Declaration on data protection
We would like to inform you about the nature, scope and purpose of the collection of your personal data (hereinafter referred to as "data") when using our services and products as well as the website, app and social media channels and explain all measures taken to protect your data.
The protection of your data is very important to Boes Media Solutions (hereinafter referred to as the "Agency") and therefore we try to take measures to ensure that your data is kept and used securely and in accordance with the provisions of the DSGVO (General Data Protection Regulation of the European Union).
Your rights in relation to data protection
As a user of the Agency's services and as a customer, you have certain rights under the GDPR, which are listed below:
- Right to information (in accordance with Art. 15 DSGVO) - You have the right to be informed about the categories of data stored, the purpose of their processing, the duration of storage and the recipients of the stored data.
- Right to amend (in accordance with Art. 16 DSGVO) - You have the right to complete or, if necessary, to correct the stored data.
- Right of deletion (according to Art. 17 DSGVO) - You can request the deletion of your data stored by us. The data will be deleted if it is not required for a valid contract or for a justified case (such as legal retention periods, conflicting interests).
- Right to restriction of processing (in accordance with Art. 18 of the GDPR) - You can request that your data may no longer be changed or further processed by us. To do so, they can (1) dispute the accuracy of the data (it will not be further used until verified), (2) challenge the processing, (3) prevent deletion (until legal claims are resolved) or (4) lodge an objection to the processing (review of processing).
- Right to be notified of the restriction (under Article 19 GDPR) - You have the right to be informed when the restriction on processing is lifted.
- Right to Transfer (under Art. 20 GDPR) - You are granted the right to receive your provided data in a tidy, structured and machine-readable format and also to share this report with third parties. This excludes (1) data intended for the public interest, (2) data necessary for a task and (3) data in the exercise of official authority.
- Right to object (according to Art. 21 DSGVO) - You can object to the processing of (1) data that we process by legitimate interest (according to Art. 6 para 1 lit. f DSGVO). Unless a legitimate interest prevails over your right or there is a use for legal claims, we will no longer process the data at your request. You can object to the processing of (2) data for direct advertising at any time.
Should you wish to object to the processing of your data, you may do so by sending a letter to the address of the Agency (see point 3.1) or by e-mail to email@example.com.
We will try to respond to your requests regarding the above rights as quickly as possible, but please note that if there is an increased volume of mail, it may take some time for all information to be sent to you.
You have the right (pursuant to Art. 77 DSGVO) to lodge a complaint with the competent data protection supervisory authority (located at Barichgasse 40-42, 1030 Vienna, Austria).
Responsibility for data protection
Pursuant to Art. 4 (7) DSGVO, the registered advertising agency Boes Media Solutions e.U. with its registered office at Kirchfeldgasse 15, 2102 Bisamberg, Austria, is responsible for the collection of personal data.
If you have any questions or require information on data protection and all guidelines, please contact the data protection officer, Mr Daniel Boes, at +43 (0) 2262 / 20 422 or at the e-mail address firstname.lastname@example.org.
Data collection on website
When visiting websites that can be clearly assigned to the agency on the basis of their design, structure, content and by reference (to be found at https:/boes.media etc.), we collect personal data.
We would like to explain in more detail what types of inclusive uses and services are used by third parties to collect data:
- Cookies and web beacons - storing small packets of data relevant to usage on the hard drive to improve the user experience and serve interest-based advertising.
- Link to social media - communication of services and offers on social media channels (for more details see point 6)
- Statistic tools and user behaviour - Through an embedded code, the number of calls on the individual pages and services are measured and transmitted to data analysis programs.
- Application and registration masks - form for entering data in the customer database, newsletter and registration in an online account provided by the agency
- Newsletter and appointment booking - details and settings for regular news and booking of appointments for personal contact
More detailed explanations on the individual types of data collection, purposes and services of third parties can be found in the following paragraphs (see points 5 to 10).
Cookies and Web Bacons
Cookies are small text files consisting of combinations of numbers and letters that are stored on the user's hard drive and can be retrieved when the website is accessed again.
Performances and postings on social networks
The agency is represented with appearances on various social media platforms.
These pages are used for the presentation of services and information, for communication with customers and interested parties and for the analysis of services and business processes.
In the following, the most important social media providers on which the agency is represented are listed with the corresponding information:
- Facebook - Facebook Ireland Ltd. is located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and provides the personal data processing and analytics information on the website https://www.facebook.com/legal/terms/page_controller_addendum available.
- Instagram - Instargam is owned by Facebook Ireland Ltd. and therefore the information described in the previous paragraph (see 6.3. 1st paragraph) applies.
- Twitter - Twitter Inc. is located at 1355 Market Street, Suite 900, San Francisco, CA 94103, USA and provides the information on the processing of personal data and analysis on the website https://twitter.com/de/privacy available.
