Data Protection Policy

The following is to inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations.

This data protection policy explains the nature, scope and purpose of the processing of personal data within our website (hereinafter collectively referred to as the “website”). This date protection policy applies regardless of the domains, systems and devices (e.g. desktop, mobile, etc.) used.

Personal data is any data that can be personally connected to you, so for example, name, address, e-mail addresses, and user behaviour. Which data is processed in detail and how it is used depends largely on the services used.

1. Who is responsible for data processing and who can I contact?

The responsible body is:

HitchHiker GmbH
Berner Straße 81
60437 Frankfurt am Main
Phone: +49 69 50 70 30
Fax: +49 69 50 70 3 111
E-Mail Address: datenschutz@hitchhiker.net

You can contact our data protection officer at:

mip Consult GmbH
Rechtsanwalt Asmus Eggert
Alte Jakobstr. 77
10179 Berlin
Phone: +49 69 50 70 30
datenschutz@hitchhiker.net
www.sofortdatenschutz.de

2. What sources and data do we use?

We process personal data that we receive from you when you visit our website.

If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specifically accessed website), access status/HTTP status code, data volume transmitted in each case, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, notification of successful retrieval.

Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data are here e.g. name, address, e-mail, telephone number (hereinafter referred to as “contact data”).

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) on the following legal bases:

3.1 On the basis of your consent, Art. 6 1a GDPR
If you have given us your consent to the processing of personal data for specific purposes (e.g. when contacting us via our contact form or by e-mail for processing and handling the inquiry, sending newsletters, advertising by telephone, e-mail, SMS, etc.), the legality of this processing is given on the basis of your consent. You may revoke your consent at any time. Please note that such revocation is only with future effect. Processing operations that are performed prior to the revocation are not affected.

3.2 For the implementation of pre-contractual measures on request of the person, Art. 6 Para. 1b GDPR
When contacting us (via contact form or e-mail), your details will not only be used to process the contact enquiry and its processing, if applicable, but also on the basis of the implementation of pre-contractual measures, Art. 6 Para. 1b GDPR.

3.3 Within the framework of the balancing of interests, Art. 6 Para. 1f GDPR
If necessary, we process your data to protect our legitimate interests or those of third parties. In particular, we pursue the following entitled interests:

  • Ensuring IT security, in particular the security of the website (see data listed under point 2 above);
  • Assertion of legal claims and mounting a defence in legal Disputes;
  • Advertising, market and opinion research, provided you have not objected to the use of your data.

4. Who will receive my data?

Within the company, only the employees who need your data to fulfil our contractual and legal obligations have access to it.

Contractors used by us (Art. 28 GDPR) may also receive data for the above-mentioned purposes. These are companies in the categories IT services, telecommunications and sales and marketing. If we use contract processors to provide our services, we take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal regulations. The data will only be processed within the European Union.

Data will only be passed on to third parties within the framework of legal requirements. We only pass on the user’s data to third parties if, for example, on the basis of Art. 6 Para. 1 lit. b) GDPR this is required for contractual purposes or on the basis of justified interests in accordance with Art. 6 Para. 1 lit. f. GDPR for the economic and effective operation of our business or you have consented to the data transmission. We do not pass on any data to third parties in the purely informational use of the website.

5. How long will my data be stored?

For security reasons (e.g. to investigate misuse or fraud) log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is required for evidence purposes are excluded from deletion until the relevant incident has been finally clarified.

If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract via contact form or by e-mail.

Finally, the retention period is also assessed according to the statutory limitation periods, which, for example, according to Art. 195 ff. of the German Civil Code (BGB) may as a rule be 3 years, but in certain cases also up to thirty years.

6. Is data transferred to a third country or to an international organisation?

The data provided will be processed within the European Union and in the USA. Please note that we either ensure with recipients of your data for countries without a Commission adequacy decision under Article 45 GDPR, as is the case with the US, that they are certified under the EU-US Privacy Shield (such as Google) or that we have agreed EU standard data protection clauses with these recipients. This is in order to protect your data and to achieve an appropriate level of protection for your personal data. You have the option of obtaining or viewing copies of the EU standard data protection clauses. If required, please contact us using the contact details given above under point 1.

