Privacy policy

Privacy Statement

This Privacy Statement applies to the processing of your data, namely your personal data, via the website “www.wlrfaq.com”, including all ancillary and sub-pages (platform). Whitelabelrevenue AG (“Operator”) is responsible for the data processing. The complete contact details can be found under company information. The platform serves the purpose of presenting the Operator's company online. You can access the content of this Privacy Statement at any time via the subpage of the same name on the platform and also save or print it via the corresponding function on your Internet browser.


1. Preliminary Remarks

The Operator takes the protection of your data seriously and adheres to the laws on data protection. These laws serve to protect natural persons and the processing of their personal data. Personal data is any information relating to an identified or identifiable natural person. Such data will only be processed to the extent necessary to provide and improve the platform. Processing for making improvements and providing services shall only take place if this is stated below or if it is stated where consent is required, or if it is ordered by governmental authorities or courts or otherwise provided for by law. The data is processed by the Operator, or by processors on behalf of the Operator, only in Member States of the European Union (EU). In particular, the Internet servers used by the Operator for data processing are located in the EU Member States. A transfer to a third country or an international organization will not generally occur.

In order to keep your loading times as short as possible, we use a Content Delivery Network (“CDN”), in which certain elements of our website are delivered via web servers of a CDN provider who works for us as part of order processing. Access data is therefore also collected on the CDN provider's web servers.

All access data is stored for a period of 7 days. This data is used exclusively to ensure trouble-free operation of the website, error analysis and to improve our services. The use of a CDN provider as well as the procedure described here serves to safeguard our predominantly legitimate interests in a correct presentation of our offer within the framework of a balancing of interests pursuant to Art. 6 Para. 1 lit. f of the GDPR.


2. Data Processing

Your data will only be processed in a type-independent manner, i.e. the data type that you leave without any specifications being entered in a form when you visit the platform. In particular, this may involve your IP address and statistical data. As far as technically possible, personal data is transmitted in encrypted form by the Operator.

a) Cookies

The platform uses so-called cookies. These are small text files or simple entries in a database that your browser stores. The data in the cookies can only be read out again by the platform that has saved them. Cookies are used to make Internet pages more user-friendly and secure. Cookies, which contain personal data, are only stored or read via an encrypted connection. The platform uses so-called session cookies. Such cookies can be used, for example, to ensure that no other user can access the data you have entered in a form or stored in any customer account. Session cookies are deleted after the end of each visit to the platform, for example when you close your browser. The data will not be processed for other purposes and will not be passed on to third parties. The cookies used by the platform do not cause any damage to your end device (e.g. computer/tablet), in particular they do not contain any viruses. You may refuse the use of cookies by selecting the appropriate settings on your browser, in which case you may no longer be able to use the full functionality of the platform. The same applies to the deletion of stored cookies.

b) Web analytics

The platform uses Google Analytics, a web analysis service of Google LLC based in the USA (Google). Google is certified under the Privacy Shield, a data protection agreement between the EU and the USA, and processes the data to be analyzed on our behalf. Google Analytics also uses cookies to enable an analysis of the usage of the platform. The information generated by the cookie about your use of the platform will generally be transmitted to and stored by Google on servers in the United States. However, we have enabled IP anonymization so that your IP address will be truncated within Member States of the European Union (EU) or other countries party to the Agreement on the European Economic Area (EEA) before it is transferred to the United States. Google will process this information on our behalf in order to evaluate your use of the platform, to compile reports on the activities on the platform and to provide us with other services associated with the use of the platform and the Internet. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. The cookie and thus any relation to your activities on the platform will be deleted two years after your last visit. In addition, you can prevent Google from collecting the data generated by the cookie and related to your Internet use (including your IP address) as well as from processing this data by downloading and installing the browser plug-in available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

If Google Analytics is integrated, you can also prevent the collection of your data by Google Analytics by clicking on the following link. In this case, no browser plugin is downloaded and installed, but an opt-out cookie is set, which prevents the collection of your data when you visit the platform:

Google Analytics deaktivieren

This of course requires that you do not prevent the storage of cookies with the appropriate setting in your browser or delete the Opt Out cookie. Further information on data processing by Google Analytics can be found in Google's privacy policy:

https://policies.google.com/privacy?hl=en

c) Access protocol

In order to guarantee the security and functionality of the platform (e.g. defence against attacks), an access protocol (log file) is created on the Operator's servers. The access protocol stores data regarding access to the platform. This is the data that is transferred to the platform when your browser establishes a connection. This includes your IP address, the time of access, which address (URL) was accessed, whether the access was successful and how large the data transmitted by the server was. If your browser transmits the respective data, the previous address (referrer) as well as information about your operating system and browser (e.g. version) will also be saved; you can prevent the transmission of this data using the settings of your browser if necessary. The log files are deleted at regular intervals, at the latest by the end of the next calendar month. The log files are evaluated statistically beforehand if necessary. The logged data is stored separately from other data that you leave on the platform and is not merged with the other data. The data will not be passed on to third parties and will not be used for any other purposes. The statistical evaluation of the log files does not allow any identification of your person.

