optimization and economic operation of our online offer and for these purposes within the meaning of Art. 6 (1) f. of the GDPR we use the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
10.2. Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
10.3. With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display our Facebook ads only to Facebook users who have shown an interest in our Websites or who have specific characteristics (e. g. interests in certain topics or products determined by the websites visited) that we submit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and do not have a nuisance effect. Using the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion tracking").
10.4. The Facebook pixel is directly integrated into our web pages by Facebook and can store a so-called cookie, i. e. a small file, on your device. If you then log in to Facebook or visit Facebook when you are logged in, your visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, i. e. it does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Facebook so that it can be linked to the respective user profile and used by Facebook as well as for its own market research and advertising purposes. If we transfer data to Facebook for comparison purposes, it is encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done with the sole purpose of matching the data encrypted by Facebook.
10.5. Furthermore, when using the Facebook pixel, we use the additional function "advanced matching", in which inventory data such as telephone numbers, email addresses or users' Facebook IDs is transmitted to Facebook (encrypted), but solely to create target groups ("Custom Audiences"). Users agree our use of the "advanced matching" and the related processing of their data.
10.6. We use the "Custom Audiences from File" function of the social network Facebook, Inc. in which case inventory data (phone numbers, email addresses, Facebook IDs) will be uploaded to Facebook. The upload process is encrypted. The upload serves solely to identify recipients of our Facebook ads. We want to ensure that the ads are only displayed to users who are interested in our information and services. Users agree our use of the "Custom Audiences from File" function and the related processing of their data.
10.7. Facebook's processing of the data is governed by Facebooks Data Usage Policy. Accordingly, general instructions on how to display Facebook ads, in the Facebook Data Usage Policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook pixel and how it works, please visit the Facebook Help Center: https://www.facebook.com/business/help/651294705016616.
10.8. You may object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what kind of ads you see on Facebook, you can go to the page set up by Facebook and follow the instructions on how to set up use-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i. e. they are applied to all devices, such as desktop computers or mobile devices.
10.9. To prevent your data from being collected using the Facebook pixel on our website, please click the link below:
Note: When you click the link, an opt-out cookie is stored on your device. If you delete cookies in this browser, you have to click the link again. Furthermore, the opt-out only applies within the browser you use and only within our web domain on which the link was clicked.
11.1. We are using on the basis of our legitimate interests (i. e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f. of the GDPR) the Visual Website Optimizer (a service of Wingify Software Private Limited, 404, Gopal Heights, Netaji Subhash Place, Pitam Pura, Delhi 110034, India), in order to improve the usability of our website. Visual Website Optimizer allows us to test how changes of our website (i.e. size of input forms, graphics, font sizes) are perceived by our users (so called "A/B-Testing").
11.2. Only for these testing purposes Visual Website Optimizer sets cookies on user's Devices. Visual Website Optimizer does not store IP address or any other personally identifiable information. By the nature of its service, Visual Website Optimizer will gather non-personally identifiable statistics about the usage of our website and store that information in a usage profile. Visual Website Optimizer will not share this website statistics without your consent.
11.4. In case you want to opt out of tracking by Visual Website Optimizer anyway, please follow this link, clicking on which will exclude you from any kind of tracking by Visual Website Optimizer: https://audisto.com/?vwo_opt_out=1
12.1. We are using on the basis of our legitimate interests (i. e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f. of the GDPR) "Mouseflow" an analysing tool by Mouseflow ApS, Skindergade 15, 1159 Copenhagen K, Denmark, http://mouseflow.com. Mouseflow provides us with reports regarding visitor interactions on our website, that may include for example: aggregated reports of clicking or mouse movement activity, aggregated reports of scrolling activity and recreation of visitor browsing sessions with heatmaps or videos. Additionally, Mouseflow collects technical data, like language, operating system, screen resolution or browser client.
12.2. Mouseflow stores session information in cookies that are used to ensure accurate data is extracted from our systems. These cookies are temporary 1st party cookies (cookie will be deleted after users leave the website and cannot be shared across websites) and do not include any personal data.
12.4. In case you want to opt out of tracking by Mouseflow anyway, please follow this link and click on „Disable Mouseflow" which will exclude you from any kind of tracking by Mouseflow: http://mouseflow.com/opt-out.
13.1. We are using on the basis of our legitimate interests (i. e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f. of the GDPR) Optimizely (https://www.optimizely.com, 631 Howard Street, Suite 100 San Francisco, CA 94105, USA), in order to improve the usability of our website. Optimizely allows us to test how changes of our website (i.e. size of input forms, graphics, font sizes) are perceived by our users (so called "A/B-Testing").
13.2. Only for these testing purposes Optimizely sets cookies on user's devices. Optimizely does not store IP address or any other personally identifiable information. By the nature of its Service, Optimizely will gather non-personally identifiable statistics about the usage of our website and store that information. Optimizely will not share this website statistics without your consent.
