of PL Gutscheinsysteme GmbH
The present Privacy Policy serves to inform you about our processing of your personal data when you use our website (https://givve.com/de/). Personal data shall be information relating to an identified or identifiable individual. This includes all information that allows conclusions to be drawn about your identity, such as your name, phone number, address or email address.
Statistical data that we collect, for example when you visit our website, and which cannot be linked to you personally, do not fall under the term personal data.
You can print or save this Privacy Policy using the respective function in your browser.
Contact and the so-called data controller, i.e. the party responsible for the processing of your personal data when you visit the present website, within the meaning of the General Data Protection Regulation (GDPR) is
PL Gutscheinsysteme GmbH
Ainmillerstrasse 11
80801 Munich
Germany
Email: datenschutz@givve.com
If you have any questions regarding data protection in connection with our products and services or the use of our website, please contact our data protection officer (“DPO”) at any time. To do so, please write to the above postal address or mail to the address previously provided (please mention: “FAO DPO”). We expressly point out on the fact that if you use the above email address, you mail will not only be accessible to our DPO. If you want to share confidential information, please use the said email address first to request direct contact details.
Whenever you use our website, we collect the access data that your browser automatically transmits to enable the visit. These access data comprise in particular:
Processing this access data is necessary to facilitate visiting the website and to ensure the continuous functionality and security of our systems. Access data will furthermore be temporarily stored in internal log files for the purposes described above in order to compile statistical information on the use of our website, to optimise our website with regard to our visitors’ browsing behaviour (e.g. if the number of mobile devices used to access the website should increase) and to generally administer our website.
The respective legal basis is Art. 6 (1) (1) (b) GDPR, provided that the website is accessed in the course of initiating or executing a contract, and otherwise Art. 6 (1) (f) GDPR due to our legitimate interest in facilitating website access and ensuring the long-term functionality and security of our systems.
Any information stored in log files does not allow any direct conclusions to be drawn about you personally – in particular, we only store IP addresses in shortened, anonymized form. Log files will be stored for 30 days and archived after being anonymized.
You can contact us through the email addresses provided on our website. This includes online contact forms provided on our website or our Facebook fan page, as well as contacting us by email or telephone at the email addresses or phone numbers provided on our website. Within the scope of contacting us, the following data will usually be processed:
In this context, we process the data you provide exclusively to communicate with you and handle your specific request, such as requesting product information.
If you contact us using the online contact forms on our website or our Facebook fan page, the information you provide will be sent to the operator of our CRM system, which is Salesforce.com, Inc. (Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States; hereinafter also referred to as “Salesforce”) (see also Sections 4 “Disclosure of data” and 5 “Transfers to a third country” below). We have entered into a DPA with Salesforce. Salesforce is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. For more information on Salesforce’s data processing activities, please refer to: https://www.salesforce.com/company/legal/privacy/
Additionally, the information provided will be shared with our service provider Help Scout (177 Huntington Ave Ste 1703 PMB 78505 Boston, Massachusetts 02115-3153 USA) We have entered into a DPA with Help Scout. For the transfer of personal data to the USA, we have concluded standard contractual clauses with Help Scout in accordance with Art. 46 (2) (c) GDPR. For more information on Help Scout’s data processing activities, please refer to: https://www.helpscout.com/company/legal/privacy/
The legal basis for said data processing is Art. 6 (1) (b) GDPR, insofar as your information is required to respond to your request or to initiate or execute a contract. If you have requested product information via email or telephone using the contact form, your consent in accordance with Art. 6 (1) (a) GDPR in connection with Section 7 (2) No. 1 and 2 UWG serves as legal basis for the provision of said product information via email and/or telephone. You may revoke your respective consent at any time with future effect at any time.
Once your request has been completed, the data you have provided will be deleted immediately, unless we still need your data to fulfil contractual or legal obligations (see section “Retention period”).
