Data Privacy Policy of Instinctif Deutschland GmbH
We are happy that you visit our website and have an interest in our consulting offer. In the following, we would like to inform you about the data processing when you use our website.
A. Data Controller / Data Protection Officer
The data controller in the definition of the General Data Protection Regulation (GDPR) and other provisions of data protection laws is
Instinctif Deutschland GmbH, Im Zollhafen 6, 50678 Cologne,
represented by the Managing Director, Carsten Böhme
Phone: +49 221 420 75-0 / Fax: +49 221 420 75-59 / koeln[at]instinctif.com
The external Data Protection Officer is
Ms Nina Hiddemann, Attorney at Law, Am Römerturm 1, 50667 Cologne,
Phone: +49 221 200 51 76 / Fax: +49 221 200 51 77 / recht[at]hiddemann.de
B. General remarks on data processing
I. Scope of the processing of personal data
We gather and use personal data of our users generally only to the extent this is required
- for the provision of a functional website,
- for the performance of our consulting and other services,
- and if a consent from the user was received.
An exception applies in such cases where it is not possible to obtain prior consent for practical reasons and the processing of the Data is permitted under legal regulations. The following data categories are concerned:
- Master data (e.g. name, address, etc.)
- Contact data (e.g. email, phone number)
- Content data (e.g. text input)
- Usage data (e. g. visited websites, times of access)
- Meta/Communication data (e.g. device information, IP addresses)
II. Legal basis for the processing of personal data
The legal bases provided by the GDPR for the processing of personal data are described in the following: For the processing of personal data • on the basis of a consent from the data subject, Art. 6 (1) lit. a) EU General Data Protection Regulation (GDPR) serves as the legal basis; • that serves for the fulfilment of a contract with the data subject, Art. 6 (1) lit. b) GDPR is the legal basis • that is required for the execution of pre-contractual measures, Art. 6 (1) lit. b) GDPR is the legal basis; • that is required for the fulfilment of a legal obligation applicable to us, Art. 6 (1) lit. c) GDPR serves as the legal basis; • that is necessary for the protection of vital interests of the data subject or other natural persons, Art. 6 (1) lit. d) GDPR is the legal basis; • that is required for the protection of a legitimate interest of our company or of a third party, which overrides the interests, civil rights and fundamental freedoms of the data subject, Art. 6 (1) lit. f) GDPR serves as the legal basis for the processing.
III. Data deletion and period of storage
We generally delete or block personal data as soon as the purpose of storing no longer applies. If we are obligated under the law to retain data, the data will be blocked or deleted only after expiration of the statutory retention period, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
IV. Recipient of the gathered data
EThe recipient of the data gathered via the website is the specified data controller. In addition, commissioned data processors (webhosting providers, technical support) have access to the data gathered via the website. However, the observation of legal regulations is also ensured in this respect by way of contracts on commissioned data processing, which we conclude with our data processors who are domiciled in the EU. Personal data is only transmitted within the scope described below.
C. Provision of the website and creation of logfiles
I. Scope of the data processing
On each retrieval of our website, our system automatically gathers data and information from the computer system of the accessing computer. The following data is gathered in this process: - Information on the browser type and language, character encoding and the version used - The user’s operating system - The user’s IP address - Date and time of the access, the first and last visit - Website from which the user was referred - Websites that are called up by the user’s system via our website
The data is likewise stored in the logfiles (logfiles/log of all or particular processes in a computer system) of our system. This data will not be stored together with other personal data of the user.
II. Legal basis for the data processing
The legal basis for the temporary storing of the data and logfiles is Art. 6 (1) lit. f) GDPR.
III. Purpose of the data processing
The temporary storing of the IP address by the system is necessary to enable a delivery of the website to the computer of the user. For this purpose, the user’s IP address must remain stored for the duration of the session.
The logfiles are stored in order to ensure the functionality of the website. In addition, the data helps us optimise the website and ensure the security of our IT systems.