13.4. In case you want to opt out of tracking by Optimizely anyway, please follow this link, clicking on which will exclude you from any kind of tracking by Optimizely: https://audisto.com/?optimizely_opt_out=true (more information on the opt-out: https://www.optimizely.com/opt_out).
14.1. With the following declarations we would like to inform our users about the contents of our newsletters as well as other types of business emails and electronic mail (short "newsletter") as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you declare your agreement with the reception and the described procedures. The legal basis of your consent is Art. 6 (1) a, Art. 7 GDPR.
14.2. Contents of the newsletter: We send out newsletters, emails and other electronic notifications with advertising information (hereinafter referred to as "newsletters") only with the consent of the recipients or a legal permission. Insofar as the contents of a newsletter registration are specifically described in detail, they are decisive for the user's consent. In general, our newsletters contain information regarding developments and offers related to website and search engine analytics and optimization as well as to us and our offers within this area of business.
14.3. Opt-in and logging: The registration for our newsletter is done in a so-called double opt-in procedure. This means that users will receive an email after the registration, in which users will be asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The subscriptions to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes saving the logon and confirmation time as well as the IP address. The changes to your data stored by the shipping company are also logged.
14.4. Furthermore, the newsletter service provider can, according to his own information, use this data in a pseudonymized form, i. e. without being directly associated with a user, for the optimization or improvement of his own services, e. g. for the technical optimization of the sending and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the newsletter service provider does not use the data of our newsletter recipients to contact them himself or to pass the data on to third parties.
14.5. Registration data: To subscribe to the newsletter, we need only the user’s email address as obligatory information. We use this information on the one hand for the individual addressing of our newsletter subscribers, and on the other hand to make the content of the newsletters more interesting according to their industry and location.
14.6. Statistical survey and analysis - The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file, which is retrieved from the mail order company's server when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services based on the technical data or target groups and their reading behavior based on the retrieval locations (which can be determined by means of the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked and when. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
14.7. The newsletter is sent on the basis of the consent of the recipients in accordance with Art. 6 (1) lit. a, Art. 7 GDPR. The statistical surveys and analyses are conducted on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f of the GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users. The registration procedure is recorded in accordance with Art. 6 (1)(c). GDPR on the basis of a legal obligation to prove the consent of the newsletter recipients (e.g. in accordance with Art. 7 (1) GDPR). In addition, for reasons of legal certainty, we also ask the newsletter recipients to consent to the analyses described above and to save the registration data.
14.8. Cancellation/Revocation - Newsletter recipients can cancel the receipt of our newsletter at any time, i.e. revoke their consent. At the same time, your consent to the statistical analyses expires. A separate revocation of the statistical evaluation is unfortunately not possible, in this case the entire newsletter subscription must be cancelled. Newsletter recipients will find a link to unsubscribe from the newsletter at the end of each newsletter. By unsubscribing from the newsletter, the personal data will be insofar deleted, unless their storage is legally required or justified, and their processing in this case is limited to these exceptional purposes only. Integration of third-party services and content
14.9. For the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR), we use third-party content and service delivery services on our Websites in order to incorporate content and services such as videos and fonts, for example (hereinafter jointly referred to as "content"). The third-party provider of this content always requires the User's IP address in order to send the content to the browser of the respective User. In other words, the IP address is required to display this content. We endeavor only to use such content where the respective provider uses the IP address exclusively to deliver said content. Third-party providers may additionally use "pixel tags" (invisible image files, also known as web beacons) for statistical or marketing purposes. Pixel tags can be used to analyze information such as the number of visitors accessing the pages of this website. The pseudonymized information may additionally be stored on User devices in the form of cookies. This information includes technical information on the browser and operating system, referring websites, time spent on the website, and further details on how Users make use of our Websites, plus it can also be combined with comparable information from other sources.
14.10. The list below provides an overview of third-party providers and their content as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:
15.1. Users have the right to obtain information free of charge on the personal data we have collected about them. In addition, Users have the right to correct any inaccurate data, restrict the processing of their personal data or delete it, and, where applicable, assert their right to data portability. Users also have the right to submit a complaint to the relevant supervisory authorities if they suspect that data has been processed unlawfully.
15.2. Users can also withdraw any consent they may have given. Such a revocation of consent shall have future effect only.
16.1. The data stored by us is deleted once it is no longer required for the designated purpose and provided that we have no statutory obligation to retain said data. In the event User data is not deleted because it is required for other purposes permitted by law, then its processing shall be restricted accordingly, i.e. the data shall be blocked and no longer processed for other purposes. This applies, for example to User data that must be retained due to commercial or tax requirements.
Users can choose to opt out of the future processing of their personal data at any time in accordance with statutory provisions. This right to object applies in particular to the processing of data for the purposes of direct advertising.
Last updated: March 2018