Skip to main content

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as ‘data’) we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as ‘online offer’).

The terms used are not gender-specific.

Status: 18 January 2025

Responsible Party

Dr. Pascal Buschor
Schwerzistrasse 4
8807 Freienbach
Switzerland

Email Address: contact@pcn.ltd

Overview of Processing Activities

The following overview summarizes the types of data processed, their purposes, and references the individuals affected.

Types of Processed Data
  • Inventory data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.
Categories of Affected Individuals
  • Service recipients and clients.
  • Communication partners.
  • Users.
  • Participants.
  • Third parties.
Purposes of Processing
  • Communication.
  • Security measures.
  • Direct marketing.
  • Audience measurement.
  • Tracking.
  • Conversion measurement.
  • Audience building.
  • Organizational and administrative processes.
  • Feedback.
  • Surveys and questionnaires.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.
  • Public relations.
  • Artificial intelligence (AI).

Applicable Legal Bases

Relevant legal bases under the GDPR: The following provides an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations may apply in your or our country of residence or business location. Should other specific legal bases apply in individual cases, we will inform you in the privacy policy.

  • Consent (Art. 6(1)(1)(a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6(1)(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data.

Note on the applicability of GDPR and Swiss FADP: These data protection notices are intended to provide information under both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). For clarity and broader applicability, GDPR terminology is used. Specifically, the GDPR terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used instead of the FADP terms “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data.” However, the legal interpretation of the terms remains defined by the FADP where applicable.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of threats to the rights and freedoms of natural persons.

Measures include securing the confidentiality, integrity, and availability of data by controlling physical and electronic access, as well as data entry, disclosure, availability, and separation. We have also established procedures to enable the exercise of data subject rights, deletion of data, and responses to data threats. Furthermore, we incorporate the protection of personal data into the development or selection of hardware, software, and procedures based on the principles of data protection by design and by default.

Securing online connections with TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services against unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt information exchanged between the website or app and the user’s browser (or between two servers), safeguarding the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, it is indicated by the presence of HTTPS in the URL, signaling to users that their data is being securely transmitted.

Transmission of Personal Data

In the course of processing personal data, it may be transmitted to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and enter into appropriate contracts or agreements with the recipients of your data to ensure its protection.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing occurs as part of the use of third-party services or the disclosure or transmission of data to other persons, entities, or companies, this is done only in accordance with legal requirements. If the data protection level in the third country has been recognized as adequate by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only occur if the data protection level is secured through other means, particularly standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or when required by contract or law (Art. 49(1) GDPR). Furthermore, we will inform you about the legal basis for third-country transfers in the privacy notices related to the respective third-party providers, prioritizing adequacy decisions as the basis. Information about third-country transfers and existing adequacy decisions can be found on the European Commission’s website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
As part of the so-called “Data Privacy Framework” (DPF), the European Commission has also recognized the data protection level for certain U.S. companies as secure under its adequacy decision of 10 July 2023. The list of certified companies and further information about the DPF can be found on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). We inform you in our privacy notices about which of the service providers we use are certified under the Data Privacy Framework.

General Information on Data Retention and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are withdrawn or no further legal grounds for processing exist. This applies to cases where the original processing purpose no longer exists or the data is no longer needed. Exceptions to this rule apply if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax purposes or whose storage is necessary for legal prosecution or to protect the rights of others is archived accordingly.

Our privacy notices include additional information about retention and deletion of data that is specific to certain processing activities.

If multiple retention periods or deletion deadlines are specified for a data set, the longest period always applies.

If a period does not explicitly start on a specific date and lasts at least one year, it automatically begins at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships where data is stored, the triggering event is the effective date of termination or other conclusion of the legal relationship.

Data that is no longer required for its original purpose but is retained due to legal requirements or other reasons is processed solely for the purposes justifying its retention.

Additional Notes on Processing Activities, Procedures, and Services:

  • Data Retention and Deletion: The following general retention periods apply under German law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the instructions and other organizational documents necessary for understanding them (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
    • 8 years – Accounting records, such as invoices and expense receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 sentence 1 AO and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
    • 6 years – Other business documents: received business or trade letters, copies of sent business or trade letters, and other documents of tax relevance, e.g., hourly wage sheets, operational accounting records, calculation documents, price lists, as well as payroll documents not categorized as accounting records and cash register strips (§ 147 para. 1 no. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 no. 2 and 3 in conjunction with para. 4 HGB).
    • 3 years – Data required to account for potential warranty and compensation claims or similar contractual claims and rights, as well as associated inquiries, are stored for the duration of the standard statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, particularly those outlined in Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw any consent given at any time.
  • Right of access: You have the right to request confirmation as to whether relevant data is being processed and to obtain information about such data as well as additional details and a copy of the data as per legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of incomplete data concerning you or the correction of incorrect data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request that data concerning you be deleted without undue delay, or alternatively, to request a restriction on the processing of the data in accordance with legal requirements.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transfer to another controller as per legal requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you also have the right, in accordance with legal requirements, to lodge a complaint with a data protection supervisory authority, particularly in the Member State of your habitual residence, workplace, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Provision of Online Services and Web Hosting

We process users’ data to provide our online services. This includes processing users’ IP addresses, which is necessary to deliver the content and functionality of our online services to users’ browsers or devices.

  • Types of data processed: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved persons); log data (e.g., log files related to logins or access to data or access times). Content data (e.g., textual or visual messages and posts and related information, such as authorship and creation time).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices, e.g., computers, servers); security measures.
  • Retention and deletion: Deletion in accordance with the section “General Information on Data Retention and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional Notes on Processing Activities, Procedures, and Services:

  • Provision of online services on rented storage space: To provide our online services, we use storage space, computing power, and software rented from an appropriate server provider (also referred to as a “web hoster”); Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files.” These server log files may include the address and name of accessed websites and files, date and time of access, transferred data volumes, messages about successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to avoid server overload (especially in cases of abuse, such as DDoS attacks), and to ensure server stability; Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR). Data deletion: Log file information is stored for up to 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes is excluded from deletion until the relevant incident is fully resolved.
  • Cyon: Services in the field of IT infrastructure provision and related services (e.g., storage space and/or computing capacity); Service provider: cyon GmbH, Brunngässlein 12, CH – 4052 Basel, Switzerland; Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://www.cyon.ch; Privacy policy: https://www.cyon.ch/legal/datenschutzerklaerung. Basis for third-country transfers: Adequacy decision (Switzerland).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter referred to as “Publication Media”). The data of readers is processed for the purposes of the Publication Media only to the extent necessary for its presentation, communication between authors and readers, or for security purposes. Furthermore, we refer to the information on the processing of visitors to our Publication Media within the scope of this privacy policy.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation time); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved individuals).
  • Data subjects: Users (e.g., website visitors, online service users).
  • Purposes of processing: Feedback (e.g., collecting feedback via online forms); Provision of our online services and user-friendliness.
  • Retention and deletion: Deletion as specified in the section “General Information on Data Retention and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, phone, or via social media) and within the scope of existing user and business relationships, the information provided by the inquiring parties is processed to the extent necessary to respond to contact inquiries and any requested actions.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation time); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved individuals).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online forms); provision of our online services and user-friendliness.
  • Retention and deletion: Deletion as specified in the section “General Information on Data Retention and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); contract fulfillment and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR).

Additional notes on processing activities, procedures, and services:

  • Contact form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to respond to and address the specific inquiry. This typically includes information such as name, contact details, and any other information necessary for proper processing. These data are used solely for the stated purpose of contact and communication; Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR), Legitimate interests (Art. 6(1)(1)(f) GDPR).

Artificial Intelligence (AI)

We use Artificial Intelligence (AI) systems, which involve the processing of personal data. The specific purposes and our interest in using AI are outlined below. In this context, AI refers to a machine-based system as defined in Article 3 No. 1 of the AI Regulation, designed for autonomous operation, adaptable after deployment, and capable of generating outcomes such as predictions, content, recommendations, or decisions that may influence physical or virtual environments.

Our AI systems are deployed in strict compliance with legal requirements, including specific regulations for AI as well as data protection regulations. We adhere to principles of legality, transparency, fairness, human oversight, purpose limitation, data minimization, integrity, and confidentiality. We ensure that personal data processing is always based on a legal foundation, which can be either the consent of the data subjects or a statutory authorization.

When using external AI systems, we carefully select their providers (hereinafter referred to as “AI Providers”). In line with our legal obligations, we ensure that AI Providers comply with applicable regulations. Similarly, we fulfill our obligations when using or operating the AI services obtained. Personal data processing by us and the AI Providers occurs solely based on consent or legal authorization, with a strong emphasis on transparency, fairness, and maintaining human oversight over AI-driven decision-making processes.

To protect the processed data, we implement robust technical and organizational measures that ensure the integrity and confidentiality of the data and minimize potential risks. Regular reviews of AI Providers and their services are conducted to ensure ongoing compliance with current legal and ethical standards.

