The protection of personal data is of great importance to us. The collection of user data takes place within the framework of legal regulations. Technical and organizational measures are in place to ensure compliance with data protection regulations.
Data protection information for users of the website
We, Ideastag would like to explain below what data we process from you on this website and how. If you have any questions about data protection, please contact us.
We process your data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and California Online Privacy Protection Act (CalOPPA) and the California Consumer Privacy Act (CCPA).
First of all, we would like to inform you about your rights as a data subject.
These rights are standardized in Art. 15 – 22 GDPR. This includes:
- The right to information (Art. 15 GDPR),
- The right to erasure (Art. 17 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 EU GDPR),
- The right to restriction of data processing (Art. 18 GDPR),
- The right to object to data processing (Art. 21 GDPR).
To assert these rights, please contact us. The same applies if you have questions about data processing in our company or would like to revoke a granted consent. You also have the right to lodge a complaint with a data protection supervisory authority.
Right to object
Please note the following in connection with rights of objection:
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made form-free, preferably using our contact form.
In the event that we process your data for the protection of legitimate interests, you may object to this processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
California Specific Rights
If you are a California resident, you have the following rights:
You have the right to:
- request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell.
- request that we delete personal information that we collect from you, subject to applicable legal exceptions.
- “opt out” of the “sale” of your “personal information” to “third parties”
In addition under California’s “Shine the Light” law, California residents who provide personal information (as defined in the statute) to obtain services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain the information about data we hold about you or to effect the opt out, please contact us.
Do Not Track
Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.
Do Not Sell My Personal Information
We do not sell information that directly identifies you, like your name, address, banking information, or phone records. In fact, we do not even share that type of information except with service providers who can use the information solely to provide a service on our behalf, when a consumer directs us to share the information. If applicable, you can choose whether you want this sharing or not. Remember, we don’t sell data that directly identifies you unless we have your explicit permission, no matter what choice you make. To make your choices, please contact us.
What are the relevant legal bases for processing your data?
The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Contract – This is where we process your information to fulfill a contractual arrangement we have made with you.
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights.
Purposes of processing
- you have given your express consent to this,
- the processing is necessary for the performance of a contract with you,
- processing is necessary to comply with a legal obligation,
- the processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
If you contact us with questions of any kind, you give us your voluntary consent. In order to do so, you must provide a valid e-mail address and your name. This is used for the allocation of the enquiry and the subsequent reply to it. The provision of further data is optional. The information you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions.
Collection of general information when visiting our website
When you access our website, information of a general nature may be collected automatically by means of a cookie. This information (server log files) may include the type of web browser, the operating system used, the domain name of your internet service provider and similar. This is exclusively information that does not allow any conclusions to be drawn about your person.
This information is technically necessary in order to correctly deliver the contents of web pages requested by you and is compulsory when using the Internet. In particular, it is processed for the following purposes:
- ensuring a smooth connection setup of the website,
- ensuring the smooth use of our website,
- evaluating system security and stability, and
- for other administrative purposes.
The processing of your personal data is based on our legitimate interest from the aforementioned data collection purposes. We do not use your data to draw conclusions about your person. Recipients of the data are only the responsible body and, if applicable, order processors.
Anonymous information of this kind may be statistically evaluated by us in order to optimize our website and the technology behind it.
Registration on our website
When you register to use our services, some personal data is collected, such as your name, address, contact and communication details such as telephone number and email address. If you are registered with us, you can access content and services that we only offer to registered users. The “Name” field is required as well as public, and user profiles are visible to any site visitor. Other profile information may be required or optional, as configured by the site administrator. Registered users also have the option of changing or deleting the data provided during registration at any time, if necessary. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will also be happy to correct or delete this data at your request, provided there are no legal obligations to retain data. To contact us in this context, please contact us.
This site records certain user actions, in the form of “activity” data. Activity includes updates and comments posted directly to activity streams, as well as descriptions of other actions performed while using the site, such as new friendships, newly joined groups, and profile updates.
The content of activity items obey the same privacy rules as the contexts in which the activity items are created. For example, activity updates created in a user’s profile is publicly visible, while activity items generated in a private group are visible only to members of that group. Site administrators can view all activity items, regardless of context.
Activity items may be deleted at any time by users who created them. Site administrators can edit all activity items.
The content of private messages is visible only to the sender and the recipients of the message. With the exception of site administrators, who can read all private messages, private message content is never visible to other users or site visitors. Site administrators may delete the content of any message.