You may sign up for our login area so that you can use all of our website’s functions to the full extent. As contractual partner, you can thus arrange for the givve® MasterCard® Cards you have ordered to be topped up in the givve Business Portal and order new cards, or, as a cardholder, you can check the balance of your givve® MasterCard® Cards on the givve® Portal. We have marked the data that you are required to provide in this context by highlighting them as mandatory fields. The respective data are:
This data is generally required for signing up and/or using the functions available in the log-in area (in particular, topping up the givve® MasterCard® Cards ordered by you as an employer and ordering new givve® MasterCard® Cards).
Legal basis for said processing is Art. 6 (1) (b) GDPR, the need to fulfil the general terms and conditions (GTC) for customers of the givve® Card and the ToU for givve® Card cardholders.
You may subscribe to our newsletter “givve® News”, which provides regular information on corporate news, our products and services, events, projects, campaigns and special offers from givve.
The following data will be processed within the scope of your subscription:
Before we send the first newsletter to the email address you provided when you subscribed to it, we will verify this email address using the so-called double opt-in procedure. I.e. we will only send you newsletters by email if you confirm that you are the owner of the email address provided by clicking on a link in our notification email. If you confirm your email address, we will store your email address, the time of subscription and the IP address then used until you unsubscribe from the newsletter. The data’s storage serves the sole purpose of being able to send you the newsletter and provide evidence of your subscription.
With our newsletter, we make use of so-called click tracking. This serves to evaluate the respective opening and clicking behaviour.
Legal basis for the newsletter dispatch and for evaluating the opening and clicking behaviour is your consent in accordance with Art. 6 (1) (a) GDPR. You may unsubscribe from our newsletter at any time. Each newsletter contains an “unsubscribe”-link. Of course, a message sent to the contact details provided above or in the newsletter (e.g. by email or postal mail) shall also suffice.
We will process said data until you unsubscribe from the newsletter. The data’s storage serves the sole purpose of being able to send you the newsletter and provide evidence of your subscription. We will also analyse if our newsletter can actually be delivered.
To dispatch and manage the newsletter, we make use of the Mailchimp service offered by The Rocket Science Group LLC, a company of Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA (“Mailchimp”). We have entered into a DPA with Mailchimp. Mailchimp Google LLC is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. For more information on Mailchimp’s data processing activities, please refer to: https://www.intuit.com/privacy/statement/
If you order our products or use our services, we will regularly send you newsletter emails that contain current information about our products and services. For this purpose, we process the email address you provided.
Legal basis for said processing is Art. 6 (1) (f) GDPR in connection with Section 7 (3) UWG, whereas our legitimate interests within that meaning is our legitimate interest in advertising our products and services and sending latest information in this regard to existing customers.
You can object to such use of your email address at any time without incurring any costs other than the transmission costs according to the basic rates. A message sent to the contact details provided (e.g. by email or postal mail) shall also suffice. Of course, you will also find an “unsubscribe”-link in all newsletters.
To provide existing customers with advertising material, we make use of the Mailchimp service offered by The Rocket Science Group LLC, a company of Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA (“Mailchimp”). We have entered into a DPA with Mailchimp. Mailchimp Google LLC is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. For more information on Mailchimp’s data processing activities, please refer to: https://www.intuit.com/privacy/statement/
For our consent management, we make use of consent management service Usercentrics, provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich.
Within the scope of using Usercentrics, the following data are processed:
Legal basis for data processing is the necessity to fulfil our legal obligations stipulated by Art. 6 (1) (c) GDPR, which results from Art. 7 GDPR and Section 25 TDDDG.
Consent information will be stored for one year and then deleted immediately.
We have entered into a DPA with Usercentrics. For more information on Usercentrics’ data processing activities, please refer to: https://usercentrics.com/privacy-policy/
Some of our services require the use of so-called cookies. Cookies are small text files that serve to store information on your computer through your browser. Cookies are not used to run programs on or introduce viruses to your computer. The main purpose of our own cookies is to provide an offer tailored specifically to you and to make the use of our services as time-efficient as possible.
