Data Privacy

Privacy Policy

 

Introduction

The present privacy policy explains outlines the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") in the scope of our online offering and the related websites, functions and content, as well as external online presences, such as our social media profiles. (collectively referred to as "online offering" in the following)

  • The first section of the privacy policy provides details of the person responsible for processing and an overview of our processing operations. 
  • The second section contains information about your rights, the relevant legal norms, as well as general information about our processing of data. 
  • The third section shows details of the individual processing operations. This section is divided into other sections, such as our core services, reach measurement and marketing.
  • The fourth and final section contains explanations and descriptions of the terms used in the privacy policy. Ie. if you are unfamiliar with some of the terms used (such as "personal identification" or "cookie"), please refer to the last section. Otherwise, all terminology used (eg "responsible person" or "user") are to be interpreted as gender-neutral.

 

Table of contents

Section I - Responsible person and overview of data processing

Responsible person
DPO
Types of processed data
Processing of special categories of data (Art. 9 para. 1 GDPR)
Categories of data subjects affected by data processing
Purpose of processing
 

Section II - Rights of data subjects, legal bases and general advice

Rights of data subjects
Right of cancellation
Right of objection
Right of objection to third-party cookies
Exclusively automated data processing
Deletion of data
Changes and updates to the privacy policy
Relevant legal bases
Data processing security
Collaboration with external processors and third parties
Transfers to third countries
 

Section III - Processing

Core area of data processing
Services as a housing association
Customer account
Response to enquiries and customer care
Business analysis
External online presences
Online presence in the social media
Embedded content and features
Security / Server logs
Marketing and technology partners
 

Section IV - Definitions

 

Section I - Responsible person and overview of data processing

 

Responsible person:

hwg eG
Im Bruchfeld 17, 45525 Hattingen
Board: Dr. Ing. David Wilde (Chairman), Erika Müller-Finkenstein
Telephone: 02324 5009-131
E-mail: info@hwg.de
Complete imprint: https://www.hwg.de/informationen/impressum.html

 

DPO:

Christof Cichowski
cichowski@hwg.de

 

Types of processed data:

  • Present information (eg. names, addresses).
  • Contact details (eg. e-mail, telephone numbers).
  • Content data (eg. text input, photographs, videos).
  • Contract data (eg. subject matter, term, customer category).
  • Payment data (eg. bank details, payment history).
  • Usage data (eg. visited websites, interest in content, access times).
  • Meta/communication data (eg. device information, IP addresses).
  • Applicant data (eg. names, contact details, qualifications, application documents).

 

Processing of special categories of data (Art. 9 para. 1 GDPR):

  • No special data categories are processed.
  • In principle, no special data categories are processed unless the users enters them for this purpose, (eg. health data in the context of a search for a flat).

 

Categories of data subjects affected by data processing:

  • Customers / prospects / business partners.
  • Visitors and users of the online offering.
  • Applicants.

In the following, data subjects are also referred to as "users".

 

Purpose of processing:

  • Provision of the online offering, its contents and functions.
  • Provision of contractual services, service and customer care.
  • Response to contact requests and communication with users.
  • Marketing, advertising and market research.
  • Security measures.

Published April 2018

 

Section II - Rights of data subjects, legal bases and general advice

 

Rights of data subjects

You are entitled to ask for confirmation as to whether the relevant data is being processed, and for information about this data, as well as further details and a copy of the data in accordance with Art. 15 GDPR. 

In accordance with Art. 16 GDPR, you are entitled to demand completion of data or the correction of incorrect data concerning you. 

In accordance with Art. 17 GDPR, you have the right to require for relevant data to be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to require limitation of the processing of such data. 

In accordance with Art. 20 GDPR, you are entitled to require issuance data concerning you that you have provided to us, and to demand their transmission to other responsible persons. 

In accordance with Art. 77 GDPR, you are also entitled to file a complaint with the competent supervisory authority.

 

Right of cancellation

You have the right to revoke any consent granted in accordance with Art. 7 para. 3 GDPR with future effect.

