Data Protection Statement

§ 1 Information about the collection of personal data

(1) This document informs you about the collection of personal data when using our website. The term 'personal data' refers to all data that is related to you personally, e.g. your name, address, e-mail addresses, user behaviour etc.

(2) Responsible for data protection according to Article 4, Section 7 of the EU's General Data Protection Regulation ('GDPR') is: myposter GmbH, Breitenau 7, 85232 Bergkirchen, [email protected] (see also: myposter's Imprint).

External Data Protection Officer:
DataCo GmbH, Dachauer Straße 65, 80335 München, +49 89 7400 45840, www.dataguard.de

Our Data Protection Officer can be contacted by e-mail at: [email protected].

(3) When you contact us by e-mail or via a contact form, the information you provide (your e-mail address, and possibly your name and telephone number) will be stored by us so that we can answer your questions. We delete the data that is collected when it is no longer required, or we limit its processing if there are statutory retention requirements.

(4) If we use commissioned or subcontracted service providers to fulfil individual functions for our offered services or products, or if we would like to use your data for advertising purposes, we will inform you in detail about the respective transactions as stated below. When doing so, we will furthermore state the specified criteria for the duration of data storage.

§ 2 Your Rights

(1) You have the following rights with respect to your personal data:

  • The right to an enquiry about your data
  • The right to the rectification or deletion of data
  • The right to restrict your data's processing
  • The right to prohibit the processing of your data
  • The right to demand the transfer of your data (data portability)


(2) Furthermore, you also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

§ 3 The Collection of Personal Data when visiting our Website

(1) If your use of our website is strictly for informational purposes only, i.e. if you do not register or otherwise provide us with information, then we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display the website correctly and ensure both its stability and secure operation (the legal basis for this is Article 6, Section 1 of the EU's GDPR (see above).

  • Your IP address
  • The date and time of the request
  • Your time zone difference to Greenwich Mean Time (GMT)
  • The content of the request (specific page)
  • The access status / HTTP status code
  • The data volume that is transferred
  • The website from which the request originated
  • Which browser you are using
  • Your operating system and its interface (GUI)
  • The language and version of your browser software


(2) In addition to the data mentioned above, 'cookies' are stored on your computer when you use our website. Cookies are small text files that are stored on the hard drive which the browser that you are using is assigned to, and via which the entity that sets the cookie (in this case: us) receives certain information. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the use of the Internet more user-friendly and effective.

(3) Use of Cookies:
a) This website uses the following types of cookies, the scope and operation of which are explained below:

  • Transient cookies (see b below)
  • Persistent cookies (see c below)


b) Transient cookies are automatically deleted when you close the browser. These include in particular 'session cookies'. These store a so-called session ID, with which various requests from your browser are associated to the current session. This allows us to recognize your computer when you return to our website. Session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a predetermined period, which may differ depending on the cookie. You can delete the cookies via the security settings of your browser at any time.

d) You can change your browser configuration as you wish and e.g. reject third-party cookies or even all cookies. However, please be aware that then you may not be able to use all features of this website. We will not set these cookies before you have consented to this on our website.

e) We use cookies to identify you for ensuing visits if you have a user account with us. Otherwise you would have to log in again on each visit.

f) Flash cookies are used and these are not detected by your browser but by your flash plug-in. Furthermore, we use HTML5 storage objects, which are saved on your device. These objects store the required data regardless of your browser configuration and do not have an automatic expiry date. If you do not want flash cookies to be used, then you must install a corresponding add-on that prohibits this, e.g. 'Better Privacy' for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy) or Adobe's Flash Cookie Killer for Google Chrome. You can prevent the use of HTML5 storage objects by activating the private mode of your browser. In addition, we also recommend that you periodically delete your cookies and browser history manually.

§ 4. Use of our Web Shop and individual Offers

(1) If you wish to order in our web shop, it is necessary (for the finalisation of the purchase order) that you provide personal details that we will need to process your order. Mandatory data that is required for the contract is marked separately, further details are voluntary. We use the data provided by you to process your order. To do this, we can pass on your payment data to our main bank. The legal basis for this is Article 6, Section 1 of the EU's GDPR.

If you wish, you can create a customer account, using which we can save your data for later purchases. If you create an account under 'My Account', the data you provide will be saved and recalled later. Any other data, including your user account, can be deleted at any time in the customer account area.

(2) We also process your data to learn what interests our customers and to improve and tailor our offers accordingly. The legal basis for this is Article 6, Section 1 of the EU's GDPR.

Even without a newsletter subscription, we will send you information by e-mail about products that are similar to the products you have previously purchased. You can object to this at any time, in particular using the unsubscribe link in any e-mail or by writing an e-mail to [email protected]. The legal basis for this is §7, Section 3 UWG (German law: Gesetz gegen den unlauteren Wettbewerb).

We hereby advise you that we evaluate your user behaviour by sending these e-mails. The emails that we send include so-called web beacons resp. tracking pixels that represent one-pixel image files stored on our website for this evaluation. We also link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID for evaluation purposes.

We use the data obtained in this way to create a user profile to tailor our communication to your individual interests. In doing so, we record when you read our e-mails, which links you click in these and from that we deduce your personal interests. We link this information with the actions that you take on our website to optimise our offer to suit your personal needs. The legal basis for this is Article 6, Section 1 of the EU's GDPR.

You can reject the evaluation of your user behaviour at any time by clicking on the separate link provided in each e-mail, or by contacting us with your rejection via any other means. The information will be stored until you specifically reject this, after which we will only store the data anonymously for statistical reasons. Furthermore, an evaluation of your user behaviour is not possible if you have disabled the display of images in your e-mail software by default. In this case, the e-mail will not be displayed completely and you may not be able to use all the features. If you display the images manually, the evaluation takes place as described above.

(3) To comply with commercial and tax laws, we are obliged to store your address, payment, and order data for a duration of ten years. However, after two years we limit data processing, i.e. your data will only be used to comply with legal obligations.

(4) In order to prevent any unauthorized access by a third party to your personal data, in particular financial data, the order process is encrypted using TLS technology.

§ 5 External Newsletter Service

(1) If you have purchased goods or services from us, we will send you information about our own similar goods or services to the e-mail address used for the purchase. You can object to this use of your e-mail address at any time by clicking on the link provided in each newsletter or by sending an e-mail to [email protected]. This will be done without incurring any costs other than the transmission costs according to the basic rates.

(2) We use a so-called 'double opt-in procedure' for registrations to our newsletter. This means that after you have registered, we will send an e-mail to the address you stated, in which we ask you to reconfirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, then your information will be blocked and automatically deleted after one month. In addition, we store your IP address(es) and the times of registration and confirmation. The purpose of the procedure is to provide proof of your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address to send you the newsletter. The legal basis for this is Article 6, Section1 of the EU's GDPR.

(4) You can revoke your consent to the sending of the newsletter and unsubscribe from it at any time. This can be done by clicking on the link provided in each newsletter e-mail, by sending an e-mail to [email protected], or by sending a message to the contact person stated in our Imprint.

(5) We hereby advise you that we evaluate your user behaviour by sending the newsletter. For this evaluation, the emails sent include so-called web beacons resp. tracking pixels that represent one-pixel image files stored on our website. For evaluation purposes, we link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID.

