We are delighted that you are interested in our company. Data protection is a very high priority for the management of Le Troisième Pôle a.s.b.l.. The use of the Internet pages of the Le Troisième Pôle a.s.b.l. is possible without any indication of personal data. However, if a data subject wants to use special enterprise services via our Internet pages, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally acquire the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to Le Troisième Pôle a.s.b.l.. By means of this data protection declaration, our company wants to inform the general public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, by means of this data protection declaration, data subjects are informed of their rights.
As the controller, Le Troisième Pôle a.s.b.l. has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, data transmissions over the Internet may in principle contain security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us by alternative means, for example by telephone.
The data protection declaration of Le Troisième Pôle a.s.b.l. is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration must be readable and understandable for the general public, as well as our customers and business partners. To ensure this, we would first like to explain the terminology used.
In this data protection statement, we use the following terms:
a) Personal data
Personal data is any information relating to an identified or identifiable natural person(hereinafter referred to as "data subject"); an "identifiable natural person" is one who can be identifiednatural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, aidentification number, location data, an online identifier, or one or more factors specific to physical identityspecific physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
The data subject means any identified natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, retrieval, sorting, sorting and retrieval of data, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Limitation of processing
Limitation of processing means the marking of retained personal data with a view to limiting their future processing.future processing.
Profiling means any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict factors concerning that person's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.location or movements of that natural person.
Pseudonymisation means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without recourse to additional information, provided that such additional information is kept separate and subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
The controller is the natural or legal person, public authority, agency or other bodywhich alone or jointly with others determines the purposes and means of the processing operation; where the purposes and means of the processing operation are determined by the controller, the controller shall be the person responsible for the processing operation.means of such processing are determined by Union law or the law of a Member State, the controller may be designated or the specific criteria may bemay be designated or the specific criteria for designation may be laid down in Union law or in the law of a Member State.Union law or the law of a Member State.
The processor is the natural or legal person, public authority, agency or other body which processespersonal data on behalf of the controller.
The recipient is the natural or legal person, public authority, agency or any other body which receives(i)
The recipient is the natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the context of a particular enquiry in accordance with Union law or the law of a Member State shall not be regarded as recipients; the processing of such data by the public authorities in question shall be in accordance with the applicable data protection rules in relation to the purposes of the processing.
The third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the service provider or the body responsible for the processing.data subject, the controller, the processor and the persons who, under the direct authority of the controller or processorcontroller or processor, are authorised to process personal data.
The consent of the data subject is any freely given, specific, informed and unambiguous indication of his or her wishes byby which the data subject agrees, by a declaration or by a clear positive act, that personal data concerning him or her may be processed.personal data relating to him or her are processed.
2. Name and address of the controller
The data controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable to the Member States of the European Union and other provisions on data protection is
Le Troisième Pôle a.s.b.l.
1 rue de la Gare d'Autre Eglise
Telephone number: 32477535751
Email: [email protected]
3. Collection of data and general information
The website of the Third Pole a.s.b.l. collects a series of general data and information when a data subject or an automated system calls up the website. These general data and information are stored in the server log files. Collected can be (1) the types of Internet browsers and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of an attack on our computer systems.
By using this general data and information, Le Troisième Pôle a.s.b.l. does not draw any conclusions about the data subject. Rather, this information is used to (1) correctly deliver the content of our website, (2) optimize the content of our website as well as its advertising, (3) ensure the long-term viability of our computer systems and website technology, and (4) provide law enforcement authorities with information necessary for criminal prosecution in the event of a cyber attack. Of which, The Third Pole a.s.b.l. analyzes anonymously collected data and information in a statistical way, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from any personal data provided by the data subject.
4. Registration on our website
The data subject has the opportunity to register on the website of the controller by entering personal data. The personal data to be transmitted to the controller is determined by the respective input mask used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller for its own purposes. The controller may request the transfer to one or more processors (e.g. a parcel service) which also use personal data for an internal purpose attributable to the controller.
When registering on the website of the controller, the IP address - assigned by the Internet Service Provider (ISP) and used by the data subject - the date and time of registration are also stored. The storage of this data takes place in the context that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of offences committed. To this extent, the storage of these data is necessary to secure the data controller. This data is not passed on to third parties, unless there is a legal obligation to pass on this data or if the passing on serves the purpose of criminal proceedings.