- YouTube - Google LLC is located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and provides the information on the processing of personal data and analytics on the site https://www.google.com/policies/privacy/ available.
- LinkedIn - LinkedIn Ireland Unlimited Company is located in Wilton Place, Dublin 2, Ireland and provides the personal data processing and analytics information on the website https://www.linkedin.com/legal/privacy-policy at your disposal.
- Xing - New Work SE is located at Dammtorstraße 30, 20354 Hamburg, Germany and provides the information on the processing of personal data and analysis on the website https://privacy.xing.com/de/datenschutzerklaerung at your disposal.
- WhatsApp Business - WhatsApp is owned by Facebook Ireland Ltd. and therefore the information described in the first paragraph (see 6.3. 1st paragraph) applies.
- Snapchat - Fieldfisher LLP is located at Am Sandtorkai 68, 20457 Hamburg, Germany and provides the information on the processing of personal data and analsysis on the website https://snap.com/privacy/privacy-policy at your disposal.
- TikTok - TikTok Technology Limited is located at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and provides the information on the processing of personal data and analytics on its website at https://www.tiktok.com/legal/privacy-policy at your disposal.
Links to social media
There are links on the website and other services and social media sites for easy content sharing.
These integrations take place via direct links and therefore no personal data is directly transmitted to the social media provider.
A transmission of data (such as text excerpts, images or links on the website) only takes place if the link is called up.
ReCaptcha by Google
The use of this service serves to find out whether the visitor to the site is a human being or whether an entry has been made by automated, abusive software (for example, a "bot").
Data is analyzed in the area of forms and submissions of documents and comments as soon as the submission is made or the tool is accessed via "I am not a robot".
The use of this tool cannot be deselected and is used in any case when using services of the agency.
Based on the legal basis Art. 6 para. 1 lit. f DSGVO for the processing of data, the following types of data are collected: IP address, operating system, previously accessed websites, cookies, movements of the mouse pointer and mouse clicks on the page, date and language and the screen resolution of the device.
The data such as IP addresses are not merged with other data stored by Google and are only transmitted in abbreviated form.
If you wish to delete personal data which is stored at Google, please contact us for this request by mail at email@example.com to the Google Legal team.
Use of WordPress as CMS system
The agency uses for many of its web presences the well-known open-source CMS (content management software) "Wordpress" from the WordPress developer team at https://www.wordpress.org/.
The system allows so-called "plugins" from third party manufacturers to be integrated and connected in order to be able to guarantee the functionality of the website.
The following is a list of authoritative plugins with associated information (which do not necessarily have to run on every WordPress partition):
- Website security - "Wordfence" by the developers of Defiant Inc, located at 800 5th Ave, Ste 4100, Seattle, USA is responsible for the security of the WordPress environment, can analyze user data and block IP addresses, and provides the additional applicable provisions for data protection under https://www.wordfence.com/privacy-policy/ at your disposal.
- Integration with WordPress.com - "Jetpack" by the developers of Automattic Inc., located at 60 29th Street 343, San Francisco, CA 94110, USA is responsible for the exchange with WordPress.com and the extended functionality of the website as well as internal CMS processes and therefore additionally the rules described under https://automattic.com/de/privacy/ provisions made available.
The Agency cannot be held responsible for any deprivation of data caused by an attack on the website or any other site hosted by the Agency, provided that the greatest possible care has been taken by the Agency.
Newsletter and advertising news
The newsletter is sent intermittently to all contacts who have subscribed to it and contains information about the agency as well as news, updates, news and offers.
Only those contacts are included in the mailing list who have given their explicit consent, for example by registering on the website, to receive the newsletter.
The newsletter can be subscribed for different areas and the sending is carried out according to your wish topic-related (if possible) or generally as follows:
- Mailings to e-mail address - By default, the e-mail address is used for newsletters and promotional mailings, provided that the consent was given via a registration, whereby the possibility exists at any time to unsubscribe from the mailing list.
- Messages via SMS - If a telephone number has been provided and consent has been given to receive newsletters and promotional messages, the Agency may also deliver marketing messages via SMS.
Consent to receive the newsletter can be revoked at any time by clicking on the "Unsubscribe" link contained in the e-mails (wording subject to change) or by sending a message to firstname.lastname@example.org or returning the letter.
The Agency may also use the above-mentioned channels to send non-personal advertising, provided that consent has been obtained or is required in the first place.
Contact by means of direct-addressed messages
The Agency uses several providers to send direct messages, some of which are listed below, including privacy-related information:
- Postal items - Postal items are subject to the "secrecy of correspondence" (pursuant to Art. 10 StGG).
Hubspot in the field of customer relationship management
The agency uses the cloud-based CRM software "Hubspot" for marketing, sales and support activities and to ensure customer satisfaction.
