Privacy Policy

Personal Data Protection Statement – Faveru GmbH

  1. Principle of anonymous data use

The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).

When you access our website, some information, such as IP address, is transferred. You are also providing information about the end device used (computer, smartphone, tablet etc.), the browser used (Internet Explorer, Safari, Firefox etc.), time of visit to the website, the so-called referrer and volume of data transferred.

We cannot use this data to identify an individual user. We only use this information to determine how attractive our offers are and to improve their performance or content, if necessary, and make their design even more appealing to you.

Please bear in mind, however, that in the case of a static IP address, personal identification is possible by RIPE query in individual cases, although we do not perform this. Nevertheless, this website is accessible for both static and dynamic IP addresses assigned.

      2. Collection and processing of personal data

In the case of use purely for information, i.e. if you do not register or send us information another way, we only collect personal data which your browser transfers to our servers. If you want to view our website, we collect the following data, which we require for technical purposes in order to show you our content and guarantee stability and security (legal basis is a legitimate interest pursuant to Article 6 (1) (f) GDPR).

In the context of the balance of interests in accordance with Article 6 (1) (f) GDPR, we have considered and weighed up our interest in website provision and your interest in data protection compliant processing of your personal data. As the data below is technically required for the provision of our service in order to offer you our website and also guarantee stability and security, in particular protection against misuse, we have reached the conclusion that, with a state-of-the-art oriented data security guarantee, this data can be processed whereby appropriate consideration will be given to your interest in data protection compliant processing.

     3. Data Purpose of processing Storage perio

Operating system used Ensure evaluation by device and optimized display of the website Indefinite

Information about the browser type and version used Evaluation of the browser used to optimize our websites for it Indefinite

IP address Presentation of the website on the respective device

Investigation and prevention of fraud

Date and time of visit Presentation of the website on the respective device

Investigation and prevention of fraud

If applicable, manufacturer and model of the smartphone, tablet or other device Evaluation of device manufacturers and types of mobile end devices for statistical purposes Indefinite

The collection of data for website provision and the storage of data in log files is imperative for website operation. Consequently, users may not object to this.

Data Purpose of processing Legal basis of processing Storage period

First name Direct address & presentation Performing the contractual relationship: Up to 30 days after deletion of the customer account

Last name Direct address & presentation Performing the contractual relationship: Up to 30 days after deletion of the customer account

Email address Customer account identification Performing the contractual relationship: Up to 30 days after deletion of the customer account

Password Customer account identification Performing the contractual relationship: Up to 30 days after deletion of the customer account

IP address at login Data transfer at registration to web server Performing the contractual relationship Indefinite

   4. Cookies and tracking pixels

We use cookies to improve our web service and make your use as easy as possible. Cookies are small text files which are saved on your computer when you visit our website. They facilitate the repeated allocation of your browser. Cookies save information, such as your language settings, duration of the visit to our website or the entries you made there. This means that the required data does not need to be entered again each time the service is used. Moreover, cookies help us to recognize your preferences and adjust our website to your areas of interest.

Most browsers accept cookies automatically. If you want to prevent cookies from being saved, you can select the ‘Accept no cookies’ option in your browser settings. To find out exactly how this works, you can consult your browser manufacturer’s instructions. You can delete cookies that have already been saved on your computer at any time. Please bear in mind, however, that our website service can only be used to a limited extent without cookies.

Moreover, every time our website is loaded, we record how often it is visited and clicked on by using tags on our website, so-called tracking pixels, likewise without any interference and intervention for your computer.

    5. Google analytics

We use the Google Analytics service from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyze our website visitors. Google uses cookies to track the use of the online product or service by users and the information is generally transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)

    6. Google marketing services

All user data will only be processed as pseudonymous data. Google does not store any names or email addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the apps of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.

Google services make use of Google’s Tag Manager. For more information about Google’s use of data for marketing purposes, please see the summary page: https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.

The legal basis for the use of this service is Article Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google: http://www.google.com/ads/preferences. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

  1. Transfer of data to third parties

We only pass your personal data on to third parties if:you have given your explicit consent to this,forwarding data is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume you have an overriding legitimate interest in your data not being passed on,in the event that we have a legal obligation to forward data, and this is legally permissible and required for the performance of the contractual relationship with you.

In the case of data transfer outside the European Union, the high European level of data protection essentially does not exist. It may be the case with a transfer that an EU Commission adequacy decision in accordance with Article 45 (1) (3) GDPR is not currently in place. This means the EU Commission has not yet decided that the level of data protection in the respective country corresponds to the level of protection in the European Union based on the GDPR. Consequently, we have put the appropriate guarantees referred to above in place. Potential risks, which cannot be ruled out completely in connection with data transfer, are in particular:your personal data could be processed over and above the intended purpose.

