This Privacy Policy applies to all customers of //SEIBERT/MEDIA (“Customer”) who use Cloud Services provided by Seibert Media ("Services"). 

Notification of CJEU-Judgment of 16. July 2020 (“Schrems II”): On July 16, 2020, CJEU issued a judgment declaring invalid the European Commission’s Decision on the adequacy of the protection provided by the “U.S. Privacy Shield”. As a result of that decision, the Privacy Shield Framework is no longer a valid mechanism to comply with EU Data Protection Requirements when transferring personal data from the EU to the U.S.. For personal data transfers to countries outside of the EU relating to //SEIBERT/MEDIA’s Cloud Services, //SEIBERT/MEDIA is using the remaining valid mechanism of the EU Standard Contractual Clauses (“SCCs”). 

The responsibility for the processing of personal data on these internet pages within the meaning of the general data protection regulation (GDPR) lies with:

//SEIBERT/MEDIA GmbH
Luisenstrasse 37-39
65185 Wiesbaden 

Represented by: Joachim Seibert, Martin Seibert and Sebastian Martini

Email: datenschutz@seibert.group

§ 1 Information Collected

//SEIBERT/MEDIA may collect and process “Personal Data” within the meaning of the General Data Protection Regulation (“GDPR") in connection with Customers access and use of the Services. 

1.1. Scope

This Privacy Policy only applies to Personal Data that is collected by //SEIBERT/MEDIA in its role as data controller as is necessary for //SEIBERT/MEDIA to provide the Services to the Customer. The Data Processing Agreement concluded by Customer and //SEIBERT/MEDIA applies if //SEIBERT/MEDIA processes Personal Data as a data processor on the Customer’s behalf. Personal Data is processed on the Customer’s behalf if the Customer determines the purposes and means by which such Personal Data is processed. 

1.2. Categories of Data 

As data controller, //SEIBERT/MEDIA processes the following categories of Personal Data: 

  • first name, last name, email address, user-avatar, country, job title, phone number, fax number, company name, used products of //SEIBERT/MEDIA and additional information provided when contacting //SEIBERT/MEDIA  using the websites, especially information provided in free text fields of contact forms ("Contact Data");
  • additional data provided to the Supplier in comments on the Supplier websites, especially in forms of discussion boards and using the comment features of blogs (“Comment Data);
  • Personal Data sent by the Customer’s web browser, i.e. information about the type of web browser, the operating system and selected settings (e.g. language, region, font size, font types and other configuration) may be collected (“Browser Data);
  • IP address, information about the amount of data transferred, stored in access log files (“Usage Data); 
  • functions used/clicked in a cloud product by a certain user (“Product Usage Data).

§ 2 Purposes and lawfulness of the data processing

//SEIBERT/MEDIA processes Personal Data to the extent required to fulfill the respective purposes:

  • Providing the Services 
    //SEIBERT/MEDIA collects processes and uses Personal Data for the purpose of providing the Services, preventing, or addressing service or technical problems, in connection with a Customer support matter, for billing, customization, training or as required by law. Without using this Personal Data it would be not possible to receive the Services offered by //SEIBERT/MEDIA.
  • Security Purposes 
    //SEIBERT/MEDIA will use Usage Data for internal system-specific purposes to secure the websites and IT systems from malicious attacks by third parties. The lawfulness is a balancing of interests of the conflicting interests of the security of the IT systems on //SEIBERT/MEDIA’s part and the Customer’s potentially conflicting interests in a non-processing of the Usage Data by //SEIBERT/MEDIA. Taking into account the security and organizational measures of the processing of the Usage Data by //SEIBERT/MEDIA, //SEIBERT/MEDIA considers Customer rights and interests appropriately taken into account and protected. 
  • Marketing Purposes 
    The Customer can receive a newsletter offered within the respective Cloud Service offered by //SEIBERT/MEDIA. For this purpose //SEIBERT/MEDIA needs information that allows //SEIBERT/MEDIA to verify the Customer (first name, last name, email address). Further Personal Data will not be collected or only on a voluntary basis. //SEIBERT/MEDIA uses these data exclusively for sending the requested information.

    The processing of the Personal Data entered in the newsletter registration form is based exclusively on the consent of the Customer (Art. 6 (1) (a) GDPR).