d) Embedded content

(aa) Google Fonts

The portal partially embeds content from Google (Google Fonts). These contents are therefore not delivered via the Operator's servers, but via the servers of Google LLC, which is based in the USA (Google). Google is certified under the Privacy Shield. When displaying and using the embedded content, your IP address is transmitted to Google. Without the transmission of your IP address, the embedded contents cannot be retrieved by your browser. In addition, your browser may transfer additional data to the Google servers (for example, your location if you use the appropriate function), over which the Operator has no control. The same applies to cookies, which can be set by Google to make the content more user-friendly and secure. Such cookies cannot be read by the Operator. For more information about Google's data processing and your rights with respect to Google, please see Google's privacy policy:

https://policies.google.com/privacy?hl=en

(bb) Static files at Amazon S3

Some static files, such as images, are stored by the Operator in the cloud services of Amazon S3 (the data center is located in Ireland). When the page is opened, these files are loaded from Amazon's cloud services. Amazon's privacy policy can be found here: Amazon’s Privacy Policy

(cc) Integration of social-media buttons

The Operator uses social plugins from the bookmarking service ShareThis Inc, 250 Cambridge Avenue, Palo Alto, CA 94306, USA. These plugins allow users to bookmark and post or share content on social networks (e.g. Twitter, Facebook or Google+).

If a user uses one of these ShareThis functions while logged in to the corresponding service (e.g. Twitter, Facebook or Google+), the visit to the Operator's website can be assigned to the respective user account. ShareThis itself does not receive any personal data of the user, but keeps anonymous usage statistics about the shared content. This data is regularly deleted there. Further information about data collection, the evaluation and processing of your data by ShareThis.Inc as well as your related rights can be found in the ShareThis Privacy Policy.


3. Legal bases

The legal regulations for data protection are found, in particular, in the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). As of May 25, 2018, however, the General Data Protection Regulation (GDPR) has precedence. The legal basis for data processing is the protection of the legitimate interests of the Operator (Art. 6 Para. Letter f GDPR). This includes the economic interest in operating the platform, in particular the presentation of the Operator's company online. There is no automated decision-making or profiling within the meaning of Art. 22 GDPR.


4. Your rights

If you have been affected by your personal data being processed, you have enforceable rights vis-a-vis the party responsible for the data processing according to the data protection regulations. You can contact the Operator at any time to assert these rights, for example by e-mail to the address given at the beginning. The same applies to other questions regarding data protection by the Operator. In addition to the Operator, the Operator’s data protection officer is also available to you: Mr. Daniel Raimer, attorney-at-law, from the Daniel Raimer Law Firm in Düsseldorf, Germany; you can find the contact details of the data protection officer under the section on Company Information (German) at:


1. Right of Withdrawal

You have the right to revoke your consent to data processing at any time. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of your consent up to the time of revocation.


2. Right to Object

You have the right, for reasons arising from your particular situation, to object, at any time, to the processing of personal data concerning you that is necessary for the performance of a task in the public interest or for the safeguarding of the legitimate interests of the Operator. The Operator will then no longer process the personal data unless the Operator can prove compelling reasons for processing that are worthy of protection and that outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If your data is processed for the purposes of direct advertising, you have the right to object at any time to data processing for the purposes of such advertising. If you object to the processing of your data for purposes of direct marketing, your personal data will no longer be processed for these purposes.


3. Right to Appeal

You have the right to file a complaint with a supervisory authority if you are of the opinion that the processing of your personal data violates statutory provisions. The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI), Kavalleriestr. 2-4, 40213 Düsseldorf, Germany, e-mail: poststelle@ldi.nrw.de, is responsible for the territory in which the Operator’s registered office is located. The complete contact details of the LDI can be found on the corresponding Internet page at www.ldi.nrw.de . This is without prejudice to your right to file a complaint with any other supervisory authority, in particular in the Member State in which you are staying, your place of work or the place where the alleged infringement was committed. Furthermore, the right of appeal does not prejudice any other administrative or judicial remedies.