(6) We use the data obtained in this way to create a user profile to tailor our newsletter to your individual interests. In doing so, we record when you read our newsletter, which links you click in these and from that we deduce your personal interests. We link this information to the actions that you take on our website to optimise our offer to match your personal needs. The legal basis for this is Article 6, Section 1 of the EU's GDPR.

You can reject this tracking at any time by clicking on the separate link provided in each e-mail, or by contacting us with your rejection via any other means. The information will be stored for as long as you are subscribed to the newsletter. If you unsubscribe, we will only store the data anonymously for statistical reasons.

Furthermore, tracking is not possible if you have disabled the display of images in your e-mail software by default. In this case, the newsletter will not be displayed completely and you may not be able to use all the features. If you display the images manually, tracking takes place as described above.

§ 6 Services of Third Parties

We use third party services on our website, such as plugins or APIs (Application Programming Interfaces) to extend the functionality of our website. This may involve sending data to the provider of these services. In detail, we use the following services:

I.) Google Services Our website uses services provided by Google Ireland Limited ('Google'), Gordon House, Barrow Street, Dublin 4, Ireland. For more information on how user data is handled, please refer to Google's Privacy Policy: https://www.google.com/intl/en/policies/privacy.

In detail we use:

(1) Google Analytics
Our website uses the 'Google Analytics' service provided by Google. Google Analytics uses cookies (see above under 'Cookies') to enable us to analyse the use of the website. The information generated by the cookie about the use of this website by the user is usually transmitted to a Google server in the United States and stored there. IP anonymisation has been activated on this website, so that your transmitted IP address is clipped prior to transmission out of the zone where GDPR is applicable and it is therefore partially obscured. Only in exceptional cases will the full IP address be transferred to a Google server in the United States, but it will be clipped there immediately. Google will then act on our behalf and use the information provided to evaluate the use of our site by you, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address provided by your browser to Google Analytics will not be merged with other Google information. More information about the terms of usage and data protection can be found here: http://www.google.com/analytics/terms/de.html or here https://www.google.de/intl/de/policies/.
You can prevent the cookie from generating data related to the use of the website (including the IP address) and from being transmitted to, or processed by Google by downloading and installing the browser plug-in available from the following link. The current link is http://tools.google.com/dlpage/gaoptout?hl=en.
You can also prevent the collection of your data by Google Analytics by clicking on the link below. An opt-out cookie will then be set on your device that prevents the future collection of data when visiting this website: Disable Google Analytics
The legal basis for the use of Google Analytics is Article 6, Section 1, (f) of the GDPR (Lawfulness of processing). We have a legitimate interest because the anonymous evaluation of the usage behaviour on our website helps us with the user-oriented improvement of the design of our online offer.

(2) Google Optimize
Our website also uses Google Optimize. Google Optimize analyses the use of different variations of our website and helps us to improve its usability according to the behaviour of our users on the website. Google Optimize is a tool which is an integral part of Google Analytics.

(3) Google APIs
Our website uses Google's 'Google APIs.' This service allows us to extend our website by integrating external code frameworks by requesting the required framework from a Google server in the United States. During this request the following information is transmitted to Google and stored there on a server: which of the website pages you have visited, and the IP address of your device.
The legal basis for the processing of your data with regard to Google's APIs service is Article 6, Section 1, (f) of the GDPR (Lawfulness of processing). Our legitimate interest arises from the need for an attractive and uniform presentation of our online offer and a technically flawless and fast presentation of our website.

(4) Google AdWords
We use Google's 'AdWords' advertising service, which allows us to use so-called 'Google AdWords' to present our offers on external websites, as well as to determine how successful each individual advertising campaign is. The 'AdWords' are provided by an 'AdServer' from Google. For this we use adserver cookies (see above 'Cookies'), which can be used to measure various parameters for the evaluation of the degree of success. We do not collect or process any personal data ourselves through the mentioned advertising measures. We are only provided statistical evaluations by Google. On the basis of these evaluations, we can identify which of the advertising measures we have used are particularly effective. We do not receive any further data from the use of these advertising means, and in particular we cannot identify you with this information.

Due to the marketing tools in use, your browser automatically establishes a direct connection to Google's server. We have no control over the extent and the further use of the data, which is collected through the use of this tool by Google and we therefore bring this to your attention in accordance with what we know: by incorporating AdWords Google receives the information that you loaded a specific part of our Internet presence or clicked on an advert from us. If you have registered with a service provided by Google, Google may be able to associate this visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider can find and store your IP address.

You can prevent participation in this tracking process in several ways:

1. by configuring your browser software to reject cookies. We would like to point out that in this case you may not be able to use all the features of our website in full.
2. by disabling conversion tracking cookies, via the following website: https://www.google.com/settings/ads (this setting will be deleted if you delete your cookies).
3. by permanently deactivating cookies in your browser (Firefox, Internet Explorer or Google Chrome) using the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the features of our website in full.
The legal basis for the processing of your data with regard to Google's AdWords service is Article 6, Section 1, (f) of the GDPR (Lawfulness of processing). Our legitimate interest arises from the intention to present effective advertising and to make our website more attractive for potential customers as well as to optimise our advertising costs.

(5) Google DoubleClick (always involved when YouTube videos are clicked) We use Google's 'DoubleClick' advertising service. This uses cookies to present adverts that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same advert several times. In addition, DoubleClick can use cookie IDs to track so-called conversions, which reference advert requests. For example, when a user sees a DoubleClick advert and later uses the same browser to visit the advertiser's website and buys something there. According to Google, DoubleClick cookies do not contain personally identifiable information. Due to the marketing tools in use, your browser automatically establishes a direct connection to Google's server. We have no control over the extent and the further use of the data, which is collected through the use of this tool by Google and we therefore bring this to your attention in accordance with what we know: by incorporating DoubleClick Google receives the information that you loaded a specific part of our Internet presence or clicked on an advert from us. If you have registered with a service provided by Google, Google may be able to associate this visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider can find and store your IP address.

You can prevent participation in this tracking process in several ways:
1. by configuring your browser software to reject cookies. We would like to point out that in this case you may not be able to use all the features of our website in full.
2. by disabling conversion tracking cookies, on the following website: https: //www.google.com/settings/ads (this setting will be deleted if you delete your cookies).
3. by permanently deactivating cookies in your browser (Firefox, Internet Explorer or Google Chrome) via the link http://www.google.com/settings/ads/plugin We would like to point out that in this case you may not be able to use all the features of our website in full.
The legal basis for the processing of your data with regard to Google's DoubleClick service is Article 6, Section 1, (f) of the GDPR (Lawfulness of processing). Our legitimate interest arises from the intention to present effective advertising and to make our website more attractive for potential customers as well as to optimise our advertising costs.

(6) Google Tag Manager
Our website uses Google's 'Google Tag Manager' support service. This service does not process personally identifiable information, but it resolves scripts required by other services to collect data. Google's Tag Manager itself has no access to this data.

(7) Google Fonts
Our website uses Google's 'Google Fonts' external font service, which enables us to present our website in a consistent and attractive way despite the use of very different end-user devices. It does this by loading fonts from an external server instead of those on the user's device. The required fonts are usually requested from a Google server in the USA. This request sends the following information to the Google server and stores it there: which of our Internet pages you have visited and the IP address of your device. The legal basis for the processing of your data in relation to the 'Google Fonts' service is Article 6, Section 1, (f) of the GDPR (Lawfulness of processing). The legitimate interest results from our need for an attractive and consistent presentation of our online presence.

