Data protection is of particularly high importance to the Fabasoft Group. Fabasoft AG and its subsidiary companies (hereinafter: “Fabasoft”) have dedicated themselves to the protection of data and, in particular, of personal data. Fabasoft Xpublisher GmbH is a subsidiary of Fabasoft AG (hereinafter: “Fabasoft Xpublisher”). Exactly how Fabasoft Xpublisher uses and protects personal data, such as first and surnames, email addresses, addresses or telephone numbers, will be outlined in more detail in this privacy statement. The processing of personal data is carried out in compliance with the requirements of the EU’s General Data Protection Regulation (hereinafter “GDPR”) and the relevant country-specific data protection regulations. The transfer of data for processing, both within and outside Fabasoft Xpublisher, for the purpose of processing by a processor on behalf of a controller, is based exclusively on data processing contracts.
A. General information
A.1. Who is responsible for data processing? - The Group’s Structure
Depending on which Group company is entrusted with data processing, this company is deemed to be the data controller.
You will find all Fabasoft companies listed via the following link:
This privacy statement serves to elaborate on the general privacy statement of Fabasoft (available at www.fabasoft.com/privacy), the general privacy statement of Fabasoft 4teamwork (available at https://www.4teamwork.ch/datenschutzerklaerung/), the general privacy statement of Mindbreeze (available at www.mindbreeze.com/privacy), the general privacy statement of Fabasoft Xpublisher (available at www.xpublisher.com/privacy), the general privacy statement of KnowledgeFox (available at https://knowledgefox.net/dsgvo/) and to provide more information for applicants.
A.2. Which data are processed? Where does the data come from (the data sources)?
1. Data collected from the data subject
Fabasoft Xpublisher processes the following personal data that has been collected directly from the data subject.
- Fabasoft Xpublisher processes personal data that it obtains through its business relations (with customers, suppliers, partners or support requests) in order to fulfil a contract or to implement pre-contract procedures.
- Fabasoft Xpublisher processes personal data supplied directly by the customers.
- Fabasoft Xpublisher processes personal data that are required in order to fulfil a legal obligation.
- Fabasoft Xpublisher processes personal data for which consent has been granted, for various reasons, by the data subject.
Personal data includes: title, first name(s), surname, email address(es), IP address(es), home address(es), telephone number(s), fax number, date of birth (if provided), contract details (incl. contact details of the contracting parties as well as contact persons), company details, other relevant information (correspondence history and contact details, data relating to reminders and legal actions).
When you make use of our support, we process data about your support inquiry (problem description, log files, attachments, screenshots, communication, documentation of troubleshooting, contact details of the involved persons).
2. Data not directly collected from the data subject
In addition, Fabasoft Xpublisher processes personal data that is not directly obtained from the data subject. This includes the following data: telephone numbers, job titles, gender, company name, size of the company, titles, industry, street, post code, locations and country.
This data comes from publicly accessible registers, company websites and information published by individuals on business platforms (XING, LinkedIN) or on social media platforms.
A.3. Why is personal data processed and what is the legal basis for doing this?
1. The fulfilment of contractual and pre-contractual obligations.
Processing personal data is important for providing products and services that are appropriate for the required/commissioned scope of the project. The purpose of data processing is strictly aligned with the commissioned product or service. You will find further information concerning this on our website www.xpublisher.com. Personal data is processed in order to fulfil existing contracts with customers and within the framework of initiating contracts.
2. The fulfilment of legal obligations.
Art. 6 (1)(c) GDPR serves as the legal basis for data processing where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject.
3. Protecting legitimate interests
It is in Fabasoft Xpublisher’s interests to continuously improve its products and services. In order to receive feedback, Fabasoft Xpublisher invites parties to participate voluntarily in surveys. A survey may be answered without disclosing personal data. Any personal data that might nevertheless be provided, is provided voluntarily and is not a requirement for participation in the survey. The results of these surveys contribute to the further improvement of Fabasoft Xpublisher products and services.