Most browsers are configured to accept cookies by default. You can, however, set your browser to reject cookies or only store them with your prior consent. If you reject cookies, not all of our services may function properly for you.
We set proprietary cookies, in particular
This serves to facilitate the convenient and more personalized use of our website. These services are provided based on our legitimate interests; the respective legal basis is Art. 6 (1) (f) GDPR.
We also use cookies and similar technologies (“tools”) provided by partners for analysis and marketing purposes. More information on this can be found below.
In order to improve our website, we use cookies and similar technologies (“tools”) to statistically record and analyse general usage behaviour based on access data. We also make use of analytics services to evaluate the use of our various marketing channels.
Furthermore, we use cookies and similar technologies for advertising purposes. Some of the access data generated when you visit our website is used for interest-based advertising. By analysing and evaluating this access data, we are able to display personalized advertising on our website and on the websites of other providers. This means advertising that corresponds to your actual interests and needs.
In the following sections we will specify these technologies and the providers used in more detail.
Our website makes use of Google Analytics, a web analysis service provided for users based in the European Economic Area and in Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (jointly “Google”). Google Analytics uses cookies and similar technologies to analyse and improve our website based on your user behaviour.
Within the scope of using Google Analytics, the following data are processed:
However, your IP address will be shortened before the usage statistics are evaluated so that no conclusions can be drawn about your identity. For this purpose, Google Analytics on our website has been extended with the code “anonymizeIP” to ensure anonymous collection of IP addresses.
According to information provided by Google itself, Google uses the data collected to evaluate the use of the website, to compile reports on website activities for the website operator, and to provide other services related to the use of this website and the internet in general.
We also use so-called UTM parameters to evaluate and analyse campaigns. By adding campaign parameters to the target URLs, we obtain information about clicks on a URL and can collect information about our campaigns’ overall effectiveness. Suchlike UTM parameters will be evaluated in Salesforce. We have entered into a DPA with Salesforce. Salesforce is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. For more information on Salesforce’s data processing activities, please refer to: https://www.salesforce.com/company/legal/privacy/. Moreover, the information will be sent to Google for Google Analytics if you give your respective consent.
For this purpose, the following data will be processed:
Legal basis for processing shall be your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time. To prevent the collection of data generated by cookies and related to your use of this website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on provided by Google, please click the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Your data will be stored for 14 months and then deleted.
We have entered into a DPA with Google. The data collected in this context may be transferred by Google to a US-based server for evaluation and stored there. Google LLC is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses in accordance with Art. 46 (2) (c) GDPR. More information is available in Google’s privacy statement: www.google.de/intl/de/policies/privacy/.
Our website makes use of Google Tag Manager, a service provided for users based in the European Economic Area and in Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (jointly “Google”). This is a tag management system that allows tracking codes to be updated on the website for analysis and personalization purposes.
Google Tag Manager collects data on the website and shares them with analysis tools (e.g. Google Analytics). This concerns aggregated data for triggering tags.
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time.
We have entered into a DPA with Google. The data collected in this context may be transferred by Google to a US-based server for evaluation and stored there. Google LLC is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses in accordance with Art. 46 (2) (c) GDPR. More information is available in Google’s privacy statement: www.google.de/intl/de/policies/privacy/.
Our website makes use of Hotjar, a web analysis service provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta (“Hotjar”). Hotjar serves to create so-called heat maps. Heat maps graphically display statistics about mouse movements and clicks on our website in order to analyse our website with regard to your user behaviour. This enables us to identify frequently used website functions and to further improve the site.
Within the scope of using Hotjar, the following data are processed:
Next to mouse movements and clicks, information about the operating system, browser, incoming and outgoing references (links), geolocation as well as resolution and type of device are evaluated for statistical purposes. This information is pseudonymous and will not be shared with third parties by us or Hotjar. Data you enter in form fields on our website will be masked out and not recorded by Hotjar. Cookies set by Hotjar are stored for up to one year unless you delete them earlier.
