Data protection

I. General information on data processing

Note on the responsible body:

Living Bytes Customer Loyalty and Customer Acquisition Programs GmbH
Holsteiner Chaussee 183a
22457 Hamburg

data protection officer of the
Living Bytes Customer Loyalty and Customer Acquisition Programmes GmbH
Mr Christoph Schultejans (GDDcert, CIA®, CISA®)
procedo Management Consulting GmbH
Ammerländer Heerstraße 263
26131 Oldenburg
E-mail: datenschutz@livingbytes.de

We attach particular importance to the protection of your personal data. Your personal data will be processed in accordance with data protection regulations, in particular the European Data Protection Basic Regulation (EU DS-GVO) and the Federal Data Protection Act (BDSG-neu).

The following information provides an overview of the type, scope and purpose of the collection, processing and transmission of personal data and the security measures implemented to protect this data.

Personal data is individual information about personal or factual circumstances of a specific or determinable natural person, such as your name, address, telephone number, date of birth, e-mail and IP address.

Legal bases for the processing of personal data

• In so far as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) lit. a EU DS-GVO serves as the legal basis. You can revoke this processing at any time in the future in accordance with Art. 7 (3) EU DS-GVO.
• For the processing of personal data required for the performance of a contract or for the implementation of pre-contractual measures, Article 6 (1) (b) EU DS-BER serves as the legal basis.
• In so far as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6 (1) lit. c EU DS-GVO serves as the legal basis.
• If the processing is necessary to safeguard a legitimate interest of our company or of a third party and does not outweigh the interests, fundamental rights and freedoms of the data subject, Article 6 (1) lit. f EU DS-GVO serves as the legal basis for the processing. In this case, you have the right of objection under Article 21 EU DS-GVO.

Data erasure and storage duration

Personal data will be deleted as soon as the purpose for which it was stored no longer applies. Furthermore, data may be stored if this was provided for by legally prescribed storage obligations to which our company is subject.

Your rights

Upon written request, we will inform you in accordance with Art. 15 EU DS-GVO and our legal obligation under Art. 12 EU DS-GVO whether and which of your personal data is processed or stored by us. In addition, you have the right to correct incorrect data in accordance with Art. 16 EU DS-GVO, data transferability in accordance with Art. 20 EU DS-GVO, blocking and deletion of your personal data in accordance with Art. 17 EU DS-GVO - provided there are no legal obligations to retain data - and the right to restrict processing in accordance with Art. 18 EU DS-GVO. You also have the right to contact the competent supervisory authority in accordance with Art. 77 EU DS-GVO.

In addition, you have the right of objection in accordance with Art. 21 EU DS-GVO.

In accordance with Art. 7 Para. 3 EU DS-GVO, it is of course possible at any time to revoke your consent to us for the future. To do so, please contact us at the contact address given below.

If you have questions regarding the processing of your personal data, you can contact our data protection officer, who is also available to you in the event of requests for information, suggestions or complaints.

Data protection officer of the
Living Bytes Customer Loyalty and Customer Acquisition Programmes GmbH
Holsteiner Chaussee 183a
22457 Hamburg
E-mail: datenschutz@livingbytes.de

Changes to our privacy policy

In order to ensure that our data protection declaration always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised services, for example new services.

Status: February 2020

II. Privacy policy online media

Provision of the website

Use of hosting service providers

Our website is hosted on servers of a hosting service provider located in the EU on the basis of an order processing according to Art. 28 EU DS-GVO. Within the scope of its services, the hosting service provider may have access to personal data of our users, in particular to technical data that is generated in the course of technical communication between you and our website (e.g. server log files). He may not use these for his own purposes. The use of a hosting service provider is based on our legitimate interests in the provision of infrastructure and platform services, computing capacity, e-mail dispatch and security services in accordance with Art. 6 Para. 1 letter f EU DS-GVO.

Server log files

When you visit our website or use its services, the device with which you access the site automatically transmits log data (connection data) to our server. The corresponding information consists of:

• Type and version of the browser you use,
• Type and version of the operating system you use,
• Referrer-URL of the page from which you reached our website,
• Date and time of the access to our website,
• name of the subpages you have called up,
• IP address of your computer system,
• Amount of data transferred in each case.

The collected data is used exclusively for statistical evaluations for the purpose of operation, security and optimization of the offer. For security reasons, however, we reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on concrete evidence. These data will be deleted after one week at the latest. This collection is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f EU DS-GVO.