    The Personal Data the Customer has provided to //SEIBERT/MEDIA for the purpose of subscribing to the newsletter will be stored by //SEIBERT/MEDIA and deleted if the Customer cancels the subscription of the Newsletter in accordance with § 11 of this Privacy Policy. Personal Data that has been stored by //SEIBERT/MEDIA for other purposes remains unaffected.
  • Improvement
    //SEIBERT/MEDIA will use Usage Data and Browser Data for market research and the improvement of its Services, and to improve the user experience. The lawfulness for processing this data is the Supplier’s legitimate interest.

    Providing direct marketing data, Browser Data and Product Usage Data is optional for all Services of //SEIBERT/MEDIA. If the Customer does not consent to the processing of her/his data in the respective cookie settings of the Services, no direct marketing information will be sent, and Personal Data will not be used to improve the user experience.

    Beyond these purposes, //SEIBERT/MEDIA uses and processes Personal Data only if prior consent has been expressly granted thereto and if information about the purposes has been provided. In particular, //SEIBERT/MEDIA does not use Personal Data for automated individual decisions and profiling.

§ 3 Data Recipients

The recipients of your data are service providers and companies that are required for the operation and maintenance of the Services and act on a legal basis for us, according to Artt. 6, 44 ff. GDPR. 

§ 4 Data Retention

Personal Data will be kept by //SEIBERT/MEDIA as long as necessary to provide the Customer with the requested Services. If //SEIBERT/MEDIA no longer needs the Customers Personal Data to comply with contractual or legal obligations, they will be deleted from the systems or anonymized accordingly, so that identification is not possible, unless //SEIBERT/MEDIA has to keep the information, including Personal Data, to comply with legal or regulatory obligations. 

§ 5 Security 

//SEIBERT/MEDIA implements the technical and organizational measures that are commercially reasonable in relation to the respective purpose of data protection, in order to protect the information provided by the Customer against abuse and loss. Such data is stored in a secure operating environment that is not accessible to the public. In addition, each of //SEIBERT/MEDIA’s employees is instructed on data protection and obliged to enter into a confidentiality agreement. 

§ 6 Cookies

//SEIBERT/MEDIA uses Cookies within its websites to provide its Services. Cookies are small text files that are sent to the Customers  browser by our web servers when Customers visit the websites of //SEIBERT/MEDIA and stored on Customer's computer  when Customer revisit //SEIBERT/MEDIA’s  websites at a later time.

Cookies allow the websites to access or store Browser and Usage Data from the Customers browser. They are mainly used to ensure the website's expected functionality. As a rule, Cookies do not contain any information that could identify the Customer directly. They do, however, make it possible to offer the Customer a more personalised web experience.

6.1. Session Cookies (transient cookies)

This website uses Session Cookies (also referred to as temporary or transient cookies). Session Cookies are only stored for the duration of Customers visit to //SEIBERT/MEDIA’s websites. The Session Cookies used by //SEIBERT/MEDIA serve solely to identify the Customer for as long as the Customer is logged on to //SEIBERT/MEDIA’s websites and are erased at the end of each session. They are not used for any other purposes.

These Cookies are required for the functionality of //SEIBERT/MEDIA’s websites and cannot be disabled on //SEIBERT/MEDIA systems. As a rule, these cookies are only set as a response to an action taken by the Customer constituting a service request, such as setting Customers privacy preferences, logging in or filling out forms. The Customer can set his browser to block Cookies or notify the Customer of them. However, this may impair the functionality of the websites in some areas.

The use of Cookies is permitted on the basis of Article 6 (1) (f) GDPR. If  //SEIBERT/MEDIA did not use these Cookies, the Customer would not be able to technically access or use the website's content and Services.

6.2. Permanent Cookies (persistent cookies)

The websites also use Cookies that allow //SEIBERT/MEDIA to recognise Customers browser the next time the Customer visits //SEIBERT/MEDIA’s websites so that //SEIBERT/MEDIA can offer the Customer an optimised user experience.

These Cookies are automatically deleted after a specified period, which may vary depending on the Cookie. Persistent Cookies remain stored on the Customers terminal device until they expire or you delete them.

//SEIBERT/MEDIA’s websites use the following types of cookies:

  • Performance Cookies
    These cookies allow //SEIBERT/MEDIA to count visits and trace sources of access to measure and improve the performance of //SEIBERT/MEDIA’s websites. They help //SEIBERT/MEDIA determine which pages are most popular, which are least used and how visitors navigate the website. All information collected by these Cookies is aggregated and therefore anonymous. If you do not accept these Cookies, we have no way of knowing when you visited our website.