The registration of the person concerned by the voluntary indication of personal data is intended to enable the controller to offer the person concerned content or services that can only be offered to registered users due to the nature of the subject in question. Registered persons may, at any time, without constraint, change the personal data specified during registration or delete them completely from the data stock of the data controller.
The data controller must, at any time, provide each data subject with information on the personal data stored on the data subject upon request. In addition, the data controller must correct or erase personal data at the request or indication of the data subject, provided that there is no legal obligation to retain them. All employees of the controller are available to the data subject as contact persons.
5. Subscription to our newsletters
On the website of the Le Troisième Pôle a.s.b.l., users are given the opportunity to subscribe to our enterprise's newsletters. The input mask used for this purpose determines which personal data are transmitted, as well as when the newsletter is ordered by the controller.
Le Troisième Pôle a.s.b.l. regularly informs its customers and business partners by means of a newsletter. The newsletter of the enterprise can be received by the data subject only if (1) the data subject has a valid e-mail address, and (2) the data subject registers for the newsletter. A confirmation e-mail will be sent for the first time to the e-mail address registered by the data subject, for legal reasons, during the double opt-in procedure. This confirmation e-mail serves to prove whether the owner of the e-mail address is authorised as a data subject to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet Service Provider (ISP) and used by the data subject during registration, as well as the date and time of registration. The collection of this data is necessary in order to understand the (possible) misuse of the data subject's e-mail address at a later date, thus serving the purpose of legal protection of the controller.
The personal data collected within the framework of the newsletter registration will only be used to send our newsletter. In addition, newsletter subscribers may be informed via e-mail as long as this is necessary for the operation of the newsletter service or for a registration in question, for example in the case of changes to the newsletter offer or in the case of a change in technical circumstances. Personal data will not be passed on by the newsletter service to third parties. The registration for our newsletter can be terminated by the data subject at any time. The consent of the data subject to the storage of personal data for the purpose of sending the newsletter can be revoked at any time. For the purpose of revoking consent, a corresponding link is included in each newsletter. It is also possible to unsubscribe to the newsletter at any time directly on the website of the controller or to communicate it to the controller in a different way.
The newsletter of Le Troisième Pôle a.s.b.l. contains so-called tracking pixels. I448. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the integrated tracking pixel, The Third Pole a.s.b.l. can see if and when an e-mail was opened by the data subject and which links in the e-mail were opened by the data subject.
These personal data collected by the tracking pixels in the newsletter are stored and analysed by the controller to optimise the sending of the newsletters, as well as to better adapt the content of future newsletters to the interests of the data subject. This personal data is not passed on to third parties. Data subjects have the right to revoke their separate declaration of consent at any time by means of the double opt-in procedure. After the revocation, these personal data will be deleted by the controller. The Third Pole a.s.b.l. automatically regards the withdrawal from the receipt of the newsletter as a revocation.
7. Possibility of contact via the website
The website of the Third Pole a.s.b.l. contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, also including a general address of the so-called e-mail address. If the data subject contacts the controller via e-mail or a contact form, the personal data transmitted by the data subject are automatically stored. The personal data voluntarily transmitted by the data subject to the controller are stored for the purpose of processing or communicating with the data subject. There is no transmission of this personal data to third parties.
8. Function of the comments on the blog of the website
Le Troisième Pôle a.s.b.l. offers users the opportunity to leave individual comments on individual blog entries on the website of the controller. A blog is a publicly accessible web portal through which one or more persons called bloggers or web-bloggers can post articles or record their thoughts in so-called blog posts. Blogposts can be commented on by third parties.
If a data subject comments on the blog published on this website, the data subject's comment is also stored and published, together with information on the date of the comment and the user name chosen by the data subject. In addition, the IP address assigned to the data subject by the Internet service provider is also recorded. This storage of the IP address takes place for security reasons and in case the data subject violates the rights of third parties or posts illegal content via a comment. The storage of this personal data is therefore in the interest of the data controller, so that he can exonerate himself in case of an offence. The personal data collected shall not be transmitted to third parties, except where such transmission is required by law or serves the defence of the data controller.
9. Routine erasure and blocking of personal data
The data controller shall process and retain the personal data of the data subject only for the period necessary to achieve the purpose of retention or as long as granted by the European or other legislators in the laws or regulations to which the data controller is subject.
If the purpose of retention is not applicable, or if the retention period prescribed by the European legislator or other competent legislator expires, the personal data is blocked or deleted routinely in accordance with legal requirements.