It is in the interest of Fabasoft Xpublisher customers and interested persons/companies that we provide the best possible information about market trends and market developments. To this end Fabasoft Xpublisher also makes comprehensive research papers available for download free of charge in which Fabasoft Xpublisher products and services have been evaluated by renowned analyst firms. In addition, Fabasoft Xpublisher strives to provide the best possible support and advice for customers and interested persons/companies. In this context, Fabasoft Xpublisher or a responsible Fabasoft Xpublisher partner will contact you by e-mail, provided that you have given your consent (this consent can be revoked at any time; the data processing that has been carried out until such time remains lawful).
4. Data processing and consent
Irrespective of the above-mentioned legal bases, Fabasoft Xpublisher may require consent for certain processing operations and obtain it from the person concerned. If Fabasoft Xpublisher is granted consent to the processing of personal data, the data will be processed exclusively for the purposes specified in this consent, such as sending information in the Fabasoft Xpublisher newsletter, information on webinars, events, downloading resources or research reports. Such consent can be revoked at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.
In the interest of Fabasoft Xpublisher customers (contractual relationship) and potential customers (pre-contractual measures), it is important for Fabasoft Xpublisher to provide regular information on the ongoing development of their products and services as well as on trends in this sector and topics that are relevant to the market. To this end Fabasoft Xpublisher hosts their own events, presents the company at events, holds webinars and provides information by means of email newsletters
Any data received by Fabasoft Xpublisher in the course of its contractual relationship with the customer will be processed by Fabasoft Xpublisher in order to send emails, letters or advertising brochures to customers for the purpose of depicting and presenting Fabasoft Xpublisher products (Art. 6 (1)(f) GDPR). The customer has the right to object to this processing of the data for the purpose of direct advertising; this right can be exercised at any time without giving reasons by means of a letter to Fabasoft Xpublisher c/o Datenschutz or by email to email@example.com. Fabasoft Xpublisher will process the customer data for this purpose for as long as the customer lodges no objection, however, only up to a maximum of 3 years after termination of the contract. Where other forms of direct advertising are concerned, Fabasoft Xpublisher will only process the customer data if the customer has given its express consent to the processing of its data (Art. 6 (1)(a) GDPR). If the customer has given its consent to the data processing, it can revoke this consent without giving reasons by means of letter to Fabasoft Xpublisher or email to firstname.lastname@example.org. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation. The processing of the personal data of the customer for the purpose of direct advertising is not necessary for the execution of the contractual relationship.
A.4. Who receives the personal data?
The individual employees, departments or Fabasoft companies, that require it in order to fulfil contractual or legal obligations or need it for purposes of their legitimate interests, receive the personal data. Furthermore, if necessary, Fabasoft Xpublisher will transfer your data to tax consultants and auditors for purposes of tax consultancy and auditing and, in individual cases, to lawyers and courts, if necessary for legal advice or law enforcement purposes. In individual cases, we also forward your data to our data protection officer in Germany in order to obtain advice on the implementation of data protection regulations, e.g. in the event you assert claims against us. In addition, Fabasoft Xpublisher employs various subcontractors, to whom personal data is transferred to enable them to effectively carry out their respective services.
All subcontractors are required to use the data solely for the purpose of providing the service that has been clearly defined by Fabasoft Xpublisher.
Through contractual agreements, Fabasoft Xpublisher collaborates with the following providers when dealing with marketing and communication:
CleverReach GmbH & Co. KG with its registered office in Rastede, Germany
The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the email marketing service provider when the newsletter is opened. In the course of this retrieval, technical information, such as information on the browser and your system, as well as your IP address and the time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our aim nor that of the email marketing service provider to monitor individual users. Rather, the evaluations help us to recognise the reading habits of our users and to adapt our content to them or to send different content based on the interests of our users.
The use of the email marketing service provider, the performance of statistical surveys and analyses are carried out on the basis of our legitimate interests pursuant to Article 6 (1) (f) of the General Data Protection Regulation (DSGVO). Our interest lies in using a user-friendly and secure emailing system that serves both our business interests and meets the expectations of users.
salesforce.com Germany GmbH with its registered office in Munich, Germany
Service: Cloud-based CRM solution (Customer Relationship Management), which is used for the processing of customer enquiries and for making contact with customers on the website. The data are stored in the Salesforce cloud with server locations in the European Union. Processing is carried out based on your consent, which you can revoke at any time e.g. by email to email@example.com (see A.7).
