Data protection
Data Protection Statement for Use
of the Online Offer of ad-media GmbH
This Data Protection Statement informs the user of the nature, scope and purpose of the collection and the use of personal data in our Online Offer and the related websites, functions and contents and our external online presences such as our social media profile (hereinafter referred to as “Online Offer”).
This Data Protection Statement exists in the German and English languages. If you wish to have another language, please write us an e-mail at info@ad-media.de.
1. Responsible authority
The responsible authority for the collection, processing and use of personal data in the sense of the German Federal Data Protection Act is ad-media GmbH (hereinafter referred to as “ad-media”). If you wish to object to the collection, processing and utilization of your data by ad-media in accordance with these general data protection regulations as a whole or to individual measures, you can send your objection by e-mail, fax or letter to the following contact data:
Name/company: | ad-media GmbH |
Street No.: | Industriestrasse 180 |
Postal code, place, country: | 50999 Köln, Germany |
Telephone number: | +49 2236 962390 |
Fax number: | +49 2236 962396 |
e-mail address: | info@ad-media.de |
Data protection officer:
Name: | Ben Green Consultancy UG |
e-mail address: | datenschutz@ad-media.de |
Furthermore, you can of course receive information from us about the data stored by us, at any time, free of charge.
2. Collection, processing and use of personal data
2.1 Collection, access data and logfiles
When you visit our website, even without entering your data in our web form or shop, we collect the following data for technical reasons: name of the website accessed, file, date and time of the visit, the quantity of transmitted data, notification of successful retrieval, type of browser, including the version, the operating system of the user, the referrer URL (the previously visited site), the IP address and the access provider.
These data are separately processed from other data. Processing of these data together with other personal data of yours does not take place. An allocation of these data to a particular person is impossible for us.
Temporary processing of the data by the system is necessary to enable delivery of the contents of our internet page to your computer. To do this, your IP address must be stored for the duration of the session. Storage in logfiles takes place in order to ensure the functionality of the website. The data, moreover, serve to optimize our offer and of the website and to ensure the security of our information systems. In this context, an evaluation of the data for marketing purposes does not take place.
Temporary storage of the data and the logfiles takes place on the basis of the lawfulness of Art. 6 (1) (f) GDPR. Our overriding legitimate interest in this data processing are the afore-mentioned purposes. We have concluded an order processing agreement with our provider (Art. 28 GDPR).
We delete the data after the respective session has ended. In case of storage of the data in logfiles, deletion takes place at the latest after 7 days. Storage beyond this time is possible. In such a case, however, your IP address will be deleted or alienated so that an allocation to the visiting client is no longer possible.
2.2 Contact
You can contact us at the e-mail address made available to you by fax or by telephone. In such a case your personal data, transmitted by the e-mail, fax or telephone, will be stored. When you fill out a form on our website, we will collect the data you have requested in the form.
We process these data as pre-contractual measure (in case of inquiries, interest) with a view to a possible conclusion of a contract or for performance of a contract (should you place an order, accept an offer), in each case in accordance with Art. 6 (1) (b) GDPR).
Fax data are stored separately from printed data in the memory of the device. After the fax is printed, the occupied memory space is again freed so that the next fax can be received and stored there. Parts of the fax may remain temporarily in the memory of the device until overwritten by the next incoming fax. This results generally in automatic deletion of the data after one week. The transmittal report with proof on the first page remains temporarily in the memory of the device until overwritten/deleted by the next transmittal report or by separating the device from power supply for several days and/or backspacing.
When a telephone call comes in or is made by us, your telephone number or your name/company name that you have provided to your telephone provider as well as the date and time of the call are stored in a so-called ring memory of our telephone system which overwrites the oldest data with new data. Generally, this results in automatic deletion in the telephone system, at the latest after three months.
If only an inquiry is received, i.e., no order is concluded, we delete the data after a reasonable time, when we can assume that you have no interest in our services in the future and do not wish to receive offers, which is generally three years at the end of the calendar year in which the rejection/negative response took place. Continued storage then takes place based on our legitimate interest-based advertising in accordance with Art. 6 (1) (f) GDPR. If the correspondence is to be regarded as commercial letter, we are in this regard subject to a safekeeping responsibility of six years. If there is reason to assume that, following a correspondence, proof of this will have to be provided, we will store the data up to the regular limitation period for claims, i.e., generally for three years at the end of the calendar year in which the correspondence took place. The personal data collected by us for retention/commissioning will be stored by us for at least until the end of the legal retention obligation for lawyers (six years at the end of the calendar year in which the retention ended).
Something else may in each case apply when we, in accordance with Art. 6 (1) (c) GDPR are obligated to longer storage due to fiscal and commercial retention obligations (under the German Commercial Code “HGB”, the German Criminal Code “StGB”, the German tax code “AO” or similar, for generally six or ten years) or you have consented to storage in accordance with Art. 6 (1) (a) GDPR beyond that time. We store the data in any case for as long as claims under the contract, the consultation, the correspondence and/or the customer relations can be asserted, i.e., at the end of the statute of limitation. The general limitation period in accordance with Art. 195 German Civil Code “BGB” is three (3) years. Certain claims such as claims for damages, however, become time-barred only after 30 years (cf. Art. 197 BGB). If there is a justified reason to assume that this is relevant in a particular case, we will store the personal data for that period of time. The specified periods of limitation begin at the end of the year (i.e., on 31 December) during which the claim has arisen and during which the creditor has gained knowledge of the justified circumstances and the name of the debtor or should have gained knowledge without gross negligence.
2.3a Commissioning of advertisement orders, journal subscriptions, Buyers Guide, Company Channel, special reprints, books and Concrete pens
We use the data provided by you for orders for advertisements, subscriptions, Buyers Guide, Company Channel or for ordering goods such as special reprints, books and Concrete pens for performing and processing your order. The legal basis for this is Art. 6 (b) GDPR.
Your data are passed on to the commissioned e-mail service provider when the goods are delivered, if necessary for delivery of the goods. For processing payments, we pass on your payment details to the financial institution/company commissioned to process the payment. These institutions/companies are permitted to use your data only for processing the order and not for other purposes.