10. Rights of the data subject
a) Right of confirmation
Every data subject has the right to obtain confirmation from the controller that personal data relating to him or her are or are notpersonal data concerning him or her are or are not being processed. If the data subject wishes to avail himself of this right of confirmation, he may at any time contact an employee of the controller.
b) Right of access
The data subject has the right given by the European legislator to obtain, at any time, access by the controller to the information about his/her personal data stored and a copy of this information. In addition, the European directives and regulations grant the data subject access to the following information the purposes of the processing;the categories of personal data concernedthe recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients who are established in third countries or international organisations;where possible, the envisaged period of storage of personal data or, where this is not possible, thepossible, the criteria used to determine that period;the existence of the right to request from the controller the rectification or erasure of personal data, or a restriction on the processing of personal datapersonal data, or a restriction on the processing of personal data relating to the data subject, orthe right to object to such processing;the right to lodge a complaint with a supervisory authority;where personal data are not obtained from the data subject, any available information as to their sourcethe existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4), and, at least in such cases, information on the nature of the processing.and, at least in such cases, relevant information concerning the underlying logic and the significance andconsequences of such processing for the data subject.
In addition, the data subject has the right to be informed if personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject has the right to be informed of the appropriate safeguards with regard to this transfer.
If the data subject wishes to avail himself or herself of this right of access, he or she may, at any time, contact an employee of the controller.
c) Right of rectification
The data subject has the right granted by the European legislator to obtain from the controller, as soon as possible, the rectification of personal data relating to him or her which are inaccurate. In view of the purposes of the processing operation, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement.
If the data subject wishes to exercise this right of rectification, he or she may, at any time, contact an employee of the controller.
d) Right to erasure ("right to be forgotten")
The data subject has the right granted by the European legislator to obtain from the controller the erasure, as soon as possible, of personal data relating to him or her and the controller has an obligation to erase such personal data as soon as possible, where one of the following grounds applies
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.The data subject withdraws the consent on which the processing is based, in accordance with Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no compelling legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.The personal data have been processed unlawfully.The personal data must be erased in order to comply with a legal obligation under Union law or under the law of the Member States.Union law or the law of the Member State to which the controller is subject.Personal data have been collected in the context of the provision of information society servicesreferred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the Le Troisième Pôle a.s.b.l., he or she may, at any time, contact any employee of the controller. An employee of Le Troisième Pôle a.s.b.l. shall promptly assure the data subject that the requested erasure has been completed immediately.
Where the controller has made personal data public and is required to erase them pursuant to Article 17(1), the controller shall, taking into account the available technologies and the costs of implementation, take reasonable steps, including technical steps, to inform the controllers processing such personal data that the data subject has requested the erasure by those controllers of any links to, or copies or reproductions of, such personal data to the extent that the processing is not required. An employee of Le Troisième Pôle a.s.b.l. will arrange the necessary measures in individual cases.
e) Right to the limitation of the processing
The data subject has the right granted by the European legislator to obtain from the controller the restriction of the processing when one of the following applies
The accuracy of the personal data is contested by the data subject, for a period allowingThe accuracy of the personal data is contested by the data subject, for a period allowing the controller to verify the accuracy of the personal data.The processing is unlawful and the data subject objects to the erasure of the data and demands instead the restriction of their use.The controller no longer needs the personal data for the purposes of the processing operation but the data are still necessary for the data subject to establish, exercise or defend legal claimsThe data subject has objected to the processing under Article 21(1) of the GDPR during the verification as to whether the legitimate grounds pursued by the controller override those of the data subject.
If one of the following applies, and a data subject wishes to request the restriction of the processing of personal data stored by the Le Troisième Pôle a.s.b.l., the data subject may at any time contact any employee of the controller. An employee of Le Troisième Pôle a.s.b.l. will arrange the restriction of the processing.
f) Right to data portability
Data subjects have the right granted by the European legislator to receive personal data relating to them which they have supplied to a controller in a structured, commonly used and machine-readable format. Data subjects should have the right to transmit such data to another controller without the controller to whom the personal data have been communicated hindering this, where the processing is based on consent pursuant to Article 6(1)(a) or Article 9, (2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, if the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, by exercising the right to portability pursuant to Article 20(1) of the GDPR, the data subject hasthe right to have personal data transmitted directly from one controller to another, where technically possible and where this does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may, at any time, contact any employee of the Le Troisième Pôle a.s.b.l..
g) Right of objection
The data subject has the right granted by the European legislator to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her based on Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
Le Troisième Pôle a.s.b.l. shall no longer process the personal data, unless it can demonstrate compelling legitimate grounds for the processing which override the interests and rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
If Le Troisième Pôle a.s.b.l. processes personal data for canvassing purposes, the data subject has the rightto object at any time to the processing of personal data concerning him or her for such purposes. This also applies to profiling insofar as it is related to such marketing. If the data subject objects to the processing for canvassing purposes, the personal data shall no longer be processed for such purposes.
