Presence on social networks and similar platforms

 

GRENKE AG (hereinafter also referred to as ‘grenke’, ‘we’ or ‘us’) operates presences on the social networks and similar internet platforms (hereinafter referred to as ‘platforms’) of the respective service providers listed below (hereinafter referred to as ‘service providers’) in order to offer you as a user information and to communicate with you. In the following, we will inform you about how we process personal data in connection with our presence on the various platforms.

 

1. Who is responsible for data processing?

 

The controller for data processing within the meaning of data protection laws is

 

GRENKE AG

Neuer Markt 2

76532 Baden-Baden

Germany

 

Telephone: +49 7221 5007-0

Fax: +49 7221 5007-222

 

You can view our imprint here.

If you have any questions or suggestions regarding data protection, please do not hesitate to contact us.

 

You can reach our data protection officer as follows:

 

GRENKE AG

Data Protection Officer

Neuer Markt 2

76532 Baden-Baden

Germany

 

E-mail address: [email protected]

 

2. On which platforms is grenke present?

 

Presence ‘grenke’ on Meta (Facebook):

Service provider: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; https://www.facebook.com/.

Privacy policy: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

Option to object (opt-out): Settings for adverts: https://www.facebook.com/settings?tab=ads.

 

Presence ‘grenke’ on YouTube:

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; www.google.com.

Privacy policy: https://policies.google.com/privacy

Option to object (opt-out): https://adssettings.google.com/authenticated.

 

Presence ‘grenke’ on XING:

Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; https://www.xing.com/.

Privacy policy: https://privacy.xing.com/en/privacy-policy.  

 

Presence ‘grenke’ and 'grenke Investor Relations’ on LinkedIn:

Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com.

Privacy policy: https://www.linkedin.com/legal/privacy-policy?

Possibility of objection (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

3. What types of personal information do we process and for what purposes?

 

With our various presences, we aim to provide you with a wide range of multimedia services, to present our offerings in a comprehensive manner, and to engage with you on topics that are important to you. In particular, data processing serves the following purposes

 

• Present our company, our products and services, and our corporate culture, including available career and training opportunities;
• Respond to inquiries from customers and prospects;
• Communicate with and inform platform visitors;
• Present current events and activities;
• Collect statistical information about the reach of the sites;
• Conducting customer surveys, marketing campaigns, market analysis, contests or similar campaigns or events.

 

Unless explicitly stated otherwise, the legal basis for the processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to present our company and the offers you have requested on your preferred platforms and to respond quickly to your messages or requests. We also have a legitimate interest in analysing the reach and use of our presences in order to ensure appropriate design and ongoing optimisation. Insofar as you wish to enter into a contractual relationship with grenke with your inquiry or we process your data for the purpose of processing your contact inquiry and its handling, the legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.

 

In particular, we process the following personal data on our presences:

• Your user name as well as comments and messages that you post via our presences.
• Your activity on our presences via the respective service of the providers (in particular Facebook Insights, Twitter Analytics, statistical information on LinkedIn, ‘Analytics’ on YouTube), e.g. the number of visits to the presences, the scope of interactions, visits and the average duration of video playbacks, etc.
• Other information that is necessary or provided by you on a voluntary basis (e.g. as part of a contact form) in order to respond to enquiries from our visitors or to clearly identify our visitors in our systems.

 

When you visit one of our sites, the platform operators may also create user profiles that store your preferences and interests. In this way, interest-based advertising can be displayed to you within and outside of the respective platforms. If you have an account with the relevant platform, the interest-based advertising may be displayed on all devices on which you are or have been logged in. Please note that we cannot track all processing on the platforms. Depending on the provider, further processing may be performed by the platform operators. For details, please refer to the terms of use and privacy policies of the respective service providers (see Section 2 above).