These purposes are also justified interests of ours in the data processing pursuant to Art. 6 (1) lit. f) GDPR. Since we cannot directly draw identify a natural person based on an IP address and because an IP address is furthermore not sensitive data and deleted directly after the visit to the website, and as we need it to provide our website, our interest overrides the interest of the data subject.
IV. Duration of the storing
The gathered data will be deleted, as soon as it is no longer needed to achieve the purpose for why it was gathered (provision of the website). In the event that the data is stored in logfiles, deletion will take place at the latest after seven days. Storing beyond this point is possible. In that case, however, the users’ IP addresses will be deleted or anonymised, so that it will not be possible anymore to attribute them to the accessing client.
V. Possibility for objection and removal
The gathering of the data for the purpose of providing the website and the storing of the data in logfiles is necessarily required for the operation of the website. Consequently, there is no possibility to object for the user.
D. Use of cookies/tracking tools
I. Description and scope of the data processing
1. General remarks
Our website uses cookies. Cookies are text files that are stored in the internet browser or that are stored by the internet browser on the user’s computer system. If a user retrieves a website, a cookie can be stored in the user’s operating system. This cookie contains a sequence of characters that enable a definitive identification of the browser upon repeated retrieval of the website.
We use cookies to make our website more user friendly. Some elements of our website require that the retrieving browser can also be identified after a different page is called up.
These are the following cookies:
| Name | Title | Duration of the storing |
| PHPSESSID | Differentiation between users | End of session |
| _ga | Differentiation between users | 2 years |
| _gid | Differentiation between users | 24 hours |
| _gat | Throttling the request rate | 10 minutes |
| _pk.ref.6.8e69 | Differentiation between users | 6 months |
| _pk.id.6.8e69 | Differentiation between users | 2 years |
| _pk_ses.6.8e69 | Differentiation between users | End of session |
| _hjIncludedInSample | Differentiation between users | End of session |
2. Cookies not required for technical reasons/analysis tools
a) Google Analytics
On our website, we use Google Analytics, an advertising analysis service of Google Inc. ("Google"). Google Analytics uses so-called “cookies", text files that are stored on your computer and that enable an analysis of the website utilisation by you.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the USA. Google will use this information to analyse your usage of the website on our behalf, compile reports about website activities, and perform additional services for us as the website operator, which relate to the use of the website and of the internet. In light of the discussion about the use of analysis tools with complete IP addresses, we would like to point out that IP addresses are processed further only in truncated form on this website in order to rule out a direct possibility to identify persons, as we use Google Analytics with the extension “_anonymizeIp()”. For this reason, your IP address is truncated by Google within the Member States of the European Union or in other signatory states of the Treaty on the European Economic Area prior to the transmission to a Google server in the USA. The complete IP address will only be transmitted in exceptional cases to a server of Google in the USA and it will be truncated there.
Google will never combine your IP address with other data of Google Inc. You can prevent the installation of cookies through corresponding settings in your browser software; however, we inform you that you might then not be able to use the full of this website. In addition, you may prevent the gathering of the data generated by the cookie by downloading and installing a browser plug-in that is available at the following link.
You can furthermore prevent the data from being gathered by Google Analytics by clicking on this link. By clicking on the link, a so-called opt-out cookie will be set that prevents the future gathering of your data when you visit of our website again.
You can find more information about the terms of use and data privacy at http://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies
b) Matomo (formerly PIWIK)
On our website, we use the open source software tool Matomo (formerly PIWIK) for the analysis of our users’ browsing behaviour. The software sets a cookie on the users’ computers (regarding cookies see above). If individual pages of our website are called up, the following data will be stored:
- Two bytes of the IP address of the user’s retrieving system
- The retrieved webpage
- The website from which the user reached to the accessed webpage (referrer)
- The subpages that are accessed from the retrieved website
- The length of the visit to the website
- The frequency of the access to the website
In the process, the software runs exclusively on the servers of our website. The users’ personal data is stored only there. The data is not transferred to third parties.
The software is configured so that not the full IP addresses are stored completely but so that 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). This way, an attribution of the truncated IP address to the retrieving computer is no longer possible.
You can find more information about the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/.