 

Right of objection

You may refuse any future processing of your data in accordance with Art. 21 GDPR at any time. This objection may be issued specifically in respect of processing for direct marketing purposes.

 

Right of objection to third-party cookies

A general objection to the use of cookies can be issued via a variety of services, especially when it comes to tracking, via the US website http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by deactivating them in the browser settings. Please note that it may not be possible to use some features of this online offering in that case.

 

Exclusively automated data processing

In accordance with Art. 21 GDPR you have a right not to be subjected to a decision based solely on automated processing - including profiling - that may have a legal effect or similar effect on you. 

We hereby inform you that we do not carry out exclusively automated data processing.

 

Deletion of data

The data processing by us are deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy policy, we will delete the data held by us as soon as they are no longer required for their purpose, and insofar as the deletion does not conflict with any statutory storage requirements. If the data is not retained since it is required for other legally permissible purposes, its processing will be restricted. Ie. the data is blocked and not processed for other purposes. This applies eg. to data that must be retained for commercial or tax reasons.

According to the legal requirements, the storage is specifically prescribed for 6 years under § 257 para. 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.), and for 10 years under § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, tax documents, etc.)

 

Changes and updates to the privacy policy

We ask you to inform yourself about the content of our privacy policy regularly. We will amend the privacy policy as required due to changes to the data processing conducted by us. We will notify you as soon as such changes require your participation (eg. consent) or any other individual notification is necessary.

 

Relevant legal bases

In accordance with Art. 13 GDPR, we hereby inform you about the legal basis of our data processing. Unless the legal basis is stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR; the legal basis for data processing for the performance of our services and the execution of contractual measures, as well as the response to enquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing for the protection of our legitimate interests is Art. 6 para. 1 lit. et seq. GDPR. 

The basics for commercial communications outside of business relationships, in particular by mail, telephone, fax and e-mail are included in § 7 UWG.

 

Data processing security

In accordance with Art. 32 GDPR, and under consideration of the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the data processing, the level and severity of the risk to the rights and freedoms of natural persons, we devise appropriate technical and organizational measures to ensure adequate levels of protection in consideration of the risk; such measures particularly include the safeguarding of the confidentiality, integrity and availability of data by controlling physical access to the data, as well as to their access, input, disclosure, availability and separation. In addition, we have established procedures to safeguard the rights of data subjects, the entitlement to data erasure, and the response to data vulnerability. Furthermore, we consider the protection of personal data in the course of the development and selection of hardware, software and procedures according to the principle of data protection by technology design and privacy-focussed default settings (Art. 25 GDPR). 

The security measures include the encrypted transfer of data between your browser and our server. Note text: Employee information is only required if you employ staff. 

Employees are required to observe confidentiality and have accordingly been instructed with regard to data protection, as well as possible liability consequences.

 

Collaboration with external processors and third parties

Insofar as we disclose data to other persons and companies in the context of our processing (external processors or third parties), transmit it to them or otherwise grant access to the data, such disclosure will only take place on the basis of a legal permission (eg. if transmission of the data to third parties, as to payment service provider, according to Art. 6 para. 1 lit. b GDPR is required to fulfil the contract), your consent, a legal obligation to do so, or on the basis of our legitimate interests (eg. the use of agents, webhosters, etc.). 

If we commission third parties to process data on the basis of so-called "data processing contract", this is performed on the basis of Art. 28 GDPR. 

We only disclose, transmit or otherwise grant access to data to other companies within our group for administrative purposes as a legitimate interest as well as on the basis of a data processing contract.

 

Transfers to third countries

Insofar as data processing is conducted in a third country (ie. outside the European Union (EU) or the European Economic Area (EEA)) or in the scope of using third party services or disclosure or transmission of data to third parties, this will only take place in the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or commission the processing of data in a third country only if the special conditions of Art. 44 et seq. GDPR are met. Ie. the processing may take place eg. based on specific guarantees, such as the officially recognized level of data protection (eg. for the US on the basis of the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contract clauses").