  • Types of data processed: Content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation time); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).
  • Data subjects: Users (e.g., website visitors, online service users); Third parties.
  • Purposes of processing: Artificial Intelligence (AI).
  • Retention and deletion: Deletion as specified in the section “General Information on Data Retention and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional notes on processing activities, procedures, and services:

  • DeepL: Translation of texts into various languages and provision of synonyms and contextual examples. Support in correcting and improving texts in different languages; Service provider: DeepL SE, Maarweg 165, 50825 Cologne, Germany; Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://www.deepl.com; Privacy policy: https://www.deepl.com/de/privacy. Data processing agreement: Provided by the service provider.

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “Newsletters”) only with the consent of the recipients or based on legal grounds. If the content of the Newsletter is specified during registration, it is decisive for the user’s consent. Typically, providing your email address is sufficient for registering for our Newsletter. However, to offer you a personalized service, we may request your name for personalized addressing in the Newsletter or additional information if necessary for the Newsletter’s purpose.

Deletion and Restriction of Processing: We may retain unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to demonstrate that consent was previously given. The processing of these data is restricted to the purpose of defending potential claims. Individual deletion requests are possible at any time, provided the previous existence of consent is confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blacklist (“blocklist”).

The logging of the registration process is based on our legitimate interests for evidence of its proper execution. If we engage a service provider to send emails, this is based on our legitimate interests in an efficient and secure mailing system.

Content:

Information about us, our services, promotions, and offers.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved individuals); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via email or postal mail).
  • Legal bases: Consent (Art. 6(1)(1)(a) GDPR); Legitimate interests (Art. 6(1)(1)(f) GDPR).
  • Opt-out option: You may unsubscribe from our Newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe from the Newsletter is included at the end of every Newsletter or you can use any of the above contact options, preferably email, for this purpose.

Additional notes on processing activities, procedures, and services:

Surveys and Questionnaires

We conduct surveys and questionnaires to collect information for the communicated survey or questionnaire purposes. The surveys and questionnaires (hereinafter referred to as “Surveys”) we conduct are evaluated anonymously. Personal data is processed only to the extent necessary to provide and technically implement the Surveys (e.g., processing the IP address to display the survey in the user’s browser or using a cookie to resume the survey).

  • Types of data processed: Inventory data (e.g., full name, residential address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation time); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).
  • Data subjects: Participants.
  • Purposes of processing: Feedback (e.g., collecting feedback via online forms); Surveys and questionnaires (e.g., surveys with input fields, multiple-choice questions).
  • Retention and deletion: Deletion as specified in the section “General Information on Data Retention and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional notes on processing activities, procedures, and services:

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) serves to evaluate visitor flows on our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Reach analysis enables us to recognize, for instance, when our online offering or its functions and content are most frequently used or to invite repeated use. It also allows us to identify areas in need of optimization.

In addition to web analysis, we may use testing methods, such as A/B testing, to test and optimize different versions of our online offering or its components.

Unless otherwise specified below, profiles may be created for these purposes, i.e., data consolidated into a usage process, stored in a browser or device, and later retrieved. The data collected includes, in particular, visited websites and elements used, as well as technical details such as the browser used, the computer system, and information about usage times. If users have consented to us or the providers of the services we use collecting location data, this may also be processed.

Furthermore, users’ IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, user data collected during web analysis, A/B testing, and optimization is not stored as clear data (e.g., email addresses or names) but pseudonymized. This means that neither we nor the providers of the software used can identify the users’ actual identity but only the data stored in their respective profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is their consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved individuals).
  • Data subjects: Users (e.g., website visitors, online service users).
  • Purposes of processing: Reach measurement (e.g., access statistics, identifying returning visitors); Profiles with user-related information (creating user profiles).
  • Retention and deletion: Deletion as specified in the section “General Information on Data Retention and Deletion.” Cookies may be stored for up to two years (unless otherwise specified, cookies and similar storage methods may be stored on users’ devices for up to two years).
  • Security measures: IP masking (pseudonymization of IP addresses).
  • Legal bases: Consent (Art. 6(1)(1)(a) GDPR); Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional notes on processing activities, procedures, and services:

  • Matomo (without cookies): Matomo is a privacy-friendly web analytics software used without cookies. It recognizes returning users using a so-called “digital fingerprint,” which is anonymized and changed every 24 hours. The “digital fingerprint” records user movements within our online offering via pseudonymized IP addresses combined with user browser settings, preventing identification of individual users. Data collected using Matomo is processed solely by us and not shared with third parties; Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR). Website: https://matomo.org/.

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize, and promote our services. If users review us via the participating review platforms or procedures or otherwise provide feedback, the terms and conditions and privacy policies of the respective providers also apply. Typically, providing a review also requires registration with the respective providers.

To ensure that reviewing individuals have actually used our services, we may, with the customer’s consent, transmit the necessary information regarding the customer and the utilized service to the respective review platform (including name, email address, and order or item number). This data is used solely for verifying the authenticity of the user.

