This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile. (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Person responsible:

• Name/Fa.: Leibniz Institute for the Analysis of Biodiversity Change
• Street No.: Adenauerallee 16
• Zip code, City, Country: 53113 Bonn, Germany
• Telephone number: +49 228 9122-0
• E-mail address: datenschutz@leibniz-lib.de

Data Protection Officer:

• Name: Thorsten Klug
• Street No.: Adenauerallee 160
• Zip code, City, Country: 53113 Bonn, Germany
• Telephone number: +49 228 9122-402
• E-mail address: datenschutz@leibniz-lib.de

Types of data processed:

• Inventory data (e.g., names, addresses)
• Contact data (e.g., e-mail, telephone numbers)
• Content data (e.g., text entries)
• Usage data (e.g., websites visited, interest in content, access times)
• Meta/communication data (e.g., device information, IP addresses).

Processing of special categories of data (Art. 9 para. 1 GDPR):

• No special categories of data are processed.

Categories of data subjects affected by the processing:

• Customers / interested parties / suppliers.
• In the following, we also refer to the persons concerned collectively as “users”.

Purpose of the processing:

• Provision of contractual services, service and customer care.
• Answering contact requests and communicating with users.

Status: 01.07.2021

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Security measures

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk. The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
The security measures include, in particular, the encrypted transmission of data between your browser and our server.

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

Data transfer to freelance nature mediators for education & mediation offers

We work with freelance nature educators (museum guides) to conduct guided tours and workshops that can be booked through the Hamburg Museum Service and to bring you closer to the best of our exhibitions. They will guide you through our museum education programs for all ages and impart unique scientific knowledge.
We only transfer personal data to the nature mediators if this is necessary in the context of contract processing, for example to the nature mediator commissioned to carry out the educational and mediation offer.
We have concluded a contract with all nature mediators to ensure that they only process the personal data of our participants in accordance with our instructions and in compliance with the GDPR.
We only transmit the following data to the respective cultural mediator
Name of the group leader, size of the group, age group, institution if applicable, name of the institution, telephone number, email address, address, which event has been booked and, in the case of school classes, the grade level.
Any further transmission of data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of the data subjects

You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
You have accordingly. Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with Art. 18 GDPR.
You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

Right of withdrawal

You have the right to withdraw your consent in accordance with Art. 7 (3) GDPR with effect for the future.

Right of objection

You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.

Cookies and right to object to direct advertising

We use temporary and permanent cookies, i.e. small files that are stored on users’ devices. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

Some of the cookies are used for security purposes or are necessary for the operation of our online offer (e.g. to display the website) or to save the user decision when confirming the cookie banner.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Information, blocking, deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.

Cookies & reach measurement

Cookies are pieces of information that are transferred from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
We use “session cookies”, which are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and, for example, log out or close the browser.
Users are informed about the use of cookies in the context of pseudonymous reach measurement as part of this privacy policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
You can object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices).

Integration of third-party services and content / Implemented technologies

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third-party providers within our online offer. GDPR) content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content are aware of the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.
The following presentation provides an overview of third-party providers or implemented technologies and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, options for objection (so-called opt-out):

FriendlyCaptcha

We use the “FriendlyCaptcha” tool on this website, which is provided by FriendlyCaptcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. This tool is used for all contact forms to protect the website from spam and misuse. The function of the tool serves to distinguish whether the data entered in the contact form has been entered by a natural person or whether it has been misused by a machine and automated processing. By using FriendlyCaptcha, we can block automated software.

FriendlyCaptcha is a proof-of-work-based CAPTCHA where the user’s device does all the work. No personal data is transmitted or processed by FriendlyCaptcha. https://friendlycaptcha.com/de/privacy/gdpr/

Google Maps

This website uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer.

We have configured the integration of Google Maps so that data is not transferred to Google automatically, but only when you activate the map by clicking on it.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on the handling of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/

Opt-Out: https://www.google.com/settings/ads/

Google Custom Search

Within our website, the “Google Custom Search Engine” (Google CSE) is used as a central search service. The integrated search service enables a full-text search for the content of the website’s Internet offering. Access to this search function is possible via a search box integrated in the header of the individual web pages.

The search box on these web pages (“search box”) is provided by Google LLC (“Google”) and is installed by us as a software module on our web pages without any changes. By entering a search term in the search box and pressing the enter key, the user activates the search function and the search results page is called up, which loads the corresponding search results from Google using a plugin provided by Google. The plugin enables automated communication between the search results page called up and the Google service when the search results page is called up. The use of the search function provided by Google involves a dynamic transfer of data by the service provider Google to the search results page. Data is only transferred to Google after the user has activated the search box, started a full-text search and called up the search results page. By using the search function within the search results page, user data is also transferred to Google at the same time. When you use the full-text search and call up the search results page, the search terms you enter and the IP address of the computer you are using are transmitted to Google. If you are logged in to Google at the same time, the Google service is able to assign the information directly to your user profile. You should log out to avoid the collection of profile information about you.