    //SEIBERT/MEDIA’s use of Performance Cookies is based on a legitimate interest within the meaning of Article 6 (1) (f) GDPR. //SEIBERT/MEDIA has a legitimate interest in analysing the use of //SEIBERT/MEDIA’s websites as a whole by means of aggregated and anonymous data in order to improve //SEIBERT/MEDIA’s website's content and Services.
  • Advertising Cookies
    //SEIBERT/MEDIA may display ads on other websites to promote relevant services, articles or events. This is made possible by Advertising Cookies that are used to make ads more relevant to you and Customers interests. These Cookies also have other functions, for example, they prevent the same ad from being displayed repeatedly. The sole purpose of the ads is to call relevant //SEIBERT/MEDIA advertising campaigns to Customers attention. //SEIBERT/MEDIA does not sell Customers data to third parties.

    Some of these Advertising Cookies are personalized and help //SEIBERT/MEDIA to understand how effective //SEIBERT/MEDIA’s marketing campaigns are and improve Customers online experience with //SEIBERT/MEDIA by customising it to the Customer individually.

    //SEIBERT/MEDIA only uses Advertising Cookies with the Customers express consent.
  • Third-party Cookies
    Some of the Performance and Advertising Cookies used on //SEIBERT/MEDIA’s websites are so-called Third-party Cookies. These are Cookies of third parties/service providers whose tools //SEIBERT/MEDIA use on //SEIBERT/MEDIA’s websites.

    This may include, for example, Cookies used by the providers of the tracking and analysis tool //SEIBERT/MEDIA use. For more information about third-party cookies, see the information about tracking and analysis tools and other features that use Third-party Cookies.

    //SEIBERT/MEDIA only uses Third-party Cookies with the Customers express consent.

6.3. Disabling Cookies

Most browsers are pre-set to accept Cookies automatically. The Customer can object to the creation of Cookies by disabling Cookies in the Customer browser's system settings. Please note, however, that some Cookies are strictly necessary for the functionality of //SEIBERT/MEDIA’s websites, otherwise the page cannot be requested and displayed. Disabling Cookies may limit Customers ability to use the website.

Cookies, which are not strictly necessary for the functionality of //SEIBERT/MEDIA’s websites, are only used with Customers prior express consent.

The Customer can also control the installation of Cookies itself at any time by changing Customers browser settings and/or deleting all Cookies.

§ 7 Tracking and analysis tools

The purpose of these types of services is to allow //SEIBERT/MEDIA to monitor and analyse traffic and track Customers behaviour. The legal basis for this is Art. 6 (1) (f) GDPR.

  • Google Analytics for Firebase
    //SEIBERT/MEDIA uses the Google Analytics for Firebase service, which transmits the information generated about the use of the Services with an anonymised IP address to a Google server and stores it there. The IP anonymisation function in Analytics sets the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses in memory to zero. This means that the Customers exact IP address is not stored.

    Google will use this information for the purpose of evaluating the Customers use of the Services, compiling reports on website activity for //SEIBERT/MEDIA. Google may also transfer this information to third parties.

    The Customer can also prevent the storage of cookies by setting the Customers browser software accordingly; however, //SEIBERT/MEDIA would like to point out that in this case the Customer may not be able to use all the functions of the Services to their full extent.

    The Customer can also prevent Google from collecting the data generated by the cookie and related to the Customers use of the website (including the IP address) as well as Google from processing this data by downloading and installing the browser plug-in available under the following link. The current link is: https://tools.google.com/dlpage/gaoptout?hl=en.

    address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Data residency: Europe (Ireland)
    data privacy notice:https://www.google.com/policies/privacy/

Firebase Services:

More Information about how the following services works can be found here: https://firebase.google.com/support/privacy?hl=en

  • Firebase Performance Monitoring
    //SEIBERT/MEDIA uses the Firebase Performance Monitoring service, which uses instance IDs to monitor the performance of the Services and respond to specific incidents within the Services. 
  • Firebase Crashlytics
    If the Customer uses a mobile device with an Android operating system, //SEIBERT/MEDIA use the Firebase service Crashlytics, which informs //SEIBERT/MEDIA when a malfunction is triggered within the Services. The instance IDs and reports on malfunctions transmitted in this way are stored by Firebase until //SEIBERT/MEDIA request Firebase to delete them. 
  • Firebase Dynamic Links
    //SEIBERT/MEDIA uses the Firebase service Dynamic Links if the Customer uses a mobile device with iOS operating system. The device data of the mobile device is used to facilitate the operation of newly installed apps. This device data is only stored temporarily to enable the Services.
  • Firebase Remote Configuration
    //SEIBERT/MEDIA uses Firebase Remote Configuration, which allows the configuration of app settings so that //SEIBERT/MEDIA can change the Services on the end devices on which they are installed without having to reinstall them completely from the Google Store every time a change is made. In this context, certain device information, f.e., may be processed. 