Duration of storage: If only an inquiry is received, i.e., no order is concluded, we delete the data after a reasonable time, when we can assume that you have no interest in our services in the future and do not wish to receive offers, which is generally three years at the end of the calendar year in which the rejection/negative response took place. Continued storage then takes place based on our legitimate interest-based advertising in accordance with Art. 6 (1) (f) GDPR. If the correspondence is to be regarded as commercial letter, we are in this regard subject to a safekeeping responsibility of six years. If there is reason to assume that, following a correspondence, proof of this will have to be provided, we will store the data up to the regular limitation period for claims, i.e., generally for three years at the end of the calendar year in which the correspondence took place. The personal data collected by us for retention/commissioning will be stored by us for at least until the end of the legal retention obligation for lawyers (six years at the end of the calendar year in which the retention ended).
Something else may in each case apply when we, in accordance with Art. 6 (1) (c) GDPR are obligated to longer storage due to fiscal and commercial retention obligations (under the German Commercial Code “HGB,” the German Criminal Code “StGB,” the German tax code “AO” or similar, for generally six or ten years) or you have consented to storage in accordance with Art. 6 (1) (a) GDPR beyond that time. We store the data in any case for as long as claims under the contract, the consultation, the correspondence and/or the customer relations can be asserted, i.e., at the end of the statute of limitation. The general limitation period in accordance with Art. 195 German Civil Code BGB is three (3) years. Certain claims such as claims for damages, however, become time-barred only after 30 years (cf. Art. 197 BGB. If there is a justified reason to assume that this is relevant in a particular case, we will store the personal data for that period of time. The stated periods of limitation begin at the end of the year (i.e., on 31 December) during which the claim has arisen and during which the creditor has gained knowledge of the justified circumstances and the name of the debtor or should have gained knowledge without gross negligence.
2.3b Orders concluded with exhibitors of our events
We use the data you provided us with for the exhibitor contract exclusively for performing and processing your registration and for the exhibitor contract.
The legal basis for processing is Art. 6 (1) (b) GDPR (initiation of and/or performance of a contract).
Disclosure of the data: We pass on your data to our sub-contractors and/or commissioned service providers to the required and reasonable extent when this is necessary for performing and/or appropriate for performing the contract (e.g. planning and carrying out the event). In some cases, external service providers (e-mail-handling service providers for sending advertising materials, service providers for internet hosting as well as software suppliers) support our specialist departments in performing their tasks. We have concluded the necessary data protection contracts with all of these service providers and taken measures. We pass on your data, which are the object of an invoice (first name, last name, company name, postal address) only to our tax consultant to the extent that any fiscal measures need to be taken (e.g. conclusion of a contract) as well as to our bank in the event that payments by us or by you are made. Otherwise, no data are disclosed to third parties. An exception would be if there is a legal obligation to disclose the data.
Duration of storage: If only an inquiry is received, i.e., no order is concluded, we delete the data after a reasonable time, when we can assume that you have no interest in our services in the future and do not wish to receive offers, which is generally three years at the end of the calendar year in which the rejection/negative response took place. Continued storage then takes place based on our legitimate interest-based advertising in accordance with Art. 6 (1) (f) GDPR. If the correspondence is to be regarded as commercial letter, we are in this regard subject to a safekeeping responsibility of six years. If there is reason to assume that, following a correspondence, proof of this will have to be provided, we will store the data up to the regular limitation period for claims, i.e., generally for three years at the end of the calendar year in which the correspondence took place. The personal data collected by us for retention/commissioning will be stored by us for at least until the end of the legal retention obligation for lawyers (six years at the end of the calendar year in which the retention ended.
Something else may in each case apply when we, in accordance with Art. 6 (1) (c) GDPR are obligated to longer storage due to fiscal and commercial retention obligations (under the German Commercial Code “HGB,” the German Criminal Code “StGB,” the German tax code “AO” or similar, for generally six or ten years) or you have consented to storage in accordance with Art. 6 (1) (a) GDPR beyond that time. We store the data in any case for as long as claims under the contract, the consultation, the correspondence and/or the customer relations can be asserted, i.e., at the end of the statute of limitation. The general limitation period in accordance with Art. 195 German Civil Code BGB is three (3) years. Certain claims such as claims for damages, however, become time-barred only after 30 years (cf. Art. 197 BGB. If there is a justified reason to assume that this is relevant in a particular case, we will store the personal data for that period of time. The stated periods of limitation begin at the end of the year (i.e., on 31 December) during which the claim has arisen and during which the creditor has gained knowledge of the justified circumstances and the name of the debtor or should have gained knowledge without gross negligence.
2.3c Contracts concluded with visitors and ticket buyers of our events
The collection and processing of these data takes place for different purposes (which we describe in detail in the following), in particular:
- For enabling us to identify you as purchaser of the right to admission and/or visitor
- For enabling us to correspond with you and to send you the ticket
- For issuing the invoice
- For creating a name tag with the name of the company for your participation on location (i.e., all participants and exhibitors can see these data when they see your name tag)
- For publishing the name of the company of the respective participant (only the name of the company; i.e., the name of the participant is not published) in our media
- To enable us to send you information directly related to the event in order to inform you about the event itself (hygiene instructions, program changes, location, etc.)
- To draw your attention to other similar events and to inform you about news in our journals or events.
We collect and process your personal data as far as is necessary for organizing and performing the event. This may be in particular your name and the address data to be able to ensure that only such persons participate who are entitled to do so.
The legal basis for processing is Art. 6 (1) (b) GDPR (contract initiation and/or performance of a contract). If and insofar as the data processing does not take place for the purpose of performance of a contract it takes place for reason of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. This concerns in particular, but not exclusively, the statistical survey, the creation of your name tag, the publishing of the company name and the advertising newsletter. Our legitimate interest is specifically that the collection and processing of these data support the performance and organization of the event and promotes and partly enables the continued existence of the event.
