Date: September 2022
The following Policy describes how and for what purpose astora GmbH, Karthäuserstr.4, 34117 Kassel (hereinafter also “we”) processes personal data in connection with the social media channels it operates.
You can reach our data protection officer at the above address, attn: data protection officer, or at email@example.com.
1. Responsibility for Data Processing
We, astora GmbH, have a social media account on the network of LinkedIn. As operator of this channel we are, together with the network operator
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland, in the following: LinkedIn
data controller in terms of Art. 4 No. 7 of the General Data Protection Regulation (GDPR).
As joint controllers for this channel, we have entered into agreements with the network operator, which, among other things, regulate the conditions for the use of the channel and similar appearances. The following agreement is applicable:
LinkedIn – Data Processing Agreement
When visiting our social media sites, personal data of the site visitors are processed by the controllers as follows.
2. Use of Insights, Analyses and Cookies
In the context of our social media channel operations, we use the analysis functions provided by the network operator to obtain aggregated statistical evaluations on the use of our social media channel.
For this purpose, cookies and similar technologies such as Tracking-Pixel are used by the network operator and a unique personal identifier is created in each case. The identifier can be linked to the data of users who are registered with the social media platform.
3. Purposes of Processing
The processing of this information should, on the one hand, enable the network operator to improve their system of advertising which they disseminate through their networks. On the other hand, it is also intended to enable us, as the operator of the social media channels, to obtain statistics which are compiled on the basis of visits to our social media channels. This is intended to control the marketing of our activities. For example, it enables us to understand trends in the profiles of visitors who value our social media channels or use applications of the sites to provide them with more relevant content and develop features that may be of greater interest to them.
To help us better understand how our social media sites can be used to support our business objectives, demographic and geographic analyses are also prepared and made available to us based on the information collected. For example, we may use this information to serve targeted interest-based advertisements. However, we do not obtain direct knowledge of the identity of the visitor in this process. If visitors use social media services on several end devices, the collection and evaluation can also be carried out across devices and platforms, if the visitors are registered and logged in to their own profiles.
Visitor statistics are only transmitted to us in anonymised form and we have no access to the underlying data.
We use our social media channel to communicate with our customers, interested parties and users and to inform them about our range of services. In this context, we may receive additional information, e.g. due to user comments, private messages or due to you following us or sharing our content. This information is processed solely for the purpose of communication and interaction with you.
4. Legal Basis and Legitimate Interests
We operate our social media channels in order to present ourselves to the users of these platforms and other interested persons who visit our social media channel and to communicate with them. The processing of users’ personal data is carried out on the basis of our legitimate interests in an optimised presentation of our company and services (Art. 6 para. 1 sentence 1 lit. f GDPR), as well as on the basis of pre-contractual steps with the interested parties (Art. 6 para. 1 p. 1 lit. b DSGVO).
5. Transfer of Data
For LinkedIn it is possible that some of the information collected is also processed outside the European Union in the United States of America (USA).
The USA are a so-called unsafe third country. A third country is considered to be unsafe if the EU Commission has not issued an adequacy decision for this state in accordance with sec. 45 para. 1 GDPR, which confirms that the country provides an adequate protection for personal data.
With the ECJ ruling of 16 July 2020 (C-311/18), the (partial) adequacy decision for the USA, the so-called Privacy Shield, was declared void. The USA does not offer a level of data protection comparable to that in the EU. The following risks exist when personal data is transferred to the USA: There is a risk that U.S. authorities may gain access to personal data on the basis of the PRISM and UPSTREAM surveillance programs based on Section 702 of the FISA (Foreign Intelligence Surveillance Act), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens do not have effective remedies for legal protection against such accesses in the USA or the EU.
LinkedIn transfers data to LinkedIn Corporation 1000 W Maude Ave Sunnyvale, CA, USA based on Standard Contractual Clauses approved by the European Commission. We have no control over these processing operations. We ourselves do not share any personal information obtained through our LinkedIn profile.
6. Essence of Joint Responsibility / Assertaion of Data Subject Rights
The agreement we have entered into with LinkedIn states that LinkedIn will inform us as soon as data subject exercise their data subject rights (Art. 15 – 22 GDPR). LinkedIn will assist in responding to requests for information. You can enforce your data subject rights against us and LinkedIn.
7. Right to Object
In particular, you have the following possibilities to enforce your right to object:
LinkedIn: you can object to the processing by LinkedIn.
Further settings can be made using the Data Processing Restriction and Objection.
8. Further Information and Contact Data
Further information on our contact details, data subject rights towards us and how personal data is processed by us can be found in the Privacy Information on our website. You can reach our data protection officer at astora GmbH, attn: data protection officer, Karthäuserstr.4, 34117 Kassel or at firstname.lastname@example.org.