Further information from Google on the handling of user data (privacy policy) can be found at https://policies.google.com/privacy?hl=de&gl=de.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from ensuring the convenient use of our website.

Google Fonts

External fonts from Google, LLC, https://www.google.com/fonts(link is external) (“Google Fonts”).

We only use Source Sans Pro from Google Fonts and this font is integrated directly on the web server.

No server call is made to Google (USA) itself and so no user data is passed on to Google.

Matomo

We use the web analysis service software Matomo (see www.matomo.org) on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR). GDPR), we process the following data:

Pseudo-anonymized location (based on the anonymized IP address), browser type and browser version, the operating system you use, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website and the external links you click on. The IP address of users is anonymized before it is stored.

Matomo uses cookies, which are stored on the user’s computer and which enable an analysis of the use of our online offer by the user. Pseudonymous user profiles can be created from the processed data. The cookies have a storage period of one week. The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties.

Users can object to the anonymized data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in their browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, this means that the opt-out cookie is also deleted and must therefore be reactivated by the users. https://matomo.org/privacy-policy/.

Newsletter service provider SendinBlue

This website currently uses SendinBlue to send newsletters. The provider is Sendinblue SAS, 47, rue de la Chaussée d’Antin, 75009 Paris, France. SendinBlue is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter is stored on SendinBlue’s servers. The hosting servers on which SendinBlue processes and stores the databases are located exclusively in the European Union. SendinBlue undertakes not to transfer data outside the European Union. If you do not want SendinBlue to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link or e-mail contact in every newsletter message.

With the help of SendinBlue, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can recognize whether you have made a purchase after clicking on the newsletter. SendinBlue also enables us to divide newsletter recipients into different categories (“clustering”). In this way, the newsletters can be better adapted to the respective target groups. Detailed information on the functions of SendinBlue can be found at the following link: https://de.sendinblue.com/about/

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the SendinBlue servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. For more information, please refer to SendinBlue’s privacy policy:  https://de.sendinblue.com/legal/privacypolicy/

Consent management through Usercentrics

We use the Usercentrics Consent Management Platform as a consent management tool as part of the analytics activities on our website.

The Usercentrics Consent Management Platform collects log file and consent data using JavaScript. This JavaScript makes it possible to inform users about their consent to certain tags on our website and to obtain, manage and document this consent.

We process the following data:

1. Consent data or consent data (anonymized logbook data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp)
2. Device data or data of the devices used (including truncated IP addresses (IP v4, IP v6), device information, timestamp)
3. User data or user data (including email, ID, browser information, SettingIDs, changelog)

The ConsentID (contains the above-mentioned data), the Consent status incl. time stamp are stored in the local memory of your browser and at the same time on the cloud servers used. Further processing will only take place if you submit a request for information or revoke your consent. In this case, the relevant information is provided to the controller (FELD M) in a compact data format in an easily readable text form for the purpose of data exchange (JSON file).

No user information is stored for the statistics on the use of the consent given or not given. Only the frequency and locations of clicks are stored.

The personal data is stored on a Google Cloud server based in the EU (Brussels, Frankfurt am Main).

The purpose of data processing is to analyze and manage the consent given in order to comply with our obligation to manage consent in accordance with the GDPR. The use of Usercentrics serves the purpose of providing evidence of granted and non-granted consents and their management.

The specific processing purposes of the personal data mentioned are:

1. Obtaining and providing consent
2. Proof of which device you used to provide consent and at what time
3. Legitimization of access to the settings and documentation of changes

The legal basis for the management of your consent to the processing of your personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consent, the control of marketing measures based on the consent given and the optimization of consent rates.

The data is deleted as soon as it is no longer required. The associated cookie has a duration of 60 days. The proof of revocation of a previously granted consent is stored for a period of three years. On the one hand, the retention is based on our accountability pursuant to Art. 5 para. 2 GDPR. This obliges us to comply with the processing of personal data in accordance with the General Data Protection Regulation. On the other hand, retention is due to the regular limitation period of three years pursuant to Section 195 BGB. This limitation period begins at the end of the year in which the claim arose (Section 199 BGB). Consequently, the three-year limitation period begins at the end of December 31 and ends three years later at midnight on December 31.

The function can be switched on and off in our “Privacy settings” by selecting the checkbox.

Data acquisition from hosting provider RAIDBOXES

The hosting services on which this page is based are provided by RAIDBOXES GmbH (Friedrich-Ebert-Straße 7, 48153 Münster, Germany). RAIDBOXES GmbH offers Software as a Service (SaaS) services in the context of cloud hosting.