Disclosure of the data: We disclose your data to the necessary and reasonable extent to our sub-contractors and/or commissioned service providers if required for performing the contract (e.g. mailing tickets, accreditation). With all of these service providers we have concluded the necessary data protection contracts and measures. For participants from Poland and the CIS states the following applies: your data which are the object of the participation of the event will be disclosed to external service providers for processing because this is, due to the languages, easier for you and us. With service providers from Poland we have completed an order processing contract. With service providers from Russia and Kazakhstan we have concluded contracts in which the object are EU Standard Contractual Clauses. We pass on your data, which are the object of an invoice (first name, last name, company name, postal address) only to our tax consultant to the extent that any fiscal measures need to be taken (e.g. conclusion of a contract) as well as to our bank in the event that payments by us or by you are made. Apart from this, no data are disclosed to third parties. An exception would be if there is a legal obligation to disclose the data.
Duration of storage: If only an inquiry is received, i.e., no order is concluded, we delete the data after a reasonable time, when we can assume that you have no interest in our services in the future and do not wish to receive offers, which is generally three years at the end of the calendar year in which the rejection/negative response took place. Continued storage then takes place based on our legitimate interest-based advertising in accordance with Art. 6 (1) (f) GDPR. If the correspondence is to be regarded as commercial letter, we are in this regard subject to a safekeeping responsibility of six years. If there is reason to assume that, following a correspondence, proof of this will have to be provided, we will store the data up to the regular limitation period for claims, i.e., generally for three years at the end of the calendar year in which the correspondence took place. The personal data collected by us for retention/commissioning will be stored by us for at least until the end of the legal retention obligation for lawyers (six years at the end of the calendar year in which the retention ended).
Something else may in each case apply when we, in accordance with Art. 6 (1) (c) GDPR are obligated to longer storage due to fiscal and commercial retention obligations (under the German Commercial Code “HGB,” the German Criminal Code “StGB,” the German tax code “AO” or similar, for generally six or ten years) or you have consented to storage in accordance with Art. 6 (1) (a) GDPR beyond that time. We store the data in any case for as long as claims under the contract, the consultation, the correspondence and/or the customer relations can be asserted, i.e., at the end of the statute of limitation. The general limitation period in accordance with Art. 195 German Civil Code BGB is three (3) years. Certain claims such as claims for damages, however, become time-barred only after 30 years (cf. Art. 197 BGB. If there is a justified reason to assume that this is relevant in a particular case, we will store the personal data for that period of time. The stated periods of limitation begin at the end of the year (i.e., on 31 December) during which the claim has arisen and during which the creditor has gained knowledge of the justified circumstances and the name of the debtor or should have gained knowledge without gross negligence.
2.4 Newsletter and ePaper
On our website, and within the scope of an inquiry, it is possible to subscribe to our newsletter, which is free of charge. The data you provide in the input mask for registering for the newsletter are transmitted to us. These are:
- the e-mail address
- the preferred language
- the country
- your first name and last name (optional).
In your registration you have the possibility to order a free copy of our print journals. In this context, the following data are collected:
- first name, last name
- company
- street and house number
- postal code, city/town
- country
- job position.
With the registration, the following data are collected (opt-in proof):
- your IP address as well as the
- date and time of your registration.
This serves to prevent misuse of the services or your e-mail address and enables us to satisfy our legal burden of proof that the e-mail address was, in fact, an opt-in, i.e. an expressly given consent to sign up for the newsletter.
Registration to our newsletter takes place in a so-called double opt-in process; i.e., after registration you will receive an e-mail in which you are requested to confirm your registration. This confirmation is necessary to ensure that no one can register with third-party e-mail addresses. The click on the link, with which you confirm your registration, results in data collection of your IP address and the exact time (date and time) of the click. This data processing serves to satisfy our legal burden of proof that your e-mail address is, in fact, an opt-in, i.e., an expressly given consent to receive the newsletter. For processing the data, within the scope of the registration process, your consent is obtained and reference is made to this Data Protection Statement. When you register on our website and provide your e-mail address in the process, it will be used by us exclusively for direct advertising of our own similar products or services.
The data will be used exclusively for sending the newsletter. Disclosure of the data to third-parties will not take place. An exception is made when there is a legal obligation for disclosure. Collection and processing of the e-mail address serves to send you the newsletter. We use the e-mail address for advertising purposes. Collection of your IP address and the date and time of the click on the confirmation link in the double opt-in mail serves to enable us to satisfy our legal obligation to satisfy the burden of proof that the e-mail address is, in fact, an opt-in, i.e., an expressly given consent to obtain the newsletter. The collection of other personal data within the scope of the registration process serves to prevent misuse of the services or the e-mail address. Possible storage of the cancellation of the newsletter beyond up to three years has the purpose to prove an earlier given consent and a possible defense of claims.
Use of the e-mail service provider SendInBlue
Delivery of the newsletters takes place by the service provider SendInblue GmbH, Koepenicker Strasse 126, 10179 Berlin, Germany via “Brevo”.
The e-mail addresses of the recipients of our newsletters as well as their other data, which are described within the scope of the respective information provided, are stored on the servers of SendInBlue. SendInBlue uses this information for mailing and for evaluating the newsletters in our order. In addition, SendInBlue can use these data for optimizing and improving their own services, e.g. for technical optimization and for presenting the newsletter, or for commercial purposes, to determine in which countries the recipients are located. SendInBlue, however, does not use the data of our newsletter recipients to write to them itself or to disclose them to third-parties.
You can view the information provided by SendInBlue on GDPR compliance here: https://www.brevo.com/gdpr/ as well as https://www.brevo.com/de/datenschutz-uebersicht/.
You can view the data protection information of SendInBlue here: https://www.brevo.com/de/datenschutz-uebersicht/
We have concluded an order processing contract with SendInBlue. In the contract, SendInBlue undertakes, among others, to protect the data of our users, to process them on our behalf in accordance with its data protection provisions and, in particular, not to disclose them to third-parties. Furthermore, we are ensured, in the contract, of our authority to give instructions with regard to the way and manner of data processing.