Fabasoft International Services GmbH
Service: The provision of services for the whole Fabasoft Group. In terms of data protection law, for example, maintenance of a group procedure directory, provision of a central contact point for data subjects in compliance with § 26 (1)(3) GDPR and the assumption of liability for claims asserted by data subjects and regular updating and management of technical and organisational measures (see A.7).
Insofar personal data are to be transmitted to the USA or any other country with a less stringent level of data protection, Fabasoft Xpublisher ensures in advance that a suitable level of data protection is in place. The appropriate or reasonable guarantees agreed in individual cases, as well as the possibility of obtaining a copy, are available at firstname.lastname@example.org.
Fabasoft Xpublisher’s partner network
Fabasoft Xpublisher maintains an extensive partner network and places a high value on exclusivity and quality; there are only a small number of partners in each country or region who ideally complement Fabasoft Xpublisher, in particular in terms of technological expertise and sales strength. In particular to provide the best possible service to international customers and potential customers in their national language and in their own time zone, Fabasoft Xpublisher recruits partners in the respective country or region and provides them with the necessary voluntarily provided personal data such as first name, last name, email address, business address, telephone number, and company name in a dedicated separate secure system. The data will only be disclosed to said partners with your prior consent, which we request for this case. The personal data will only be processed to the extent that is contractually agreed with our partners. All partners of Fabasoft Xpublisher are contractually obliged to use this data exclusively for the specific intended purpose(s) (establishing contact for Fabasoft Xpublisher products) and not to disclose the data to any third parties. Information concerning the partner network can be requested at the following email address service@xpublisher.
Data processing within the Fabasoft Group
There are different interfaces and data processing steps within the Fabasoft Group, in which the different individual personal data processing services are carried out among the companies of the group. The regulations defined in the “Framework agreement for internal data processing within the Fabasoft group” reflect the respective roles of the companies of the Fabasoft Group as joint controllers in a transparent manner pursuant to Art. 26 GDPR or as controller and processor pursuant to Art. 28 GDPR as well as the lawful form of this legal relationship, in particular in compliance with the regulations of the GDPR or the respective national data protection regulations. In the event of a breach of this framework agreement and/or of applicable data protection regulations, Fabasoft International Services GmbH, FN 271303a, Honauerstraße 4, 4020 Linz, has undertaken to assume the liability for any claims asserted by a data subject. This means the data subjects have a place of jurisdiction within the EU at their disposal for asserting their rights.
The Framework Agreement is available for downloading at https://www.fabasoft.com/en/about-us/transparency
Data exchange with Fabasoft Xpublisher Inc.
In the context of the sales process (contacting after incoming sales inquiries), personal data will be exchanged between Fabasoft Xpublisher GmbH and Fabasoft Xpublisher Inc. Data will only be exchanged with Fabasoft Xpublisher Inc. if express consent has been given by the person concerned.
In this context, we would like to point out that the USA has not been certified by the European Court of Justice as having an adequate level of data protection. In particular, there is a risk that your data may be subject to access by US authorities for control and monitoring purposes and that no effective legal remedies are available against this. Additional security of your personal data is ensured in these cases after a documented case-by-case review (Transfer Impact Assessment) by concluding EU standard contractual clauses (appropriate guarantee pursuant to Art 46 GDPR) and taking appropriate technical and organizational measures to protect personal data.
A.5. For how long is data stored?
Fabasoft Xpublisher stores personal data for as long as is necessary for the duration of the entire business relationship, from the initiation to the execution through to termination of the contract as well in compliance with the legal retention and documentation obligations, which stem, for example, from the legal business and fiscal retention requirement (usually a period of 10 years) or from the limitation periods in compliance with European or national laws or other regulations to which the controller is subject (up to 30 years).
Personal data that is submitted to Fabasoft Xpublisher with consent (for example for a newsletter, announcement, webinar etc.) will be stored for a maximum of three years after its last use, provided it is not withdrawn before this period ends.