RAIDBOXES GmbH automatically collects and stores server log files with information that your browser transmits to us. These are:

• Browser type
• Operating system
• Referrer URL (previously visited page)
• Host name (IP address)

RAIDBOXES GmbH cannot assign this data to specific persons. This data is not merged with other data sources. The data is deleted after a statistical evaluation after 7 days at the latest. Further information can be found in the data protection regulations of RAIDBOXES GmbH. https://raidboxes.io/datenschutzerklaerung/.

We have also concluded a contract for commissioned data processing (DPA). This contract regulates the scope, type and purpose of RAIDBOXES GmbH’s access to data. The access options are limited only to necessary accesses that are required to fulfill the hosting services.

Deletion of data

The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
In accordance with legal requirements, storage is carried out in particular for 6 years in accordance with Section 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

Provision of contractual services

We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information if applicable) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
The deletion takes place after the expiry of statutory warranty and comparable obligations, the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

Contact us

When contacting us (via contact form or e-mail), the user’s details are processed to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b) GDPR.
We delete the inquiries if they are no longer required. In the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

Collection of access data and log files

We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

Online presence in social media

On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms. GDPR, we maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. write posts on our online presence or send us messages.
We receive statistical data of different categories from the operators, such as: total number of page views, “Like” information, page activity, post interactions, video views, post reach, comments, shared content, responses, proportion of men and women, origin in relation to country and city, language, clicks on route planners and clicks on telephone numbers.
We use the data to make our contributions on the operator pages more attractive or to find the right time for publication.
You can find information on the data, for example, at
Twitter: https://business.twitter.com/de/help/campaign-measurement-and-analytics/
Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data. We would also like to point out that according to the “Page Controller Addendum” there is joint responsibility between Facebook and us in accordance with Article 26 GDPR (https://www.facebook.com/legal/terms/page_controller_addendum).

Functions of the Twitter service or platform may be integrated into our online offering (hereinafter referred to as “Twitter”). Twitter is a service provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our posts within Twitter within our online offer, the link to our profile on Twitter and the possibility to interact with the posts and the functions of Twitter, as well as to measure whether users reach our online offer via the advertisements placed by us on Twitter (so-called conversion measurement). Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=A…). Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.

Videos from the “YouTube” platform of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are embedded in the pages in extended data protection mode. However, like most websites, YouTube also uses cookies to collect information about visitors to its website. YouTube uses these to collect video statistics, prevent fraud and improve user-friendliness, among other things. This also leads to a connection being established with the Google DoubleClick network. When you start the video, this could trigger further data processing operations. We have no influence on this. You can find more information about data protection at YouTube in their privacy policy at https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

Social Plugins

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd. GDPR) social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) and the microblogging service twitter.com, which is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”).

The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by the Twitter logo (blue bird) or one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Gefällt mir” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the social plugins can be viewed here
Twitter: https://developer.twitter.com/en/docs/twitter-for-websites/overview.html
Facebook: https://developers.facebook.com/docs/plugins/

To provide the social media plugins, such as the Facebook “Recommend” button, we use the “Two clicks for more data protection” plugin from Heise-Verlag (https://www.heise.de/ct/artikel/2-Klicks-fuer-mehr-Datenschutz-1333879.html). This means that your data will not be sent to the operator of the respective network platform without your consent.
The button is not active by default. The user must first click to signal that they now want to communicate with Facebook, for example. Only then will the necessary scripts be loaded by the operator of the network platform and data transmitted to it. If convenience is more important to you, you can also permanently activate the buttons using the cogwheel icon – with the associated consequences, of course: Facebook, for example, receives the information that you have visited our site with your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by the operators. Further information on this can be found in the respective privacy policy:
Facebook: http://de-de.facebook.com/policy.php
Twitter: https://twitter.com/de/privacy

Both Facebook and Twitter are certified under the Privacy Shield Agreement and thus offer a guarantee of compliance with European data protection law.
Facebook: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=A
Twitter: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=A…

When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection with the operator’s servers. The content of the plugin is transmitted by the operator directly to the user’s device and integrated into the online offering by the operator. User profiles can be created from the processed data. We therefore have no influence on the scope of the data that the operator collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, the operator receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in with the operator, Facebook or Twitter can assign the visit to their Facebook or Twitter account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from your device to the operator and stored there. If a user is not a member of Facebook or Twitter, it is still possible for the operators to find out and store their IP address. According to the operators, only an anonymized IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by the operator, as well as the relevant rights and setting options for protecting the privacy of users, can be found in the data protection information.
e. g. Facebook: https://www.facebook.com/about/privacy/.

For example, if a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their membership data stored on Facebook, they must log out of Facebook and delete their cookies before using our online offering. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

(translated with deepl)