The object of this privacy statement is the protection of personal data, which is particularly important to us. The following notes explain how we process your personal data. A possible processing takes place, of course, within the framework of the General Data Protection Regulation (GDPR). By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of which they are entitled.
The data protection declaration of the Postando GmbH is based on the European Legislator for the Adoption of the General Data Protection Regulation (GDPR). In this data protection declaration, we use, the following terms:
- a) Personal data
Personal data means any information pertaining to an identified or identifiable natural person (“data subject”).
- b) Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
- c) Processing
- d) Pseudonymisation
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the additional information provided that the personal data are not attributed to an identified or identifiable natural person.
- e) Controller or controller responsible for the processing
Controller or controller responsible for the processing of the person or public person, public authority, agency or other body which, alone or with others, determines the purposes and means of the processing of personal data.
Controller or controller responsible in the General Data Protection Regulation (GDPR)
- f) Processor
Processor is a natural or legal person, public authority, agency or other body.
- g) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
- h) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- i) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
1. Subject to data protection policy
The visit of our website or the use of our Postando Postcard App is possible without the specification of personal data.
The website of the Postando GmbH or the Postando Postcard App collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information.
When using these general data and information, the Postando GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
If you want to contact us via our contact form, however, we need your personal data, e.g. name, address, telephone number, or e-mail address to process your request. If data are collected in this context, this is solely for the purpose of processing your request. Your personal data will not be passed on to third parties unless this is necessary for the provision of the service or for the execution of the contract.
If you have installed our app and use until placing an order, it is necessary to collect, store and process certain user data (like email address, receiver address and payment type) to be able to provide our service.
2. Google Analytics, Firebase and cookies
The websites of Postando GmbH use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”. “Cookies” are text files that are stored on your computer and allow you to analyze your usage behaviour of the website.
The information about your usage behaviour generated with the help of the cookie is then transmitted to a Google Inc. server in the USA where it is stored. To ensure the greatest possible protection of your data, this website uses the IP anonymization tool “anonymizeIP”, which shortens your IP address prior to the transfer to the US in a way that the transmitted IP address does not permit to reveal any conclusions about your identity. For more information, please visit: https://support.google.com/analytics/answer/2763052?hl=en.
In exceptional cases, the full IP address may be transmitted to a Google server in the United States. The shortening then takes place there. On behalf of the operator of this website, Google will use this information to evaluate your website’s use behaviour to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator. The data transmitted in this context is only used for the evaluation of your usage behaviour and is not brought together with other data from Google. You can prevent the storage of cookies on your computer by using appropriate browser settings. However, we would like to draw your attention to the fact that in this case you will not be able to use all the functions of this website in its entirety.
If you do not wish that Google processes the data generated by the cookie, you can prevent it by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en.
We also use the Google Firebase service to analyze and categorize user groups to optimize our service and to inform via push notifications.
3. Facebook Pixel und SDK
Our website uses Facebook pixels and our app uses the Facebook SDK for the conversion of visitors’ campaigns.
With your consent, which you have given by confirming the appropriate button in a pop-up window on our homepage,
“Our website uses Facebook pixels for the conversion of visitors campaigns. By using this website you agree to the use of the Facebook’s visitor action pixel.”
we use the “visitor action pixel” of the
Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”)
within our Internet presence.
This tool allows to track users’ behaviour after being redirected to the vendor’s website by clicking on a Facebook ad. This enables Facebook to evaluate the effectiveness of Facebook advertising and to evaluate the results for statistical and market research purposes. This allows future advertising measures to be optimized.
The collected data are anonymous for us. Therefore we cannot draw any conclusions about the identity of the users. However, Facebook’s data is stored and processed so that it can be connected to the respective user profile and Facebook can use the data for its own advertising purposes, according to the Facebook data guideline. This can be found at the following link: https://www.facebook.com/about/privacy/.
You can enable Facebook as well as its partners to turn advertising ads on and off Facebook. For this purpose, a cookie can be stored on your computer.
A consent to the use of the “visitor action pixel” may only be declared by users older than 13 years of age. Younger users need to ask their educators for their consent.
4. Subscription to our newsletters
On the website of the Postando GmbH or within the Postando Postcard App, users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.
The Postando GmbH informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter.
The newsletter of the Postando GmbH contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Postando GmbH may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties.
5. Contact possibility via the website or app
The website of the Postando GmbH or the Postando Postcard App contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
6. Comments function in the blog on the website
The Postando GmbH offers users the possibility to leave individual comments on individual blog contributions on a blog, which is on the website of the controller. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented by third parties.
If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information on the date of the commentary and on the user’s (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons, and in case the data subject violates the rights of third parties, or posts illegal content through a given comment. The storage of these personal data is, therefore, in the own interest of the data controller, so that he can exculpate in the event of an infringement. This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the aim of the defense of the data controller.
7. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
8. Rights of the data subject
Each data subject shall have the right granted by the European legislator;
- to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed
- to obtain from the controller free information about his or her personal data stored at any time and a copy of this information
- to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her
- to obtain from the controller the erasure of personal data concerning him or her without undue delay whenever no lega grounds applies and as long as the processing is not necessary
- to obtain from the controller restriction of processing where a legal ground applies
- to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format
- to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions
- to withdraw his or her consent to processing of his or her personal data at any time
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact an employee of the Postando GmbH.
9. Data protection for applications and the application procedures
The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure.
10. Payment Method: Data protection provisions about the use of PayPal, direct banking or credit card as a payment processor
On this website or in the Postando Postcard App, the controller has integrated components of PayPal, direct banking or the payment via credit card and Apple Pay with Stripe.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
The European operating company for the transaction of payments with direct banking, Apple Pay and credit card is Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.
If the data subject chooses “PayPal”, “direct banking“, “Apple Pay“ or “credit card” as the payment option during the ordering process, we will automatically transfer the data to the data subject to PayPal, direct banking, Stripe or the respective credit card provider (eg VISA or Mastercard ). By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.