 

Section III - Processing

The following presentation provides an overview of our processing activities, which we have subdivided into other areas of activity. Please note that the activities are for guidance only, and that the processing activities may overlap (eg. the same data may be processed in multiple procedures). For purposes of clarity, you will find an explanation of frequently used terminology in Section IV of this privacy policy.

 

Core area of ​​data processing

This section contains information about our core services and tasks, such as answering enquiries and the provision of our contractual services.

 

Services as a housing association

We process the data of our customers in the context of the provision, execution, maintenance, optimization and security of our services and services as a housing association (including rentals, consulting, technical services). 

  • Processed data: Inventory data, communication data, contract data, payment data. 
  • Affected parties: Customers, prospects, business partners. 
  • Purpose of processing: Provision of contractual services in the context of the operation of an online shop, billing, delivery, customer service. 
  • Type, scope, functionality of processing: Session cookies for shopping cart and login status. 
  • Processing basis: Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving). GDPR. 
  • Necessity/interest in processing: The data is required to formulate and fulfil the contract. 
  • Disclosure to external processors/third parties and purpose: No, only on delivery or payment.
  • Processing in third countries: No. 
  • Deletion of data: Within three years after termination of the contractual relationship with subsequent archiving in case of a legal obligation (archiving of data under commercial and tax law).

 

Customer account

Customer accounts require prior registration. The registration creates a user profile, which permits users to manage their profile information, requisitions, search results, apartments and our offers.

  • Processed data: Inventory data (first name, name, e-mail address, password (stored in encrypted form)), communication data, contract data, payment data. 
  • Affected parties: Customers. 
  • Purpose of processing: Creation and operation of a customer account for managing the contractual relationship. Dispatch of e-mail messages regarding processes, enquiries and other processes within the customer account (eg. e-mails concerning search requests or corresponding offers from us). 
  • Type, extent, functioning of the processing: Registration process, termination options. 
  • Processing basis: Art. 6 para. 1 lit. b. GDPR.
  • Protective measures: The public user account information cannot be viewed by external sources, such as search engines or other users, and cannot be searched by them. Users are deemed responsible for the secure storage of their access data.
  • Necessity/interest in processing: The customer account is optional, the data is required for its operation. Mandatory fields are marked as such. Furthermore, each user may elect to disclose further information. Also, further information may be requested from the users insofar as required for the provision of offers, the processing of (search) orders, or for the fulfilment of legal requirements. 
  • Disclosure to external processors/third parties and purpose: No. 
  • Processing in third countries: No.
  • Deletion of data: After termination with subsequent archiving in the case of a legal obligation (archiving of data due to commercial and tax law).

 

Response to enquiries and customer care

We process the information received by us via our contact form and in other ways, eg. via e-mail, in order to respond to enquiries. For these purposes, requests may be stored in our Customer Relationship Management (CRM) system or similar processes that serve us to manage requests.

  • Processed data: Inventory data, communication data, contract data, payment data, usage data, metadata
  • Affected parties: Customers, prospects, business partners, website visitors. 
  • Purpose of processing: Response to enquiries. 
  • Type, extent, functioning of the processing: Registration process, termination options. 
  • Processing basis: Art. 6 para. 1 lit. b. GDPR.
  • Purpose of processing: Required for the response to enquiries. 
  • Disclosure to external processors/third parties and purpose: No. 
  • Processing in third countries: No. 
  • Deletion of data: We delete the enquiries, if they are no longer relevant. Non-customer requests will be deleted after 6 months after the last reply. We store requests from customers permanently and refer to the information on our services as a housing association for our deletion policy.

 

Business analysis

The economic management of our business requires the ability to recognise market trends, customer and user preference; for this purpose, we analyse the available data on business transactions, contracts, inquiries, etc.

  • Processed data: Inventory data, communication data, contract data, payment data, usage data, metadata. 
  • Processing basis: Art. 6 para. 1 lit. f. GDPR.
  • Affected parties: Customers, prospects, business partners, visitors and users of the online offering.
  • Purpose of processing: Business analysis, marketing, advertising, market research. 
  • Creation and operation of a customer account for the administration of orders. 
  • Type, scope, functionality of processing: Profiling, anonymous analyses. 
  • Necessity/interest in processing: Increased user-friendliness, optimisation of the offer, business management.
  • Disclosure to external processors/third parties and purpose: No.
  • Processing in third countries: No. 
  • Deletion of data: If the data is personalised with notice, otherwise after two years from the conclusion of the contract. Otherwise, the overall business analyses and general trend provisions are created anonymously where possible.