PostHog

PostHog is a tracking service especially for products, website and well suited for customized analytics needs including personalized insights and website personalization. We are using the service to ensure we can improve our software. This service offers a data residency option. We are using the EU servers of Posthog. The data is hosted and managed on PostHog Cloud. We fully comply with GPDR according to their docs.

  • No info is ever passed on to people outside our company for marketing or advertising purposes.
  • We do not pass on any data that we can access to any third parties apart from subprocessors who work for us and are obliged to abide by the same standards.
  • We do not use any information for other reasons than improving our software product or making the software work for our customers as intended.

§ 8 Hosting and backend infrastructure

The purpose of these types of services is to host data and files so that the services can be managed and used. Furthermore, these offerings can provide a pre-built infrastructure that handles specific functions or entire components for the services. The legal basis for this is Art. 6 (1) (f) GDPR and Art. 28 GDPR.

  • Firebase Cloud Firestore and Firebase Cloud Functions
    Firebase Cloud Firestore and Firebase Cloud Functions are web hosting and backend services provided by Google Ireland Limited.

    address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Data residency: Europe (Ireland)
    data privacy notice: https://policies.google.com/privacy
  • Firebase Cloud Storage and Firebase Hosting
    Firebase Cloud Storage and Firebase Hosting are web hosting services provided by Google Ireland Limited.

    address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Data residency: Europe (Ireland)
    data privacy notice: https://policies.google.com/privacy

§ 9 Authentification

The purpose of these types of services are to enable end-user authentication, and facilitate end-user account management. The legal basis for this is Art. 6 (1) (f) GDPR.

  • Firebase Authentication
    Firebase Authentication is a registration and login service provided by Google Ireland Limited. Firebase Authentication uses the data to enable end-user authentication, and facilitate end-user account management. It also uses user-agent strings and IP addresses to provide added security and prevent abuse during sign-up and authentication.

    address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Data residency: Europe (Ireland)
    Data privacy notice: https://policies.google.com/privacy

§ 10 Messaging and communication

The purpose of these types of services is to enable //SEIBERT/MEDIA to communicate and collaborate and provide infrastructure for running internal applications. 

If the Customer contact //SEIBERT/MEDIA, //SEIBERT/MEDIA will process the Customers Personal Data to process the enquiry and in the event that follow-up questions arise. The legal basis for this is Art. 6 (1) (a) GDPR.

If the data processing is carried out for the implementation of pre-contractual measures, which are carried out in response to the Customers enquiry, or, if the Customer is already //SEIBERT/MEDIAs customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 (1) (b) GDPR.  

//SEIBERT/MEDIA also uses these services to analyse and evaluate website usage in order to provide individual support in the use of the website and to optimise the website in terms of user-friendliness. The legal basis for this is Art. 6 (1) (f) GDPR.

  • Firebase Cloud Messaging
    Firebase Cloud Messaging is used to be able to transmit push messages so that //SEIBERT/MEDIA can communicate certain messages (relevant to the Customer) to the Customer. In the process, a pseudonymised push reference is assigned to the Customers mobile device, which serves as the target for the push messages.

    address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Data residency: Europe (Ireland)
    Data privacy notice: https://policies.google.com/privacy
  • Algolia
    Agolia is a cloud service that mirrors database content in a structured way that allows searches in large datasets. Also allows aggregation of recommended content for users.

    address: Algolia, Inc. 301 Howard St, 3rd floor, San Francisco, CA 94105 (USA) 
    Data residency: Europe
    Data privacy notice: https://www.algolia.com/policies/privacy/

§ 11 Newsletter

The purpose of these types of services is to analyze //SEIBERT/MEDIAs newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. The legal basis for this is Art. 6 (1) (f) GDPR.