A.6. Where is the data stored?
Fabasoft Xpublisher stores data on hardware from Fabasoft in highly secure, external data centres in Germany, Austria and Switzerland.
A.7. What are your data protection rights as the data subject?
You have the right to disclosure, correction, removal or restriction in the processing of the stored information. You have the right to object to the use of your personal information as well as the right to data portability in accordance with the requirements of the data protection law.
In the event you revoke your consent to the use of your personal data, Fabasoft Xpublisher will immediately stop using this data, provided the use of this data is based solely on your consent. Exceptions arise as a result of legal or contractual obligations, which render storing data necessary, but this is only in the event of the aforementioned obligations. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn.
All the above-mentioned rights can be asserted via the following channels.
By email: email@example.com
By post: Fabasoft Xpublisher GmbH, c/o Privacy, Schleißheimer Straße 6-10, 80333 Munich, Germany
All rights must be asserted against Fabasoft Xpublisher in writing. In order to prevent any unauthorized persons from abusing these rights, you must prove your identity to Fabasoft Xpublisher in an appropriate manner. Everyone has the right to information.
Fabasoft Xpublisher is free to continue to use the personal data concerned provided they have been anonymised prior to such use in such a way that it is no longer possible to relate the data to an identified or identifiable individual.
Complaints can be directed to the German Data Protection Authority or to another data protection authority within the European Union or Switzerland, preferably where you live or work.
A.8. Contact with Data Protection Officers
Fabasoft Xpublisher has a data protection team (“Privacy Team”) entrusted with legal data security issues. The contact details for this privacy team are available at: https://www.xpublisher.com/privacy. The privacy team can be contacted at firstname.lastname@example.org.
If required by the GDPR or national regulations, a data protection officer will be appointed. The updated contact details of this data protection officer are available at https://www.xpublisher.com/privacy.
A.9. Compulsory provision of personal information
In the context of the business contract or pre-contractual procedures, personal data necessary for the execution of the business contract, and to which Fabasoft Xpublisher is legally obliged to collect, must be provided. If this information is not provided, the delivery of products and service, for example, will not be possible.
B. Additional information about the Fabasoft Xpublisher website
B.1. Data collection
The Fabasoft Xpublisher website collects general information with every visit. Such information includes, for example: the IP address, the type of browser used, the language, the login pages, the device used, the volume of data transmitted, the browsing history as well as the HTTP referrer.
Fabasoft Xpublisher does not use the data provided to draw any conclusions about the data subject. This information will be needed in order to successfully deliver the content of the website, to guarantee the website is always functioning or to provide relevant information to the authorities.
In addition, Fabasoft Xpublisher’s website offers many opportunities to register using your personal data or to contact the company via generally available email addresses. Fabasoft Xpublisher GmbH is responsible for data protection and thus for the processing of your personal data for the purposes listed in the table below.
For a better overview, the ways in which you can register will be outlined separately:
|Ways to register
|The purpose of data collection
|To register for the Fabasoft Xpublisher newsletter
|To send information about Fabasoft Xpublisher and its products such as Release Notes, approx. 1x/month
|To register for “Livedemo” for Try & Buy
|To provide Fabasoft Xpublisher products for a trial period
|See separate privacy statement “Data protection for applicants during the application process”
|To contact the sales and support team
|Contact the support team
|Other means of contact
|If you send us a message via the contact field, it is automatically directed to the relevant person so that your query can be processed.
When registering for one or more of the purposes mentioned above, personal data will only be collected in the form of first name(s), surname(s), email address, company, job title, gender, telephone number, street, postcode, location and country. This information contributes to providing an efficient service and will be processed if consent is granted.
Your personal data, if you disclose it to us, will be transmitted over the Internet in encrypted form (SSL-Secure Sockets Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://". If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
In addition, we secure our website and other systems through technical and organizational measures against loss, destruction, access, modification and distribution of your data by unauthorized persons.