 

External online presences

This area contains information about our data processing in the context of operating external online sites, eg. on social media platforms.

 

Online presence in the social media

We maintain online presences within social networks and platforms in order to communicate with customers, prospects and users active there, and to inform them about our services. The use of the respective networks and platforms is governed by the terms and conditions and the data processing guidelines of their respective operators. Unless stated otherwise in the context of our privacy policy, the user data is processed as far as they communicate with us within the social networks and platforms, eg. by writing articles on our online presence or by sending messages to us.

  • Social networks/platforms we use: Facebook, Instagram, LinkedIn, Pinterest, Twitter, Xing, YouTube. 
  • Processed data: Inventory data, communication data, content data, usage data, metadata. 
  • Special categories of personal data: Basically no, except as stated by users. 
  • Processing basis: Art. 6 Abs. 1 lit f. GDPR. 
  • Affected parties: Users of social media presences (this may include customers and prospects). 
  • Purpose of processing: Information and communication. 
  • Type, scope, functionality of processing: By operators of the respective platforms; usually: Permanent cookies, tracking, targeting, remarketing, content and behavioural advertising. 
  • Requirement/interest in processing: Expectations of the users active on the platforms, business interests. 
  • Disclosure to external processors/third parties and purpose: Disclosed to social networks/platforms. 
  • Processing in third countries: USA. 
  • Guarantee for processing in third countries: Privacy Shield (except Pinterest). 
  • Deletion of data: The deletion rules of the respective platforms apply.

 

Embedded content and features

This section contains information about the contents, software or functions (in short the "contents") of other providers embedded in the context of our online offering on basis of Art. 6 para. 1 lit. f GDPR. We use embedding to make our online offer more interesting for our users or for legal reasons, eg. to present videos or social media posts within our online offering. Embedding may also be used to improve the speed or security of the online offering, such as when software items or fonts are sourced from other sources. In all cases, the processed data includes the usage and metadata, as well as the IP address necessarily transmitted to the provider for embedding the content of the users of our online offering. Further explanations can be found in the definitions of terms, especially regarding the functionalities and protective measures at the end of this privacy policy. The deletion of the data is determined by the privacy conditions of the providers of the embedded content.

Content/provider: YouTube – Videos / Google - Recaptcha (detection of bots on form input), Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Functioning/protective measures: Permanent cookies, first-party cookies, tracking, interest-based marketing, profiling, remarketing/pseudonymisation, opt-out.
Privacy policy/opt-out: https://www.google.com/policies/privacyhttp://tools.google.com/dlpage/gaoptout?hl=de, (Ad preferences: http://www.google.com/ads/preferences).
Third country/guarantee: USA, Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Content/provider: Google Maps, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Functioning/protective measures: Permanent cookies, first-party cookies, tracking, interest-based marketing, profiling, remarketing/pseudonymisation, opt-out.
Privacy policy/opt-out: https://www.google.com/policies/privacy /http://tools.google.com/dlpage/gaoptout?hl=de, (Ad preferences: http://www.google.com/ads/preferences).
Third country/guarantee: USA, Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Content/provider: Typekit - fonts, Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland.
Functioning/protective measures: -
Privacy policy/opt-out: http://www.adobe.com/privacy/typekit.html
Third country/guarantee: USA, Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active

 

Security

Server logs

The server on which this online offer is located collects so-called log files containing the user data with each access to the online offering. The data is used for the statistical analysis to maintain and optimise the server operation on the one hand, and for security purposes, eg. to detect potential unauthorized access attempts on the other. 