The newsletters contain a so-called “web beacon,” i.e., a file the size of a pixel that is activated when opening the newsletter on the server of SendInBlue. During this process, technical information such as information about the browser and your system as well as your IP address and the time of your retrieval call are collected first. This information is used for technical improvement of the service based on the technical data or the target groups and your reading habits based on the locations from which your call is made (which can be determined with the aid of the IP address) or the access times. The statistical collections also include the determination whether the newsletters are opened, the date and time they are opened and which links are clicked on. Although this information can for technical reasons be allocated to the individual recipients of the newsletter. However, it is neither our aim nor that of SendInBlue to observe individual users. The evaluations, much rather, have the sole purpose to recognize the reading habits of our users and to adapt our contents to them or to send different contents in accordance with the interests of our users.
There are cases where we transmit the recipients of newsletters to the website of SendInBlue. Our newsletters, e.g., contain a link via which the recipients of newsletters can retrieve the newsletter online (e.g. in case of display problems in the e-mail program). In this connection, please note that cookies are used on the websites of SendInBlue via which personal data are processed by CleverReach, its partners and service providers. On this data collection we have no influence. More information is available in the data protection information of SendInBlue (link see above).
The legal basis for processing the data when a user registers for the newsletter is your consent in accordance with Art. 6 (1) (a) GDPR for storing your IP address and the time of your click on the confirmation link in the double opt-in mail for possible continued storage for up to three year after you cancelled the newsletter is our legitimate interest in accordance with Art. 6 (1) (f) GDPR. The legitimate interest is in this case to provide proof of your previously given consent and a possible defense of claims.
Duration of storage: The data will be deleted as soon as the purpose for their collection has been achieved. Your e-mail is accordingly stored for as long as the subscription for the newsletter is active. We can store the cancelled e-mail addresses together with the data that were collected at the time you confirmed your previous consent to send out the newsletter for up to three years on the basis of our legitimate interest before we delete them to enable us to prove a previously given consent. Processing of these data is limited to defend possible claims. An individual application for deletion is possible at any time provided the former existence of a consent is confirmed at the same time. Other personal data which are collected within the scope of the registration process are generally deleted after a period of seven days.
Possibility to object and possibility of elimination: The subscription of the newsletter can be informally terminated by the user at any time. For this purpose there is an appropriate link in every newsletter. By this means, a previous consent to the storage of personal data given during the registration process can also be revoked.
2.5 Customer account
For each customer who registers, we set up password-protected access to his or her inventory data which are stored with us (customer account). There you can view your completed, open and recently placed orders and manage your data. You undertake to treat the personal access data confidential and not to make them accessible to unauthorized third parties. We can assume no liability for misused passwords unless we are responsible for the misuse.
During registration, you are informed which data are required. The customer accounts are not public and cannot be indexed by search machines.
The registration has the purpose to keep specific contents and services on our website accessible.
The legal basis for processing the data, provided the customer has given his or her consent, is Art. 6 (1) (a) GDPR. If the registration serves the performance of a contract to which you are a party or for carrying out pre-contractual measures, the additional legal basis for processing the data is Art. 6 (1) (b) GDPR (performance of a contract).
Duration of storage: Your data are deleted as soon as the purpose of their collection has been achieved and the data are no longer required. If the registration does not serve to conclude a contract with you, this is the case when data are collected during registration, when the registration is cancelled or changed and/or when you have effectively declared your objection to the consent. If the registration serves to conclude a contract with you, this is the case when the data for performing the contract are no longer required. Following termination of the contract, storage of personal data of the party to the contract may also be required for satisfying contractual or legal obligations.
Possibility to object and possibility of elimination: You have the possibility to dissolve the registration at any time. This you can initiate via your customer account or by writing to us. If the data are required for performing pre-contractual measures, advance deletion of the data is possible only provided there exists no conflicting pre-contractual or legal obligation to the deletion. You can moreover arrange for modification of the data stored about you at any time.
2.6 Online presences in social media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there to enable us to inform about our services. Activation of the respective networks and platforms are subject to the business conditions and the data protection regulations of the respective operator as well as our Data Protection Statement stored there.
2.7 Collaboration with order processors and third parties
If we, within the scope of our data processing, disclose data to other individuals and companies (order processors or third parties), or allow them access to data, this takes place only if permitted by law (e.g. when transmission of the data to third parties such as payment service providers in accordance with Art. 6 (1) (b) GDPR is required for performing a contract), you haven given your consent, a legal obligation requires this or based on our legitimate interest (e.g. when engaging agents, web hosters etc.).
At present, we disclose data to the respective necessary extent to the following companies with which we have concluded an order processing contract: GRÜN Software Medien GmbH (79346 Endingen), Hetzner Online GmbH (91710 Gunzenhausen), Hot-World GmbH & Co. KG (47877 Willich), TheissenKopp GmbH (40789 Monheim), DomainFactory GmbH (80331 Munich), Sendinblue GmbH (10179 Berlin), Deutsche Post AG (53113 Bonn), Austrian Post International Deutschland GmbH (53175 Bonn), Mayflowers Concepts (21031 Hamburg), Klinkhammer Übersetzungen (51149 Köln), PTS GmbH (Luxemburg), Laufwerk Jörg Marks (40489 Düsseldorf), Google Ireland Ltd. (Irland), documentus Köln GmbH (50996 Köln), TransConsult Berlin (10777 Berlin), Ge.graf s.r.l (Italy), Gorna Grupa (Poland), Algolia (France). You can request an updated list from us at any time. Additional order processors result from this Data Protection Statement to the extent we have expressly named them.
2.8 Web Analysis - Google Analytics
Refers to our following websites:
- aac-worldwide.com
- cpi-worldwide.com
This website uses Google Analytics, a web analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google Analytics uses “cookies,” text files, which are stored on your computer and which enable an analysis of how you use the website.
Please note that Google Analytics was extended on this website by the code “anonymizeIp” in order to ensure an anonymized collection of IP addresses (so-called IP masking). By activating IP anonymization on this website, your IP address is abbreviated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The full IP address on a server is transmitted to a Google server in the USA only in exceptional cases and is abbreviated there. Google will use this information on behalf of the operator of this website for evaluating how you use the website, for compiling reports about the activities of the website and to provide other services connected with the use of the website and the internet to the website operator. The IP address transmitted from your browser within the scope of Google Analytics is not merged with other data from Google.
You will find more information on the terms of use and data protection at https://marketingplatform.google.com/about/analytics/terms/gb/ and/or https://policies.google.com/?hl=en&gl=en.
Google processes your data, among others, in the USA. Data transmission from the EU and/or EEA to the USA is based on an Adequacy Decision adopted by the EU. Google Inc., as parent company of Google Ireland Limited, has joined this Adequacy Decision based on the EU-U.S.-Data-Privacy-Framework (DPF) and is DPF-certified. Therefore, data transmission to the USA does not require any specific authorization (Art. 45 (1) GDPR).
As additional basis of data processing of recipients domiciled in so-called third countries (= countries outside the EEA, i.e., all countries outside the European Union, Iceland, Liechtenstein and Norway) or data transmission to these countries, Google uses the so-called EU Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). These Standard Contractual Clauses (SCC) are templates made available by the EU Commission and are aimed to ensure that your data comply with the European data protection standards also when transmitted to third countries and are processed there. By agreeing to these clauses with us, Google undertakes to comply with the European data protection level when processing personal data, even when the data are processed in the USA. These clauses are based on an Implementation Decision of the EU Commission. You will find the Decision and the relevant Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN.
In addition, Google has concluded a contract with us on order processing in accordance with Art. 28 (3) GDPR which functions as the basis of the data protection law for our customer relations with Google. The content of the contract refers to the EU Standard Contractual Clauses. You will find the order processing conditions here: https://business.safety.google/intl/en/adsprocessorterms/.
Use of the analysis tool and/or the analysis cookie has the purpose to improve the quality of our website and its contents. By this means we learn how the website is used and enables us to continuously optimize our offer. The information generated by your use of this website is generally transmitted to a server of Google in the USA and stored there.
The legal basis for storage and readout of not absolutely essential cookies in the terminal device of the user and access to it is your consent in accordance with Article 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG). The legal basis for further processing of personal data by using not absolutely essential cookies is Art. 6 (1) (a) GDPR, i.e., the consent of the user.
Duration of storage: The cookies are stored on the computer of the user and are transmitted by him or her to our page. We store the data until the previously given consent is revoked, at the longest, however, for 50 months.
Possibility to object and possibility of elimination
You can prevent storage of the cookies by adjusting the setting on your browser software; please note that in this case you will not be able to make full use of the functions of this website. You can, moreover, prevent collection of the data generated by your use of the data (incl. your IP address) to Google as well as processing of the data by Google by downloading and installing the browser plug-in available on the link (https://tools.google.com/dlpage/gaoptout?hl=en).
You can prevent collection by Google Analytics by clicking on the following link for setting an opt-out cookie that will prevent future collection of your data when visiting this website: Google Analytics deactivating
2.9 Web Analysis– Matomo
Refers to our following website:
- cpi-worldwide.com
- aac-worldwide.com
- aac-china.digital
On this website, we use Matomo, an open-source web analysis tool of the company InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (https://matomo.org), for collecting and storing data for marketing and optimizing.
Your IP address will be automatically anonymized.
We use Matomo in the cookieless version in order to prevent data (cookies) from being stored on your computer. The data you use to access the website are therefore collected by the so-called fingerprinting device: when you call up a page, Matomo executes a JavaScript code on the tracked website on the browser of the user. This code determines, among others, different technical properties of the user’s browsers/devices and transmits them to Matomo. For this purpose, information about the operating system, the browser, browser extensions, the (anonymized) IP address and the browser language are used. In addition, individual properties of the Matomo installation and the tracked website are mathematically considered by determining the fingerprint to prevent identical fingerprints on different Matomo installations or different websites. In this way, Matomo counteracts an overall creation of a user profile on the internet, as practiced by cloud-based advertising platforms. Calculation of the fingerprint is changed every 24 hours so that returning users can also no longer be recognized.
Please note that we process all data on Matomo exclusively on our own web server and do not disclose these data to third parties. We are therefore convinced that here no consent is required and that we can support this data processing on the basis of legitimate interest because a reference to third parties is here precluded. It is thus a matter of so-called first-party cookies which are set and evaluated only by us.
Use of the analysis tool serves to improve the quality of our website and its contents. In this way we find out how the website is used and can, accordingly, continuously improve our offer.
The data are transmitted to Matomo in its capacity as our order processor. Transmittal of the data to New Zealand takes place based on Art. 45 GDPR in connection with the Adequacy Decision of the European Commission.
The legal basis is Art. 6 (1) (f) GDPR. Our interest in the data processing is in particular to ensure the operation and security of the website, to investigate the way and manner in which the website is used by the user and for simplifying the use of the website.
Duration of storage: We store the collected data until the purpose of their collection has been achieved.
Possibility to object and possibility of elimination
Your can prevent storage of the cookies by adjusting the setting on your browser software; please note that in this case you may not be able to make full use of all functions of this website. You can, moreover, prevent continuous future processing of the data by us by revoking your previously given consent by using the opt-out option.
You can, moreover, prevent collection of the data about your use of the website (incl. your IP address) as well as processing of the data by us, by using the opt-out option:
2.10 Google Maps
Refers to our following websites:
- ad-media.de
- iccx.org
We use “Google Maps“ of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When using Google Maps, information about your use of the ad-media.de and iccx.org websites (including your IP address) may be transmitted to a server of Google in the USA and stored there.
Google may transmit the information gained from the use of Maps to third parties, if this is legally required or if third parties process these data on behalf of Google. Google will not in either case associate your IP address with other Google data. It could nevertheless be technically possible that Google, based on the data it received, would identify at least individual users. It could be possible that personal data and personality profiles of users of the website of Google are processed for other purposes, on which we have no influence and which we cannot influence.
You will find information on data protection and terms of use about Google products and in particular about Google Maps at https://policies.google.com/technologies/product-privacy?hl=en.
Google processes data from you in the USA, among other places. Data transmission from the EU and/or from the EEA to the USA is covered by an Adequacy Decision of the EU Commission. Google Inc., as US parent company of Google Ireland Limited, has joined the EU-U.S.-Data-Privacy-Framework (DPF) on which this Adequacy Decision is based and is DPF-certified. Therefore, data transmission to the USA does not require any specific authorization (Art. 45 (1) GDPR).
As additional basis of data processing of recipients domiciled in so-called third countries (= countries outside the EEA, i.e., all countries outside the European Union, Iceland, Liechtenstein and Norway) or data transmission to these countries, Google uses the so-called EU Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). These Standard Contractual Clauses (SCC) are templates made available by the EU Commission and are aimed to ensure that your data comply with the European data protection standards also when transmitted to third countries and are processed there. By agreeing to these clauses with us, Google undertakes to comply with the European data protection level when processing personal data, even when the data are processed in the USA. These clauses are based on an implementation decision of the EU Commission. You will find the decision and the relevant Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN.
In addition, Google has concluded a contract on order processing with us in accordance with Art. 28 (3) GDPR which functions as basis of the data protection law for our customer relations with Google. The content of the contract refers to the EU Standard Contractual Clauses. You will find the order processing conditions here: https://business.safety.google/intl/en/adsprocessorterms/.
The use of Google Maps has the purpose to improve the quality of our website and its contents and to make available to you a simple, useful and known map service for orientation, to display our company’s headquarters, for planning your visit etc.
The legal basis for storage and readout of not absolutely essential cookies on the terminal device of the user and access to it is your consent in accordance with Article 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG). The legal basis for further processing of personal data by using not absolutely essential cookies is Art. 6 (1) (a) GDPR, i.e., the consent of the user.
Duration of storage: We ourselves do not store any data connected with the use of Google Maps. Google, however will process and store data regarding its use. You can view the notes on data protection by Google here: https://policies.google.com/privacy?hl=en.
Possibility to object and possibility of elimination: You have the possibility to prevent data processing by Google by withholding your consent for using Google Maps. For the future, you can revoke your previously given consent and prevent further data processing. You also have the possibility to easily prevent the service of Google Maps in a simple manner and in this way prevent data transmission to Google by: deactivating JavaScript on your browser. To entirely prevent the execution of JavaScript code, you can also install a JavaScript blocker such as, e.g., the browser Plugin NoScript (e.g. www.noscript.net or www.ghostery.com).
Note: when execution of JavaScript is deactivated, you may not be able to use all functions of the website.
2.11 Youtube
Refers to our following websites:
- cpi-worldwide.com
- iccx.org
- aac-worldwide.com
- cpt-worldwide.com
On our website there is the possibility to watch YouTube videos (provider: YouTube LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter “YouTube”). We have embedded these YouTube videos in an enhanced data protection mode of YouTube which blocks the setting of YouTube cookies until activated by clicking on playback.
Accordingly, the videos are only reloaded and cookies from YouTube are only activated on your device when you, by making the first click on the video of your choice, give your consent to setting the YouTube cookies. We have included relevant instructions for you in a text below each video.
YouTube is a subsidiary of Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA (hereinafter “Google”). Each time you call up a product in which a YouTube video is embedded, the website will play the called up video from YouTube. Within the scope of this procedure, YouTube and Google know which product has been called up. If you are simultaneously logged-in to YouTube, YouTube recognizes the page you are visiting every time a page that contains a YouTube video is called up. These data are collected by YouTube and Google and are assigned to your YouTube account.
The data protection regulation of YouTube provides information about the collection, processing and use of personal data by YouTube and Google and can be called up at: https://policies.google.com/privacy?hl=en&gl=en.
Google processes data from you in the USA, among other places. Data transmission from the EU and/or EEA to the USA takes place based on an Adequacy Decision of the EU Commission. Google Inc., as the parent company of Google Ireland Limited, has joined the EU-U.S.-Data-Privacy-Framework (DPF) on which this Adequacy Decision is based and is DPF-certified. Therefore, data transmission to the USA does not require any specific authorization (Art. 45 (1) GDPR).
As additional basis of data processing by recipients established in so-called third countries (= countries outside the EEA, i.e., all countries outside the European Union, Iceland, Liechtenstein and Norway) or transmission of data to these countries, Google uses the so-called EU Standard Contractual Clauses (= Art. 46. (2) and (3) GDPR). These Standard Contractual Clauses (SCC) are templates made available by the EU Commission and are aimed to ensure that your data comply with the European data protection standards when they are transmitted to third countries and are processed there. By agreeing to these clauses with us, Google undertakes to comply with the European data protection level when processing personal data, even when the data are processed in the USA. These clauses are based on the Implementation Decision of the EU Commission. You will find the Decision and the relevant Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN.
In addition, Google has concluded a contract for order processing with us in accordance with Art. 28 (3) GDPR which functions as basis of the data protection law for our customer relations with Google. The content of the contract refers to the EU Standard Contractual Clauses. You will find the order processing conditions here: https://business.safety.google/intl/en/adsprocessorterms/.
The embedment of YouTube videos has the purpose to present you multimedia contents on the website and to upgrade and improve the user experience in that way. As this makes our website more attractive, use of YouTube also benefits our marketing and advertising purposes. Saving and playback of such videos on our own webservers, moreover, would entail substantial costs and effort.
The legal basis for processing personal data by embedding YouTube videos is your expressly given consent (Art. 6 (1 ) (a) GDPR), setting and readout of cookies, moreover, takes place based on your consent in accordance with Section 25 (1) German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
Duration of storage: We store no personal data regarding the use of the YouTube videos. Each access and call up of the individual videos is evaluated by us, however without allocation to a specific person. We have no influence on storage by YouTube and/or Google themselves. The precise circumstances of data processing by them can be viewed at https://policies.google.com/privacy?hl=en&gl=en.
Possibility to object and possibility of elimination: YouTube and Google receive information that the specific user has visited our website whenever the user, at the time of his or her visit, is simultaneously logged into YouTube; this takes place independently of whether the person concerned clicks on a YouTube video or not. If you do not wish transmission of this information to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before you call up the website. By the way: in your account setups for YouTube you have the possibility to minimize data processing by Google. Since the video portal belongs to Google, you will find the settings in the general configuration of the Google account. There you will find under “Activity settings” (https://myactivity.google.com/activitycontrols) not only your options for the web and location tracking, but also special functions for data protection at YouTube. You can pause the video search history so that your search requests are no longer stored. Or you can switch off the video playback history so that not all of the videos viewed are stored.