B.2. Requests for general contact addresses
General email addresses are also available on the Fabasoft Xpublisher Website, which can be used to make contact with Fabasoft Xpublisher. When you send us an email, it is automatically directed to the relevant person so that you query can be processed.
If you click on “Accept cookies” when you visit our website, you thereby accept all types of cookies or you click on “Manage settings” to receive more detailed information and determine individually which cookies you wish consent to. You can manage the settings you have made at any time under the item “Cookie settings” in the footer of the website.
Fabasoft Xpublisher uses the following cookies:
Session cookies are deleted at the end of the session, i.e. when you close your browser. They record navigation through the website so that the website “remembers” your entries. These session cookies are normally used to temporarily save the user’s entries when filling in online forms that span several pages or to temporarily save the information entered by the user when adding items to online shopping baskets. Examples of typical entries could be: Entering information when ordering online, choosing currency, whether the user is registered or simply when navigating the site.
Essential cookies enable basic functions and are needed to ensure proper functioning of the website. These cookies are first-party cookies that belong to Fabasoft.
|Saves cookies concerning your cookie settings
|Fabasoft Xpublisher makes downloads available via public links from its product Fabasoft Cloud (product of the parent company). This cookie optimises performance distribution, so downloads can be provided with optimum performance.
Tracking and analysis cookies:
Google Analytics, integrated via Google Tag Manager, sets the following cookies. See in this context Point B4 in this privacy statement.
|Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.
|Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented.
|Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented.
|Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.
Google Ads, integrated via Google Tag Manager, sets the following cookies. See in this context Point B4 in this privacy statement.
|Contains a randomly generated user ID.
We use Act-on Beacon for the statistical evaluation of data for marketing purposes, as well as visitor access and for the identification of companies.
|Act-on Tracking Cookie
|Act-on Software, Inc.
|Evaluation of visitor access,
identification of companies
Data is not collected by Act-on Beacon unless consent has been given for the processing of personal data by clicking on the button "Accept cookies" or by a selection made under "Manage settings". This consent can be revoked at any time by changing the cookie setting (button "Manage settings" or "Cookie settings" in the footer of the website). You will find a detailed description of the use of analytics services under B.4 “The use of analytics services”.
LinkedIn Insight Tag
The website uses a LinkedIn Insight tag. The LinkedIn Insight Tag is integrated via Google Tag Manager and creates a LinkedIn "browser cookie" that collects the following data:
- IP address,
- Page activity,
- demographic data from LinkedIn, if the user is an active LinkedIn member.
Using this technology, we generate reports on the performance of our ads as well as information about the interaction with the website. For this purpose, our websites embed the LinkedIn Insight tag, which connects to the LinkedIn server when you visit these websites and are logged into your LinkedIn account at the same time.
We process this data to evaluate campaigns and collect information about website visitors who reach us through our campaigns on LinkedIn.
We store this data for as long as we need you for the respective purpose (campaign evaluation) or you have not objected to the storage of your data or revoked your consent.
B.4. Use of analytic services
This website uses Google Tag Manager, a solution with which you can manage marketing website tags via an interface. The Tool itself (which implements the tags) is a cookie-free domain and does not gather any personal data. The tool enables the triggering of other tags which may, for their part, collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains effective for all tracking tags which are implemented with Google Tag Manager.
Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. So-called standard contractual clauses have been concluded with this service provider as appropriate safeguards pursuant to Art. 46 GDPR.
You will find further information to this topic at: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en
In specific cases this website uses Google reCAPTCHA v2 to prevent the usage of text fields by automated programs/bots. This boosts the security of our website and avoids SPAM for users. This is also our legitimate interest and fulfils our legal obligation.
The collected data are hardware and software information, such as device and application data and the result of integrity checks. These data are transmitted to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data are not used for personalised advertising.
Fabasoft Xpublisher uses Google Ads. Google AdWords is an internet advertising service that permits advertisers to place advertisements both in Google’s search engine results and on Google’s Advertising Network. Google Ads enables advertisers to pre-define certain keywords that will trigger the display of an advertisement in Google’s search engine results only if the user searches for a relevant keyword with the search engine. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.
