A-I-WERK

Datenschutzerklärung

State: 28. May 2021

Introduction

With the following data protection declaration we would like to inform you about the types of personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, mobile, as well as within external online presences, such as our social media profiles (hereinafter also referred to collectively as “online offer”).

The terms used are not gender-specific.

Responsible person

Haller Experiences S.L.

Johannes Haller

Paseo Juan Carlos 1 s/n Local 32

07800 Eivissa

Spain

Authorized representatives: Johannes Haller

E-Mail address: info@hallerexperiences.de

Telephone: +34 650 977 081

Imprint: www.hallerexperiences.com

Overview of the processing operations

Types of data processed

  • Stock data (e.g. names, addresses).
  • Content data (e.g. entries in online forms).
  • Contact details (e.g. e-mail, telephone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Location data (information on the geographical position of a device or person).
  • Contract data (e.g. object of contract, duration, customer category).
  • Payment data (e.g. bank details, invoices, payment history).

Categories of data subjects

  • Business and contractual partners.
  • Interested parties.
  • Communication partners.
  • Customers.
  • Users (e.g. website visitors, users of online services).

Purpose of the processing

  • Evaluation of creditworthiness and credit rating.
  • Provision of our online offer and user-friendliness.
  • Visitation evaluation.
  • Office and organisational procedures.
  • Cross-Device Tracking (cross-device processing of user data for marketing purposes).
  • Direct marketing (e.g. by e-mail or by post).
  • Interest-based and behavioral marketing.
  • Contact requests and communication.
  • Conversion measurement (measurement of the effectiveness of marketing measures).
  • Profiling (creating user profiles).
  • Remarketing.
  • Range measurement (e.g. access statistics, recognition of returning visitors).
  • Security measures.
  • Tracking (e.g. interest/behavioural profiling, use of cookies).
  • Provision of contractual services and customer service.
  • Manage and respond to requests.
  • Target group formation (determination of target groups relevant for marketing purposes or other output of content).
  • Automated decisions in individual cases.
  • Credit information (decision based on a credit assessment).

Relevant legal bases

In the following, we provide the legal basis of the basic data protection regulation (GDPR), on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence and domicile. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

  • Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR)
  • Contract performance and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR)
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR)
  • Legitimate interests (Art. 6 para. 1 sentence 1 letter f. GDPR)

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection commensurate with the risk.

Such measures shall include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, safeguarding of availability and segregation of data relating to them. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, data is deleted, and responses are made to any threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, by designing technology and by using data protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Transmission and disclosure of personal data

In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases we observe the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data which serve to protect your data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of services of third parties or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

Subject to express consent or transmission required by contract or by law, we will only process or allow data to be processed in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, where certifications or binding internal data protection regulations exist (Art. 44 to 49 GDPR).

Use of cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after his visit within an online offer. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was viewed. The term “cookies” also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”)

Cookie types and functions

  • Temporary cookies (session cookies)
  • Permanent cookies
  • First-party cookies
  • Third-party cookies
  • Necessary cookies
  • Statistical, marketing and personalization cookies

Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the aid of cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfil our contractual obligations.

Storage duration: up to two years unless stated otherwise.

General information on withdrawal and opposition (opt-out): You may revoke consent at any time or object to processing via browser settings or industry opt-outs such as optout.aboutads.info and youronlinechoices.com.

Commercial and business services

We process data of our contractual and business partners within the scope of contractual and comparable legal relationships as well as associated measures and within the scope of communication with the contractual partners (or pre-contractual), e.g. to answer inquiries.

Customer accounts, economic analyses and market research, shop and e-commerce processing may occur as described in our full policy. We delete data after legal retention periods unless longer storage is required for legal claims.

Payment service provider

We offer efficient and secure payment options and use payment service providers. The data processed by the payment service providers include inventory data, bank data, as well as transaction data. The data entered is only processed and stored by the payment service providers.

Used services and service providers

Credit assessment

If we make advance payments, we reserve the right to obtain identity and creditworthiness information. Automated decisions may be used as described in Art. 22 GDPR. Service provider: Verband der Vereine Creditreform e.V., Germany.

Provision of the online offer and web hosting

We use web hosting providers. Server log files may be collected for security and stability, including IP addresses, accessed pages and times.

Contact

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the data of the inquiring persons will be processed to the extent necessary to answer the contact inquiries and any requested measures.

Used service provider: Help Scout Inc.; Privacy: helpscout.net/company/legal/privacy.

Newsletter and electronic notifications

We send newsletters only with consent or legal permission using a double opt-in procedure. Performance measurement and logging of registration are carried out on the basis of legitimate interests.

Service provider: Mailchimp; Privacy: mailchimp.com/legal/privacy.

Online marketing

We process personal data for online marketing purposes, including user profiling for content and ad delivery and conversion measurement. IP masking and pseudonymous profiles may be used.

Used services and service providers

Presence in social networks (social media)

We maintain online presences within social networks to communicate with users and offer information. Data may be processed outside the EU and for advertising and market research purposes.

Used services and service providers

Plugins and embedded functions and content

We include functional and content elements from third-party providers (e.g., graphics, videos, social media buttons). Providers may process IP addresses and use pixel tags and cookies for statistics or marketing.

Used services and service providers

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consent permitted for processing is revoked or other permissions cease to apply. If data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes.

Change and update of the privacy policy

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing make this necessary.

Rights of the persons concerned

As data subjects, you are entitled to various rights under the GDPR (Art. 15 to 21 GDPR): right of objection, withdrawal of consent, access to information, rectification, deletion and limitation of processing, data portability, and complaint to a supervisory authority.

Definitions of terms

This section provides an overview of terms used in this privacy policy, including conversion tracking, credit rating information, cross-device tracking, IP masking, interest-based and behavioral marketing, conversion measurement, personal data, profiling, range measurement, remarketing, location data, tracking, responsible person, processing, and target group formation.