Privacy protection policy according to the GDPR
I. Name and address of the data controller
DIE CREW AG
Tel: +49 (0) 711 / 1 35 45 0
Fax: +49 (0) 711 / 1 35 45 90
is the data controller as defined in the EU General Data Protection Regulation (DSGVO) and the national data privacy laws.
II. Name and address of the data protection officer
The data protection officer of the data controller is:
60329 Frankfurt am Main
Tel: +49 (0) 69 – 9043 79 65
III. General information about data processing
1.The extent to which personal data is processed
We collect and use the personal data of users of our homepage only to the extent that this is necessary for keeping our website, contents and services functioning properly.
Basically, we collect and use our users’ personal data only after they give their con-sent. An exception to this principle applies in cases where processing the data by statuto-ry provisions is permitted or when obtaining prior consent for actual reasons is not possible.
2.Legal basis for processing personal data
The legal basis for processing personal data is basically based on:
- Art. 6 para. 1 s. 1 lit. a GDPR upon obtaining the consent of the data subject.
- Art. 6 para. 1 s. 1 lit. b GDPR for processing operations that serve to fulfill a contract to which the data subject is a party. Included here are processing operations that are necessary to carry out pre-contractual measures.
- Art. 6 para. 1 s. 1 lit. c GDPR for processing required to fulfill a legal obligation.
- Art. 6 para. 1 s. 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.
- Art. 6 para. 1 s. 1 lit. f GDPR, if the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest.
3.Data erasure and storage duration
The personal data of users will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Additional storage may be provided for by European or national legislators through EU regulations, laws or other regulations to which the data controller is subject. Blocking or deleting the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for additional storage of the data for concluding a contract or fulfilling the contract.
IV. Use of our website, general information
1.Description and scope of data processing
Every time our website is accessed, our system automatically collects data and in-formation from the user’s computer system. The following information is collected:
- 1. Information about the browser type and version used
- 2. The user’s operating system
- 3. The user’s Internet service provider
- 4. The user’s IP address, Date and time of access
- 5. Websites the user’s system accesses to get to our website
- 6. Websites that the user’s system invokes by accessing our website
- 7. Files that are called up by the user’s system via our website
- 8. Content of the request (concrete page)
- 9. Access status/HTTP status code
- 10. Amount of data transferred in each case
The described data are stored in the log files of our system. This data is not stored together with any other personal user data.
2.Purpose and legal basis for data processing
Our system must temporarily store user IP addresses to allow us to deliver our website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. This data is not evaluated for marketing purposes in this context.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 s. 1 lit. f GDPR.
Collecting your personal data to ensure our web presence and storing this data in log files is essential for operating our website. A contradictory possibility of the user therefore does not exist.
3.Duration of storage
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Your data will be deleted when the session ends if your data has been collected to ensure the site’s availability.
If your data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible, whereby in this case, the IP addresses of the users are de-leted or alienated. This means that it is then no longer possible to assign the client who has accessed our website.
The following data is stored and transmitted:
- 1. Session-ID
- 2. Type Kit by Adobe
The legal basis for processing personal data using cookies is defined in Art. 6 para. 1 s. 1 lit. f GDPR. The purpose for using technically required cookies is to simplify the use of our web-site.
We do not use user data collected by technically required cookies to create user profiles.
VI. Your rights/rights of the data subject
According to the EU General Data Protection Regulation, as an affected party you have the following rights:
1.The right to receive information
You have the right to receive from us as data controller the information whether and which personal data concerning you are processed by us as well as further information in accordance with the legal requirements pursuant to Art. 13, 14 GDPR.
You can claim your right to information under: email@example.com
2.The right to rectification
If we process your personal data incorrectly or in an incomplete manner, then you have a right for it to be corrected/completed. The correction will be made immediately.
3.Right to restriction
You have the right to restrict the processing of personal data concerning you in ac-cordance with the legal provisions (Art. 18 GDPR).
4.The right to delete
If the conditions set out in Article 17 of the GDPR apply, you may request that the personal data relating to you be deleted without delay.
We would like to point out that the right to erasure does not exist insofar as the pro-cessing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3.
5.Right to information
If you have asserted the right to rectify, delete or restrict the processing, we are ob-ligated to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of effort. You also have the right to be informed about these recipients.
6.Right to data portability
According to the GDPR, you also have the right to receive the personal data con-cerning you that has been provided to us in a structured, common and machine-readable format or to request its transfer to another controller.