If you would like to prevent the use of Matomo, please click on this link to store a Matomo deactivation cookie in your browser.
II. Legal basis for the processing of personal data
The legal basis for the processing of the users’ personal data is Art. 6 (1) lit. f) GDPR.
III. Purpose of the data processing
The purpose of the use of analysis cookies is improving the quality of our website and its contents. We find out from the analysis cookies how the page is used and we can thereby continuously optimise our offer.
The processing of the users’ personal data enables us to analyse our users’ browsing behaviour. Through the analysis of the gathered data, we are able to compile information about the use of the individual components of our website. This helps us to improve our website and its user friendliness continuously. These purposes also constitute our legitimate interest in the processing the data pursuant to Art. 6 (1) lit. f) GDPR. By anonymisation of the IP address, the users’ interest in the protection of personal data is taken into due account.
IV. Duration of the storing
The data will be deleted as soon as it is no longer needed for the purposes of archiving.
In our case, this applies after six months.
V. Possibility for objection/removal
Independent of the aforementioned opt-out possibilities, you can deactivate or restrict the transfer of cookies by making changes to the settings of your internet browser. Cookies already stored can be deleted at any time. This can also be done in an automated process. If cookies are deactivated for our website, it might not be possible to use all features of the website to the full extent.
E. Social Media
Links to various social media can be found on our website. These, however, are links to external web profiles of third-party providers of social media and not plug-ins. When you visit our internet appearance, consequently, no links are created or personal data transmitted to the external providers. When clicking on the respective button that is labelled with the provider’s logo, you will be referred to the internet appearance of this provider. At that moment, you will be leaving our internet appearance. If you have any questions about the data gathering by third-party providers, please read the data privacy policies made available by the external providers. We have embedded links for the following social media:
I. Facebook
With the “f” button, our internet appearance is linked to the social network facebook.com, the operator of which for users outside of the USA and Canada is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland. Please find information on data privacy here: https://de-de.facebook.com/about/privacy/
II. Twitter
By clicking on the button labelled with the bird symbol, you will reach the micro-blogging service of the company Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. You can find information on data privacy here: https://twitter.com/de/privacy
III. LinkedIn
Using the “in” button, you can reach the web appearance of the platform LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. You can find information on data privacy here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
IV. Xing
Using the stylised “X” button, you can reach the web appearance of the company XING AG, Dammtorstraße 30, 20354 Hamburg. You can find information on data privacy here: https://www.xing.com/privacy
V. Instagram
Instagram is a service of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. You can find more information in the privacy policy of Instagram: http://instagram.com/about/legal/privacy/
F. Contact by email
I. Scope of the data processing
It is possible to contact us via our website using the specified email addresses. If this option is used, the user’s personal data that is transmitted with the email will be stored. The data will be used exclusively for the processing of the communication or request.
II. Legal basis for the data processing
The legal basis for the processing of the data that is transmitted in the course of sending an email is Art. 6 (1) lit. f) GDPR. If the contact by aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b) GDPR.
III. Purpose of the data processing
The processing of the personal data resulting from the contact initiated by email is used by us solely for processing the communication and your concern. This is also our legitimate interest. Since the contact is initiated by you and it is at your choice, and because we inform you in advance about how we handle the transmitted data, our legitimate interest overrides your justified interest in your personal right.
IV. Duration of the storing
The data will be deleted, as soon as it is no longer needed to achieve the purpose for gathering it. This is the case regarding the personal data transmitted by email when the respective communication with the user is finished. The communication is terminated when it can be seen based on the circumstances that the relevant facts have been clarified conclusively.
V. Possibility for objection and removal
The user has the option at any time to object to the processing of his/her personal data. In such a case, the communication cannot be continued. The objection can be stated by email, letter or fax. All personal data that has been stored in the course of the contact will be deleted by us in that case. Insofar as data is gathered in the context of a contractual relationship, there is no option to object, as the data is necessarily required to execute the contract.