Cookies

We use so-called cookies in some areas of the website in order to recognise the preferences of the visitors and to be able to design the website accordingly in an optimal and attractive way. This makes navigation easier and ensures a high degree of user-friendliness of the website. Processing by cookies represents a legitimate interest in accordance with Art. 6 Para. 1 lit. f EU DS-GVO (optimisation and economic operation of our online offering).

Cookies are small text files that are automatically created by your browser and stored on your terminal device when you visit our website. Cookies do not damage your computer and do not contain viruses. Most of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer the next time you visit us (so-called permanent or session-spanning cookies). Thanks to these files, it is possible, for example, that you will be shown information on the site that is specifically tailored to your interests.

You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. If you completely exclude the use of cookies, you may not be able to use certain functions of this website.

Data security

We use technical and organizational security measures to protect the data you provide us from accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. We therefore use SSL encryption for the transmission of confidential content, such as inquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If the SSL encryption is activated, the data that you transmit to us cannot be read by third parties. Our security measures are being further developed according to the state of the art.

Contact

If you contact us (e.g. via contact form, e-mail, telephone, social media), your personal details will be stored and processed by us for the purpose of processing your enquiry and, where applicable, related follow-up questions in accordance with Article 6 (1) b EU DS-GVO (in the context of pre-contractual/contractual measures) or Article 6 (1) f EU DS-GVO (general enquiries). We will not pass on this data without your respective consent.

The data provided by you will remain with us until you request us to delete it, object to its storage or until the purpose for which it was stored ceases to apply (i.e. after processing of your enquiry has been completed), provided that this does not conflict with any statutory storage obligations.

Dealing with photo and video recordings

If you have given us your consent to create and publish photographs or video recordings of yourself, this is done for the purpose of representing the company. The publication refers to our corporate communication in the press, on our website and on our company-owned social media pages as well as in print media (flyers, brochures, etc.). The information is passed on within the company, to commissioned printing service providers and advertising agencies, as well as publication on the Internet. No additional forwarding takes place without your consent. Your data will be deleted after revocation of your consent.

In accordance with Art. 7 Para. 3 EU DS-GVO, you have the possibility at any time to revoke your consent in writing without detrimental consequences for you and with effect for the future. Please contact the central data protection contact address given above in this regard.

Registration

If you register on our website in order to order goods, services and information in our online portal, personal data is collected. Registration enables access to services and contents that are only available to registered users. If necessary, registered users have the possibility to change or delete the data provided during registration at any time. Your data may be passed on to shipping and payment service providers commissioned by us to process your order. No further forwarding to third parties will take place. The processing of your personal data is carried out on the basis of contract processing (in accordance with Art. 6 para. 1 lit. b EU DS-GVO). These data will be deleted in accordance with the statutory storage obligations.

Third party content and services

On the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f EU DS-GVO, content, services and performances of other providers which supplement our offer are integrated within our online offer. By using the services listed below, we aim to ensure that our website is designed to meet the needs of our customers and is continuously optimised.

Google Maps

On our website we use the map service Google Maps to display maps. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. Google's server receives information about the use of our website. The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places indicated by us on the website.

You can find detailed information in the data protection center of google.de: Transparency and options http://www.google.de/intl/de/privacy/ and data protection regulations http://www.google.de/intl/de/privacy/privacy-policy.html. Google is also certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Links to third party websites

On the basis of our legitimate interest, it can happen that links to other providers which supplement our offer are included within this online offer. When calling up web pages referred to on this website, information such as name, IP address, browser characteristics etc. may be requested again. This privacy policy does not regulate the collection, transfer or handling of personal data by third parties. In this context, please note the special data protection declarations of the individual third-party providers and service providers whose links we include on our website.

Social media

We maintain publicly accessible online presences in social networks to communicate with the customers and interested parties active there and to present our services.

We point out that user data may be processed outside the European Union. Furthermore, user data is generally processed for market research and advertising purposes. To the best of our knowledge, the providers also use cookies to store your usage behaviour (also across different end devices). This enables targeted advertising to be played out within the framework of the own platform as well as on third party sites.

The processing of users' personal data is based on our legitimate interests in effective information of users and communication with users in accordance with Art. 6, Paragraph 1, Letter f. EU DS-GVO. If users are asked by the respective providers of the platforms to consent to data processing or if users voluntarily send information to our online presences, the legal basis for processing is Art. 6 Paragraph 1 lit. a EU DS-GVO in conjunction with Art. 7 EU DS-GVO. If that information contains contractually relevant content, Art. 6 (1) lit. b EU DS-GVO serves as the legal basis.