7.Right to revoke the declaration of consent to data protection
You have the right to revoke your data protection declaration at any time. Please note that revoking consent does not affect the lawfulness of the processing carried out based on the consent until the revocation goes into effect.
8.Right to objection
Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is car-ried out on the basis of Art. 6 para. 1 s. 1 lit. e oder f GDPR.
9.Automated decision on an individual basis, including profiling
Under the EU General Data Protection Regulation, you remain entitled not to be subjected to a decision based solely on automated processing – including profiling – which would have legal effect or would affect you in a similar manner.
10. Right to complain to a supervisory authority
Finally, if you believe that the processing of personal data concerning you is con-trary to the GDPR, you have the right to complain to a supervisory authority, in the Member State of its place of residence, employment or the location of the alleged infringement.
VII. Data transfers to third countries (outside of the EU):
The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible when your personal data is being processed. Within some exceptions we may process personal data outside the EU through third-party services. This may only be the case where the special requirements in accordance with Art. 44 et. seq. GDPR are fully met. This means that the processing of your data may then only take place when the third country has been declared to ensure an adequate level of protection by the European Commission or if the European Standard Contractual Clauses have been signed.
You can subscribe to a free newsletter on our homepage that we use to inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. The data you enter in the online registration form will be transmitted to us.
We collect the following data based on the consent obtained during the registra-tion process: Salutation, surname (optional), first name (optional), e-mail address, IP address of the calling computer, date and time of registration.
Your data will not be forwarded as part of data processing involved in sending newsletters. The data will be used exclusively for sending the newsletter.
2.Double opt-in and logging
Registration for our newsletter takes place in a so-called double-opt-in procedure. After registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register using external email ad-dresses.
The registration for the newsletter will be logged to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address.
Legal basis for processing the data is once the consent of the user Art. 6 para. 1 s. 1 lit. a GDPR has been submitted. Collecting the user’s email address aids in delivering the newsletter.
4.Cancellation, revocation and opposition
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Your email address will therefore be saved as long as the subscription to the news-letter is active. You may terminate subscription to the newsletter at any time by revoking your consent. There is a corresponding link in each newsletter to do this.
We would like to further point out that at any time, you are free to cancel any fu-ture processing of your personal data in accordance with the statutory require-ments. pursuant to Art. 21 GDPR. You are free to object to your data being processed for direct marketing purposes.
5.Shipping provider CleverReach
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organized and analyzed.
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent include so-called web beacons or tracking pixels that represent one-pixel image files stored on our website. For the evaluations, we link the data mentioned under Point 1 and the web bea-cons with your email address and an individual ID. Links contained in the newsletter also contain this ID.
With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click and from this find out what your personal interests are. We link this data with actions you have taken on our website.
You can object to this tracking at any time by clicking on the separate link provid-ed in each email or informing us via another means of contact. Your information will be stored as long as you are subscribed to the newsletter. After logging out, we store the data purely statistically and anonymously.
IX. Electronic contact
You will find a contact form on our homepage that you can use to contact us elec-tronically. The data entered into the input mask are transmitted to us and stored. These data include:
- 1. salutation
- 2. first name, surname
- 3. e-mail address (mandatory field)
- 4. company
- 5. company address
- 6. phone number
- 7. POSTAL CODE
- 8. city, country
- 9. message (mandatory field)
The following data is also stored once the message has been sent:
- The user’s IP address,
- Date and time of registration
It is also possible to contact us via our provided email address. In this case, the us-er’s personal data transmitted by email will be stored. A transfer of your data to third parties will not take place in this context; this data will be used exclusively for processing the communication record.
The legal basis for the processing of the contact request and its handling is regularly Art. 6 para. 1 S.1 lit. b GDPR.
If further personal data are processed during the sending process, then they serve only to prevent misuse of the contact form and to ensure the security of our infor-mation technology systems.
For faster and more efficient processing of your request, we use the tool Pipedrive (Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia). For this purpose, the data submitted when filling out the form is transmitted to Pipedrive and stored on Pipedrive servers. For more information on data processing at Pipedrive, please click here: https://www.pipedrive.com/en/privacy#data-controller-and-data-processor-38
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Regarding the personal data from the input form on the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
X. Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
The legal basis for the use of the technically necessary cookie is the legitimate inter-est of the website operator pursuant to Art. 6 para. 1 S. 1 lit. f GDPR.