Furthermore, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her by Le Troisième Pôle a.s.b.l. for scientific or historical research purposes or for statistical purposes pursuant to Article 89, paragraph 1 of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
In order to assert the right of objection, the data subject may, at any time, contact any employee of the Le Troisième Pôle a.s.b.l.. Furthermore, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his/her right to object by means of automated processes using technical specifications.
h) Automated individual decision and profiling
The data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, where the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and a controller or (2) is not authorised by Union law or the law of the Member State to which the controller is subject and which also provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is not based on the data subject's explicit consent.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and a controller, or(2) is based on the data subject's explicit consent, the Third Pole a.s.b.l. shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least theright to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may at any time contact any employee of the Le Troisième Pôle a.s.b.l..
i) Right to withdraw consent to processing
The data subject has the right granted by the European legislator to withdraw his/her consent to the processing of his/her personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the Le Troisième Pôle a.s.b.l..
11. Data protection provisions regarding the application and use of Facebook
On this website, the controller has integrated components of the company Facebook. Facebook is a social network.
A social network is a social gathering place on the Internet, an online community that allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences or allow the Internet community to provide personal or professional information. Facebook allows users of social networks to include the creation of private profiles, upload photos and create networks via friend requests.
The operating company of Facebook is Facebook, Inc. at 1 Hacker Way, Menlo Park, CA 94025, United States. For persons living outside the United States, the data controller is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When calling up one of the individual pages of this website which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the data subject's computer system is automatically prompted by the Facebook component to download the Facebook component display. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/. During this technical procedure, Facebook recognises the specific sub-sites of our website that the data subject has visited.
If the person concerned is also logged on to Facebook, Facebook detects which specific sub-site of our website the person concerned has visited by calling up our website - and for the duration of their visit to our website. This information is collected via the Facebook component and linked to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, Facebook links this information to the data subject's personal Facebook account and stores the personal data.
Facebook always receives information about the data subject's visit to our website via the Facebook component, whenever the data subject is logged in to Facebook at the same time as he or she is visiting our website. This occurs irrespective of whether the data subject clicks on the Facebook component or not. If the data subject does not want such a transfer of information to Facebook, he or she can prevent this by logging out of the Facebook account before the call to our website.
The data protection policy published by Facebook, which is available at https://facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. In addition, the setting options that Facebook offers to protect the privacy of the data subject are explained here. Different setting options are also available to enable the elimination of data transmissions to Facebook. These applications can be used by the data subject to prevent the transmission of data to Facebook.
12. Data protection provisions for the application and use of Google Analytics (with anonymisation function)
On this website, the controller has integrated components of Google Analytics (with anonymization function). Google Analytics is a web analysis service which collects and analyses data about the behaviour of visitors to the website. A web analysis service captures, among other things, relevant data on which website a person arrived via another website (the so-called referrer), which sub-site of the website was visited or how often and for how long this sub-site was viewed. Web analysis is mainly used for website optimisation in order to carry out a cost-benefit analysis of Internet advertising.
The operating company of the component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
For the web analysis via Google Analytics the controller uses the application "_gat. _anonymizeIp". With this application, the IP address of the data subject's Internet connection is abbreviated by Google and anonymised when accessing our websites from a Member State of the European Union or another state that is party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our website and to provide online reports, which show the activities of our websites, and to provide other services related to the use of our website for us.
Google Analytics places a cookie on the data subject's computer system. The definition of cookies is explained above. In this way, Google can analyse the use of our website. By calling up one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the Internet browser on the computer system of the data subject will automatically submit data via the Google Analytics component for online advertising and commission payments to Google. Within the framework of this technical procedure, the Google company is informed about personal data, such as the IP address of the data subject, which enables Google, among other things, to understand the origin of visitors and clicks and thus to create commission payments.
