1. General Information
We at Social Match (Social Match GmbH & Co. KG) take the protection of your personal data and the legal obligations serving this protection very seriously. The legal requirements demand comprehensive transparency regarding the processing of personal data. Only if the processing is comprehensible for you as the person concerned, you are sufficiently informed about the sense, purpose and scope of the processing. Our data protection declaration therefore explains to you in detail which so-called personal data is processed by us when using the website www.social-match.com and all other Internet pages referring to it. Responsible in terms of the General Data Protection Regulation (GDPR), the Federal Data Protection Act and other data protection regulations is
Social Match GmbH & Co. KG
Telephone: +49 (251) 20319050
– hereinafter referred to as ‘person responsible’ or ‘we’. A data protection officer is not named. If you have any questions regarding data protection, please contact us under the above mentioned contact details. Please note that links on our website may lead you to other Internet pages which are not operated by us but by third parties. Such links are either clearly marked or can be identified by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and safe handling of your personal data on these third-party websites.
Cookies are text files that are stored or read by a website on your device. They contain combinations of letters and numbers, e.g. in order to recognize the user and his settings when reconnecting to the cookie-setting website, to enable the user to remain logged in to a customer account or to statistically analyze a specific user behaviour.
3. General Information on Data Processing
We process personal data only to the extent permitted by law. A transfer of personal data takes place exclusively in the cases described in more detail in this privacy statement. The personal data will be deleted or protected by technical and organizational measures (such as pseudonymisation or encryption) as soon as the purpose of the processing ceases. This is also the case if a prescribed storage period expires, unless there is a need for further storage of the personal data for the closing or fulfillment of a contract.
Unless we are required by law to store personal data for a longer period of time or to pass it on to third parties (in particular law enforcement authorities), the decision as to which personal data we collect, how long it is stored and to what extent it may have to be disclosed depends on which functions of the website you use in the individual case.
4. Data Processing in Connection with the Use of the Website
The use of the website and its functions regularly requires the processing of certain personal data.
INFORMATIONAL USE OF THE WEBSITE
If you access our website and use it for information purposes only, i.e. without using additional functions such as contact forms or social media plug-ins, personal data is automatically collected by us. This is the following information: IP address of your device as well as date and time when the website was accessed. This information is transmitted by your browser unless you have configured it to suppress the transmission of information. The processing of this personal data is carried out for the purposes of the functionality and optimization of the website, as well as to guarantee the security of our information technology systems. This is also our legitimate interest, which is why processing is permitted under § 6 (1) (f) GDPR.
Personal data is stored for a period of 2 to 4 weeks. We do not combine this personal data with other data sources. Data will only be passed on to third parties if this is necessary for the operation of our website. For this purpose, the personal data is passed on to INWX GmbH & Co. KG. A transfer to a third country or to an international organisation is generally and subject to the following provisions not intended.
If you use the contact form on our website or send us an e-mail, the personal data you provide will be processed by us. This information is transmitted by your browser or e-mail client and stored in our information technology systems. The processing of this personal data is necessary to answer your enquiry. In addition, your IP address and the date and time of the contact request are saved when you send us an e-mail.
The purpose of the data processing is to answer your request and to prevent misuse of the contact form and to ensure the security of our information technology systems. These processing operations are lawful because answering your request and protecting our information technology systems are legitimate interests within the meaning of § 6 (1) (f) GDPR.
Personal data will be stored for as long as is necessary to answer your enquiry. Should your request lead to a later conclusion of a contract, it will be stored as long as this is necessary to carry out pre-contractual measures or to fulfill the contract. We do not merge this personal data with other data sources. Data will not be passed on to third parties. A transfer to a third country or to an international organisation is not intended. You are not obliged to provide this personal data, but it is not possible to use the contact form or send an e-mail without providing it.
For our online marketing activities on our website we use the inbound marketing tool ‘HubSpot’, which is provided by HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 United States. HubSpot has an office in Ireland (Contact: Office in Ireland, HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500).
HubSpot is a web-based all-in-one marketing software for the implementation and control of inbound marketing. It helps us to arouse your interest in our products & services.
The HubSpot applications that we integrate into our website include:
– content management (landing pages and blog)
– e-mail marketing (newsletters and automated mailings, e.g. to provide downloads)
– social media publishing and reporting
– reporting (e.g. traffic sources, access, etc.)
– contact management (e.g. user segmentation & CRM)
– landing pages and contact forms
The central element of HubSpot are the user-related personal profiles. A user profile within HubSpot is created as soon as a previously anonymous website visitor fills out a HubSpot form on our website. At this moment, a profile is created based on your e-mail address. You will only be contacted if you explicitly confirm that you wish to be contacted. HubSpot is used for the purposes of individualizing advertising and for the purposes of market research. These purposes represent a legitimate interest within the meaning of § 6 (1) (f) GDPR. In addition, we have concluded a contract with HubSpot for order processing and fully implement the strict requirements of the German data protection authorities when using HubSpot. Data is transferred to the USA in accordance with the Implementing Regulation (EU) 2016/1250 of the European Commission (EU-US Privacy Shield). HubSpot is certified under the conditions of the ‘EU – U.S. Privacy Shield Framework’ and is subject to the TRUSTe ‘s Privacy Seal and the ‘U.S. – Swiss Safe Harbor Framework’. A HubSpot rivapcy policy can be found here: https://legal.hubspot.com/de/privacy-policy
SOCIAL MEDIA PLUGIN: XING
When you visit our website, a plugin of the social network www.xing.com will be loaded for more personalization and to faciliate networking. The provider of this plugin is XING AG, Gänsemarkt 43, 20354 Hamburg, Germany.