  • MailJet
    MailJet is a service that can be used to organize and analyze newsletters. The Customer can revoke the consent via the "unsubscribe" link in the newsletter of //SEIBERT/MEDIA or within the respective Services of //SEIBERT/MEDIA.

    address: Mailgun Technologies, Inc. 112 E Pecan St #1135 San Antonio, TX 78205 
    Data residency: Europe
    Data privacy notice: https://www.mailjet.com/security-privacy/.

§ 12 Productivity management

The purpose of these types of services is to assist //SEIBERT/MEDIA in task management, collaboration and general productivity management. When using such services, Personal Data is processed and, depending on the purpose of the processing, may be stored. These services might be integrated with other third party services listed in this privacy statement to enable the import and export of the respective required data. The legal basis for this is Art. 6 (1) (f) GDPR.

  • Google Workspace
    Google Workspace is an integrated cloud-based suite of productivity, work process management and data storage services offered through Google Ireland Limited. Neither Gmail nor other Google Workspace services are analysed by Google for advertising purposes. Furthermore, Google does not otherwise collect or use data from these services for advertising purposes.

    address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Data residency: Europe (Ireland)
    Data privacy notice: https://policies.google.com/privacy?hl=de

§ 13 Tag management

The purpose of these types of services is to help //SEIBERT/MEDIA centrally manage the tags or scripts needed for the Services. This results in the Customers data flowing through these services and possibly being stored. The legal basis for this is Art. 6 (1) (f) GDPR.

  • Google Tag Manager
    Google Tag Manager is a tag management service provided by Google Ireland Limited. With this service, tags can be managed via an interface. Google Tag Manager only implements tags. Google Tag Manager triggers other tags, which in turn may collect Personal Data. However, the Google Tag Manager does not access this potential Personal Data. If a cookie layer was deactivated by the Customer, it remains for all tracking tags, as long as they are implemented with the Google Tag Manager.

    address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Data residency: Europe (Ireland)
    Data privacy notice:https://policies.google.com/privacy

§ 14 Customer Rights

The Customer has the rights detailed below in this Section. Each Customer also has the right to file a complaint with a data protection supervisory authority. 

  • Right of access: 
    The Customer may request information from //SEIBERT/MEDIA at any time as to whether //SEIBERT/MEDIA has stored Customers Personal Data and which Personal Data //SEIBERT/MEDIA has stored. //SEIBERT/MEDIA is required to provide this information to the Customer free of charge.The right of access does not exist or is subject to limitations if and to the extent that confidential information, such as information that is subject to professional secrecy, is disclosed.
  • Right to rectification: 
    If Customers Personal Data which is stored by //SEIBERT/MEDIA is inaccurate or incomplete, you have the right to demand at any time that //SEIBERT/MEDIA rectify this.
  • Right to erasure: 
    The Customer has the right to demand that //SEIBERT/MEDIA erase Customers Personal Data if and to the extent that the data is no longer needed for the purposes for which it was collected or if the data is processed on the basis of the Customers consent and the Customer has opted to revoke Customers consent. In such cases, //SEIBERT/MEDIA must cease processing Customers Personal Data and remove that data from its IT systems and databases.

    The Customer does not have a right to erasure if
    • the data may not be deleted due to a statutory obligation or must be processed due to a statutory obligation;
    • the processing of data is necessary for the establishment, exercise or defence of legal claims.
  • Right to restriction of processing: 
    The Customer has the right to demand that //SEIBERT/MEDIA restrict the processing of Customers Personal Data.
  • Right to data portability: 
    The Customer has the right to receive from //SEIBERT/MEDIA the data provided by the Customer in a structured, commonly used, machine-readable format as well as the right to have these data transmitted to a different controller. This right exists only if the Customer has made this data available to //SEIBERT/MEDIA on the basis of consent or an agreement entered into with the Customer; the processing is carried out by automated means.
  • Right to object to processing: 
    If the Customers data is processed by //SEIBERT/MEDIA on the basis of Article 6 (1) (f) GDPR, the Customer may object at any time to processing by //SEIBERT/MEDIA.

To exercise these rights and/or to address any questions, comments, or complaints regarding this Privacy Policy or the privacy practices of //SEIBERT/MEDIA, please contact gdpr@seibert.group.

You can contact our data protection officer by e-mail at dsb@seibert.group or by mail at the above address with the addressee "The Data Protection Officer".

  • No labels
This page was last edited on 06/17/2024.