  • Processed data: Usage data and metadata (name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, user operating system, referrer URL (previously visited page), IP address and the requesting provider). 
  • Special categories of personal data: No. 
  • Processing basis: Art. 6 para. 1 lit. et seq. GDPR. 
  • Affected parties: Customers, prospects, visitors to the online offer. 
  • Purpose of processing: Optimisation of server operation and security monitoring. 
  • Necessity/interest in processing: Security, business interests. 
  • Processing in third countries: No. 
  • Deletion of data: 7 days after collection.

 

Marketing and technology partners

This section provides information about the services of technology partners we use to measure reach and for online marketing purposes. Their use is based on lit. e of Art. 6 para. 1 lit. f GDPR, and our interest in increasing usability, optimisation of our offer, and its business efficiency. The processed data include the usage and metadata in all cases. Further explanations can be found in the definitions of terms, especially regarding the functionalities and protective measures at the end of this privacy policy. The deletion of the data is determined as per the privacy statements of the technology partners, unless stated otherwise.

Content/provider: Google Analytics, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Functioning/protective measures: Permanent Cookies, third-party Cookies, tracking, interest-Based marketing, profiling, remarketing/pseudonymisation, IP-masking, data processing contract conclusion, opt-out.
Privacy policy/opt-out: https://www.google.com/policies/privacy / http://tools.google.com/dlpage/gaoptout?hl=de, (Ad preferences: http://www.google.com/ads/preferences).
Opt-out on mobile devices: As an alternative to the browser add-on or on browsers on mobile devices, please click this link to prevent future data collection by Google Analytics within this website (the opt-out only works in the browser and only for this domain). This leaves an opt-out cookie on your device. If you delete your cookies in this browser, you will have to click this link again.
Third country/guarantee: USA, Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

 

Section IV - Definitions

This section provides an overview of the terminology used in this Privacy Policy. Many of the terms are taken from the law, and are defined especially in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily supplied for purposes of comprehension. The terms are sorted alphabetically.

Aggregated Data: Aggregated data is compiled data that does not allow for reference to a specific individual; it is therefore not personal. For example, visit times to a website may be stored as averages. 

Anonymous data: Anonymity applies when a person is not identifiable by means of data by the person responsible with the means at his disposal. In particular, aggregated data may be anonymous in nature.

External processors / contractors: "External processor" refers to a natural or legal person, public authority, body or agency that processes personal data on behalf of the controller. 

Specific categories of personal data: data identifying racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, as well as genetic data, biometric data for the unambiguous identification of a natural person, or data concerning the health, sex life or sexual orientation of a natural person.

Affected person / affected parties: See "personal data". 

Cookies: "Cookie" refers to small files that are stored on the users' computers. A reach of information may be stored within the cookies. Cookies are primarily used to store the information about users (or rather the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or "session cookies", are cookies that are deleted after a user departs from an online service and closes the browser. Such cookies may contain eg. the content of a shopping cart in an online shop or the login status for a community. "Permanent" refers to cookies that remain stored even after the browser has been closed. These may contain eg. the login status for a community for users returning after several days. Also, such cookies may be used to store the interests of users, which are used for reach measurement or marketing purposes (eg. remarketing). "Third-party cookies" are cookies that are offered by providers other than the person responsible for the online offering (otherwise, their cookies are called "first-party cookies").

Third party: "Third party" refers to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and the persons authorised under the direct responsibility of the controller or processor to process personal data. 

Third country: Third countries are states where the GDPR is not a directly applicable law, ie. generally states that do not belong to the European Union (EU) or the European Economic Area (EEA). 

Consent: "Consent" of the data subject is any expression of intent in an informed and unequivocal manner, in the form of a statement or other unambiguous confirmatory act, whereby the data subject indicates approval in respect of processing of the data personal data concerning them. 

Embedding: Embedding entails the integration of third party content or software functions (see plugins) into an own online presence in such a manner that they are displayed or rather executed on the online presence. This does not involve the creation of a copy of the content, since it is loaded from the original server (eg. videos, pictures, posts on social networks). Embedding technically requires for the content provider to collect the IP address of the users to output the embedded content in the user's browser. Furthermore, cookies may be stored on users' devices by the content provider. 