7. What data protection rights do I have?

Each person concerned has

  • The right to information according to Art. 15 GDPR,
  • The right to information according to Art. 15 GDPR,
  • The right to erasure according to Art. 17 GDPR,
  • The right to restrict processing in accordance with Art. 18 GDPR, and
  • The right to data transferability arising from Art. 20 GDPR.

Furthermore, you can revoke your consent, in principle with effect for the future.

In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with Art. 19 BDSG).

In addition, we would like to point out your right of objection pursuant to Art 21. GDPR:

Information about your right of objection according to Art. 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of the personal data concerning you under Art. 6 Para. 1 lit e GDPR (data processing in the public interest) and Art. 6 Para. 1 lit f GDPR (data processing on the basis of a balance of interests), this also applies to a profiling based on this provision within the meaning of Article 4 no. 4 GDPR, which we use for questionnaire evaluation or for advertising purposes.

The responsible party will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes

The objection can be made form-free and there are no other costs than the transmission costs according to the basic tariffs.

The objection should, if possible, be addressed to:

HitchHiker GmbH
Berner Straße 81
60437 Frankfurt am Main

or by email to:

E-Mail Address: datenschutz@hitchhiker.net

 

8. To what extent is there automated decision making in individual cases, including profiling?

When accessing our website or contacting us by form or e-mail, we do not use fully automated automatic decision making in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. Is there an obligation for me to provide data?

Within the framework of our website, you must provide the personal data that is technically necessary or for IT security reasons for the use of our website. If you do not provide the above information, you may not use our website.

When contacting us by form or e-mail, you only need to provide the personal data required to process your request. Otherwise we cannot process your request.

10. Newsletter

In the following information, we will inform you about the contents of our newsletter as well as the registration, shipping and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to receive the newsletter and to the procedures described.

Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletters”) only with the express consent of the recipient or with legal permission. If registration for the newsletter involves a specific description of its content, then this description is the basis on which the user agrees to receive the newsletter. In addition, our newsletters contain information about our products, offers, promotions and our company in general.

Double opt-in and logging records: Subscription to our newsletter takes place using a process known as double opt-in. This means that upon registration, you will receive an email requesting confirmation of the subscription. The confirmation is required to ensure that no one else subscribes using your email address. A record of subscriptions to the newsletter is kept to fulfil the legal requirements for recording the subscription process. The record contains the time of subscription and confirmation as well as the relevant IP address. Any changes to the data registered with MailChimp will also be recorded.

Shipping service provider: The newsletter is sent by Newsletter2Go GmbH Address: Koepenicker Str. 126, 10179 Berlin. Germany, hereinafter referred to as “Shipping Service”. You can view the data protection provisions of the Shipping Service provider here: https://www.newsletter2go.de/datenschutz/.

Furthermore, the Shipping Service provider can use this data in pseudonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch and presentation of the newsletter or for statistical purposes in order to determine from which countries the recipients come. However, the service does not use the recipient data of our newsletter to approach recipients directly nor do they pass the information on to third parties.

Subscription details: To subscribe to the newsletter, simply enter your e-mail address. Optionally, we ask you to enter a name for the newsletter, so that we can address you personally.

Performance measurement: The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file, which is retrieved from the email marketing server when opening the newsletter. During the download, technical information such as your browser and operating system, as well as your IP address and the time of the download, are collected. This information is used for technical improvement of the service, as technical data or target group data can be analysed according to their reading behavior, their download locations (identifiable through IP addresses) or download times. Statistical data collection also includes an analysis of when the newsletters are opened and which links are clicked upon. Although this information technically allows the tracking of individual newsletter recipients, we are not interested in watching the behaviour of individual users. Data analysis is used to recognise patterns in the reading behaviour of users, and to adapt contents accordingly or send different content according to the interests of our users.

The newsletters are dispatched and their performance measured on the basis of the recipients’ consent in accordance with Art. 6 Para. 1a, Para. 7 GDPR in conjunction with Art. 7 Para. 2 No. 3 UWG (Law against unfair competition) or on the basis of legal permission in accordance with Art. 7 Para. 3 UWG.