 

4. Joint controllership with the service providers of the platforms

 

If you visit one of our presences, we may be jointly responsible with the service provider of the platform for the data processing operations triggered during this visit. Joint controllership within the meaning of the GDPR arises in particular for

 

• the use of statistical information (e.g. likes, clicks, reach) at Meta (‘Facebook Insights’), whereby Meta provides us with data in anonymised form and it is not possible for us to draw conclusions about individual users or access individual user profiles. Further information can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data. grenke and Meta have concluded a so-called joint control agreement: https://www.facebook.com/legal/terms/page_controller_addendum.
• the use of statistical information (e.g. likes, clicks, reach) on LinkedIn (‘LinkedIn Analytics’), whereby LinkedIn only provides us with data in anonymised form via this service and conclusions about individual users and access to individual user profiles by grenke are not possible. grenke and LinkedIn have therefore concluded a so-called joint control agreement: https://legal.linkedin.com/pages-joint-controller-addendum.

 

5. To whom is my personal data passed on?

 

Your personal data will only be transferred to external recipients to the extent that it is necessary to achieve the above-mentioned purposes, if we have your consent for this or if there is another legal permission. If necessary, your data will be transferred to external service providers, which we use to achieve the above-mentioned purposes and with whom we have concluded an agreement on the processing of your data in accordance with Art. 28 para. 3 GDPR. External service providers we use only process your data for a specific purpose and within the scope of our instructions.

 

External recipients of your personal data may in particular be:

• Service providers bound by instructions that we use to achieve the purposes mentioned above;

• Business partners;

• Tax consultants and auditors as well as;

• Courts, arbitration tribunals, authorities or legal advisors if this is necessary to comply with applicable law or to assert, exercise or defend legal claims.

 

[For information on how Meta Ireland, as a provider of the Facebook platform, transfers your data within and outside the Meta group of companies, please see Facebook's data policy (https://de-de.facebook.com/about/privacy).]

 

[For information on how Google Ireland, as the provider of the YouTube platform, transfers your data within and outside the Google group of companies, please see Google Ireland's privacy policy (https://policies.google.com/privacy#infosharing).]

 

[For information on how New Work SE, as provider of the XING platform, transfers your data, please see Xing's data protection declaration (https://privacy.xing.com/en/privacy-policy).]

 

[For information about how LinkedIn Ireland transfers your data within and outside the LinkedIn group of companies, please see LinkedIn Ireland's privacy policy (https://www.linkedin.com/legal/privacy-policy).]

 

6. Data processing in third countries

 

If we transfer your data to locations outside the EU of the EEA (hereinafter referred to as “third countries”) in accordance with the above statements, we will ensure before passing on that, apart from exceptional cases permitted by law, either the recipient has an adequate level of data protection or you have consented to the data transfer. An appropriate level of data protection can be guaranteed, for example, by concluding EU standard contractual clauses, the existence of an adequacy decision by the EU Commission or so-called Binding Corporate Rules (BCR).

 

Data processing by [Meta Ireland, Google Ireland and LinkedIn Ireland] also regularly takes place in third countries such as the USA in particular.

[The Meta parent company Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to Meta Platforms, Inc. in the USA are therefore subject to the corresponding adequacy decision of the EU Commission in accordance with Art. 45 para. 3 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_de) covered.]

 

[Google parent company Google LLC is certified according to the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to Google LLC in the USA are therefore subject to the corresponding adequacy decision of the EU Commission in accordance with Art. 45 para. 3 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_de) covered.]

 

[The LinkedIn parent company LinkedIn Corporation is certified according to the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to LinkedIn Corporation in the USA are therefore subject to the corresponding adequacy decision of the EU Commission in accordance with Art. 45 para. 3 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_de) covered.]

 

In the event that the existing adequacy decision for the EU-US Data Privacy Framework is declared ineffective in the future, we have already agreed with the relevant service providers on additional transfer instruments, in particular EU standard contractual clauses, as a precautionary measure or will do so in a timely manner if necessary.

 

7. How long will my personal data be stored?

 

The data collected directly by us via the presences will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it or you revoke your consent to storage. Mandatory statutory provisions - in particular retention periods - remain unaffected.

 

We have no influence on the storage period of your data that is stored by the service providers of the platforms for their own purposes. For details, please contact the service providers of the platforms directly (see section 2 above).

 

8. Who can I contact to exercise my rights as a data subject?

 

In principle, you can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective platform (e.g. against Facebook or LinkedIn), although we would like to point out that these can be asserted most effectively with the service providers. Only the service providers have access to the user's data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you can contact us.

 

For further information, please refer to our general privacy policy at: https://www.grenke.com/en/data-protection-overview/

 

Status: 09 October 2024