Moreover, there is a possibility that you may not be able to exercise your rights in relation to data protection, for example your right of access, to rectification, erasure or data portability, on a consistent basis and enforce these.

It may also be highly likely that data is processed incorrectly and in quantitative and qualitative terms, the protection of personal data fails to meet the requirements of the GDPR in full.

  1. Personal data breach notification policy contents
  • Introduction: purpose of personal data breach notification policy; approach to personal data breaches.
  • Definitions: definitions (appointed person, data breach).
  • Detection of personal data breaches: technological measures to detect personal data breaches; organisational measures to detect personal data breaches; regular review of measures to detect personal data breaches.
  • Responding to personal data breaches: personnel to notify appointed person upon personal data breach; role of appointed person regarding personal data breaches; cooperation with appointed person; appointed person to determine role of company where personal data breach; steps to be taken when responding to a personal data breach; Company to keep record of response to personal data breach.
  • Notification to supervisory authority: section applies where company is data controller; obligation to notify supervisory authority of personal data breach; procedure for notification of personal data breach to supervisory authority; exception to obligation to notify supervisory authority of personal data breach; additional information to be provided to supervisory authority; changes in facts relating to personal data breach to be notified to supervisory authority.
  • Notification to data controller: section applies where company is data processor; obligation to notify data controller of personal data breach; procedure for notification of personal data breach to data controller; additional information to be provided to data controller.
  • Notification to data subjects: section applies where company is data controller; data subject notifications in consultation with supervisory authority; obligation to notify data subjects of personal data breach; procedure for notification of personal data breach to data subjects; exception to obligation to notify data subjects of personal data breach; discretionary notification of personal data breach to data subjects.
  • Other notifications: notification of personal data breach to other persons.
  • Reviewing and updating this policy: persons responsible for reviewing and updating policy; annual review of policy; ad hoc review of policy; matters to be considered during review of policy.

Schedule 1 (Notification of personal data breach to supervisory authority)

  • Introduction: identification of person giving personal data breach notification.
  • Description of personal data breach: prompt for general description of personal data breach:.
  • Categories of data subject affected: prompt for categories of data subject affected.
  • Number of data subjects affected: number of data subjects affected.
  • Categories of personal data concerned: prompt for categories of personal data concerned.
  • Number of records concerned: prompt for number of records concerned.
  • Likely consequences of breach: prompt for likely consequences of personal data breach.
  • Measures taken to address breach: prompt for measures taken to address breach.
  • Has breach been notified to data subjects?: details of whether data breach notified to data subjects.
  • Late report of breach: Prompt for reasons for late report by controller of personal data breach.
  • Contact details: contact details for personal data breach.

Schedule 2 (Notification of personal data breach to data controller)

  • Introduction: identification of person giving personal data breach notification.
  • Description of personal data breach: prompt for general description of personal data breach:.
  • Categories of data subject affected: prompt for categories of data subject affected.
  • Number of data subjects affected: number of data subjects affected.
  • Categories of personal data concerned: prompt for categories of personal data concerned.
  • Number of records concerned: prompt for number of records concerned.
  • Likely consequences of breach: prompt for likely consequences of personal data breach.
  • Measures taken to address breach: prompt for measures taken to address breach.
  • Contact details: contact details for personal data breach.

Schedule 3 (Notification of personal data breach to data subject)

  • Introduction: identification of person giving personal data breach notification.
  • Description of personal data breach: prompt for general description of personal data breach:.
  • Categories of personal data concerned: prompt for categories of personal data concerned.
  • Likely consequences of breach: prompt for likely consequences of personal data breach.
  • Measures taken to address breach: prompt for measures taken to address breach.
  • Steps to mitigate breach: prompt for steps data subject may take to mitigate personal data breach.
  • Contact details: contact details for personal data breach.
  1. Information on the rights of data subjects

Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.

  1. Information on the option to lodge a complaint

You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.

  1. information on withdrawal of consent

You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

  1. Right in the event that data is processed for direct marketing purposes

You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

  1. Information on right to object in the case of balance of interests

If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.

  1. Links to other websites

Our website may contain links to the websites of other providers. Please note that this Data Privacy Statement applies only to the website of Faveru. We have no influence on or control over the compliance of other providers with applicable data protection regulations.

  1. Amendments to the Data Privacy Statement

We reserve the right to amend or adjust this Data Privacy Statement at any time subject to compliance with applicable data protection regulations.