The registration procedure is recorded on the basis of our legitimate interests in accordance with Art. 6 Para. 1f GDPR and serves as proof of consent to receive the newsletter.

Cancellation/Revocation: You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. You will find an “unsubscribe” link at the end of each newsletter. If the users have only subscribed to the newsletter and cancelled this subscription, your personal data will be deleted.

11. Cookies & Audience Measurement

Cookies are information that is transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. In part, cookies serve security purposes or are required for the operation of our online offer (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner.

Some of the cookies we use are so-called “session cookies”, which are only stored on our website for the duration of your current visit (e.g. to enable the storage of your login status or the language and thus the use of our website). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close your browser, for example.

Users will be informed about the use of cookies in the context of pseudonymous range measurement within the scope of this data protection declaration.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Cookies already saved can be deleted in the system settings of the browser at any time. The exclusion of cookies can lead to functional restrictions of this online offer.

You can object to the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

12. Google Analytics

We rely on our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1f GDPR) by using Google Analytics, a web analysis service of Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the user’s use of the website’s online offerings is generally transmitted to and stored on a Google server in the USA.

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

On our behalf, Google will use this information to evaluate the use of our online offering by the user, to compile reports on the activities within this online offering and to provide us with other services related to the use of this online offering and the Internet. Pseudonymous usage profiles of users may be created from the processed data in this respect.

We also use Google Analytics to display advertisements placed by Google and its partners within advertising services only to users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are determined by the web pages visited) that we transmit to Google (known as “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our advertisements correspond to the potential interest of the users and are not annoying.

We use Google Analytics only with activated IP anonymization. This means that the IP address of the user is shortened by Google within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there.

The IP address sent by your browser will not be connected with other data from Google. The user may refuse the use of cookies by selecting the appropriate settings in their browser; the user can also prevent Google from collecting the data generated by the cookie regarding your use of the contents data and the processing of this data by Google by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For further information on data usage by Google, setting and blocking options, please see the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).

13. Google-Re/Marketing-Services

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR) we use the marketing and re-marketing services (“Google Marketing Services” for short) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

The Google marketing services allow us to target ads for and on our site in order to present users only with ads that potentially match their interests. For example, if a user sees ads for products he has been interested in on other websites, this is referred to as “re-marketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, which contents he is interested in and which offers he has clicked on, furthermore technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer. The IP address of the users is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other signatory states of the European Economic Area Agreement and only in exceptional cases completely transmitted to a Google server in the USA and shortened there. The IP address is not combined with the user’s data within other Google offers. The above information may also be linked by Google to such information from other sources. If the user subsequently visits other websites, the ads tailored to his interests can be displayed.

Users’ data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

One of the Google marketing services we use is the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Thus, cookies cannot be tracked using the website of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for the Adwords advertisers who have opted for conversion tracking. Adwords customers can find out the total number of users who have clicked on their ad and been redirected to the page with a conversion tracking tag. However, advertisers do not obtain any information that can be used to personally identify users.
We may include third-party advertisements based on the Google marketing service “DoubleClick” . DoubleClick uses cookies to enable Google and its partner sites to serve ads based on users’ visits to this site or other sites on the Internet.
We may include third-party advertisements based on the Google marketing service “AdSense”. AdSense uses cookies to enable Google and its partner sites to serve ads based on users’ visits to this site or other sites on the Internet.
We can also use the “Google Optimizer” service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to input fields, design, etc.) within the framework of so-called “A/B testing”. Cookies are stored on the user’s devices for these test purposes. Only pseudonymous user data is processed.
We may also use the “Google Tag Manager” to integrate and manage Google analytics and marketing services into our website.

Further information on Google’s use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.

If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.

14. Integration of services and content from third parties

Within our online offer, we rely on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR) we include content or service offerings of third parties so that we can incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content can see the IP address of users, since without the IP address they would not be able to send the content to the users’ browsers. The IP address is therefore necessary in order to display this content. We strive only to use content from providers who use the IP address to deliver content, and for nothing else. Third-party providers may also use “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offering. It may also be linked to such information from other sources.

The following presentation offers an overview of third-party providers and their content in addition to links to their Privacy Statements which contain further references to the processing of data and, already mentioned here in part, possibilities to object (so-called opt-out):