Privacy Policy

Last update: October 23rd 2023

Your privacy is important to us. This Privacy Policy covers what data we collect and how we use, disclose, transfer and store your information.

I. NAME OF THE PERSON RESPONSIBLE

The person responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is the

Usercentrics GmbH

Sendlinger Straße 7

80331 Munich

Germany

Email: datenschutz@usercentrics.com | Website: www.usercentrics-datashield.com

You can contact our data protection officer under:

SECUWING GmbH & Co. KG

Maximilian Hartung

Frauentorstr. 9

86152 Augsburg

Germany

E-mail: epost@datenschutz-agentur.de | Phone: +49 821 90786450 | Fax: +49 821 90786459

II. GENERAL INFORMATION ABOUT THE COLLECTION AND PROCESSING OF YOUR DATA

1. Scope of processing 

In principle, we process personal data only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data takes place regularly only with consent. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

2. Legal basis

The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, or based on legitimate interest, cf. art. 6 para. 1, lit. a, b or f GDPR.

If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.

3. Storage and deletion of your data

In principle, we only store personal data for as long as it is necessary to fulfill contractual or legal obligations for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.

We delete or block the personal data of the data subject as soon as the purpose of the storage is fulfilled. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject (see details in sections 3.1-3.3). Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

III. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

1. Scope of data processing

Usercentrics processes personal data only if this is necessary to provide a functioning website and our content and services. The processing of personal data takes place regularly only with consent. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

Any of the information we collect from you may be used for one or more of the following purposes:

  • To personalize your experience (the information will help Usercentrics better respond to your individual needs);
  • To improve our website (Usercentrics continually strives to improve our website offerings based on the information and feedback we receive from you).

2. Data processed

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. E.g. this is  information like

  • Information about the type and version of your internet browser (if applicable)
  • The operating system of your computer or smartphone (if applicable)
  • Referral URL (if applicable) 
  • Your IP address, and
  • Date and time of your access.

We collect such technical information in so-called “log files”, so that you can display our website correctly and we can identify the causes of any technical problems, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks. For these purposes, the legal basis is legitimate interest in the processing of data according to art. 6 para. 1 lit. f GDPR.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Typically, this technical information will be erased or rendered unrecognizable at the latest after seven days.

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. 

IV. PROCESSING ACTIVITIES OF THE USERCENTRICS DATA SHIELD PLUGIN

When using the Usercentrics Data Shield Plugin no additional personal data is processed than those required for the functioning of the plugin. The information processed through the plugin includes: browser type and version (if applicable), device operating system (if applicable), referral URL (if applicable), IP address and the date and time of your access. Additionally an anonymous installation ID and statistical data might be processed. These data are used in order to provide the service and specifically documents and internally used websites (e.g. plugin verification page), but also for anonymous statistics about the usage of the plugin and to improve the service. No further personal information is processed. The IP address, which is processed as part of the transactional data, is not stored. Usercentrics uses Google Cloud EMEA Ltd. as a subprocessor in order to provide the service. We have agreed on a Data Processing Agreement and Standard Contractual Clauses with them. The data are stored on servers within the European Union. 

In case you choose to contact us through a support ticket, then additional personal information like your name and email address will be processed as well as the content of the support ticket. These data are solely used in order to receive and process your requests. For this we are using Zendesk Inc. as a service provider. 

V. NEWSLETTER

In case Usercentrics Data Shield offers a newsletter, when signing up for the Newsletter, data entered into the input mask will also be stored, in order to provide the Newsletter. The legal basis for this processing is art. 6 para. 1 lit. a GDPR. Your email address, time of subscription and the IP address used for subscribing will be retained as long as you subscribe to our Newsletter. This service is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. You can unsubscribe from this service by opting out via the link provided in each Newsletter any time.

You will be informed by Usercentrics about relevant changes concerning the Service, such as the implementation of additional functions, by email, if you subscribe to Usercentrics’ newsletter.

VI. COOKIES AND TRACKING TECHNOLOGIES

  1. Hetzner

We are using the service provided by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) for the functioning as well as to ensure the stability of the website. By using this service transactional data, including information about the type and version of your internet browser, the operating system of the device, referral URL, your IP Address and the date and time of your access, will be processed. This data is processed on the basis of our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR), in order to provide you with a functioning website. You can find further information about the service under https://www.hetzner.com/de/legal/privacy-policy.

  1. Google Fonts

We are using the service Google Fonts provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin 4, Ireland) for the functioning of our website, specifically as a Content Delivery Network (CDN) for fonts. This service processes transactional data, including information about the type and version of your internet browser, the operating system of the device, referral URL, your IP Address and the date and time of your access. This data is processed on the basis of our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR), in order to provide you with a functioning website. You can find further information about the service under https://policies.google.com/privacy.

  1. unpkg

We are using the service provided by unkpg for the functioning of the website, specifically as a Content Delivery Network (CDN) for libraries. Unpkg is an open source project. This service processes transactional data, like information about the type and version of your internet browser, the operating system of the device, referral URL, your IP Address and the date and time of your access. This data is processed on the basis of our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR), in order to provide you with a functioning website. You can find further information about the service under https://www.unpkg.com/. 