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time. Regardless of the consent management used, Hotjar allows all users to generally prevent the use of the Hotjar tool by means of a “Do Not Track header” so that no data about the visit to the respective website will be recorded. For a detailed instruction with more information on your browser, please go to: https://www.hotjar.com/policies/do-not-track/.
We have entered into a DPA with Hotjar. For more information on Hotjar’s data processing activities, please refer to: https://www.hotjar.com/de/datenschutz/
Our website makes use of ABlyft, an A/B testing tool provided by Conversion Expert GmbH, Zeppelinring 52c, 24146 Kiel (“ABlyft”). As part of our A/B tests, you will be shown websites with slightly varied content. This allows us to analyse our service range, improve it regularly and make it more interesting for you as a user.
When using ABlyft, clicks (including button clicks on request forms) will be processed.
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time.
Your data will be stored for 14 months and then deleted.
We have entered into a DPA with ABlyft. For more information on ABlyft’s data processing activities, please refer to: https://ablyft.com/de/features/datenschutz-privatsphaere
Our website makes use of Google Ads, a service provided for users based in the European Economic Area and in Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (jointly “Google”). These services use cookies and similar technologies to display ads that are relevant to you. The use of these services enables Google and its partner websites to display ads based on previous visits to our or other websites on the Internet.
Within the scope of using Google Ads, the following data are processed:
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time. You can also prevent the use of cookies by setting your browser accordingly. However, please note that in this case you might not be able to use all of this website’s functions to the full extent. Alternatively, you may deactivate the “Personalized advertising” button in the Google advertising settings at https://myadcenter.google.com/ If you do so, Google will only display general advertisements that have not been selected based on the information collected about you.
The respective data will be deleted as soon as they are no longer required for processing. Log data will be anonymised after nine months, cookie information after 18 months.
We have entered into a DPA with Google. The data collected in this context may be transferred by Google to a US-based server for evaluation and stored there. Google LLC is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses in accordance with Art. 46 (2) (c) GDPR. More information is available in Google’s privacy statement: www.google.de/intl/de/policies/privacy/.
Our website makes use of Bing Ads, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft uses cookies and similar technologies to display ads that are relevant to you. The use of these services enables Microsoft and its partner websites to display ads based on previous visits to our or other websites on the Internet.
Within the scope of using Microsoft Ads, the following data are processed:
All data will be deleted automatically after 180 days.
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time. You can also prevent the use of cookies by setting your browser accordingly. However, please note that in this case you might not be able to use all of this website’s functions to the full extent. You can also prevent Microsoft from collecting data generated by cookies and relating to your use of the website and from processing said data by deactivating personalised ads in the general settings for Microsoft ads at https://account.microsoft.com/privacy/ad-settings/.
We have entered into a DPA with Google. Data generated in this context may be transmitted by Microsoft to US-based servers for evaluation and stored there. Microsoft is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. For more information, please refer to the Microsoft Ads FAQ and Microsoft’s privacy statement available at: https://privacy.microsoft.com/de-de/privacystatement.
For marketing purposes, our websites make use of so-called conversion and retargeting tags (also known as “meta pixels”) provided by social network Meta, a service managed by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”). We use Meta Pixel to analyse the general use of our websites and to track the effectiveness of Facebook advertising (“conversion”). We also use meta pixels to display to you personalised advertising messages based on your interest in our products (“retargeting”). In this course, Facebook processes data collected by the service through cookies, web beacons and similar storage technologies on our websites.
Within the scope of using Meta Pixel, the following data are processed:
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time. In case you have a Facebook account and have allowed Facebook to do so through by account’s privacy settings, Facebook may also link information collected about your visit to us to your member account and use it to target Facebook ads. You can view and adjust the privacy settings of your Facebook profile at any time at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you disable data processing by Facebook, Facebook will only display general Facebook ads that are not selected based on the information gathered about you.