G. Newsletter
If you sign up for our newsletter, we will send you information about current news on a regular basis. For this purpose, we use the so-called double opt-in procedure. This means that we will transmit an email newsletter to the user only when he/she has expressly agreed to the mailing of the newsletter and then clicked on an authentication link that was sent by email. We thereby ensure that the specified email address belongs in fact to the person granting the consent. In the course of granting the consent, the user is informed about the use of the data. For the mailing, we use the service provider Campaign Monitor with registered offices in London, San Francisco and Sydney.
I. Description and scope of the data processing
In the context of the newsletter mailing, we gather the following data:
- Salutation/first and last name
- Email address
- Date of the subscription
II. Legal basis for the data processing
The legal basis for the processing of the data after subscription of the newsletter is Art. 6 (1) lit. a) GDPR (consent).
III. Purpose of the data processing
Registering your email address serves the purpose of delivering the newsletter. The further data serves to protect against abuse.
IV. Duration of the storing/possibility for objection and removal
The data will be deleted, as soon as it is no longer needed to achieve the purpose for gathering it. Your email address will be stored accordingly for as long as the subscription to the newsletter is active.
You can cancel the newsletter subscription at any time. To do so, a corresponding link is included in each newsletter. After unsubscribing from the newsletter, the email address will be deleted immediately from our newsletter distribution list, unless you have expressly agreed to a further use of your data or we have reserved an additional use of the data that is permitted under the law and that we have informed you about this in this policy.
H. Press releases
Press releases are mailed exclusively to journalists and on behalf of our customers. Personal data (email, name) is processed by us exclusively for the purpose of mailing our press releases – which also constitutes our legitimate interest – on the basis of Art. 6 (1) lit. f) GDPR. This data will not be disclosed to other businesses. Should you no longer agree with the use of your data and if you would like to be deleted from the distribution list, you can send us an email at any time.
I. Rights of data subjects
If personal data relating to you is processed, you are the data subject in the definition of the GDPR and you have the following rights:
I. Right to confirmation
You can demand a confirmation from us of whether personal data relating to you (hereinafter referred to as “Your Data”) is being processed by us.
If such processing applies, you can demand information from us regarding the following aspects:
(1) the purposes for which the Your Data is processed;
(2) the categories of personal data that is processed;
(3) the recipients or categories of recipients to whom Your Data has been disclosed or will be disclosed in the future;
(4) the planned duration of the storing of Your Data or, if this cannot be specified concretely, the criteria for determining the storage duration;
(5) applicability of a right to correction or deletion of Your Data, a right to restrict the processing by us or a right to object to this processing;
(6) applicability of a right to complain with a supervisory authority;
(7) all available information on the origin of the data if the personal data has not been gathered from the data subject;
(8) applicability of an automated decision-making process including profiling according to Art. 22 (1) and (4) GDPR and – at least in these cases – explanatory information about the involved logic and scope, as well as the intended effects for the data subject from such processing.
You have the right to demand information of whether Your Data is being transmitted to a third country or an international organisation. In this connection, you can request being informed about the suitable guarantees according to Art. 46 GDPR relating to the transmission.
II. Right to correction
You have a right to the correction and/or completion if Your Data is incorrect or incomplete. We will have to make an immediate correction then.
III. Right to limit the processing
On the following conditions, you can request the restriction of the processing of Your Data:
(1) if you deny the correctness of the Your Data for a period that enables us to check the correctness of the data;
(2) the processing by us is illegitimate and you reject the deletion of the data by us and instead request us to restrict our use;
(3) we no longer need Your Data for the purposes of the processing, but you require it for the assertion, enforcement of or defence against legal claims; or
(4) if you have raised an objection against the processing according to Art. 21 (1) GDPR and if it is not certain yet if our legitimate interests override your reasons.
If the processing of the Your Data has been limited, the data may be processed by us – other than for storing – only with your consent or only to assert, enforce or defend against legal claims or to protect the rights of another natural person or legal entity, or for reasons of a compelling public interest of the European Union or of a Member State.
If the restriction of the processing has been applied according to the aforementioned conditions, you will be informed by us before the restriction is lifted.