(8) Google Maps
Our website uses Google's external map service 'Google Maps.' Google Maps is designed to provide an interactive map on our website that shows you how to find and contact us. This service enables us to present our website in an attractive way by loading map data from an external server. The required data is usually requested from a Google server in the USA. This request typically sends the following information to a Google server in the USA and stores it there for several months: which of our Internet pages that you have visited and the IP address of your device. The legal basis for the processing of your data in relation to the 'Google Maps' service is Article 6, Section 1, (f) of the GDPR (Lawfulness of processing). The legitimate interest results from our need for an attractive and consistent presentation of our online presence and to make it easy for you to find the locations mentioned on our website.

(9) YouTube
Our website uses Google's 'YouTube' video service. YouTube is used to integrate videos on our website on various pages. Playing a video usually transfers the following information to a Google server in the United States, where it is stored for several months: which of our Internet pages that you have visited and the IP address of your device. YouTube uses this information mainly to collect statistics and improve their service. Note also that by playing a video, you may also be connected to Google's own advertising network 'DoubleClick' (see above). For this reason, we have embedded our videos in extended privacy mode to ensure they only connect to the servers when replay of the video has been requested. The legal basis for the processing of your data in relation to the 'YouTube' service is Article 6, Section 1, (f) of the GDPR (Lawfulness of processing). The legitimate interest results from our need for an attractive presentation of our online presence.

(10) Google reCAPTCHA
Our website uses Google's anti-abuse service 'Google reCAPTCHA.' Its purpose is to prevent cyber-attacks and harrassment by so-called 'bots' (artificial website users) by implementing an input dialogue box to check whether a real person is using the website. This service enables us to operate our website in a stable way and protects it from misuse. For this purpose, the data entered is usually transmitted to a Google server in the USA and reviewed there. Generally, the following information is transmitted by this request and it is stored there for several months: which of our Internet pages that you have visited, your entry in the input field and the IP address of your end device. The legal basis for the processing of your data in relation to Google's reCAPTCHA service is Article 6, Section 1, (f) of the GDPR (Lawfulness of processing). The legitimate interest results from our need for effective protection our online presence against cyber-attacks and abuse.

II.) Facebook Custom Audience Pixel

We use the Facebook Custom Audience Pixel of Facebook Inc. ('Facebook'), 1601 S. California Ave, Palo Alto, CA 94304, USA on our website. Using the Facebook Custom Audience Pixel, we can present visitors who are interested in this website interest-related advertisements during a later visit to Facebook. A cookie can be stored on your device for this purpose. Furthermore, the collected data is stored and processed by Facebook who assigns it to your personal Facebook user account. The legal basis for the use of Facebook's Custom Audience Pixel service is Article 6, Section 1, (f) of the GDPR (Lawfulness of processing). The legitimate interest arises from our need for an anonymous evaluation of user behaviour on our website for user-oriented improvement in the design of our online offering, as well as our need to place effective advertisements that make our site more interesting to you and other potential customers, and to optimize our advertising costs. Further information and possibilities to protect your privacy and rights can be found in Facebook's Privacy Policy: https://www.facebook.com/about/privacy/. You can deactivate the Facebook Custom Audience Pixel and the related remarketing features at any time via the following Link or after logging onto your Facebook https://www.facebook.com/settings/?tab=ads#_=_user account.

III.) Bing Universal Event Tracking (UET)

Our website uses Bing Ads' technology to collect and store data that is used to create usage profiles using pseudonyms. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service allows us to track user activity on our website if it has reached our website through adverts from Bing Ads. If you reach our website via such an advert, a cookie will be placed on your computer. Our website incorporates a Bing UET tag, which is a code used to store some non-personally identifiable information about the use of the website in connection with the cookie. This includes, amongst other things, the time spent on the website, which areas of the website were accessed and the advert that brought users to the website. Information about your identity will not be collected.

The collected information is transmitted to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by disabling the use of cookies. This may limit the functionality of the site.

In addition, Microsoft may be able to monitor your usage behaviour across several of your electronic devices through cross-device tracking, making it possible to display personalized advertising on Microsoft websites or in apps. You can disable this behaviour at http://choice.microsoft.com/en-us/opt-out.

For more information about Bing analytics services, visit the Bing Ads Web site ( https://help.bingads.microsoft.com/#apex/3/de/53056/2 ). For more information about privacy at Microsoft and Bing, see the Microsoft Privacy Policy ( https://privacy.microsoft.com/en-us/privacystatement).

IV.) Kenshoo

We also use the web analytics and bid management service of Kenshoo Ltd, 30 Habarzel St., 6th floor, Tel-Aviv, Israel 6971010, to tailor the design and optimize our pages (Article 6, Section 1 of the GDPR). Anonymised usage data is collected, aggregated, and stored. Kenshoo Ltd. is Privacy Shield certified, ensuring an appropriate level of privacy. More information on privacy and an opt-out can be found here: https://kenshoo.com/privacy-policy/.

V.) Content Delivery Network

Our website uses a Content Delivery Network (CDN). A CDN is a network of powerful servers that cache content in multiple locations around the world. A CDN essentially has two tasks: on the one hand it must provide content in the shortest possible time and, on the other hand it must relieve the burden on the web host by distributing the data traffic. CDNs deliver two types of content: static and dynamic content. All website visitors receive static content in the same form, such as video content from streaming services or code frameworks (e.g., Javascript, JQuery). Dynamic content is first tailored to the user and only created at the moment of the request. This includes content that is made via web applications, e-mail or online shops and then personalized. In order to be able to use the latter, information about the website visitor must first be transmitted to the CDN. Personal data about you may also be transmitted. The legal basis for the use of a CDN and the transmission of your data to this is Article 6, Section 1, (f) GDPR (Lawfulness of processing). The legitimate interest arises from our need for a technically flawless and fast presentation of our website and the reduction of workload on our IT infrastructure.

In detail we use:

Cloudflare
We use the CDN service provided by Cloudflare Inc. ('Cloudflare'), 101 Townsend St., San Francisco, California 94107, USA Cloudflare complies with the requirements of the 'EU Privacy Shield'. The Privacy Shield Agreement governs the protection of personal data transferred from a member state of the European Union to the United States. It ensures that the transferred data are also subject to a level of data protection comparable to that of the European Union. You can find the list of certified companies here: https://www.privacyshield.gov/list. For more information on how to deal with user data, see Cloudflare's Privacy Policy: https://www.cloudflare.com/security-policy/.

VI.) E-Mail Newsletter



(1) emarsys
We use the services of Emarsys eMarketing Systems AG (Stralauer Platz 34, 10243 Berlin, www.emarsys.com) to send our newsletter and evaluate user behaviour. Emarsys processes the data on our behalf and according to our instructions.

VII.) Voucher Deals


(1) Sovendus
We use the services of Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe for our voucher deals. If you are interested in a voucher offer from Sovendus GmbH and click on the voucher banner, we will send an encrypted message to Sovendus which includes your salutation, name, and your email address (the legal basis for this is Article 6, Section 1, (b) of the GDPR). Your IP address is transmitted in advance and used by Sovendus exclusively for data security purposes. It is normally anonymized after seven days. Furthermore, we will pseudononymize the order number, order value (with currency), session ID, coupon code and timestamp to Sovendus for billing purposes. For further information on the processing of your data by Sovendus, please refer to the online data protection guidelines at www.sovendus.de/datenschutz.