With this software, all customers and marketing contacts are stored categorised in a database (including their data such as telephone number, e-mail address, etc.) and project progress as well as marketing and analysis data are recorded and assigned.
The tool is mainly used for the following core areas:
- Sending of messages - customers and interested parties, after consent, receive messages about the project process and information directly to the stored e-mail address, via chat or to the stored phone number via SMS.
- Analytics and Reporting - Through embedded code on the website and any other services provided by the agency (such as a mobile app), Hubspot receives analytics data on user behavior, which is matched with stored personal and company data and linked for marketing purposes.
The software is managed and operated by the American company HubSpot Inc. and HubSpot Ireland Limited with its German headquarters at Koppenstraße 93, 10234 Berlin, Germany.
The agency uses the Google MyBusiness service for better findability and to provide information about the agency and various projects and news.
Analyses of user flows and referrals on the business listing as well as links to data from the Google account of the user of our services are subject to the data protection provisions (https://policies.google.com/privacy) by Google Ireland Limited and its partners.
The agency does not publish any personal information (unless the user expressly consents to the disclosure of data) and therefore has no influence on how data from the search is evaluated by Google.
Google Analytics for analysis
The agency uses the service "Google Analytics" of Google Ireland Limited for statistical evaluation and analysis of the use of our websites and services as well as apps.
Google Analytics enables the agency to analyse and categorise the behaviour of website visitors by means of various indicators, in order to subsequently summarise the data obtained into an internal profile, which is assigned to the respective user and their end device (e.g. smartphone or tablet).
The following is an example of categories of data that are collected during analysis using the Google Analytics tool and the embedded tracking code:
- Page views - It is analysed which page or areas of a website or app were accessed, with what frequency, and at what times.
- Dwell time - It is analyzed how long the user stayed on the website or app or a certain area.
- Device and operating system - The device, operating system and version used by the user to access the website or app are analysed.
- Origin and language of the user - It is analyzed from which country or region the user originates and in which language he uses the website or app.
- Mouse and scroll movements - The movements with the mouse pointer are analysed in order to find out more specifically in which area of the website or app the user is moving.
- Linking - It is analysed which links to third party sites and services are used and from which point on the website or app they are accessed.
Google Analytics uses various types of technologies, which are listed below as examples:
- Embed code - The code is embedded by the agency on their websites or apps and allows the Google Analytics tool access for analysis.
- Device Fingerprinting - This method is used to read information stored to identify the software and hardware of a computer device.
In addition, Google Analytics uses various modeling methods to augment captured data and employs machine learning technology for advanced data analysis.
The use of the analysis tool is based on Art. 6 Para. 1 lit. f DSGVO, which gives the agency permission to use Google Analytics if it has a legitimate interest in analysing user behaviour in order to optimise both the advertising offer and the advertising.
If the user has given his or her consent (e.g. by agreeing to the storage of cookies), the processing is justified exclusively on the basis of Art. 6 (1) a DSGVO (consent can be revoked at any time).
Order processing is subject to the strict protection of the Austrian data protection authority.
The Agency has activated the IP address anonymization function of the service on all pages and in all areas where we consider extended protection of user data to be necessary.
- In the case of IP address anonymisation, the addresses are shortened by Google Analytics within the member states of the EU or within states that have acceded to the "Agreement on the European Economic Area" before they are transmitted.
- In exceptional cases, however, IP addresses may be transferred to a Google server in the USA and shortened there.
The IP address obtained within the scope of Google Analytics is not merged with other data stored by Google.
The information collected by Google about user behaviour, the use of the website or app and the type of access is generally transmitted by Google to servers in the USA and stored there (https://privacy.google.com/businesses/controllerterms/mccs/).
The collection and processing of data by Google Analytics can be prevented by the following extension of the web browser: https://tools.google.com/dlpage/gaoptout?hl=de.
The agency also uses the "Demographic Characteristics" feature to display tailored ads to its visitors within the Google network.
- The web analytics service Google Analytics creates reports that contain statements about age, gender and interests.
- This data is based on interest-related advertising from Google and visitor data from third-party providers and cannot be assigned to a specific person.
If the user does not want any analysis, this must be deactivated in the ad settings of the Google account or an objection to the data processing must be filed.
The agency is also authorised to use "e-commerce tracking", whereby purchasing behaviour is analysed to improve marketing campaigns and summarised under a transaction ID, assigned to the respective user and their end device.
The data stored by Google Analytics, such as user, event and recognition data (e.g. user ID) and advertising IDs (e.g. IOs heir ID, DoubleClick cookies) are anonymised and deleted after at least 30 months.
Information regarding the data protection of Google Analytics can be found in the data protection declaration at https://support.google.com/analytics/answer/6004245?hl=de and all information regarding the deletion of data can be found at https://support.google.com/analytics/answer/7667196?hl=de.