Respective data will be available for 180 days and then deleted.
We have entered into a DPA with Meta. Data generated in this context may be transmitted by Meta Platforms Ireland Limited to Meta Platforms, Inc. in the US. Meta Platforms, Inc. is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. More information is available in Meta’s privacy statement: https://www.facebook.com/about/privacy/.
On our website, we make use of the conversion and retargeting tool “LinkedIn Insight Tag” provided by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). It enables us to show visitors to our website personalised advertising outside of our website. For this purpose, a cookie is set in your browser, which enables LinkedIn to identify you when you are logged into your LinkedIn account at the same time. Additionally, the cookie facilitates the collection of the following data: IP address, device and browser properties, time stamps and site events (e.g. page views). LinkedIn uses this information to provide us with anonymised reports on the website audience and the effectiveness of advertisements.
Within the scope of using LinkedIn Insight Tag, the following data are processed:
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time. When you are logged in to LinkedIn, you can deactivate data collection in the settings at https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.
Respective data will be anonymised within seven days and deleted after 90 days.
We have entered into a DPA with LinkedIn. Within the scope of LinkedIn’s data processing, data might be transmitted to the US and processed there. LinkedIn Corporation is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. In addition, we obtain your express consent via the cookie banner in accordance with Art. 49 (1) (1) (a) GDPR. You can revoke your consent at any time by accessing the cookie settings under “Consent Settings” at the bottom of the website and adjusting them.
For more information on LinkedIn’s privacy policy, please refer to: https://www.linkedin.com/legal/privacy-policy.
Our website allows you to sign on to receive so-called push notifications. For this purpose, we use the service “CleverPush”, which is provided by CleverPush GmbH, Heidenkampsweg 100, 20097 Hamburg (“CleverPush”). You will regularly be informed about our products, services and our company via push notifications.
To sign on to push notifications, you must confirm the request transmitted by your browser or device to receive said notifications. This process will be documented and recorded by CleverPush.
CleverPush processes the following data:
This information is used to send you push notifications and to prove that you have signed up for this. CleverPush also statistically evaluates our push notifications and can thus determine whether and when they were delivered and clicked. This enables us to identify which push notifications are of interest to recipients in order to tailor future messages to the presumed interests of all recipients and thus increase interest in our range of services. We also process said data to compare and improve the efficiency of individual notifications and to evaluate the relevance of marketing channels.
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time. You may still revoke your consent in the settings provided for receiving push notifications in your browser settings.
The respective data will be deleted as soon as they are no longer required for the purpose they were collected for and generally when subscription is terminated. Detailed information on how to unsubscribe is available at: https://cleverpush.com/faq.
We have entered into a DPA with CleverPush. To the extent that CleverPush uses sub-processors who transmit personal data to third countries, CleverPush ensures that said data transmission is performed in accordance with the GDPR standards for third countries (Art. 44 ff. GDPR).
On our website, we use so-called Facebook social plugins provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”). This is a social plugin provided by Facebook that allows the user to link its website to the social network Facebook.
Within the scope of using Facebook Social Plugins, the following data are processed:
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time.
Your data will be stored for 90 days and then deleted.
We have entered into a DPA with Meta. Data generated in this context may be transmitted by Meta Platforms Ireland Limited to Meta Platforms, Inc. in the US. Meta Platforms, Inc. is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. More information is available in Meta’s privacy statement: https://www.facebook.com/about/privacy/.
We have embedded YouTube videos into our website, which have been saved on YouTube.com and can be played directly from our website. Video platform YouTube is a service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The clips have been embedded in “extended data protection mode”. In this extended data protection mode, videos are embedded on our website without cookies being set to analyse user behaviour. That means, no information on user activities is gathered to personalise the videos displayed. Instead, video recommendations are based on the current video.