XI. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are stored on your com-puter and they allow how you use the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and is stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evalu-ate your use of the website, to compile reports on website activity and to provide other services related to website and Internet usage to the website operator.
The IP address provided by Google Analytics within the framework of Google An-alytics will not be merged with other data provided by Google.
You can prevent the storage of cookies by enabling a corresponding setting in your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as pre-vent Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension “_anonymizeIp().” As a result, IP addresses are processed shortened so that they cannot be related to any one particular person. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded, and the personal data will be deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. We use the statistics to improve our offer and make it more interesting for you as a user. The legal basis for using Google Analytics is your consent, as defined in Art. 6 para. 1 S. 1 lit. a GDPR.
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html , Data privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html , data protection policy: http://www.google.de/intl/de/policies/privacy.
This site also uses Google Analytics for cross-device analysis of visitor traffic and is conducted through the user ID. You can deactivate your cross-device analysis of your usage under “My Data,” then “Personal Data.”
XII. Social Media
1.Social media presence
We maintain fan pages within various social networks and platforms for communi-cating with customers, prospects and users who are active there and for informing them about our services.
We would like to point out that your personal data may be processed outside the European Union, which may pose risks to you (e.g. in enforcing your rights under Eu-ropean/German law).
These users’ data are usually processed for market research and advertising pur-poses. Thus, for example, user profiles are created based on the user’s behavior and in-terests. These usage profiles can in turn be used to do such things as place advertise-ments inside and outside the platforms that are allegedly in line with users’ inter-ests. For these purposes, cookies are usually stored on the user’s computer where the user’s behavior and the user’s interests are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices that the users use (this is especially true if the users are members of the re-spective platforms and are logged in to them).
Processing personal user data is based on our legitimate interests in an effective us-er information and communication with users in accordance with. Art. 6 para. 1 s. 1 lit. f. GDPR. The legal basis for processing user info is Art. 6 para. 1 s. 1 lit. a., Art. 7 GDPR, and this entails the respective providers asking users to consent to data processing (that is, that they declare their agreement, for example, by ticking a check box or clicking on a button to confirm).
Additional information about processing your personal data as well as your revo-cation options can be found under the links for the respective providers listed be-low. The assertion of information and further rights of the data subjects can likewise take place opposite the offerors, who then have only the direct access to the da-ta of the users and have appropriate information. Of course, we are available for questions and support if you need help. Providers:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland
Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Schweden
Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland
2. Google Maps
We use Google Maps offer on our website. This allows us to show you interactive maps right on the website and allow you to conveniently use the map feature. The legal basis for the display of the map is Art. 6 para. 1lit. f GDPR.
By visiting the website, Google receives the information that you have accessed the corresponding subpage for our website. In addition, the information referred to in Section IV of this statement will be trans-mitted to Google. This is done regardless whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your ac-count. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market re-search and/or needs-based website design. This type of an evaluation is carried out (even for users who are not logged in) for the purpose of providing appropriate advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the formation of these user profiles, and you must contact Google to exercise this right.
3.Facebook custom audiences/Facebook pixel
The site also uses Facebook’s “Custom Audiences” remarketing feature (“Facebook”). This allows website users to be shown interest-based advertisements (“Facebook Ads”) as part of their visit to the social network Facebook or other websites that also use this process. We are interested in showing you advertisements that may be of interest to you to make our website more interesting to you.
Your browser automatically establishes a direct connection to the Facebook server based on the marketing tools used. We have no control over the extent and the later use of the data that is collected due to Facebook’s use of this this tool and we will therefore inform you according to our level of knowledge. By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our website or have clicked on an ad from us. If you are registered with a service provided by Facebook, then Facebook may associate the visit with your account. Even if you are not registered with Facebook or have not logged in, there is a chance that the provider will find and store your IP address and other identifying characteristics.
In the context of user analysis, we also process your clicks and the duration of your visit to our website in order to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user.
The legal basis for the processing of your data is Art. 6 para. 1 S. 1 lit. a GDPR.
Deactivation of the “Facebook Custom Audiences” function is possible at any time in the individual cookie settings and for logged-in users at https://www.facebook.com/settings/?tab=ads#.
For more information on data processing by Facebook, please visit https://www.facebook.com/about/privacy.