The cookie is used to store personal data such as the time of access, the location from which the access was made and the frequency of visits to our website by the data subject. On each visit to our website, such personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the USA. This personal data is stored by Google in the USA. Google may disclose the personal data collected through this technical procedure to third parties.
As stated above, the data subject can prevent the placement of cookies via our website at any time by making a corresponding setting on the Internet browser used and thereby permanently disabling the cookie setting. Such a setting in the Internet browser used prevents Google Analytics from placing a cookie on the data subject's computer system. Cookies that have already been used by Google Analytics can also be deleted at any time using a web browser or other software.
Further information and applicable regulations of Google under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is explained under the link https://www.google.com/analytics/.
13. Data protection regulations for the application and use of Instagram
On this website, the controller has integrated components of Instagram. Instagram is a service that can be described as an audiovisual platform, which allows users to share photos and videos and to distribute this data to other social networks.
The company operating the services offered by Instagram is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
By calling up one of the individual pages of this website which is operated by the controller and on which an Instagram component (the Insta button) has been integrated, the Internet browser of the data subject automatically downloads a display of the Instagram component via the respective Instagram component. During this technical procedure, Instagram of the specific individual sub-sites of this website that the data subject has visited.
If the data subject is at the same time logged in on Instagram, Instagram detects by calling up our website by the data subject - and for the duration of their visit to our website - which specific subsite of our website was visited by the data subject. This information is collected via the Instagram component, and associated with the respective Google+ account of the data subject. If the data subject clicks on one of the integrated Instagram buttons on our website, Instagram associates this information with the data subject's personal Instagram user account and records the personal data.
Instagram receives the information via the Instagram component that the data subject has visited our website, if the data subject is at the same time logged in on Instagram. This occurs regardless of whether the data subject clicks on the Instagram button or not. If such a transmission of information to Instagram is not desired by the data subject, the data subject can prevent it by logging out of his/her Instagram account before calling up our website.
Further information and the applicable provisions of Instagram under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
14. Data protection regulations for the application and use of YouTube
On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that allows video publishers to upload video clips and other users to view, comment on and discuss them free of charge. YouTube also allows you to post all kinds of videos, so you can access both movies and full-length TV shows, as well as music videos, trailers and user-generated videos via the Internet portal.
The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
When calling up one of the individual pages of this website which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the data subject's Internet browser is automatically prompted to download a display of the YouTube component. More information on YouTube can be found at https://www.youtube.com/yt/about/en/. During this technical procedure, YouTube and Google are informed about the specific subpage of our website visited by the data subject.
If the data subject is at the same time logged on to YouTube, YouTube detects by calling up our website by the data subject - and for the duration of their visit to our website - which specific sub-site of our website was visited by the data subject. This information is collected via the YouTube component and linked to the respective YouTube account of the data subject
YouTube and Google receive information via the YouTube component that the data subject has visited our website, if the data subject is at the same time logged in to YouTube. This occurs irrespective of whether the data subject clicks on a YouTube video or not. If the data subject does not want the information to be transmitted to Youtube and Google, he or she can prevent such transmission by logging out of his or her Youtube account before calling up our website.
YouTube's applicable data protection regulations, which can be found at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
15. Legal basis for processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for the specific purpose of processing. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, for example where processing operations are necessary for the supply of goods or for any other service, the processing is based on Article (1) (b) GDPR. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in the case of requests for our products or services. If our company is subject to a legal obligation to process personal data, e.g. for compliance with tax obligations, the processing is based on Art. 6 (1) (c) GDPR.In some cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if the visitor was injured in our company and his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or third party. This processing is then based on Article 6(1)(d) GDPR.Finally, processing operations can be based on Article 6(1)(f). This legal basis is used for processing operations that are not covered by any of the above-mentioned articles, if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except in the case where the interests or fundamental rights and freedoms of the data subject override such interests which require the protection of personal data. Such processing operations are particularly permitted as they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject was a customer of the controller (Recital 47 sentence 2 GDPR).
16. Legitimate interests pursued by the controller or by a third party.Where the processing of personal data is based on Article 6(1) (f) GDPR, our legitimate interest is to perform our activities for the benefit of all our employees and shareholders.
17. Period for which personal data is retained
The criteria used to determine the retention period is the respective legal retention period. After the expiry of this period, the data is systematically deleted, as long as it is no longer required for the execution of the contract or the opening of a contract.