  1. Meta Pixel

We are using the service provided by Meta (Meta Platform Ireland Limted) for advertising. This service processes the following data: FBClid, Ads viewed, Content viewed, Device info, geographic location, HTTP-header, Interactions with advertisement, services and product, IP address, Items clicked, Marketing info, Pages visited, Pixel ID, Referrer URL, Usage behavior, Facebook cookie info, Facebook user ID, Usage/click behavior, Browser info, Device operating system, Device ID, User agent and Browser type. This data is processed on the basis of consent (Art. 6 para. 1 s. 1 lit. a GDPR). At any time you can revoke your consent through the usage of the CMP widget on the website. You can find further information about the service under https://www.facebook.com/privacy/explanation

  1. TikTok

We are using the service provided by TikTok (TikTok Information Technologies UK Limited) for advertising purposes. This service processes the following data: Device information, Device ID, Geographic location, Usage data, Performance metrics, Advertising impression metrics, Pixel data and the IP address. This data is processed on the basis of consent (Art. 6 para. 1 s. 1 lit. a GDPR). At any time you can revoke your consent through the usage of the CMP widget on the website. You can find further information about the service under https://www.tiktok.com/legal/page/eea/privacy-policy/en. 

  1. LinkedIn

We are using the service provided by LinkedIn (LinkedIn Ireland Unlimited Company) for advertisement and analytics purposes. This service processes the following data: Device information, IP Address, Referrer URL, Timestamp and Browser information. This data is processed on the basis of consent (Art. 6 para. 1 s. 1 lit. a GDPR). At any time you can revoke your consent through the usage of the CMP widget on the website. You can find further information about the service under https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com.

  1. Outbrain

We are using the service provided by Outbrain (Outbrain Inc.) for advertising purposes. This service processes the following data: Anonymised IP Address, Browser type, Date and time of visit, Device information, Device operating system, Referrer URL and Websites visited. This data is processed on the basis of consent (Art. 6 para. 1 s. 1 lit. a GDPR). At any time you can revoke your consent through the usage of the CMP widget on the website. You can find further information about the service under https://www.outbrain.com/legal/privacy.

  1. Twitch

We are using the service provided by Twitch (Twitch Interactive Inc.) for advertising purposes. This service processes the following data: Visit information, IP Address, Browser information, Usage data, Date and time of visit, Referrer URL, Number of  visits and Unique user ID. This data is processed on the basis of consent (Art. 6 para. 1 s. 1 lit. a GDPR). At any time you can revoke your consent through the usage of the CMP widget on the website. You can find further information about the service under https://www.twitch.tv/p/legal/privacy-notice/.

  1. Google Analytics

We are using the service Google Analytics provided by Google (Google Ireland Limited) for advertising and analytics purposes. This service processes the following data: Google Client ID, Click path, Date and time for visit, Device info, Location info, IP address, Pages visited, Referrer URL, Browser Info, Hostname, Browser language, Browser type, Screen resolution, Device operating system, Interaction data, User behavior and Visited URL. This data is processed on the basis of consent (Art. 6 para. 1 s. 1 lit. a GDPR). At any time you can revoke your consent through the usage of the CMP widget on the website. You can find further information about the service under https://policies.google.com/privacy?hl=en.

  1. Google Ads

We are using the service Google Ads provided by Google (Google Ireland Limited) for advertising and analytics purposes. This service processes the following data: Gclid, Ads viewed, Cookie ID, Date and time for visit, Device info, Geographic location, IP address, Search terms, Ads shown, Impressions, Online identifiers and Browser info. This data is processed on the basis of consent (Art. 6 para. 1 s. 1 lit. a GDPR). At any time you can revoke your consent through the usage of the CMP widget on the website. You can find further information about the service under https://policies.google.com/privacy?hl=en.

  1. Google Tag Manager

We are using the service Google Tag Manager provided by Google (Google Ireland Limited) for the correct functioning of the website. This service does not process any personal data. This data is processed on the basis of our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR), in order to provide you with a functioning website. You can find further information about the service under https://policies.google.com/privacy?hl=en/. 

  1. Google Adsense

We are using the service Google Ads provided by Google (Google Ireland Limited) for advertising purposes. This service processes the following data: Gclid, Ads viewed, Date and time for visit, Geographic location, IP address, Ads shown, Click path and Usage information and Mouse movements. This data is processed on the basis of consent (Art. 6 para. 1 s. 1 lit. a GDPR). At any time you can revoke your consent through the usage of the CMP widget on the website. You can find further information about the service under https://policies.google.com/privacy?hl=en.

  1. Youtube

We are using the service Youtube provided by Google (Google Ireland Limited) for advertising purposes and in order to display videos. This service processes the following data: Gclid, Device information, IP address, Referrer URl, Videos viewed. This data is processed on the basis of consent (Art. 6 para. 1 s. 1 lit. a GDPR). At any time you can revoke your consent through the usage of the CMP widget on the website. You can find further information about the service under https://policies.google.com/privacy?hl=en.