The company that operates the services of Google Ads is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of using Google Ads is to promote our website by placing interest-relevant advertisements on the websites of third-party companies and in the search engine results of the search engine Google.
If a data subject reaches our website via a Google ad, a conversion cookie is placed on the information technology system of the data subject by Google. Cookies have already been defined above.
A conversion cookie expires after thirty days and does not serve to identify the data subject. Provided it has not yet expired, the conversion cookie can be used to establish whether certain sub-pages, for example the basket in online shopping systems, are visited on our website.
Through the conversion cookie, both we and Google can establish whether a data subject, who is directed to our website via an Ads advertisement, generates revenue, i.e. executed or cancelled a purchase of goods.
Google uses the data and information collected by the conversion cookie to generate visit statistics for our website.
We in turn use these visit statistics to determine the total number of people using our website that were directed to us by Ad advertisements, i.e. to ascertain the success or failure of each Ads advertisement and to optimize our Ads advertisements in the future. Neither our company nor other Google Ads advertisers receive information from Google that could be used to identify the data subject
The conversion cookie stores personal information, for example Internet sites visited by the data subject. With each visit to our website, personal data are therefore transmitted to Google in the USA, including the IP address of the data subject’s Internet connection. These personal data are stored by Google in the USA. Google may pass these personal data collected through the technical procedure to third parties.
Such a setting on the Internet browser would also prevent Google from placing a conversion cookie on the information technology system of the data subject. In addition, cookies that have already been placed by Google Ads can be deleted at any time via the Internet browser or other software programmes.
Furthermore, the data subject may object to interest-based advertising of Google. To do so, the data subject must access from each of the browsers in use the link: www.google.de/settings/ads and make the desired settings.
Internet analytics service Act-On
In order to analyse user access, information for marketing purposes and for identifying different companies, is collected using the tool Act-On, processed and stored in Act-On Software Inc’s data centre in Germany. Act-On carries out checks on an address based on this information, but only if it has been established that it involves a company and not an individual. Cookies are also used here.
In addition, Act-On collects information on the browsing activity of anyone who has submitted a form or registered for an email service. The following information is collected: which webpages are visited on www.fabasoft.com, which emails from Fabasoft are opened, which documents from Fabasoft are downloaded and which forms are completed. This information will be collected as long as it is processed for a clearly specified purpose. This information will be used in order to continuously improve our services and to enhance the browsing experience.
B.5. Social Media buttons
Fabasoft Xpublisher also provides links on this website to the following social media services: Twitter, Facebook, YouTube, Xing, LinkedIn, Instagram. Some of these links are displayed as buttons. When you click on these social media buttons or links, you will be redirected from the Fabasoft Xpublisher website to the respective social media site.
When you click on one of these links, you will be redirected to the respective website and thus allow the respective site operator to collect your personal data. No personal data is collected by Fabasoft Xpublisher via these links.
C. Data protection information for visitors to our Facebook Fan Page
If you visit our Fan Page (https://de-de.facebook.com/Xpublisher.News/) on Facebook, we process personal data in connection with this visit, regardless of whether you are registered on Facebook or whether you are logged in or not. Fan pages are user accounts that can be set up by private individuals or companies on Facebook. This fan page allows us to present our company to Facebook users and individuals who visit our Fan Page, and also to communicate with these people. The data provided directly by you or by Facebook are used exclusively for the purpose of communication with customers and interested parties as an overriding legitimate interest pursuant to Art. 6 (f) GDPR, putting us in a position to offer the most interesting information for you.
Facebook provides the “Page Insights” function to Fan Page administrators. This function allows us to receive anonymised statistical data about the users and visitors to our fan page. These so-called “Page Insights” are summarised statistics created using specific “events” that are recorded by Facebook when users or visitors interact with our fan page and its linked contents.
These data are collected using so-called cookies. These are small text files that are saved by Facebook onto the hard drive of the visitor’s end device (for example computer, notebook, tablet, smartphone, etc.) via your internet browser. This information is called up again during subsequent visits to the website and enables the website to recognise your device. The information stored in these cookies is received, recorded and processed by Facebook in a personalised form.
The purpose of using cookies is partly to improve Facebook’s marketing systems, but it also allows Facebook to provide us with statistics, which we can use to manage and improve the commercialisation of our activities.
By creating the fan page, we contribute to the processing of personal data belonging to visitors to our fan page, regardless of whether these visitors are registered with or logged in to with Facebook or not. Although Facebook provides the data collected using cookies to us solely in an anonymised form, the production of these statistics relies on the prior processing of personal data. For this reason, we, as the administrator of the fan page, are involved in deciding the purposes and means of processing the personal data of visitors to our fan page, and as such, we are joint data controllers with Facebook as defined by Art. 26 of the GDPR with regard to this processing. The joint responsibility includes the processing of your data for the purpose of creating “Page Insights” in connection with a visit or other interaction with our fan page or contents linked with it. We have entered into an agreement with Facebook concerning the joint responsibility pursuant to Art. 26 GDPR, whereby Facebook undertakes, among other things, to provide the data protection information pursuant to Art. 13 GDPR as well as to observe the rights of the data subject.
The main content of the agreement between the joint controllers is provided by Facebook Ireland and can be accessed via the link: https://de-de.facebook.com/legal/terms/information_about_page_insights_data.
Depending on the respective action (“event”) that triggers a recording, we receive from Facebook the following data categories in anonymised form:
Actions of individuals
- Viewing a page, a post, a video, a story or other content linked with a page
- Interacting with a story
- Subscribing or unsubscribing to a page
- “Like” or “Unlike” a page or post
- Recommending a page in a post or commentary
- Commenting on, sharing or reacting to a post on the page (including the type of reaction)
- Hiding a post on a page or reporting it as spam
- Hovering the cursor over a link to a page or the name or the profile picture of a page to see a preview of the page content
- Clicking on the website, telephone number or “Route planner” button or another button on the page
- Viewing the event of page, reacting to an event (including type of reaction), clicking on a link for an event
- Starting a Messenger conversation with the page
- Viewing or clicking on an article in a page shop
Information on the actions, the individuals who carried out the actions and on the browsers/apps used for the actions
- Date and time of the action
- Country/town (estimation based on the IP address or logged in users from the user profile)
- Language codes (from the HTTP header of the browser and/or language setting)
- Age/gender group (from the user profile, only in the case of logged in users)
- Previously visited websites (from the HTTP header of the browser)
- Whether the action was carried out on a computer or a mobile device (from the browser user agent or from app attributes)
- Facebook user ID (only in the case of logged in users)
However, even if you are not registered or logged-in to Facebook, it is nevertheless possible that if you click on a sub-page within our fan page or carry out some action within our fan page, Facebook will undertake a statistical analysis of your personal data and transfer these anonymised statistics to us. If you do not click on any sub-pages or carry out any actions on our fan page (e.g. clicking on a photo or video in a post), your personal data will not be collected via cookies.
Cookies placed by Facebook are stored for up to two years after being placed or updated. Cookies that are already being stored can be deleted at any time. In addition to this, you can prevent installation of cookies using your browser settings.
You have the right to demand information at any time regarding what data pertaining to you is being processed (Art. 15 GDPR). You have the right to have incomplete data completed and inaccurate data corrected or deleted (Art. 16, 17 GDPR). In certain circumstances, you can demand that your data be erased (Art. 17 GDPR). However, this right to erasure shall not exist if the processing is necessary in order to fulfil a legal obligation or to validate, exercise or defend legal claims. Subject to certain conditions, you can also demand the restriction of the processing of your data (Art. 18 GDPR) and object to the processing of your data (Art. 21 GDPR). You have the right to receive any data you have provided in a structured, accessible and machine-readable format and to transfer this data to another controller or – if technically feasible – to have it transferred by Facebook (Art. 20 GDPR).
If your data is processed based on your consent, you shall have the right to withdraw this consent at any time. The legitimacy of the data processing conducted before consent was withdrawn shall not be affected by this withdrawal.
You have the right to lodge complaints with the Irish Data Protection Commission, the German Data Protection Authority or with a different Data Protection Authority within the EU, particularly at your place of residence or place of work.