4. Right to Information

You have the right to ask the Operator to certify whether personal data concerning you is being processed; if so, you have the right to access such data and the following information: (a) the purposes for which it is being processed; (b) the categories of personal data being processed; (c) the recipients or categories of recipients to whom the data has been or will be disclosed; (d) the intended duration for which the data will be retained or, if that is not possible, the criteria for determining that duration; (e) your rights under data protection legislation; (f) if the data is not collected from you, any available information about the origin of the data; (g) the existence of automated decision-making including profiling and meaningful information about it. Most of the information can already be found in this Privacy Statement. In addition, you can of course contact the Operator at any time, for example by e-mail to the address given at the beginning. Upon request, the Operator shall provide you with a copy of the personal data that is the subject of the processing. This will take place, however, only insofar as the rights and freedoms of other persons are not affected. If you submit the application electronically, the information will be made available to you in a common electronic format, unless you indicate otherwise.


5. Right to Rectification

You have the right to demand that the Operator immediately rectify any incorrect personal data concerning you. In addition, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.


6. Right to Erasure

You have the right to request that the Operator delete any personal data concerning you immediately, and the Operator is obliged to delete this data immediately if one of the following reasons applies: (a) the data is no longer necessary for the purposes for which it was collected or otherwise processed; (b) you revoke the consent on which the processing was based and there is no other legal basis for the processing; (c) you object to the processing and there are no overriding legitimate interests for the processing or your objection concerns direct marketing; (d) your personal data has been processed unlawfully; (e) the deletion is necessary to comply with a legal obligation to which the Operator is subject; or (f) the data has been collected on the basis of the consent of a child when an information society service was offered directly to that child.

However, the right to erasure shall not apply where processing is necessary: (a) to exercise the right to freedom of expression and information; (b) to fulfil a legal obligation; (c) to perform a task which is in the public interest; or (d) to assert, exercise or defend legal claims. In this respect, you can request that your data be blocked if necessary.


7. Right to Block

You have the right to request that the Operator restrict (block) the processing of your personal data if one of the following conditions is met: (a) the accuracy of your personal data is contested by you for a period of time which enables the Operator to verify the accuracy of this data; (b) the processing is unlawful and you refuse to delete your data and instead request the restriction of the use of your data; (c) the Operator no longer needs the personal data for the purposes of the processing, but you need it for the assertion, exercise or defence of legal claims; or (d) you have objected to the processing of your data, but it is not yet clear whether the legitimate reasons of the Operator outweigh yours; there is no need to weigh legitimate reasons in the case of an objection to the processing for direct marketing purposes.

If processing has been restricted, your personal data - apart from storage - may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another person or for reasons of an important public interest. If the processing of your data has been restricted, you will be informed by the Operator before the restriction is lifted.


8. Right to Data Portability

You have the right to receive the personal data that you have provided to the Operator in a structured, common and machine-readable format and you have the right to transfer this data to another controller without interference by the Operator, provided that the processing is based on your consent or on a contract between you and the Operator and the processing is carried out using automated procedures. In this respect, you have the right to have your personal data transmitted directly by the Operator to another controller, as far as this is technically feasible and the rights and freedoms of other persons are not impaired. Your right to erasure remains unaffected. This right shall not apply to processing necessary for the performance of a task carried out in the public interest.


9. Miscellaneous

The Operator informs all recipients, to whom your data has been disclosed, of any rectification or erasure of your personal data or a restriction of the processing of your data, unless this proves to be impossible or involves disproportionate effort. The Operator shall inform you of these recipients if you so request.

If the Operator has made the personal data public and is obliged to delete it, the Operator shall take appropriate measures, taking into account the available technology and implementation costs, to inform third parties processing your personal data that you have requested the deletion of all links to this data or copies of the data.


5. Concluding Remarks

Taking into account the nature, scope, circumstances and purposes of the processing, as well as the different likelihood and severity of the risks to your rights and freedoms, the Operator uses appropriate technical and organizational measures to ensure that the data processing is carried out in accordance with legal provisions. The measures are taken under consideration of the current state of technology and include, in particular, an encryption of your data. In addition, your data will be organizationally separated from other data. The equipment and systems on which the data is processed are protected against unauthorized access both physically and digitally. In particular, the Operator's servers are password protected. Through regularly testing and updating of the software used, the Operator prevents security gaps that could allow misuse of your data. Only the persons subordinate to the Operator (employees), who need this for the fulfilment of their tasks, receive access to personal data, and only to the extent necessary in each case. The Operator's employees are instructed in data processing in advance and are obliged to maintain confidentiality. Regular backups protect the data from loss and can be restored at any time. The presetting of the systems ensures that, in principle, only personal data the processing of which is necessary for the respective processing purposes is processed. This implements data protection principles such as data minimization. In addition, the Operator ensures the confidentiality, integrity, availability and resilience of the systems through technical and organizational measures. Compliance with data protection regulations is checked regularly and the measures updated if necessary.