Although the sending and receiving of messages via the Service is secured, in all circumstances the user bears the responsibility for ensuring that the recipient(s) is/are authorized to receive potentially sensitive information of a private nature. Therefore, users bear the responsibility and liability for any information they send to other users. We do not accept any responsibility or liability for sensitive information of a private nature sent by users without the necessary authorization using the Service.
Blog and Profile Data
Within the Blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. Content and data is publicly viewable. You have choices about the information on your profile. You don’t have to provide additional information on your profile; however, profile information helps you to get more from our Services,. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available.
Storage period of the data
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data continue to be stored. This applies in particular to retention obligations under commercial or tax law. If there are no further storage obligations, the data is routinely deleted after the purpose has been achieved.
In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the framework of statutory limitation periods.
Secure transmission of your data
In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.
The exchange of data to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols.
When do we disclose your Personal Data?
We may share your information with organizations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider process your personal data, please follow the link embedded in the above mentioned providers name.
Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, in accordance with Art. 6 para. 1 lit. b) GDPR. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called “processing agreement”.
In relation to meta data obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimization of our website which is subject to our Cookies Policy.
We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
Remarketing and Behavioral Targeting
These types of services allow us to analyze how www.ideastag.com has been used in a user’s previous sessions in order to target, optimize and deploy advertising.
This activity is facilitated by tracking usage data and the use of trackers that collect information which is then transmitted to the partners who manage the remarketing and behavioral targeting activities. Some services offer a remarketing option based on email address lists.
In addition to any opt-out options offered by each of the services listed below, users may opt-out via the Network Advertising Initiative opt-out page. Users may also opt-out of certain advertising features through appropriate device settings, such as device advertising settings for mobile phones or advertising settings in general.
Remarketing with Google Analytics (Google Inc.)
Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google LLC or by Google Ireland Limited, depending on the location from which www.ideastag.com is accessed, which combines the tracking activities of Google Analytics and its cookies with the Google Ads advertising network and the “Adsense” cookie.
Personal data processed: Cookie; Usage data.
Facebook Remarketing (Facebook, Inc.)
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects activity taking place through www.ideastag.com to the Facebook ad network.
Personal data processed: Cookie; Usage data.
Facebook Custom Audience (Facebook, Inc.)
Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects activity taking place through www.ideastag.com to the Facebook ad network.
Personal data processed: Cookie; Email.
Google Ads Remarketing (Google LLC)
Personal data processed: Cookie; Usage data.
Integration Of Services And Contents Of Third Parties
We use within our online offer on the basis of our legitimate interests, content or services offered by third-party providers in order to integrate their content and services.
This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content and we endeavor to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer we use Google Analytics. The information generated about the use of the website by the user is usually transferred to Google Analytics and stored there.
Google Analytics will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google Analytics server shortened there.
The IP address transmitted by the user’s browser will not be merged with other data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of the online offer.
Individual(s) or companies that have been approved by us as a recipient of organizational PII (Personal Identifiable Information) and from which Ideastag has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to Ideastag and include proposed Commercial Partners. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.
All new hires entering Ideastag who may have access to PII are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive annual training regarding the security and protection of PII data and company proprietary data.
Ideastag conducts audits of PII information maintained by Ideastag in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.
Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, Ideastag will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible.
Confirmation of Confidentiality
All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that that such PII is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this company requirement.
Violations of PII Policies and Procedures
Ideastag views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under Ideastag`s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in Ideastag`s PII onboarding and refresher training to reinforce Ideastag`s continuing commitment to ensuring that this data is protected by the highest standards.
Online presences in social media
We maintain online presences in Facebook, Twitter, Instagram, Linked In on the basis of our legitimate interests and in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Social Media Functions and Widgets
Within our online offer, functions and widgets of Facebook, Twitter, Instagram, Linked In are integrated. When you click on or use any of those functions and widgets, your browser establishes a direct connection to Facebook, Twitter, Instagram, Linked In. The function or widget then transmits log data to Facebook, Twitter, Instagram, Linked In. This log data may contain your IP address, the address of the visited websites, type and settings of the browser, date and time of the request, your usage of Facebook, Twitter, Instagram, Linked In ,as well as cookies. Those may also include the display of our post, the link to our profile, the possibility to interact with the posts and functions, as well as to measure users reach (so-called conversion measurement).
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.