You can also prevent data processing by not calling up any pages containing YouTube videos.
2.12 jQuery / Google Fonts
With jQuery, our website can be executed and made available much more quickly on the various terminal devices. jQuery uses JavaScript libraries to enable our websites to deliver faster. Because the jQuery libraries are stored locally on our server, no data transmission to third parties takes place.
Because the Google fonts are stored locally on our server, no data transmission to third parties takes place.
2.13 Algolia Search
Refers to our following websites:
- cpi-worldwide.com
- aac-worldwide.com
- opusc.com
On our websites, we use the search machines Service Algolia from Algolia SAS – a French simplified joint-stock company based at 55 Rue d'Amsterdam, 75008 Paris, France – for searching and indexing contents. By using Algolia, your IP address and your search request are transmitted to a server of Algolia.
Please take note of the terms of use (https://www.algolia.com/policies/terms) of Algolia as well as its data protection regulations (https://www.algolia.com/policies/privacy). Algolia does not transmit the data it collects to third parties, but processes them exclusively internally for statistic evaluations and for monitoring its services. Algolia is our order processor and, accordingly, we have concluded an order processing contract with that company.
The use of Algolia has the purpose to find the information on our website more quickly and therefore ensure user-friendliness.
The legal basis for processing the data is Art. 6 (1) (f) GDPR.
The data are stored on the server of Algolia for a period of 90 days.
2.14 Cookies, right of objection to direct advertising and audience reach measurement
Cookies are information that is transmitted from our webserver or webservers of third parties to your web browsers where they are stored for future call-up. Cookies may be small files or other kinds of information storage. This storage helps us to appropriately design our websites and our offers for you and facilitates your use by storing, for example, your specific inputs in such a way that you need not constantly repeat them.
We set temporary and permanent cookies, i.e., small files that are stored on you devices (for explanation of the terms and the functions, please see the last section of this Data Protection Statement.) Cookies are used partly for reasons of safety or are required for the operation of our online offer (e.g. for the presentation of the website) or for storing the decision of the user by confirming the cookie banner. Furthermore, we or our technology partners set cookies for audience reach measurement and marketing purposes, about which you are informed within the scope of the Data Protection Statement.
We use “session cookies” which are filed only for the duration of your actual visit to our online presence (e.g. in order to store your log-in status or for the shopping cart function and in this way making the use of our online offer possible). In a session cookie, a randomly generated unique identification number is filed: a so-called session ID. In addition, a cookie contains information about its origin and the storage time limit. These cookies cannot store any other data. Session cookies are deleted when your have finished using our online offer and, e.g., log out or close the browser.
In the cookies used by ad-media, only pseudonymous data are stored. The cookies, upon being activated, are assigned an identification number and an allocation to your personal data related to this identification number does not take place. Your name, your IP address or similar data – that would make an allocation of the cookies to you possible – are not contained in the cookies. Based on our cookie technology, we obtain only pseudonymized information, such as which pages were visited on our website during your visit, etc.
If you do not wish to have cookies stored on your computer, you are requested to deactivate the relevant option in the system settings on your browser. Stored cookies in your browser can be deleted. Elimination of cookies may result in functional limitations of this online offer.
Upon calling up our website, you will be informed about the use of not absolutely essential cookies for which your consent for processing the personal data in this context is requested.
Legal bases: For absolutely essential cookies applies: the legal basis for storage of absolutely essential cookies on you terminal device and access to it is Section 25 (2) (2) German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG). The legal basis for further processing personal data using the information stored in the cookie is Art. 6 (1) (f) GDPR, i.e., our legitimate interest. Our legitimate interest is the above-stated purposes. For not absolutely essential cookies applies: the legal basis for storage of not absolutely essential cookies on your terminal device and access to it is your consent given in accordance with Section 25 (1) German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG). The legal basis for further processing of personal data using not absolutely essential cookies is the consent given at the same time in accordance with Art. 6 (1) (a) GDPR.
Duration of storage
Some of the cookies used by us are deleted at the end of the browser session, i.e., after closing the browser (so-called session cookies). Other cookies remain on your terminal device and enable us, or the third parties, to recognize your browser at your next visit (durable or static cookies). If we have stored the cookies with your consent, we will stop further data processing upon your cancellation. We will store the remaining data that we have collected based on our overriding legitimate interest until such time as the legitimate interest no longer exists, weighing of legitimate interest comes to a different result or if you effectively object (cf. on this point the optically highlighted “Note on special right to object” under 3.). A regular check is made to ascertain whether the legitimate interest still applies.
Possibility to object and possibility of elimination
Cookies are stored on your computer and are transmitted by your computer to our page. You therefore have full control of the use of cookies. You can deactivate or limit the transmission of cookies. Already stored cookies can be deleted at any time.
Nachfolgend stellen wir Ihnen für typische Browser Links zur Verfügung, unter denen Sie weitergehende Informationen zur Verwaltung von Cookie-Einstellungen finden können:
- Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
- Edge: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookie
- Yandex: https://browser.yandex.com/help/personal-data-protection/cookies.html.
If you do not give your consent or revoke your consent you can, by the way, prevent the use of not absolutely essential cookies.
2.15 Microsoft
We use for our e-mail communications Outlook within the scope of the software package Microsoft 365 of the company Microsoft Corporation, USA. We use Outlook to enable us to process and respond to incoming e-mails quickly and clearly. We also use other Office programs contained in the software package Microsoft 365 (Word, Excel, PowerPoint etc.). We also use the Cloud service One Drive for Business of the company Microsoft Corporation, but use here personal data only in exceptional cases. We have concluded an order processing contract with Microsoft –Data Processing Addendum, DPA. Within the scope of this contract, Microsoft undertakes to take measures to satisfy the requirements of GDPR on data security and data protection.
