This privacy statement serves to inform you of the processing of personal data when using our website, in accordance with Art. 13, 14 GDPR.
You may visit our website and retrieve its content without providing personal information. Only if you send us a message using the contact form or in any other manner do we collect the data that you provide.
hicklvesting Public Relations GbR, Klenzestraße 7, 80469 München, T +49 89 38380185, firstname.lastname@example.org
2.1 Log files
For technical reasons, the following data are recorded, including data which your Internet browser transmits to us or to our webspace provider (so-called server log files):
We use this information for statistical purposes only, to analyze your use of the website and to create reports regarding the use of the website and, under certain circumstances, to be able to trace illegal activities.
The data in log files are stored for 7 days and then deleted or made anonymous by deleting the IP address.
Art. 6 (1) sentence 1 lit. f GDPR constitutes the legal grounds for this (pursuit of legitimate interests). Personal data are processed on the grounds of our legitimate interests in analyzing the use of our website and optimizing our information offer as well as ensuring system security and preventing any misuse.
We use a cookie, meaning a small text file, which your browser stores on your terminal device. The cookie used is a session cookie, meaning it remains active until your browser session ends, after which it is automatically erased. The cookie which is placed when prompting the website saves the language that you chose to view the website.
You may prevent the storing of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.
2.3 Google Analytics
We use Google Analytics on our website. This is a web analytics service provided by of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google). The Google Analytics service is used to analyze how our website is used. The legal basis is Article 6(1)(a) GDPR (consent), if you have given your consent to the use of Google Analytics when accessing our website.
You may access the cookie preferences in the footer of the page again in order to revoke your consent.
Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US.
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, is based in a third country outside the territorial scope of application of the GDPR. The USA does not provide an adequate level of protection for the processing of personal data within the meaning of Article 45 GDPR, as the European Court of Justice ruled in its judgment of 16 July 2020 (Case C-311/18). However, the transfer of personal data to a third country without an adequate level of protection and without appropriate safeguards (Art. 46 GDPR) is exceptionally permitted under Art. 49(1)(a) GDPR if the data subject gives his or her consent. We therefore request your consent for the use of Google Analytics when accessing our website. Googly Analytics will not be used if no consent is given. We would like to point out that according to the ruling of the European Court of Justice in the USA, security authorities and secret services can access personal data of non-American citizens without the legal provisions containing sufficient limitations, in particular proportionality, and that these provisions in part also do not provide for effective legal protection against such interference.
The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general.
The data transmitted to us and linked to cookies will automatically erased after 14 months. Data whose retention period has been reached is automatically erased once a month.
Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at including options you can exercise to prevent such use of your data.
We use the functionality of “reCAPTCHA”, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use this functionality in ordert o detect if input, e.g. in an online form, is made by humans rather than automatic machines (so called „bots“). The data processed may include IP addresses, information on operating systems, devices, browsers, language settings, location, mouse movements, keystrokes, timespan spent on websites, previously visited websites, interactions with reCAPTCHA on other websites and possibly cookies and the result of manual detection procedures (such as answering questions or selecting objects in images).
The legal basis is Article 6(1)(f) GDPR. We use reCAPTCHA for the pursuit of legitimate interests, namely the prevention of misuse.
If you contact us, we will process the data you provide to process your request.
The legal basis is Article 6(1)(b) GDPR (step prior to entering into a contract).
We offer you the opportunity to apply for a job with us by e-mail. With these digital applications, your application data will be collected and processed electronically by us for the purpose of handling the application procedure.
If necessary, we will make enquiries with training institutions, previous employers and other references you have mentioned in your application. In this case, we process the data provided by the third party named by you to evaluate your application.
The legal basis for this processing is Section 26(1) sentence 1 BDSG (German Federal Data Protection Act).
If an employment contract is concluded after the application procedure, we will store the data you provide during the application process in your personnel file for the purpose of the usual organisational and administrative process – this is, of course, in compliance with all other legal obligations.
The legal basis for this processing is also Section 26(1) sentence 1 BDSG.
We will store a rejected application for up to six months after the end of the application procedure with regard to possible claims under the AGG (German Anti-Discrimination Law).
The legal basis in this case is Article 6(1)(f) GDPR and Section 24(1)(2) BDSG. Our legitimate interest is the defence or enforcement of legal claims.
If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, your data will be further processed based on your consent. The legal basis is then Article 6(1)(a) GDPR. However, you can of course revoke your consent at any time in accordance with Article 7(3) GDPR with effect for the future.
If necessary, we will store your data for up to ten years in order to comply with legal obligations, e.g. in the event of reimbursement of travel expenses the corresponding documents, to the extent that this is necessary in accordance with the obligations to retain documents under tax law and commercial law.
The legal basis in this case is Article 6(1)(c) GDPR.
When you subscribe to a newsletter, you give us your consent to processing your name and email address for sending you the newsletter. The legal basis is Article 6(1)(a) GDPR. You may revoke your consent at any time by unsubscribing from the newsletter.
We use the following service providers (processors) who process data on our behalf:
If you have consented to the use of Google Analytics, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, also collects personal data (see section 2.3).
For sending newsletters we use the service “Mailchimp” provided by The Rocket Science Group LLC, which is located in the USA. The USA does not provide an adequate level of protection for the processing of personal data within the meaning of Article 45 GDPR. Therefore the processing is based on an appropriate safeguard according to Article 46 GDPR. We have agreed with The Rocket Science Group LLC the Standard Contractual Clauses published by the EU Commission. The Standard Contractual Clauses form part of the Data Processing Addendum, which is available at https://mailchimp.com/legal/data-processing-addendum/.
Without your consent, we will forward your personal data to third parties in the following cases only:
We store your data for as long as this is required to process an enquiry or to perform the contract. This does not include data which we are not permitted to erase by virtue of a legal requirement (e.g. documents which must be kept under tax law and commercial law requirements) and data which are necessary to pursue legitimate interests, for example the assertion of claims.
Instagram: Joint controllers within the meaning of Art. 26 GDPR are hicklvesting Public Relations GbR (see section 1) and Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, e-mail: email@example.com, fax: +1 650 543 5340. You may contact the data protection officer of Facebook at https://help.instagram.com/contact/186020218683230
LinkedIn: Joint controllers within the meaning of Art. 26 GDPR are Barbara Hickl (for contact details see section 1) or Nicole Vesting, hicklvesting Public Relations GbR, Klenzestraße 7, 80469 Munich, T +49 89 383 801 85, firstname.lastname@example.org and LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
6.2 Instagram Insights
We use Instagram Insights. This means that part of the usage data collected by Facebook is made available to us in anonymised form as a statistical evaluation. The data processing by Facebook itself is not anonymised. In this regard you should contact Facebook directly.
The data is stored solely for statistical purposes. This statistical analysis relates only to the audience, content and activity on our Instagram page. Settings can be made for the evaluation of the audience or appropriate filters can be set with regard to the selection of a time period, access to a specific posting and demographic groupings.
In addition, Facebook collects and processes further personal data of users by using tracking and analysis tools. As far as your behaviour when visiting our Instagram page is evaluated by tracking and analysis tools integrated by Facebook, we have no influence on this processing of data. Facebook is the controller as defined by data protection law with respect to this processing. Therefore, please contact Facebook directly with any enquiries regarding tracking and analysis tools.
6.3 Interactive functions of Instagram
If you use certain interactive functions, such as comments or “liking” of postings, a a registered user, these actions are visible for us as well as for the other registered users. In this way, we can normally establish a direct link to you or your Instagram account.
The legal basis for this is Article 6(1)(b) GDPR (performance of a contract, if you trigger a function desired by you) and Article 6(1)(b) GDPR (pursuit of legitimate interests). Our legitimate interest is to be able to offer you content adapted to your interests.
Please note that we have no influence on visibility of your interactions. The nature, scope and duration of the processing and storage of personal data is determined solely by Facebook. You can therefore request information on the storage period as well as available options for objection directly from Facebook. You can delete your interactions yourself at any time (see https://de-de.facebook.com/help/instagram/289098941190483).
6.4 Other processing of data by Facebook
Facebook describes its own processing in the Instagram Data Policy: https://help.instagram.com/519522125107875?helpref=page_content. In this context Facebook is the sole controller.
Facebook processes information about the content provided and shared, networks and connections used, transactions carried out on Facebook and Instagram, and the end devices used (device attributes, device IDs, device signals, cookies, etc.). Facebook also collects the above data from people who are not logged in to any of the Facebook services. Facebook uses this information for its own purposes, in particular to place advertisements, improve its own products and user tracking.
Facebook may transfer the data collected about you to countries outside the European Economic Area. Facebook uses the standard contractual clauses (see https://de-de.facebook.com/help/566994660333381) as an appropriate guarantee in accordance with Article 46 GDPR.
LinkeIn uses the data processed when you visit our profiles to create statistics on the use of our profiles. This makes us aware of the profiles of visitors as well as demographic and geographical analyses. We can use this information to place targeted interest-based advertisements without immediately knowing the visitor’s identity. LinkedIn will only send us the visitor statistics generated in anonymous form.
The processing of users’ personal data is based on our legitimate interests, namely presenting us and our services. The legal basis is Article 6(1)(f) GDPR.
Please note that LinkedIn Ireland Unlimited Company may transfer personal data to LinkedIn, 1000 W Maude Ave, Sunnyvale, CA 94085, USA, and therefore personal data of users may be processed in a third country outside the territorial scope of applictation of the GDPR.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
6.6 Contact via Instagram or LinkedIn
Section 3.1 applies accordingly.
You have the following rights provided that the respective legal requirements apply:
You may object to the processing of your data for the purposes of direct marketing at any time, and even to any other form of processing of your data on grounds relating to your particular situation (Art. 21 GDPR).
To assert your rights, please refer to the above address.
If you believe that the processing of your data breaches data protection laws, you may lodge a complaint with a supervisory authority (Art. 77 GDPR). The respective local supervisory authorities responsible for us are: Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht), Promenade 18 (Schloss), 91522 Ansbach, Germany (https://www.lda.bayern.de/); Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Maja Smoltczyk, Friedrichstr. 219, 10969 Berlin (https://www.datenschutz-berlin.de)
As of: October 2021