(2) loopingo
We use the services of loopingo GmbH, Nymphenburgerstr. 12, 80335 Munich for our voucher deals. To prepare a voucher, we will send the email address to loopingo in an encrypted form (the legal basis for this is Article 6, Section 1, (b) of the GDPR). The IP address is used by loopingo for data security purposes and is normally anonymized after seven days. In addition, we submit the pseudonymized order number, order value with currency, postal code, gender, and timestamp to loopingo for the purpose of preparing a deal. For further information on the processing of your data by loopingo, please refer to the online privacy policy at www.loopingo.com/datenschutz.

VIII.) Affiliate Networks


(1) AWIN
We participate in the Performance Advertising Network of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter referred to as 'AWIN'). This network enables us to identify, via so-called 'tracking' (logging of user activities), which websites forward a user to our website so that we can optimize our visitor traffic. AWIN measures the success of such redirects and supports us with the payment of commissions from the web page that has acquired the web page traffic to the web page that has redirected the web page traffic. To evaluate these redirects, AWIN stores cookies on devices owned by users who visit or use its customers' websites or other online offerings (e.g., register for a newsletter or place an order in an online shop). These cookies serve mainly to correctly assign the forwarding, to measure the success of an advertisement and to settle the resulting commissions accordingly within the framework of the network. In the cookie contains information about when an advert was viewed or clicked on using a particular device. For this purpose, an individual user number sequence is deposited, which is not user-identifiable, with the affiliate program of an advertiser, the link trigger, and the time of action of the user (Click or View). AWIN also collects information about the user device from which an interaction is performed, e.g. the operating system and the calling browser. If, despite all, it should be possible for the collected data to be linked to a person, the legal basis for the use of the cookies is generally Article 6, Section 1, (f) GDPR (Lawfulness of processing). The legitimate interest is to optimize the reach of our website and the cost of our effective advertising measures. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Article 21 of the GDPR. To do this please use the contact information stated in the imprint. You can also prevent the storage of cookies yourself through an appropriate browser setting. You can deactivate the storage of cookies under Extras / Internet Options in your browser, you can restrict them to certain websites or set your browser to notify you when a cookie is sent. Please note, however, that as a consequence the display of online offers and user guidance will both be limited. You can also delete cookies at any time. In this case, the information stored in them will be removed from your device. For more information about AWIN's data usage, please refer to the Company's Privacy Policy: https://www.awin.com/de/rechtliches
https://www.awin.com/de/rechtliches/cookieoptout

IX.) Criteo

This website uses the services of Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich. With the help of this, users who have visited our website before and who have expressed an interest in our offers are offered tailored advertisements on this website and on other websites that also use the Criteo service. The display of these adverts takes place based on information collected during the visit of the respective Internet pages, which, amongst other things, is stored in cookies on the user's computer. These text files are used as part of subsequent website visits for targeted product recommendations. For this purpose, a randomly generated alphanumeric identification number is stored in the cookies. Neither this number nor the information about your visits to the website can be related to you personally. In no case will this data be used to personally identify you as a visitor to our websites. You can prevent the storage and use of information by the Criteo service by clicking on the following link: https://www.criteo.com/privacy/

Follow the instructions on this page, to prevent Criteo from collecting and processing data about your usage behaviour. You have the option to reactivate this function. Please note that this setting must be made for each browser you use. If all cookies are deleted via your browser, this also affects the opt-out cookie.

X.) Rollbar

Rollbar: Our website also uses the Rollbar service offered by Rollbar Inc., 51 Federal street, San Francisco, USA. Rollbar is a fault analysis service. It allows us to find technical errors in our system. During the detection process, personal data (such as operating system information and the browser version) is transmitted to the Rollbar servers in the USA. This data helps us to fix the errors. The legal basis for the use of this data is Article 6, Section 1, (f) GDPR. For privacy and opt-out information, visit: https://rollbar.com/privacy/

XI.) eKomi

We have integrated evaluation software from the independent vendor eKomi Ltd., Markgrafenstraße 11, 10969 Berlin ('eKomi') on our web pages for the purpose of vendor and product evaluations by our customers and for our own quality management (the legal basis for this is Article 6, Section 1, (f) GDPR). You can submit an anonymous review of your experience with us using eKomi. After a purchase order has been completed, we will send you an e-mail concerning the product we offered by (possibly via eKomi), in which we will ask you for a rating. This also contains a link to an appropriate rating input dialogue box. eKomi is provided personal data for this purpose. An agreement for order data processing has been concluded with eKomi for the technical implementation of this. eKomi undertakes every organizational and technical measure to protect this data. This data is stored and later deleted in accordance with the statutory retention periods. For more information on the eKomi's privacy policy, visit www.ekomi.de/de/datenschutz. You can object to the use of your data at any time. When you enter a review via eKomi, you may enter your e-mail address, which will allow us to contact you later regarding your rating. In this way we can e.g. respond individually to your criticism, answer your questions, or provide other assistance. Please note that entering your e-mail address is optional and subject to the privacy policy of our independent service provider eKomi. eKomi alone is responsible for the handling of personal data, which you communicate directly with them.

XII.) Data Processing for Order Handling

To pay for our products, you can use the following payment service providers who assist us wholly or partially in the execution of agreed purchase orders. Specific, corresponding personal data will be accordingly transmitted to these service providers. Personal data collected by us within the scope of the order will be passed on to the carrier commissioned with the delivery, insofar as this is necessary for the delivery of the goods. We will also pass on your payment details to the commissioned credit institution as a part of the payment processing, if this is necessary to handle them. As far as payment service providers are used, we inform you explicitly about them below. The legal basis for the transfer of data is Article 6, Section 1, (b) GDPR.

(1) Amazon Pay
If you select the payment method 'Amazon Pay', then payment will be processed via the payment service provider Amazon Payments Europe S.C.A., 5 Rue Plaetis, L-2338 Luxembourg, to whom we will provide the information you stated during the ordering process in addition to the information about your order in accordance with Article 6, Section 1, lit. b of the GDPR. The transfer of your data takes place exclusively for the purpose of the payment transaction with the payment service Amazon Payments and only insofar as it is necessary for this. For more information about Amazon Payments' privacy policy, visit the following Internet address: https://pay.amazon.com/uk/help/201751600

(2) Paypal
For payment via PayPal, credit card payment via PayPal, direct debit via PayPal or - if offered – 'purchase on invoice' or hire purchase (payment by instalments) via PayPal, we will transfer your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A, 22- 24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as 'PayPal'), in accordance with Article 6, Section 1, (b) GDPR and only to the extent necessary for the settlement of payments. PayPal retains the right, for payments via PayPal, direct debit via PayPal or - if offered – 'purchase on invoice' or hire purchase (payment by instalments) via PayPal, to verify your solvency first. If necessary, your payment data will be transferred to credit bureaus in accordance with Article 6, Section 1, (f) GDPR on the basis of PayPal's legitimate interest to determine creditworthiness. The result of the credit check to determine the statistical probability of default is used by PayPal to decide whether to offer the respective payment method or not. The statement of creditworthiness can contain probability values (so-called score values). Insofar as score values are included in the results of a credit rating, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, but is not limited to, address data. For further data protection information, among other things to the used credit reference agencies, please refer to PayPal's privacy policy: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full You can object to the processing of your data at any time by sending a corresponding message to PayPal. However, PayPal may continue to be entitled to process your personal data, if this is necessary for the contractual handling of the payment.