VII.  MINORS

Our services are not aimed at children under 13 years. We do not knowingly collect information from children under the age of 13. If you have not reached the age limit, do not use the services and do not provide us with your personal information. If you are a parent of a child below the age limit and you learn that your child has provided Usercentrics with personal information, please contact us at datenschutz@usercentrics.com and insist on exercising your rights of access, correction, cancellation and / or opposition. If you are resident in California and are under 18 years of age and wish to erase publicly available content, please contact us at privacy.

VIII. RECIPIENTS OF DATA AND DATA TRANSFER TO THIRD COUNTRIES

12.1 Recipients of Data

Usercentrics does not sell, trade or otherwise transfer to outside parties any personally identifiable information. 

This does not include trusted third parties or processors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.

We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our rights or the rights of others, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

We only pass on the data we have collected if this is necessary for the fulfillment of the contract or for the provision of the technical functionality of the website, or if there is another legal basis for passing on the data.

In principle, we process your data ourselves. In some cases, however, we also use service providers. In addition to the processors mentioned in this privacy policy, these may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems, and consulting companies. If we pass on data to processors, they may only use the data to fulfill their tasks. The processors have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.

In addition, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement. When governments make a lawful demand for customer data from Usercentrics, Usercentrics strives to limit the disclosure. Usercentrics will only release specific data mandated by the relevant legal demand.

If compelled to disclose your data, Usercentrics will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.

If Usercentrics commissions third parties with the collection, processing and use of data within the scope of commissioned processing in accordance with Art. 28 GDPR, this will also take place exclusively in compliance with the statutory provisions on data protection.

12.2 Data Transfer to Third Countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed.

12.3 Processors and trusted third parties

ProcessorFunctionData ProcessingLegal BasisLink to the privacy policy
Hetzner Online GmbH(Industriestr. 25, 91710 Gunzenhausen, Germany)Functioning of website and stabilityTransactional dataArt. 6 para. 1 s. 1  lit. f GDPRhttps://www.hetzner.com/de/legal/privacy-policy
Google Ireland Limited(Gordon House, 4 Barrow St, Dublin 4, Ireland)CDN andanonymous statistics for service improvementTransactional dataandAnonymous installation IDStatistic dataArt. 6 para. 1 s. 1  lit. f GDPRhttps://policies.google.com/privacy
Zendesk Inc., 1019 Market Street, San Francisco, CA 94103, USACustomer supportTransaction dataNameE-Mail AddressContent of support requestArt. 6 para. 1 s. 1  lit. b GDPRhttps://www.zendesk.de/company/agreements-and-terms/privacy-notice/
unpkg.comCDNTransactional dataArt. 6 para. 1 s. 1  lit. f GDPR

IX. YOUR RIGHTS

If we process your personal data you have – after successful identification – the following rights towards us:

  • Right to information (Article 15 GDPR)
  • Right to deletion (Article 17 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR) – You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by Usercentrics as spreadsheet files in Microsoft Excel format. Logical relations between datasets will be preserved in the form of unique identifiers. You are required to pay €1.000 (Euro one thousand) and any applicable taxes on delivery for each data copy order.
  • Right to withdraw consent (Article 7(3) GDPR)
  • Right to object to certain data processing activities (Article 21 GDPR).

In order to exercise your rights described here, you can contact us at any time using the contact details listed under “Name of the person responsible “.

You may at any time lodge a complaint with a supervisory authority regarding Usercentrics’ collection and processing of your personal data. In Denmark, you can lodge a complaint with the Danish Data Protection Agency.

X. ONLINE PRESENCE IN SOCIAL NETWORKS

We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to provide information about our products and services.

The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users and on-site behavior, if it exists. For this purpose, cookies and other identifiers are stored on the users’ computers. On the basis of these usage profiles, advertisements, for example, are then placed within the social networks but also on third-party websites.

As part of the operation of our online presences, it is possible that we can access information such as statistics on the use of our online presences, which are provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them. Please refer to the list below for details and links to the data of the social networks that we can access as operators of the online presences.

The legal basis for data processing is GDPR art. 6(1)(a)-(b), in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.

For the legal basis of the data processing carried out by the social networks on their own responsibility, please refer to the data protection information of the respective social network. The links below also provide you with further information on the respective data processing and the options to object.

We would like to point out that data protection requests can be asserted most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Below is a list with information on the social networks on which we operate online presences:

XI. SECURITY AND INTEGRITY OF THE DATA

Protecting the information you give us or that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. Usercentrics has taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information, and will restore the availability and access to information in the event of a physical or technical incident in a timely manner. 

XII. UPDATES

We reserve the right to update this privacy policy from time to time. In the event that we make material changes that restrict Usercentrics’ rights or obligations under this Privacy Policy, we will publish a clear notice in this section of this Privacy Policy that informs users when they are updated.

This Privacy Policy was last modified on October 23rd, 2023

Listing of all cookies on this site: