Fast Lane's Privacy Policy
Privacy Policy
Date: 29th October, 2018
Person responsible
Name/Fa.: |
Fast Lane Institute for Knowledge Transfer GmbH |
Data Protection Officer:
Name/Fa.: |
Anne Merten / F1 GmbH |
Table of contents:
1) Basic information on data processing and legal bases
2) Security measures
3) Disclosure of data to third parties and third party providers
4) Provision of contractual services
5) Establishing contact
6) Collection of access data and log files
7) Cookies & range measurement
8-9) Google Services
10-11) Social Media Services
12) Newsletter
13) Integration of third-party services and content
14) Users' rights
15) Deletion of data
16) Changes to the data protection declaration
17) Right of objection
1. Basic information on data processing and legal bases
a. This Privacy Policy informs you about the type, scope and purpose of processing personal data within our service offering and the associated websites, functions and contents (hereinafter jointly referred to as online offer
or website
). This Privacy Policy applies regardless of the domains, systems, platforms and end devices (e.g. desktop or mobile) on which the online offer is executed.
b. The terms used, such as personal data
or their processing
, refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
c. The personal data of users processed within the scope of this online offer include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of agents, payment information), usage data (e.g. websites visited on our online offer, interest in our products) and content data (e.g. entries in the contact form), as well as job application data.
d. The term user
covers all categories of data subjects. These include our business partners, customers, prospective customers, job applicants and other visitors to our online offering. The terms used, such as user
, are to be understood as gender-neutral.
e. We process personal data of users only in compliance with the relevant data protection regulations. This means that user data will only be processed if legal permission has been obtained. This means in particular if data processing is necessary for the provision of our contractual services (e.g. processing of orders) as well as online services, or is required by law, if the user has given his or her consent, or if our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online services within the scope of Art. 6(1)(f) GDPR, in particular for range measurement, creation of profiles for advertising and marketing purposes, collection of access data and use of third-party services.
f. We point out that the legal basis of the consent is Art. 6 (1)(a) and Art. 7 GDPR, the legal basis for the processing for the fulfilment of our services and implementation of contractual measures is Art. 6 (1)(b) GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 (1)(c) GDPR and the legal basis for processing to protect our legitimate interests is Art. 6 (1)(f) GDPR.
2. Safety precautions
a. We take organizational, contractual and technical security measures seriously, in accordance with current technical capabilities. This is to ensure that the regulations of data protection laws are observed, and thus protect the data processed against accidental or intentional manipulation, loss, destruction, or access by any unauthorized persons.
b. The security measures include the encrypted transmission of data between your browser and our servers.
3. Disclosure of data to third parties
a. Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 (1)(b) GDPR or on the basis of legitimate interests pursuant to Art. 6 (1)(f) GDPR on economic and effective business operations.
b. If we use subcontractors to provide our services, we take appropriate legal precautions, technical and organisational measures to ensure the protection of personal data in accordance with legal regulations.
c. If tools or other means from external providers (hereinafter jointly referred to as third providers
) are used within the scope of this data protection declaration, and their named registered office is in a third country, it is to be assumed that data is transferred to the country in which the third provider has their registered office. Third countries are considered to be where GDPR is not directly applicable, i.e. in principle countries outside of the EU or the European Economic Area. Should data be transferred to a third country or an international organisation, it will be ensured before the transfer of the data that suitable guarantees in accordance with Art. 44 et seq. of the DSGVO are available for the recipient.
4. Performance of contractual services
a. We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 (1)(b) GDPR.
b. Users can opt to create their own user account, in particular for viewing their orders. During the registration process, the required information will be communicated to the user. The user accounts are not made public and cannot be indexed by search engines. If user terminate their account, their data will be deleted, subject to storage for commercial or tax reasons according to Art. 6 (1)(c) GDPR. It is the user’s responsibility to save their data, before the end of the contract, if they have given notice of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
5. Establishing contact
a. When contacting us (via contact forms or e-mail), the user's details are processed for conducting the enquiry request and its handling in accordance with Art. 6 (1)(b) GDPR.
b. User information can be stored in our Customer Relationship Management System (CRM System
).
c. We use an internal CRM system, developed by Fast Lane Institute for Knowledge Transfer GmbH, based on our legitimate interests.
6. Collection of access data and log files
a. We collect data on the basis of our legitimate interests within the scope of Art. 6 (1)(f) GDPR. This is carried out through our servers within our secure Data Centers. Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
b. Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data which is required for further storage, for review or evidentiary purposes, is excluded from deletion until the respective incident has been clarified.
7. Cookies & range measurement
a. Cookies are pieces of information that is transferred from our web servers, or third party web servers, to the user's web browser and stored there for later retrieval.
b. Users will be informed about the use of cookies within the scope of this data protection declaration.
c. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions.
d. You may opt-out of the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
8. Google Analytics
a. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1)(f) GDPR) Google Analytics, a web analysis service of Google Inc. (Google
). Google uses cookies. The information generated by the cookie about the use of the online offer is generally transferred to a Google server in the US and stored there.
b. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
c. Google will use this information on our behalf to evaluate the use of our online offerings to our users. Google will compile reports, and provide us with insights to other services associated with the online offer which might be of interest to the user.
d. Pseudonymous user profiles can be created from the processed data.
e. We use Google Analytics to display the ads placed by Google and its partners (so-called remarketing
or Google Analytics Audiences
) only to the users that have shown an interest to our online offer, or who have certain characteristics e.g. interests in certain topics or products that are determined by the web pages visited.
f. We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union, or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there.
g. The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly. Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
h. Further information on data use by Google, possible settings and objections can be found on Google's websites: https://www.google.com/intl/de/policies/privacy/partners (Data use by Google when using our partners' websites or apps
), http://www.google.com/policies/technologies/ads (Data use for advertising purposes
), http://www.google.de/settings/ads (Manage information that Google uses to show you advertising
).
9. Google-Re/Marketing-Services
a. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1)(f) GDPR) the marketing and remarketing services (Google Marketing Services
for short) of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (Google
).
b. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
c. The Google marketing services allow us to target advertisements to active users, which potentially match their interests. For example, if a user sees an advertisement for a product(s) they have been interested in on other websites, this is referred to as remarketing
. For these purposes, when our and other websites on which Google marketing services are active, Google directly executes a code and (re)marketing tags (invisible graphics or code, also known as web beacons
) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, the content viewed, and offers clicked on as a matter of interest, furthermore technical information about the browser and operating system, referring websites, visiting time, and information regarding the use of the online offer. The IP address of the user is also recorded, whereby within the framework of Google Analytics the IP address is shortened within member states of the European Union, or in other signatory states of the European Economic Area Agreement. In exceptional cases the IP address is completely transmitted to a Google server in the US where it is then shortened. The IP address is not combined with the user's data within other Google offers. The above information may also be linked by Google to such information from other sources. If the user then visits other websites, the ads are tailored to their interests.
d. Users' data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means from Google's point of view, the ads are not managed and displayed for a specifically identifiable person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services is transmitted to Google and stored on Google's servers in the US.
e. Further information on Google's use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, Google's data protection declaration can be accessed at https://www.google.com/policies/privacy .
f. If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
10. Facebook Social Plugins
a. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1)(f) GDPR). Social Plugins (Plugins
) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook
). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (white f
on blue tile, the terms like
, like
or a thumbs up
sign) or are marked with the addition Facebook Social Plugin
. The list and the appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
b. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
c. When a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offer. The processed data can be used to create user profiles. We therefore have no influence on the amount of data Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
d. By integrating the plugins, Facebook receives information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
e. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of users' privacy, can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/.
f. If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his membership data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
11. Facebook, Custom Audiences and Facebook Marketing Services
a. Due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes the so-called Facebook pixel
of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook
), is used within our online offer.
b. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
c. With the help of the Facebook pixel, Facebook is able to determine the visitors of our online offer as a target group for the presentation of ads (so-called Facebook ads
). Accordingly, we use the Facebook pixel to display the Facebook ads we post only to Facebook users who have also shown an interest in our online offering or who have certain features (e.g. interests in certain topics or products that are determined by the websites visited) that we transmit to Facebook (so-called custom audiences
). We also want to use the Facebook pixel to ensure that our Facebook ads meet the potential interest of users and are not a nuisance. The Facebook pixel also helps us understand the effectiveness of Facebook ads for statistical and market research purposes by showing whether users have been redirected to our website after clicking on a Facebook ad (so-called conversion
).
d. The Facebook pixel is integrated directly by Facebook when you visit our website and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous to us, so it does not provide us with any information about the identity of the user. However, Facebook stores and processes the data so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we send data to Facebook for matching purposes, it is encrypted locally by the browser and only then sent to Facebook via a secure https connection. This is done solely with the purpose of creating a comparison with the data that is equally encrypted by Facebook.
e. Facebook processes the data in accordance with Facebook's Data Usage Policy. Accordingly, general information on the presentation of Facebook ads can be found in the Facebook Data Usage Policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook pixel and how it works, please visit the Facebook Help section: https://www.facebook.com/business/help/651294705016616
f. You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what types of ads you see within Facebook, you can visit the page set up by Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
g. To prevent your information from being collected via the Facebook pixel on our website, please click the following link: Facebook Opt-Out Note: When you click the link, an opt-out cookie is stored on your device. If you delete the cookies in this browser, you must click the link again. Furthermore, the opt-out only applies within the browser you use and only within our web domain on which the link was clicked.
h. You may also object to the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
12. Newsletter
a. With the following information we will inform you about the content of our newsletters, the registration process, dispatch, statistical evaluation procedure, and your rights of objection. By subscribing to our newsletter(s) you agree to the receipt and the described procedures.
b. Content of the newsletter(s): We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter newsletters
) only with the consent of the recipient(s), or with legal permission. If the contents of a newsletter are specifically described within the scope of a registration, they describe the extent of the user consent. In addition, our newsletters contain information about our products, offers, promotions and our company / business updates.
c. Double opt-in and logging: Subscription to our newsletter takes through a double opt-in procedure. As a part of this registration process you will receive an e-mail asking you to once again confirm your registration. This confirmation is necessary so that no one can log in with another e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the login, confirmation time, and the IP address. The changes to your data stored with the shipping service provider are also logged.
d. Shipping Provider: The newsletter is sent by Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109, United States, hereinafter referred to as Shipping Provider
. The Privacy Policy of the shipping company can be viewed here: https://aws.amazon.com/de/privacy/?nc1=f_pr. Amazon Web Services, Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active).
e. Credentials: To subscribe to the newsletter, simply enter your e-mail address. Optionally, we ask you to enter a name in order to address individuals personally.
f. Statistical data collection and analysis - The newsletters contain a so-called web-beacon
, i.e. a pixel-sized file that is retrieved from the mail order company's server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content accordingly, or to send different content in relation to their interests.
g. The use of the shipping service provider, performance of statistical surveys, analysis, and the registration procedure is conducted on the basis of our legitimate interests pursuant to Art. 6 (1)(f) GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our recipients.
h. Cancellation/Revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to the dispatch by the shipping service provider and the statistical analysis will expire. A separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.
13. Integration of third-party services and content
a. We use content or service offers from third parties within our online offering (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. DSGVO) on the basis of our legitimate interests in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as content
).
b. This always presupposes that the third party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort not to use website content, whose provider could use the user’s IP address for other purposes than the transfer of content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as web beacons
) for statistical or marketing purposes. Pixel tags
can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as may be linked to such information from other sources.
c. The following presentation provides an overview of third-party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out):
- If our customers use the payment services of third parties (e.g. PayPal), the terms and conditions and data protection information of the respective third party providers, which can be accessed within the respective websites or transaction applications, apply.
- External fonts from Google, Inc, https://www.google.com/fonts (
Google Fonts
). The integration of the Google Fonts takes place via a server call to Google (usually in the USA). Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/. - Maps of the
Google Maps
service provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/. - Videos from the YouTube platform of third-party provider Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- Functions of the Twitter service are integrated in our online offer. These functions are provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the
Re-Tweet
function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how it is used by Twitter. Twitter's Privacy Policy at http://twitter.com/privacy extern. You can change your Twitter privacy settings in your account settings at http://twitter.com/account/settins. - The data controller has integrated components of AddThis on this website. AddThis is a so-called bookmarking provider. The service enables a simplified bookmarking of websites via buttons. By moving the mouse over the AddThis component or by clicking on it, a list of bookmarking and sharing services is displayed. AddThis is operated by AddThis, Inc. 1595 Spring Hill Road, Suite 300, Vienna, VA 22182, USA. AddThis displays personalized and interest-based advertising based on a cookie set by the company. This cookie analyses the individual surfing behaviour of the computer system used by the person concerned. The cookie stores the visits to Internet pages coming from the computer system. The person concerned can prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent AddThis from placing a cookie on the information technology system of the person concerned. In addition, cookies already set by AddThis can be deleted at any time via an Internet browser or other software programs.
- The data subject also has the option of permanently objecting to the processing of personal data by AddThis. To do this, the person concerned must press the opt-out button under the link http://www.addthis.com/privacy/opt-out which sets an opt-out cookie. The opt-out cookie set with the objection is stored on the information technology system used by the person concerned. If the cookies are deleted on the system of the person concerned after an objection, the person concerned must call up the link again and set a new opt-out cookie. With the setting of the opt-out cookie, however, it is possible that the Internet pages of the data controller may no longer be fully usable by the data subject. AddThis' current Privacy Policy can be found at http://www.addthis.com/privacy/privacy-policy.
14. Rights of users
a. Users have the right, upon request and free of charge, to receive information about the personal data that we have stored about them.
b. b. In addition, users have the right to correct inaccurate data, to limit the processing and deletion of their personal data, if applicable, to assert their rights to data portability and, in the event of the assumption of unlawful data processing, to file a complaint with the competent supervisory authority.
c. Likewise, users can revoke consent at any time.
15. Deletion of data
a. The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to keep it in safekeeping. If the user's data is not deleted because it is necessary for legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.
b. In accordance with statutory requirements, the records are kept for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.)
16. Changes to this Privacy Policy
a. We reserve the right to change the data protection declaration in order to adapt to amended legal circumstances, or in the event of changes to the service or data processing procedure. However, this only applies with regards to declarations on data processing. If a user’s consent is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the users' consent.
b. Users are asked to inform themselves regularly about the contents of the data protection declaration.
17. Right of objection
Users can object to any future processing of their personal data in accordance with legal requirements at any time. The objection may be lodged against processing for direct marketing purposes.