(3) RatePAY GmbH
Franklinstraße 28-29
10587 Berlin
Data Protection information: https://www.ratepay.com/datenschutz/

(4) American Express Payment Services Limited
Theodor-Heuss-Allee 112
60486 Frankfurt am Main
Data Protection information: https://www.americanexpress.com/uk/legal/online-privacy-statement.html

(5) payolution GmbH
Am Euro Platz 2
1120 Wien
Österreich
Data Protection information: https://customer.payolution.com/de/customer/dataprivacy

(6) Sofort GmbH
Theresienhöhe 12
80339 München
Data Protection information: https://www.klarna.com/sofort/datenschutz/

(7) Concardis GmbH
Helfmann-Park 7
65760 Eschborn
Data Protection information: https://www.concardis.com/datenschutzerklaerung

(8) PostFinance AG
Mingerstrasse 20
3030 Bern
Data Protection information: https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html

(9) Klarna Bank AB (publ).
Sveavägen 46
111 34 Stockholm
Sweden
Data Protection information: https://www.klarna.com/uk/buyer-protection-description/

(10) Adyen B.V.
Simon Carmiggeltstraat 6-50
1011 DJ Amsterdam
Data Protection information: https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/applicant-privacy-notice

(11) Braintree
222 W Merchandise Mart Plaza
Suite 800
Chicago, IL 60654
Data Protection information: https://www.braintreepayments.com/gb/legal/braintree-privacy-policy

XIII.) Hotjar

Our website uses Hotjar, which is analysis software supplied by Hotjar Ltd. ('Hotjar'), 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta. Hotjar can be used to pseudo-anonymously measure and evaluate your usage behaviour on our website. The information collected during your visit to our website is used exclusively for the purpose of styling our web presence to match the requirements for improved user usage. The legal basis for this is Article 6, Section 1, (f) of the GDPR. Hotjar also uses third-party services, such as Google Analytics and Optimizely, to provide its own service. These third parties may store information that your browser sends during your visit to the website, such as cookies or IP requests. For more information, please refer to the privacy policy at https://www.hotjar.com/legal/policies/privacy You can prevent the collection of data by Hotjar by clicking on the following link and following the instructions there: https://www.hotjar.com/opt-out.



XIV.) Mention Me

This website uses a Referral Marketing Program (Referral Marketing) from Mention Me Ltd, Kennington Park, 1-3 Brixton Rd, London, SW9 6DE. For this purpose, the Mention Me platform was integrated into the myposter website via JavaScript. Referral marketing is a process designed to produce more word-of-mouth recommendations. Word-of-mouth refers to the exchange of views between consumers about brands, products, and companies. This can be achieved by rewarding customers for recommending brand products. Mention Me offers a solution for referral marketing where customers can use different communication channels, such as sharing a link, or recommending myposter to their friends. For this purpose, the referrer (recommender) states his own name and e-mail address on the myposter website under 'Tell your friends' and will then receive a link which he can then share with friends to recommend us. After this, both the referrer and the referee (the person who receives the recommendation) will receive a reward for the referral, as far as the referee makes use of the forwarded offer. The recommendation is transmitted by Mention Me on behalf of myposter. Using the name stated, it can later be determined which existing customer has recruited how many new customers and who has received rewards for their recommendations. The e-mail address, name and the IP address of the referrer are processed for this purpose, as well as the e-mail address and IP address of the referee. The processing of the data takes place voluntarily and with the consent of the referrer resp. referee. The data will not be used for any other purpose and will not be passed on to third parties without authorization. The consent can be withdrawn at any time with effect for the future. In addition, no data is collected or processed through the platform. For further questions, please read the commissioned company's privacy policy at https://mention-me.com/help/privacy_policy_s%20.

XV.) Vimeo

Our website uses the 'Vimeo' video service from Vimeo Inc. ('Vimeo'), 555 West 18th Street, New York, New York 10011, USA. Vimeo is used to integrate videos on our website on various pages. When you visit our website and load a page that uses a Vimeo plugin, a connection is made to the servers of Vimeo. During this process information is sent to Vimeo, such as your IP address, the product and version information of your browser and the operating system, the website page from which your access took place (the so-called referrer), the date and time of the request and possibly your internet service provider. Vimeo can also track your interactions using the plugin. If you have a Vimeo user account and are logged in on the same device, the visit to our website will be assigned to your user account. If you want to prevent this, you can log out of your user account before visiting our website and delete the cookies set by Vimeo. You can reject the use of non-essential cookies by Vimeo by removing the check mark at the end of the following page (opt-out): https://vimeo.com/cookie_policy. Vimeo fulfils the requirements of the 'EU-US Privacy Shield'. The Privacy Shield Agreement governs the protection of personal data transferred from a member state of the European Union to the United States. It ensures that the transferred data is also subject to a level of data protection comparable to that of the European Union. You can find the list of certified companies here: https://www.privacyshield.gov/list. More information on how to deal with user data can be found in the privacy policy of Vimeo at https://vimeo.com/privacy.

Privacy policy Facebook fan page

As at December 2021

I. PRINCIPLES

1.    Joint controllers for the processing of personal data
The purposes of and means used for the processing of personal data when you visit our Facebook page https://www.facebook.com/myposter.de/ (“Facebook page”) are jointly established by myposter GmbH, Breitenau 7, 85232 Bergkirchen, Germany (“myposter GmbH”) and Facebook Ireland Ltd. (“Facebook”) in the meaning of Article 26 of the EU General Data Protection Regulation (GDPR). This results from the fact that by setting up such a Facebook page myposter GmbH, as the operator thereof, provides the possibility of placing cookies on the computer or any other device of the person who visits the Facebook page (“visitor”), irrespective of whether the visitor has a Facebook account.

Within the framework of the joint responsibility Facebook has the primary responsibility in accordance with the GDPR for the processing of Insights data and fulfils all obligations under the GDPR with respect to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). Facebook also provides the data subjects with the key elements of this Page Insights Addendum (you will find the relevant “Page Insights Controller Addendum” here:
https://www.facebook.com/legal/terms/page_controller_addendum).

Below you will find a description on the handling of the personal data by myposter GmbH and Facebook when you visit the Facebook page. However, because myposter GmbH generally / largely has no influence on the data collected by Facebook and its processing by Facebook, we are currently unable to provide any conclusive information on the purpose and scope of the processing of your data by Facebook. However, we will monitor further developments in this respect and adjust this privacy policy accordingly if need be.

Please note that you use this Facebook page and its functions at your own responsibility. This particularly applies for the use of the interactive functions (particularly commenting, sharing and ratings).