  • Types of data processed: Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved individuals).
  • Data subjects: Service recipients and clients; Users (e.g., website visitors, online service users).
  • Purposes of processing: Feedback (e.g., collecting feedback via online forms); Marketing.
  • Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional notes on processing activities, procedures, and services:

  • Google Customer Reviews: Service for collecting and/or displaying customer satisfaction and opinions; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://www.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: During customer review collection, data such as an identification number, timestamp of the transaction being reviewed, the customer’s email address (if reviews are requested directly from customers), country of residence, and the review details are processed; More details on processing types and data can be found at: https://business.safety.google/adsservices/.
  • Trustpilot: Review platform; Service provider: Trustpilot A/S, Pilestræde 58, 5th Floor, 1112 Copenhagen, Denmark; Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://de.trustpilot.com; Privacy policy: https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.

Social Media Presences

We maintain online presences within social networks and process user data within this context to communicate with active users there or to provide information about us.

We point out that user data may be processed outside the European Union in this context. This may pose risks to users, for example, making it more difficult to enforce their rights.

Additionally, user data within social networks is typically processed for market research and advertising purposes. For example, usage profiles may be created based on user behavior and resulting interests. These profiles may then be used, for example, to display advertisements within and outside the networks that presumably match users’ interests. Cookies are typically stored on users’ devices for this purpose, in which the usage behavior and interests of users are stored. Additionally, data in usage profiles can also be stored independently of the devices used by users (especially if users are members of the respective platforms and logged in).

For a detailed presentation of the respective processing and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

Even in cases of information requests and the assertion of user rights, we note that these are best addressed directly to the providers. Only the providers have access to user data and can take appropriate actions and provide information. If you need assistance, you can contact us.

  • Types of data processed: Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation time); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved individuals).
  • Data subjects: Users (e.g., website visitors, online service users).
  • Purposes of processing: Communication; Feedback (e.g., collecting feedback via online forms); Public relations.
  • Retention and deletion: Deletion as specified in the section “General Information on Data Retention and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Consent (Art. 6(1)(1)(a) GDPR).

Additional notes on processing activities, procedures, and services:

  • LinkedIn: Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of visitor data used to create the “Page Insights” (statistics) of our LinkedIn profiles. Data includes the types of content users view or interact with and their actions, as well as details about the devices used, such as IP addresses, operating systems, browser types, language settings, and cookie data. Privacy policy for data processing by LinkedIn: https://www.linkedin.com/legal/privacy-policy; Joint controller agreement with LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum.

Plug-ins and Embedded Functions and Content

We incorporate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as “Third-Party Providers”). These may include graphics, videos, or city maps (collectively referred to as “Content”).

The integration always requires that the Third-Party Providers of this Content process the users’ IP addresses since they cannot send the Content to their browsers without the IP address. The IP address is therefore necessary for displaying this Content or functionality. We strive to use only Content whose respective providers use the IP address solely for delivering the Content. Third-Party Providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and include technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online offering, as well as being linked to such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of Third-Party Providers, the legal basis for processing the data is their consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identifiers, involved individuals).
  • Data subjects: Users (e.g., website visitors, online service users).
  • Purposes of processing: Provision of our online offering and user-friendliness; Marketing; Profiles with user-related information (creating user profiles); Reach measurement (e.g., access statistics, identifying returning visitors); Tracking (e.g., interest/behavior-based profiling, use of cookies); Target group formation.
  • Retention and deletion: Deletion as specified in the section “General Information on Data Retention and Deletion.” Cookies may be stored for up to two years (unless otherwise specified, cookies and similar storage methods may be stored on users’ devices for up to two years).
  • Legal bases: Consent (Art. 6(1)(1)(a) GDPR); Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional notes on processing activities, procedures, and services:

  • Google Fonts (hosted on our server): Providing font files for a user-friendly presentation of our online offering; Service provider: The Google Fonts are hosted on our server, and no data is transmitted to Google; Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).
  • Font Awesome (hosted on our server): Displaying fonts and icons; Service provider: Font Awesome icons are hosted on our server, and no data is transmitted to the Font Awesome provider; Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).
  • LinkedIn Plug-ins and Content: LinkedIn plug-ins and content – This may include content such as images, videos, or text and buttons that allow users to share content from this online offering within LinkedIn; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Data processing agreement: https://legal.linkedin.com/dpa; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Changes and Updates

We kindly ask you to regularly review the content of our privacy policy. We will adapt the privacy policy as soon as changes in our data processing activities make this necessary. We will inform you as soon as changes require your cooperation (e.g., consent) or other individual notifications.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time, and we kindly ask you to verify them before contacting us.

Close Menu

Pangea Capital Network: International growth starts here.