For this purpose, the following data will be processed:
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time.
The respective data will be deleted as soon as they are no longer required for processing. IP addresses will be deleted after nine months, cookie information after 18 months.
We have entered into a DPA with Google. The data collected in this context may be transferred by Google to a US-based server for evaluation and stored there. Google LLC is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses in accordance with Art. 46 (2) (c) GDPR. More information is available in Google’s privacy statement: www.google.de/intl/de/policies/privacy/.
On our website, we use Google Maps, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to show you interactive maps directly on the website and facilitates your convenient use of the map functionality.
For this purpose, the following data will be processed:
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time.
We have entered into a DPA with Google. The data collected in this context may be transferred by Google to a US-based server for evaluation and stored there. Google LLC is partner to the EU-U.S. Data Privacy Framework, which is why transmission in this case is based on the adequacy decision for the US in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses in accordance with Art. 46 (2) (c) GDPR. More information is available in Google’s privacy statement: www.google.de/intl/de/policies/privacy/.
We make use of the partner program “Post Affiliate Pro” provided by Quality Unit, s.r.o., Vajnorská 100/A, 83104 Bratislava, Slovakia (hereinafter “Quality Unit”). Quality Unit uses cookies to track the origin of orders generated via links from our affiliate partners. Among other things, Quality Unit can thus verify that you have clicked on the partner link on our affiliate partner’s website.
Within the scope of using Post Affiliate Pro, the following data are processed:
The respective legal basis is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. Under “Consent Settings” on our website, you can revoke your consent at any time.
The respective data will be deleted as soon as they are no longer required for the purpose they were collected for.
We have entered into a DPA with Quality Unit. For more information on Quality Unit privacy policy, please refer to: https://www.postaffiliatepro.com/gdpr/
On our website, we provide chat bots to which you, as a website visitor, can ask questions on various topics, e.g. sustainability, issues regarding administration and processes of the givve® Payment Card as well as active usage of the Payment Card.
Within the scope of using chat bots, the following data are processed:
The data are processed for the purpose of providing interactive answers to a variety of questions asked by website visitors as well as in order to correct and optimise said interactive answers.
Legal basis for processing is your consent as per Art. 6 (1) (a) GDPR. Access to and storage of information in the terminal device is then carried out based on the EU member states’ Implementation Acts to the ePrivacy Directive, in Germany in accordance with Section 25 (1) TDDDG. You may revoke your consent at any time by entering “Revocation” in the chat.
To facilitate correction and optimisation, all chats will be retained for at least three months.
To integrate the chat bot, we use Chatbase offered by Chatbase.co Inc., 4700 Keele Street, 215 Bergeron Centre, Toronto, ON, Canada, M3J 1P3 (https://www.chatbase.co/). We have entered into a DPA with Chatbase. In this course, data might be transmitted to a country outside the European Union and be processed there. In this case, transmission is based on the adequacy decision for Canada in accordance with Art. 45 GDPR. For more information on the privacy policy followed by Chatbase, please refer to: https://www.chatbase.co/legal/privacy
We hold online accounts in social networks in order to communicate with customers and interested parties and to provide information about our products and services.
We have accounts with the providers listed below:
When you visit our accounts, the providers of the social media platforms record, among other things, your IP address and other information that is available on your device through cookies. Suchlike information is used to provide us, as the owner of said accounts, with statistical information about interaction with us.
What information the social media platform obtains and how it is used is explained by the providers in their respective privacy policies (see links in the list above). There you will also find contact details and information about marketing setting options.
The respective legal basis is Art. 6 (1) (f) GDPR, based on our legitimate interest in effective communication and providing information about our products and services. You may object to the processing of your personal data collected by us when you visit our corporate account at any time and assert your rights as a data subject as set out in Section 6 hereof.