The XING plugin is used to personalize our website and allows you to quickly view or comment on individual parts of our website on your XING account. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
If you do not want XING to assign the personal data collected via our website to your XING account, you must log out of XING before visiting our website. You can find more information about XING, your settings options and the protection of your privacy at http://www.xing.com/privacy.
SOCIAL MEDIA PLUGIN: LINKEDIN
When you visit our website, a plugin of the social network www.linkedin.com will be loaded for more personalization and to faciliate networking. This plugin is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
The LinkedIn plugin is used to personalize our website and allows you to quickly view or comment on individual parts of our website on your LinkedIn account. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
If you do not want LinkedIn to assign the personal data collected via our website to your LinkedIn account, you must log out of LinkedIn before visiting our website. You can find more information about LinkedIn, your settings options and the protection of your privacy at https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/cookie-policy.
5. Data Subject Rights
If your personal data are processed, you are a ata subject within the meaning of the GDPR and you have the following rights:
A) RIGHT TO INFORMATION
You can request confirmation from the person responsible as to whether personal data relating to you will be processed. In the event of such processing, you may request the following information:
(1) the purposes for which the personal data will be processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the retention period;
(5) the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the person responsible or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling under § 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate warranties in accordance with § 46 GDPR to be informed in connection with the transfer.
B) RIGHT TO CORRECTION
You have the right to have your personal data corrected and/or completed by the person responsible if the personal data processed concerning you is inaccurate or incomplete. The person responsible must carry out the rectification immediately.
C) RIGHT TO LIMITATION OF PROCESSING
Under the following conditions, you may request the restriction of the processing of your personal data:
(1) if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of your personal information;
(2) if the processing is unlawful and you decline the erasure of the personal data and instead request the restriction of the use of the personal data;
(3) if the person responsible no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims;
(4) if you have objected to the processing pursuant to § 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
Where the processing of personal data concerning you has been restricted, such data may only be processed (with the exception of their storage) with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or of a member state.
If the processing restriction has been limited in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.
D) RIGHT TO DELETION
You may request the person responsible to delete your personal data immediately and the person responsible is obliged to do so if one of the following reasons applies:
(1) personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) you revoke your consent on which the processing pursuant to § 6 (1) (a) or § 9 (2) (a) GDPR was based and there is no other legal basis for the processing;
(3) you object to the processing pursuant to § 21 (1) GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to § 21 (2) GDPR;
(4) the personal data concerning you have been processed unlawfully;
(5) the deletion of your personal data is necessary to fulfill a legal obligation under European Union law or the law of the member states to which the person responsible is subject;
(6) the personal data relating to you were collected in relation to information society services offered pursuant to § 8 (1) GDPR.
INFORMATION TO THIRD PARTIES
If the person responsible has made your personal data public and is obliged to delete them in accordance with § 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing that you, as the person concerned, have requested them to delete all links to your personal data or copies or replications of this personal data.
There is no right to deletion does if the processing is necessary
(1) to exercise the right of freedom of expression and information;
(2) to fulfill a legal obligation which requires processing under European Union or member state law to which the person responsible is subject or to perform a task carried out in the public interest or in the exercise of official authority;
(3) for reasons of public interest in the field of public health pursuant to § 9 (2) (h) and (i) as well as § 9 (3) GDPR;
(4) for archival purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with § 89 (1) GDPR, insofar as the law referred to in a) presumably makes the realization of the objectives of such processing impossible or seriously impairs them;
(5) to assert, exercise or defend legal claims.
E) INFORMATION OBLIGATION
If you have exercised your right to rectify, cancel or limit the processing of your personal data against the person responsible, the latter is obliged to notify all recipients to whom your personal data have been disclosed of such rectification, cancellation or limitation, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of such recipients by the person responsible.
F) RIGHT TO DATA TRANSFERABILITY
You have the right to receive the personal data that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person responsible without being hindered by the person responsible to whom the personal data was provided, given that
(1) the processing is based on a consent pursuant to § 6 (1) (a) GDPR or § 9 (2) (a) GDPR or on a contract pursuant to § 6 (1) (b) GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to request that your personal data are transferred directly from the person responsible to another data controller, as far as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data transferability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
G) RIGHT OF OBJECTION
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of § 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The person responsible will no longer process your personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
Regardless of Directive 2002/58/EG, in the context of the use of information society services, you have the option of exercising your right to opt-out by means of automated procedures that use technical specifications.
H) RIGHT TO REVOKE THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.
I) AUTOMATED DESICION IN INDIVIDUAL CASES INCLUDING PROFILING
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if
(1) the decision is necessary for the conclusion or performance of a contract between you and the person responsible;
(2) the decision is authorized by legislation of the European Union or the member states to which the person responsible is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests;
(3) the decision is made with your express consent. However, these decisions may not be based on special categories of personal data pursuant to § 9 (1) GDPR unless § 9 (2) (a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state one’s own position and to challenge the decision.
J) RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of your personal data is in breach of the GDPR. The supervisory authority to which the complaint is submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to § 78 GDPR.