2.    Name and address of the joint data controllers

a) the primary data controller is:
Facebook
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

b) The further data controller is:
myposter GmbH
Breitenau 7
85232 Bergkirchen
Germany
Tel.: +4981313803008
E-mail: [email protected]
Website: http://www.myposter.de

3. Contact details of the data protection officer of the primary data controller Facebook
You can contact the data protection officer of primary data controller Facebook via the following link: https://www.facebook.com/help/contact/540977946302970

4. Name and address of the data protection officer of the further data controller
You can contact the data protection officer of further data controller myposter GmbH as detailed in 2.b) at:

DataCo GmbH
Dachauer Str. 65
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.de

5. Legal basis for the processing of personal data
If the consent of the data subjects is obtained for processing operations involving personal data, Article 6(1) sentence 1a (GDPR) serves as the legal basis for the processing of personal data.
With regard to personal data which is necessary for the fulfilment of a contract to which the data subject is party, Article 6(1) sentence 1b GDPR serves as the legal basis. This also applies for processing operations which are necessary for the implementation of pre-contractual measures.
If processing of personal data is necessary for the fulfilment of a legal obligation to which myposter GmbH or Facebook are subject, Article 6(1) sentence 1c GDPR serve as the legal basis.

In the event that vital interests of the data subject or another natural person necessitate processing of personal data, Article 6(1) sentence 1d GDPR serves as the legal basis.
If the processing is necessary for the protection of a legitimate interest of myposter GmbH, Facebook or a third party and the interests, basic rights and basic freedoms of the data subject do not override that interest, Article 6(1) sentence 1f GDPR serves as the legal basis for the processing.

6. Possibility of objection and removal
The visitor has the possibility of withdrawing his/her consent to the processing of the personal data at any time (see also rights of the data subjects). If the visitor contacts us by e-mail, he/she may object to the storage of his/her personal data at any time.
The recording of the data for the purpose of providing the Facebook page and the storage of the data in log files is a mandatory requirement for the operation of the Facebook page. Thus the visitor has no possibility of objecting to this.

7. Rights of data subjects
If personal data belonging to you is processed, you are a data subject in the meaning of the GDPR and have the following rights with respect to the data controllers:
Right to information on the data stored at myposter GmbH or Facebook concerning your person;
Right to rectification, erasure or restriction of the processing of your personal data;
Right to object to processing that serves the purposes of a legitimate interest of myposter GmbH or Facebook, a public interest or profiling, unless myposter GmbH or Facebook can demonstrate compelling and legitimate grounds for the processing that override your interests, rights and freedoms or the processing serves the purpose of the assertion, exercise or defence of legal claims;

Right to data portability;
Right to lodge a complaint with a supervisory authority;
Right to withdraw your granted consents to the collection, processing and use of your personal data at any time, with effect for the future.
If you would like to exercise your rights, you may submit your matter to either myposter GmbH or Facebook. For that purpose you may, for example, use the contact details specified above. If you contact us, we will pass your enquiry on to Facebook, insofar as it concerns issues relating to the processing of Insights data. Facebook will respond to enquiries in accordance with the obligations to which we are subject under the Page Insights Addendum.

II. PROCESSING OF PERSONAL DATA BY myposter GmbH

1.    Purpose of the data processing
myposter GmbH maintains online presences in social networks in order to communicate with interested parties and users active in those networks and inform them there of our products, events and news. If you access our Facebook page (irrespective of whether you are logged into your Facebook account or not), your browser will transfer technically determined data to the web server for which Facebook is responsible. Facebook also uses so-called “cookies”. Cookies are small text files which are installed in the memory of your end device via your browser. Cookies installed by Facebook are intended, among other things, to enable myposter GmbH, as the operator of the Facebook page, to receive statistics for the purposes of controlling the marketing of our activities prepared by Facebook on the basis of the visits to this page.

2.    Description and scope of the data processing
As the operator of the Facebook page, with the aid of the Facebook Page Insights function, which Facebook provides us with free of charge as a non-negotiable part of the user relationship, myposter GmbH may receive anonymised statistical data relating to visitors of our Facebook page. That data is collected with the aid of the cookies installed by Facebook, which contain a unique user code and which Facebook stores on the visitors’ end devices. The user code, which can be connected to the log-in data of users who are registered with Facebook, is collected and processed when you access the Facebook page.

In particular, the fan page operator may receive from Facebook demographic data on its target group (and therefore the processing of that data), including tendencies in the areas of age, gender, relationship status and professional situation, information on the lifestyle and interests of its target group and information on the purchases and online purchasing behaviour of the visitors to its page and the categories of goods or services that interest them most, as well as geographical data, which informs it where specific promotional campaigns should be implemented or events should be organised and very generally enable it to design its information offer in as targeted a manner as possible.
Although the visitor statistics created by Facebook are transmitted to myposter GmbH as the operator of the Facebook page exclusively in anonymised form, the preparation of those statistics is based on the previous collection (through the cookies installed by Facebook on the visitors’ end devices) and the processing of the personal data of those visitors for those statistical purposes. You can find further information on Facebook Page Insights at:
https://de-de.facebook.com/legal/terms/information_about_page_insights_data
https://de-de.facebook.com/help/pages/insights

Data concerning the Facebook groups connected to our Facebook page will also be provided in this way. Through the continual development of Facebook, the availability and preparation of the data changes. Thus we refer, for further details on this, to the privacy policy of Facebook referred to in the previous paragraph as well as hereinafter under “PROCESSING OF PERSONAL DATA BY FACEBOOK”.
We use it in aggregated form of available data, in order to make our contributions and activities on our Facebook page more appealing for the users. Thus we use, for example, the divisions according to age and gender for tailored addressing of the users and for establishing preferred visiting times for users for optimised scheduling of our contributions. Information on the type of end devices used by visitors helps us adjust the visual design of the contributions in line with them. In accordance with the Facebook terms of use, which each user agrees to in the course of the creation of a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other information shared by them.
Besides this automatically collected anonymised data, we also process data that you voluntarily provide us with, for example in comments on posts or when making contact.
If you click on the link https://www.myposter.de/datenschutz (you are on that page right now), which is installed on the Facebook fan page of myposter GmbH, you will be directed to a subpage of myposter GmbH’s website. Personal data is also processed on that page. You will find the privacy policy applicable for those pages here: https://www.myposter.de/datenschutz

3.    Data erasure and storage period
Personal data is erased or blocked as soon as the purpose of the storage no longer applies. Further storage may be necessary if this is envisaged by the European or national legislator in EU legal regulations, laws or other regulations to which myposter GmbH is subject. The data is also blocked or erased if a storage period prescribed by the above-mentioned provisions expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

III. PROCESSING OF PERSONAL DATA BY FACEBOOK

How Facebook uses data from a visit to Facebook pages for its own purposes, the extent to which activities on the Facebook page are attributed to individual users, how long Facebook stores that data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and we do not have full knowledge of those circumstances. However, we will monitor further developments in this respect and adjust this privacy policy accordingly if need be. The following information is based on information publicly provided by Facebook with regard to the processing of personal data where Facebook products are used. 1.    Purpose of the data processing
According to its own information, Facebook processes personal data of visitors for the following purposes:

Provision, personalisation and improvement of Facebook products;
Provision of measurements, analyses and other Facebook services;
Promotion of protection, integrity and security;
Communication with Facebook users;
Research and innovation for social purposes.
You can obtain further information on the purposes of the data processing by Facebook in Facebook’s privacy policy:
https://de-de.facebook.com/policy.php

You can find further information on Facebook’s legitimate interests with regard to the processing of personal data here:
https://de-de.facebook.com/about/privacy/legal_bases