IV. Right to erasure
1. Obligation for erasure
You can demand from us that Your Data be erased immediately. We are obligated to erase this data immediately if one of the following reasons applies:
(1) Your Data is no longer required for the purposes for which it has been gathered or otherwise processed.
(2) You revoke your consent that served as the basis for the processing according to Art. 6 (1) lit. a) or Art. 9 (2) lit. a) GDPR and there is no other legal basis for the processing.
(3) You raise an objection according to Art. 21 (1) GDPR against the processing and there are no outweighing justified reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR.
(4) Your Data has been processed unlawfully.
(5) The erasure of Your Data is required to fulfil a legal obligation according to EU law or the laws of the Member States that apply to us.
(6) Your Data has been collected with regard to offered services of the information society according to Art. 8 (1) GDPR.
2. Information to third parties
If we have made Your Data publicly accessible and if we are obligated to delete it according to Art. 17 (1) GDPR, we will take appropriate measures (also of technical nature), in order to inform the data controllers who likewise process Your Data of the fact that you, as the data subject, have requested them to delete all links to Your Data or have requested copies or replications of this personal data.
3. Exceptions
The right to deletion does not apply if the processing is required
(1) to exercise the right to free speech and information;
(2) to fulfil a legal obligation that applies to the processing pursuant to EU law or the laws of the Member States that apply to us, or to fulfil a task in the public interest or in exercise of public power that has been delegated to us if applicable;
(3) for reasons of the public interest in matters of public health according to Art. 9 (2) lit. h) and i) as well as Art. 9 (3) GDPR;
(4) for archiving purposes that are in the public interest, for scientific or historic research purposes or for statistical purposes according to Art. 89 (1) GDPR, insofar as the right referred to under Section a) is expected to render the realisation of the processing objectives impossible or obstructs it to significant extent; or
(5) for the assertion, exercise or defence of legal claims.
V. Right to information
If you have asserted the right to the correction, deletion or restriction of the processing against us, we will be obligated to inform all recipients to whom Your Data has been disclosed of this correction or deletion of this data or the restriction of the processing, unless this proves to be impossible or if such is tied to disproportionate effort or expense for us.
You have the right to be informed of these recipients.
VI. Right to data portability
You have the right to receive Your Data from us in a structured, commonly used and machine-readable format. You have furthermore the right to transmit this data to another data controller without obstruction by us, insofar as
(1) the processing is based on a consent according to Art. 6 (1) lit. a) GDPR or Art. 9 (2) lit. a) GDPR or a contract according to Art. 6 (1) lit. b) GDPR, and
(2) the processing takes place by means of automated processes.
You also have the right to this end that we transfer Your Data to another data controller insofar as this is technically feasible. Freedoms and rights of other persons, however, must not be impaired thereby.
This right to data portability does not apply to the processing of personal data that is required to fulfil a task in the public interest or in exercise of public power that has been delegated to us.
VII. Right to object
You have the right to object at any time, for reasons that result from your particular situation, to the processing of Your Data that takes place on the basis of Art. 6 (1) lit. e) or lit. f) GDPR; this also applies to profiling based on these provisions.
We will then cease the processing of Your Data, unless we can prove compelling reasons for the processing that qualify for protection and override your interests, rights and freedoms, or if the processing serves the purpose of the assertion or enforcement of or defence against legal claims.
VIII. Right to revoke the consent according to data protection laws
You have the right at any time to revoke consents according to data protection laws. The legitimacy of the processing that has taken place up until your objection will not be affected by the revocation of the consent.
IX. Right to complain with a supervisory authority
Notwithstanding any other legal remedy under administrative law or court order, you have the right to lodge complaint with a supervisory authority if you believe that the processing of Your Data violates data protection laws.
The supervisory authority with which complaint has been filed will inform you, as the so-called complainant, of the status and the results of the complaint including the possibility of appeal in court pursuant to Art. 78 GDPR.
J. No obligation to surrender data
There is neither a legal nor contractual obligation nor contractual necessity to provide personal data to us when visiting our internet appearance.
K. Profiling
We conduct neither profiling nor automated decision-making in the context of our internet appearance.
Status: May 2018