4. LinkedIn Insight Tag
Furthermore, the website uses the LinkedIn Insight Tag function. This allows us to track conversions, retarget website visitors, and obtain additional information about members who view advertisements. We thereby pursue the interest of showing you advertisements that are of interest to you in order to make our website more interesting for you.
The LinkedIn Insight tag allows us to collect data about visits to this website, includ-ing URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. This data is encrypted, IP addresses are shortened, and LinkedIn members’ direct IDs are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 90 days.
LinkedIn does not share any personally identifiable information with us, but only provides aggregate reports on website audience and ad performance. LinkedIn also offers retargeting for website visitors so that we can use this data to display targeted advertising outside of its website without identifying the member.
The legal basis for the processing of your data is Art. 6 para. 1 S. 1 lit. a GDPR.
Deactivation of the “LinkedIn Insight Tag” function is possible at any time in the indi-vidual cookie settings and for logged-in users at https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.
Further information on data processing by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.
We have integrated Vimeo videos into our online offer, which are stored on www.vimeo.com and can be played directly from our website. The provider is Vimeo, Inc, New York City, United States.
These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to Vimeo if you do not play the videos. Only when you play the videos, the data mentioned in paragraph 2 are transmit-ted. We have no influence on this data transmission.
By visiting the website, Vimeo receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Vimeo provides a user account through which you are logged in or whether no user account exists. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other users of the so-cial network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Vimeo to exercise this right.
We have integrated functions of the music service Spotify on our website. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden. You can recognize the Spotify plugins by the green logo on our site. An overview of the Spotify plugins can be found at: https://developer.spotify.com.
This allows a direct connection between your browser and the Spotify server to be established via the plugin when you visit our website. Spotify thereby receives the information that you have visited our site with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of our pages on your Spotify profile. This allows Spotify to associate the visit to our pages with your user account.
If you do not want Spotify to associate your visit to our site with your Spotify user account, please log out of your Spotify user account.
XIII. Integrating Typekit fonts from Adobe
Based on our legitimate interests (i.e. interest in the analysis, optimization and eco-nomic operation of our online offer within the meaning of Art. 6 para. 1 s. 1 lit. f GDPR), we use external type kit fonts of the provider Adobe Systems Software Ire-land Limited, 4 -6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ire-land.
XIV. Use of Google ReCaptcha
Furthermore, we use the Google service reCaptcha on our website to determine whether a human or a computer makes a certain entry in our contact or newsletter form.
Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website that you visit with us and on which the captcha is embedded, the date and duration of the visit, the recogni-tion data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas as well as tasks in which you have to identify images.
The legal basis for the aforementioned data processing is Art. 6 para. 1 S.1 lit. f GDPR. Our legitimate interest in this data processing is to ensure the security of our website and protection against automated entries (attacks).
Further information on the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland can be found at https://www.google.com/policies/privacy/
We use the podcast hosting service Podigee (Podigee GmbH, Ritterstraße 2A, 10969 Berlin, Germany). The podcasts are thereby loaded by Podigee or transmitted via Podigee. The use is based on our legitimate interests, i.e. interest in a secure and efficient pro-vision, analysis as well as optimization of our podcast offer pursuant to Art. 6 para. 1 s. 1 lit. f. GDPR.
Podigee processes IP addresses and device information to enable podcast down-loads/playbacks and to determine statistical data, such as call-up numbers. This data is anonymized or pseudonymized before being stored in Podigee’s data-base, unless it is necessary for the provision of the Podcasts.
Further information and objection options can be found in Podigee’s data protec-tion statement: https://www.podigee.com/de/about/privacy/.
XVI. Story Chief
We use the service provider Story Chief (Story Chief NV, Visserij 43p, 9000 Ghent, Bel-gium, VAT BE 0644.941.221, RPR Ghent, department Ghent, Belgium) to provide our blog service. The blog posts are created by the corresponding tool, which allows us to improve the publication of blog posts and measure the reach. The use is based on our legitimate interest Art. 6 para. 1 s. 1 lit. f. GDPR.
Story Chief processes IP addresses and device information to display the presenta-tion of blog posts on this website and to determine statistical data. This data is anonymized or pseudonymized before storage, unless you are required for the provision.
Further information and objection options can be found in Story Chief’s data pro-tection statement: https://storychief.io/gdpr
Die CREW AG advertising agency is a full-service agency founded in Stuttgart in 1983.
Owner-managed and a member of GWA (Association of Communication Agencies), it is one of Germany’s leading communication service providers.