If you access our Facebook page (irrespective of whether you are logged into your Facebook account or not), your browser will transfer technically determined data to the web server for which Facebook is responsible. Facebook also uses so-called “cookies”. Facebook uses cookies, among other things, to provide myposter GmbH as the operator of the Facebook page with statistics for the purpose of controlling the marketing of our activities. You can find further information on the use of cookies by Facebook in Facebook’s cookie policy: https://de-de.facebook.com/policies/cookies/

2.    Description and scope of the data processing
a) What types of information does Facebook process?
For the provision of Facebook products it is necessary that Facebook process information on the visitors. The types of information recorded by Facebook depend on how the visitor uses the Facebook products. The following information may be processed by Facebook:

Things done and provided by visitors and others, for example information on how the visitor uses the Facebook products, information on transactions carried out on Facebook products or information on the persons, sites, accounts, hash tags and groups with which the visitor is connected.
Device information, such as device attributes, identifiers, network and connections and cookie data.
Information of partners, according to which advertisers, app developers and publishers can send information to Facebook via the Facebook Business Tools used by them, for example social plug-ins (such as the “Like” button), Facebook Login or Facebook Pixel. Those partners provide Facebook with information on the visitor’s activities outside Facebook.
Facebook also uses cookies which are installed on the visitor’s end device when they access the Facebook page, irrespective of whether the visitor is logged into his/her Facebook account or not. Facebook also processes the information stored in the cookies if a person visits the Facebook services, services provide by other members of the Facebook corporate group or services provided by other companies that use Facebook services. Other parties such as Facebook partners and other third parties may also use cookies for Facebook services in order to provide Facebook or the companies advertising on Facebook with services. You can find further information on the use of cookies by Facebook in Facebook’s cookie policy:
https://de-de.facebook.com/policies/cookies/

When you access a Facebook page the IP address assigned to your end device is transmitted to Facebook. According to Facebook’s information, that IP address is anonymised (with regard to “German” IP addresses) and erased after 90 days. Facebook also stores information concerning the end devices of its users (particularly in connection with the “log-in notification” function); Facebook may therefore be able to assign IP addresses to individual users. If you wish to avoid this, you should log out of Facebook / deactivate the “stay logged in” function, erase the cookies on your device and close and restart your browser. In this way Facebook information through which you can be directly identified is erased. You can therefore use our Facebook page without your Facebook identifier being disclosed. If you access interactive functions of the page (Like, Comment, Share, Messages etc.), a Facebook log-in screen appears. If you log in you can be recognised by Facebook again as a specific user.

You can find information on how you can manage or erase the existing information concerning you on the following Facebook support pages:
https://de-de.facebook.com/about/privacy.
You can find further information on the types of information that Facebook processes in Facebook’s privacy policy:
https://de-de.facebook.com/policy.php

b) How is the information processed by Facebook shared with others?
Facebook works with third parties which help it provide and improve its products or which use Facebook Business Tools to boost business. Information may be shared by Facebook with the following third-party partners:
Partners which use Facebook analysis services;
Advertisers;
Partners for measurements;
Partners which offer goods and services in Facebook products;
Providers and service providers;
Researchers and scientists;
Prosecution and law enforcement authorities or legal enquiries.
You can find further information on the data that Facebook may share with third-party partners in Facebook’s privacy policy:
https://de-de.facebook.com/policy.php

c) How does Facebook process and transmit data within the framework of its global services?
Facebook shares information worldwide, both internally between the Facebook companies and externally with its partners, as well as with persons or organisations all over the world with which the user connects and with which the visitors shares something. Data may also be transmitted to the USA or other third countries that lack an adequate level of data protection and processed there. In this respect Facebook uses standard data protection clauses approved by the European Commission / bases itself on the adequacy resolutions issued by the European Commission with regard to specific countries.
You can find further information on data transmission by Facebook in Facebook’s privacy policy:
https://de-de.facebook.com/policy.php

3. Data erasure and storage period
Facebook stores data until it is no longer needed, in order to provide its services and Facebook products or until the user’s Facebook account is deleted, whichever occurs first. This is a provision for an individual case and depends on things such as the type of data, the reason why it is recorded and processed and the relevant legal or company storage requirements. You can find further information on data erasure and the storage period in Facebook’s privacy policy:
https://de-de.facebook.com/policy.php
With regard to the storage period for cookies installed by Facebook you can find further information in Facebook’s cookie policy:
https://de-de.facebook.com/policies/cookies/

Privacy policy Instagram fan page

As at December 2021

I. Principles for joint processing and contact details of the controllers

1. Joint controllers for the processing of personal data
The purposes of and means used for the processing of personal data when you visit our Instagram page are jointly established by myposter GmbH, Breitenau 7, 85232 Bergkirchen, Germany (“myposter GmbH”) and Facebook Ireland Ltd. (“Facebook”) in the meaning of Article 26 of the EU General Data Protection Regulation (GDPR). This results from the fact that by setting up such an account myposter GmbH as the operator of the Instagram page provides Facebook as the operator of the Instagram service the possibility of processing personal data.

Within the framework of the joint responsibility Facebook has the primary responsibility in accordance with the GDPR for the processing of Insights data and fulfils all obligations under the GDPR with respect to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). Facebook also provides the data subjects with the key elements of this Page Insights Addendum (regulated by the relevant “Page Insights Controller Addendum”).

Below you will find a description of the handling of personal data by myposter GmbH and Facebook when you visit the Instagram account. However, because myposter GmbH generally / largely has no influence on the data collected by Facebook and its processing by Facebook, we are currently unable to provide any clear information on the purpose and scope of the processing of your data by Facebook. However, we will monitor further developments in this respect and adjust this privacy policy accordingly if need be.

Please note that you use the Instagram account and its functions at your own responsibility. This particularly applies for the use of the interactive functions (such as commenting, sharing, ratings).

2. Name and address of the joint data controllers
a) the primary data controller is:

Facebook
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

b) The further data controller is:
myposter GmbH
Breitenau 7
85232 Bergkirchen
Germany
Tel.: +4981313803008
E-mail: [email protected]
Website: http://www.myposter.de

II. Contact details of the data protection officer

You can contact the data protection officer of the further data controller myposter GmbH as detailed in 2.b) at:

DataCo GmbH
Dachauer Straße 65
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.de

You can contact the data protection officer of Facebook Ireland via the online contact form provided on the Facebook platform.

III. General information on data processing at Instagram

1. Data processing by Facebook
The Instagram privacy policy specifies the categories of personal data which are processed when you use Facebook products like Instagram. The privacy policy generally describes the purposes for which that data is used. It also specifies the categories of recipient to which that data is sent. You will also find information there on the legal basis for the processing of that data, as well as information on how you can withdraw your consent to the processing of personal data. In the privacy policy you will find information on how you can exercise your rights to access, rectification, portability and erasure with respect to Facebook. You can find further information on your control options in the setting options at Instagram or its help pages. 2. Facebook cookies
If you visit our Instagram page and your browser enables the storage of cookies, Facebook stores information in the form of small text files in the memory of your browser (hereinafter referred to as “cookies”) and can access that information when you visit the Instagram or Facebook platform. You can find further information on the purpose of the cookies used, the integration of those cookies by other websites and your control options in this respect in the information provided by Facebook on Instagram cookies.