First-party cookies: See "Cookies". 

IP Address: The IP address ("IP" stands for Internet Protocol) is a sequence of numbers that can be used to identify devices connected to the Internet. When a user opens a Web site on a server, the server receives the user's IP address. The server then knows that data packets containing the content of the website are to be sent to this address. 

IP masking: "IP masking" refers to a method where the last octet, ie. the last two digits of an IP address are deleted to ensure that the IP address can no longer be used to uniquely identify a person. IP masking is thus a means of pseudonymising of processing techniques, especially in online marketing. 

Interest-related and behavioural advertising: Interest-related and/or behavioural advertising refers to the use of profiling to determine the potential interest of users in advertisements ("online behavioural advertising", abbreviated as OBA). As a rule, cookies and web beacons are used for these purposes.

Opt-in:  The term "opt-in" refers to logging in. If a registration (eg. by entering an e-mail address in an online form field) is confirmed by sending of a confirmation e-mail to the owner of the e-mail address, this is referred to as double opt-in (DOI). 

Opt-Out: The term "opt-out" refers to cancellation and may represent eg. an objection (eg. against tracking) or a termination (eg. newsletter subscriptions).

Permanent cookies:  See "Cookies". 

Personal data/personal reference: "Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter the "data subject"); a natural person is considered as identifiable if this can be achieved directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (eg. a cookie) or to one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person. 

Plugins/social plugins: Plugins (or "social plugins" in the case of social network features) are third party software features that are integrated into the online offering. They may be used eg. for the output of interaction elements (eg. a "Like" button) or content (eg. external commenting features or posts in social networks).

Privacy Shield: The EU-US Privacy Shield is an informal agreement in the field of data protection law negotiated between the European Union and the United States of America. It consists of a series of assurances from the US Federal Government and a decision by the European Commission. Companies that are certified under the Privacy Shield guarantee compliance with European privacy legislation (https://www.privacyshield.gov). 

Profiling: "Profiling" refers to any type of automated processing of personal data that involves the use of the personal information to to analyse, evaluate or predict (eg. interests in certain content or products, click behavior on a website or the whereabouts) certain personal aspects pertaining to a natural person (depending on the type of profiling, this may include information on the age, gender, location data and movement data, interaction with websites and their content, shopping behaviour, social interactions with other people). Cookies and web beacons are widely used for profiling purposes. 

Pseudonymisation/pseudonyms: "Pseudonymisation" refers to the processing of personal data to ensure that the personal data can no longer be assigned to a specific data subject without additional information, provided that such additional information is stored separately; ie if an exact interest profile of the computer user is stored in a cookie (something of a "marketing avatar"), but not the name of the user, the data is processed pseudonymously. If the user's name is saved, eg. as part of his e-mail or IP address, then the processing is basically no longer pseudonymous. 

Reach measuremen: Reach measurement serves to evaluate the flow of visitors to an online offering, and may include their behaviour, interests or demographic information such as age or gender. Reach analysis may permit website owners to identify eg. the types of people who visit their website at certain times, and the content they are interested in. This may be used eg. to optimise the contents of the website for the needs of its visitors. Cookies and web beacons are widely used for reach analysis. 

Remarketing/retargeting: "Remarketing" or "retargeting" refers to retention of information advertising purposes eg. on products a user was interested in on a website to remind the user to these products on other websites, eg. in advertisements. Cookies are generally used for profiling. 

Session cookies: See "Cookies".

Third-party cookies: See "Cookies"

Tracking: "Tracking" refers to the tracing of user behaviour across multiple online offerings, eg. for purposes of remarketing. The behavioural and interest information collected in respect of the accessed online offerings is stored as user profiles in cookies or on servers of marketing service providers (eg. Google or Facebook). 

Responsible party: "Responsible party" means the natural or legal person, public authority, agency or other body that decides on the purposes and means of the processing of personal data alone or jointly with others. 

Processing: "Processing" refers to any operation performed with or without the aid of automated procedures or any such series of procedures relating to the personal data. The term is very broad and covers virtually every handling of data.

Published: 14.05.2018