You can view this agreement at https://www.microsoft.com/licensing/docs/view/Professional-Services-Data-Protection-Addendum-DPA. Such data processing can take place based on your consent granted us (Art. 6 (1) (a) GDPR), based on a contract concluded or still be concluded between you and us (Art. 6 (1) (b) GDPR) or based on our justified interest in the data processing (Art. 6 (1) (f) GDPR). E-mail communication with you is possibly routed via servers from Microsoft. Microsoft promises that all personal data processed via Microsoft 365 products for EU-based corporate clients are processed exclusively within the EU. This promise applies to all central Cloud services from Microsoft, accordingly also for Microsoft 365 (cf. Microsoft statement: https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/). Accordingly, no data transfer outside the EEA (third country transfer) takes place. In the event that third country transfers nevertheless take place, we have agreed with Microsoft the EU Standard Contractual Clauses. In these, Microsoft undertakes to take and comply with measures that enable data protection nearly equal to an EU data protection level. Agreement of EU Standard Contractual Clauses provides appropriate safeguards for conducting a third country transfer (Art. 46 (1) i.c.w. (2) (c) GDPR). Furthermore there exists on data transfer from the EU and/or the EEA an adequacy decision of the EU Commission. Microsoft has become a contracting party to this adequacy decision based on the EU-U.S.-Data-Privacy-Framework (DPF) and is certified under the DPF. Accordingly, data transfer in the USA is permitted without special authorization (Art. 45 (1) GDPR). Frequent questions about Microsoft and data protection are answered here: https://www.microsoft.com/trust-center/privacy/gdpr-faqs
2.16 Stripe
Payments on the internet pages are processed by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. For this purpose, we will transmit the data required for payment of your order (e.g. the price and the recipient of the payment) to Stripe when the payment process begins. In the further course of payment processing we will have to provide Stripe with additional personal data, e.g. your bank details or your credit card data, for executing the payment.
Stripe processes your personal data on its own responsibility. Further information on how Stripe processes your personal data are available in the data privacy statement of Stripe at https://stripe.com/privacy. Transmission of your personal data is required for processing your respective payment (Art. 6 (1) (b) GDPR. Transmission into the USA takes place in accordance with Art. 49 (1) (c) GDPR.
For data transfer from the EU and/or the EEA into the USA exists an adequacy decision of the EU Commission. Stripe has acceded to the EU-U.S. Data Privacy Framework (DPF) on which this adequacy decision is based and is certified under the DPF. Accordingly, data transfer into the USA is permitted without special authorization (Art. 45 (1) GDPR).
3. Data subject rights
If personal data of yours are processed you are the “data subject” and as such you have the following rights against us as the Responsible Party.
3.1 Right for information
You have the right to obtain from us, free of charge, information as to whether we process personal data relating to you. If this is the case, you have the right to receive information about these personal data and for further information which you can find in Art. 15 GDPR. For this purpose you can contact us by mail or by e-mail.
3.2 Right for rectification
You have the right to demand from us the rectification of incorrect personal data without delay. You have also the right – taking into consideration the above-stated purposes of the processing – to demand from us completion of the incomplete personal data – also by means of an explanatory statement. For this purpose you can get in touch with us by mail or by e-mail.
3.3 Right for deletion
You have the right to demand from us the deletion of your personal data without delay if one of the prerequisites laid down in Art. 17 GDPR applies. You can get in touch with us by mail or by e-mail.
3.4 Right of restriction of processing
You have the right to demand from us the restriction of processing if one of the prerequisites of Art. 18 GDPR applies. For this purpose, you can get in touch with us by mail or by e-mail.
3.5 Right to be informed
If you have asserted the right for correction, deletion or restriction of processing against the Responsible Party, the Responsible Party is obliged to notify all recipients to whom the relevant personal data have been disclosed of this rectification or deletion of the data or restricted processing unless this proves to be impossible or would involve disproportionate effort.
You have the right to be informed of these recipients.
3.6 Right for data portability
You have the right to obtain your personal data that you have made available to us in a structured, commonly-used and machine-readable format and you have the right to transmit these data to another Responsible Party without hindrance from us if the prerequisites of Art. 20 GDPR apply. For this purpose you can get in touch with us by mail or by e-mail.
3.7 Right to object to processing due to legitimate interest as well as to direct advertising
If we process personal data based on Art. 6 (1) (f) GDPR (i.e., because of legitimate interests), you have the right to object to us, on grounds concerning your particular situation, to processing the data concerning you at any time. If we cannot invoke compelling legitimate grounds that outweigh your interests, rights and freedoms, or if we process the data relating to you for the purpose of direct advertising, we will no longer process your data (cf. Art. 21 GDPR). For this purpose you can get in touch with us by mail or by e-mail.
If we process personal data for direct advertising, you have the right to object to processing the personal data concerning you for advertising of such kind; this applies also to profiling in connection with such direct advertising.
3.8 Right to revoke previously given consent
You have the right to revoke a previously given consent for the collection and use of personal data with future effect at any time. For this purpose you can get in touch with us by mail or by e-mail. The lawfulness of data processing up until the revocation is not affected by this.
3.9 Automated decision-making including profiling
Your have the right not to be subjected to a decision based solely on automated processing – including profiling – which has a legal effect on you or otherwise significantly affects you. Unless the decision is required for concluding or performing a contract between you and us, is permissible based on legal regulations of the European Union or its member states to which we are subject to and if these legal provisions contain reasonable measures for safeguarding your rights and freedoms as well as your legitimate interests, or the decision is made with your express consent.
Such automated decision-making does not take place by us.
3.10 Voluntary disclosure of the data
Where the disclosure of personal data is legally or contractually required, we will generally notify you when collecting the data. Some of the data collected by us are required for concluding a contract, i.e., we would otherwise not be able to fully or adequately meet our contractual obligations to you. You are not obliged to make the personal data available. But non-disclosure may have the result that we are unable to provide or offer the services, acts, measures or similar performances desired by you or that a conclusion of a contract with you is not possible.
3.11 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority for data protection, at any time, without prejudice to other rights, in particular in the member state where you reside, work or the place where you suspect an infringement, if you are of the opinion that the processing of the personal data concerning you violates the data protection law.