Data collected about you in this context will be processed by the platforms and may be transferred to countries outside the European Union, in particular to the US. All abovementioned providers promise to maintain an appropriate data protection level and have joined the EU-US Data Privacy Framework, which is why transmission in suchlike cases is based on the adequacy decision for the US in accordance with Art. 45 GDPR (with the exception of Xing, as this provider is based within the EU).
In order to exercise your rights as a data subject, please contact us or the provider of the respective social media platform. If either party is not responsible for responding to the request or needs to receive the information from the other party, we or the provider will forward your request to the respective partner.
We shall generally only disclose data collected by us if:
Part of the data processing may be carried out by our service providers. In addition to the service providers listed in this Privacy Policy, these may include, in particular, data centres that store our website and databases, IT service providers who service our systems, and consulting companies. In order to provide the givve® MasterCard® Cards, we will disclose your data to the extent necessary, in particular to the service provider we use, DiPocket UAB (Upès str. 23, 08128 Vilnius, Lithuania), exceet Card AG (Edisonstrasse 3, D-85716 Unterschleissheim/Munich), Thredd Group Limited (6th Floor, Victoria House, Bloomsbury Square, London, WC1B 4DA). Legal basis in this respect is Art. 6 (1) (1) (b) GDPR.
If we disclose data to our service providers, they may only use the data to fulfil their tasks. Our service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures in place to protect the rights of data subjects, and are regularly checked by us.
In addition, disclosure may take place in connection with official requests, court orders and legal proceedings, if necessary for legal prosecution or enforcement.
Insofar as personal data is transferred to so-called third countries (outside the European Union or the European Economic Area) and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate precautions to ensure an appropriate level of data protection. This includes e.g. the European Union’s standard contractual clauses or binding internal data protection regulations.
We generally only store personal data for as long as necessary to meet the contractual or legal obligations, for which said information was gathered. We will then delete the data immediately, unless we need to retain the data until the end of the statutory limitation period for evidentiary purposes for civil claims or due to statutory retention obligations.
For evidential purposes, we must retain contract data for three years from the end of the year in which our business relationship with you ends. Any claims will expire at this point in time at the earliest, in accordance with the statutory limitation period.
However, even thereafter, we may still need to retain some of your data for accounting purposes. We are obliged to do so due to legal documentation requirements that may arise from the German Commercial Code, the Fiscal Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The periods specified therein for retaining documents are between two and ten years.
You shall be entitled to the data subject rights stipulated by Art. 7 (3) Art. 15-21, Art. 77 GDPR at any time, provided the respective legal requirements are met:
To exercise your specified rights, you may contact us at any time using the contact details provided above. The same applies if you would like to receive copies of guarantees proving an adequate level of data protection. Provided that the respective legal requirements have been met, we will comply with your privacy-related request.
Your request to exercise data protection rights and our response to them will be retained for documentation purposes. The respective legal basis is Art. 6 (1) (f) GDPR, based on our interest in defending against possible civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligations under Art. 5 (2) GDPR.
You have the right to withdraw your consent at any time. As a result, we will cease to process respective data based on this consent. The revocation of consent shall not affect the lawfulness of any processing undertaken on the basis of this consent before its withdrawal.
Insofar as we process your data based on legitimate interests, you shall have the right to object to the processing of your data at any time for reasons arising from your particular situation. If you object to data processing for direct advertising purposes, you have a general right to object, which we will accept even without reasons.
If you would like to exercise your right of withdrawal or objection, all you need to do is to send an informal message to the above contact details.
Finally, you shall have the right to file a complaint with a data protection supervisory authority. You may e.g. exercise this right with a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement. In Munich, where we are based, the competent supervisory authority is: Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision BayLDA), PO Box 1349, 91504 Ansbach, Germany (postal address). Email: poststelle@lda.bayern.de.
We use state-of-the-art technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from being accessed by third parties. Said technologies are regularly updated. To secure the personal information you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.
We may, from time to time, update the present Privacy Policy, for example if we update our Website or if legal or regulatory requirements change.
Version: December 2024