For a detailed presentation of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information of the providers.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. Should you nevertheless need help, please contact us.

• Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. Privacy policy: https://twitter.com/de/privacy. Opt-out: https://twitter.com/personalization. Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
• Xing: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Privacy policy / Opt-out: https://privacy.xing.com/de/datenschutzerklaerung.

Minors

Our online offer is basically aimed at persons of full age. Personal information of persons who have not yet reached the age of 16 may only be made available to us if the express consent of a parent or guardian has been obtained (Art. 8 EU DS-GVO). Processing without the consent of a parent or guardian is not permitted. We therefore reserve the right to delete all data relating to minors, unless we have the consent of a parent or guardian.

III. privacy policy of applicants

Purpose and legal basis for the collection and processing

Your data will be processed by us for the purpose of processing your application in accordance with Art. 88 EU DS-GVO in conjunction with § 26 BDSG-neu. If special categories of personal data within the meaning of Art. 9 Para. 1 EU DS-GVO are voluntarily communicated as part of the application procedure, they will also be processed in accordance with Art. 9 Para. 2 lit. b EU DS-GVO.

Recipient of your data

The recipients of your data are the departments involved in the human resources process (including human resources, managers and heads of department) of the responsible unit. Your data will be treated in strict confidence and will not be passed on to third parties without your respective consent. A transfer to third countries or international organisations is not intended.

Storage of your data

Your application data will be deleted 180 days after filling the position. If you are also interested in future vacancies, we need your written consent to store your application documents for a longer period. You can revoke this consent at any time for the future in accordance with Art. 7 para. 3 EU DS-GVO. To do so, please send an e-mail with a corresponding note to the contact address given above.

IV. Data protection declaration customers and suppliers

Purpose and legal basis for the collection and processing

In the first place, the data processing serves to establish, implement and terminate the contractual relationship. The primary legal basis for this is Art. 6 (1) lit. b EU DS-GVO. Without this type of use of your data, it is not possible to carry out the business relationship existing between you and us.

We also process your data on the basis of Art. 6 Para. 1 lit. f EU DS-GVO to protect our legitimate interests or those of third parties (e.g. public authorities). This may be necessary, for example:

• To maintain IT security and IT operations
• For purposes of corporate management, internal communication and other administrative purposes

In the context of accepting business cards, your personal data will be stored and processed by us for the purpose of subsequent contact in accordance with Art. 6 Para. 1 lit. b EU DS-GVO (in the context of pre-contractual/contractual measures) or in accordance with Art. 6 Para. 1 lit. f EU DS-GVO (general communication). We will not pass on this data without your consent.

In addition, we process your data to fulfil legal obligations, such as regulatory requirements, commercial and tax law storage obligations or documentation obligations. The legal basis for this is Art. 6 para. 1 lit. c EU DS-GVO in conjunction with the nationally applicable laws.

In individual cases, it may also occur that we process your data on the basis of your separately granted consent in accordance with Art. 6 Para. 1 lit. a, 7 EU DS-GVO (e.g. when you register for our newsletter or for events). You are always free to decide whether you wish to give your consent. Once you have given your consent, you can revoke it at any time with effect for the future. To do so, please use the link provided in the respective action or send corresponding inquiries to the contact address given above.

Should we process your personal data for a purpose not mentioned above, we will inform you in advance.

Recipient of your data

Within our company only those persons receive your personal data who need it to fulfil our contractual and legal obligations. In addition, in order to fulfil our contractual and legal obligations, we sometimes use different service providers, so that it may be necessary to transfer your personal data to other recipients outside the company, insofar as this is necessary to fulfil our contractual and legal obligations. These third parties may be, for example

• authorities (e.g. financial or other supervisory authorities)
• bank of the contracting party (SEPA payment medium)
• Producers / Manufacturers (suppliers)
• forwarders
• buyer / seller

In order to process your data technically, Living Bytes GmbH sometimes uses external service providers. We may transfer and process your data outside the country in which you have your residence / company headquarters or in one of the countries in which we operate. These may also be located outside the European Economic Area. If we transfer personal data to service providers or companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. You can also request detailed information by using the contact information above.

Storage of your data

We store your personal data only as long as they are necessary for the above-mentioned purposes. After termination of the contractual relationship, your personal data will be stored for as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and to retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods thereafter are up to ten years. In addition, personal data may be stored for the time during which claims against us can be asserted (statutory limitation period of three or up to thirty years).