We would like to point out that with the aid of the cookies used Facebook is able to track your user behaviour. This applies both for those people who are registered on the Instagram platform and those who are not registered there.

We would also like to point out that we have no influence on the data processing by Facebook in connection with cookies. It is also possible to visit our Instagram page if you configure your browser such that no cookies are stored by Facebook. You can usually find information on adjusting the settings for cookies in your browser in the help area of the browser you use.

If you are registered on or logged into the Instagram or Facebook platform and would like to prevent Facebook from associating your visit to our Instagram site to your Instagram or Facebook user account, you should log out of Instagram, erase the cookies on your device and close and restart your browser.

3. Data processing during interactions on our Instagram page
On our Instagram company page you can react to our contributions, comment on them and send us messages. Please check what personal data you disclose to us via our Instagram company page. If you would like to prevent Facebook from processing the personal data you transmit to us, please contact us via the contact details specified above.

In addition to the content transferred by you, information on your profile and contributions is visible for us, depending on your privacy settings. You can change this yourself with the aid of the Instagram settings.

As far as we can, your data processed by us will be erased if our Instagram company page is closed. If that data is further stored by Facebook, it shall be based exclusively on the provisions of the Instagram privacy policy and Instagram’s terms and conditions of use.

IV. Purposes and legal bases

Your personal data is collected for the purpose of communicating with customers and business partners of myposter GmbH, marketing the products and as a result developing better products for our customers.

  • device attributes: Information such as the operating system, hardware and software versions, battery level, signal strength, available memory space, browser type, app and file names and types and plug-ins.
  • Processes on the device: Information on the processes and activities carried out/conducted on the device, for example whether a window is located in the foreground or background or mouse movements.
  • Identifiers: Unique identifiers, device IDs and other identifiers, such as those of games, apps or accounts which are used and family device IDs.
  • Device signals: Bluetooth signals and information on WLAN access points, beacons and mobile phone masts in the vicinity.
  • Data from device settings: Information from device settings, such as the access to the GPS location, camera or photographs.
  • Network and connections: Information such as the name of the mobile phone or Internet provider, the language, time zone, mobile phone number, IP address or connection speed and in some cases information on other devices situated nearby.
  • Cookie data: Data concerning cookies stored on the device, including cookie IDs and settings.

V. Recipients of data

Most of the personal data, such as photographs, names or usernames, is publicly presented by Instagram. Only direct Instagram messages to myposter GmbH are data which in the context of this privacy policy is not public. Your personal data is passed on by myposter GmbH to internal employees in the sales and marketing department and possibly also contract processors, such as a marketing agency.

It should be assumed that Facebook discloses the data to third parties or authorities like the NSA, and this is described in its privacy policy and the specialist literature.

VI. Data transfer

The Instagram privacy policy explains the data transfer by Facebook to third countries, as well as its legal bases.

myposter GmbH does not plan to transmit the data to third countries.

VII. Storage period

In the Instagram privacy policy you will also find information on the storage period for personal data and information on the criteria for determining that period and the possibility of blocking or erasing Instagram accounts.

VIII. Automated decision-making

Instagram uses automated decision-making to display content for users. Instagram recommends content which it thinks users will like. myposter GmbH has no knowledge of the decision-making logic behind it. The implications of the use of Instagram and other similar social media and its effects are considerable and they may be exploited in systems of mass surveillance or for deepfakes or other face recognition systems.

IX. Business profile[h3] The Instagram page of myposter GmbH is a business profile (hereinafter referred to as “Instagram company page” or “corporate presence”) and can therefore make use of the Instagram Insights function. This means some of the data collected by Facebook during the usage is provided to us in anonymised form as a statistical analysis. This statistical utilisation only relates to users, content and activities on our Instagram page. The analysis specifically includes the following data:

  • Number of “likes” for our photographs and videos
  • Number of comments on our photographs and videos
  • Number of people who have seen a photograph or video
  • Number of times a photograph or video has been shared
  • Number of times a photograph or video has been reported as spam
  • Number of times a user has clicked that he/she no longer likes the page
This information transmitted by Facebook to myposter GmbH is anonymised and can no longer be associated by us with your person as a user of the Instagram page. However, this does not mean that the data collection and data processing at Facebook itself is anonymised.

On our Instagram company page we make information available and offer Instagram users the possibility of communication. If you perform an action on our Instagram company page (for example comments, contributions, likes etc.) it may happen that as a result you publicly disclose personal data (e.g. real name or user profile photograph). However, because as a rule we largely have no influence on the processing of your personal data by Facebook we are unable to provide any binding information on the purpose and scope of the processing of your data by Instagram or Facebook.

Our Instagram company page is used for communication and the exchange of information with (potential) customers and business partners. In particular, we use the corporate presence for:
  • Products
  • Competitions
  • Employer brand building
Publications concerning the corporate presence may have the following content:
  • Information about products
  • Competitions
  • Advertising
Each user is free to publish personal data through activities.

The data generated through the corporate presence is not stored in our own systems.

You may object to the processing of your personal data that we collect within the framework of our Instagram company page at any time and/or exercise your data subject rights as specified in section XI. of this privacy policy.

In order to exercise your data subject rights as specified in section XI. of this privacy policy with respect to Facebook you must contact Instagram directly.

[h3]XI. Rights of the data subjects

If personal data belonging to you is processed, you are a data subject in the meaning of the GDPR and have the following rights with respect to the data controller:
  1. 1. Right to information
    If your personal data is processed you have the right to be provided with information by the controller on the stored data concerning you (Article 15 GDPR). [li]2. Right to rectification
    If incorrect personal data is processed, you are entitled to a right to rectification (Article 16 GDPR).
  2. 3. Right to erasure or restriction and objection
    If the statutory requirements are fulfilled, you may demand the erasure or restriction of the processing or submit an objection to the processing (Article 17, 18 and 21 GDPR).
  3. 4. Right to notification
    If you have exercised the right to rectification, erasure or restriction of the processing with respect to the controller, under Article 19 GDPR it must inform all recipients to which the personal data relating to you has been disclosed of such rectification or erasure of the data or restriction of the processing, unless this proves to be impossible or involves disproportionate expenses.
  4. 5. Right to data portability
    If you have agreed to data processing or a data processing contract exists and the data processing is carried out with the aid of automated processes, you may be entitled to a right to data portability (Article 20 GDPR).
  5. 6. Right of objection
    Under Article 21 GDPR you have a right to at any time submit an objection, for reasons arising from your particular situation, against the processing of the personal data relating to you that occurs on the basis of Article 6(1) sentence 1e or f GDPR. This also applies for profiling.
  6. 7. Right to withdraw the declaration of consent under data protection laws
    If you have agreed to the processing by the controller by way of an appropriate declaration, you may withdraw the consent at any time, with effect for the future. The legality of the data processing that occurred on the basis of the consent up to the revocation will not be affected by this.
  7. 8. Automated decision-making in an individual case including profiling
    Under Article 22 GDPR you have the right not to be subject to decision-making exclusively based on automated processing, including profiling, that has legal consequences with respect to you or in a similar manner has significant detrimental effects for you.
  8. 9. Right to appeal to a supervisory authority
    You also have a right to lodge a complaint with a supervisory authority (Article 77 GDPR).
This privacy policy was prepared with the support of DataGuard.

 Please check it for applicability.