We at THE NEW ATLANTIC take the protection of your personal data very seriously and we thus comply with the applicable data privacy regulations. Wherever personal data is collected, we only do so due to technical necessity. Under no circumstances will we sell data or make data available to third parties for any reason. .
This Data Privacy Declaration describes the form, scope and purpose of the processing of personal data (hereafter “data”) within our online offering and all connected websites, functions and contents as well as external online presences such as our social media profiles (hereafter collectively “online offering”). With respect to the terminology used, e. g. “processing” (“Verarbeitung”) or “controller” (“Verantwortlicher”), we refer to the definitions in Art. 4 of the German General Data Protection Regulation (GDPR; Datenschutzgrundverordnung DSGVO).
THE NEW ATLANTIC GmbH
Type of the data we process
- Inventory data (e.g. names, addresses).
- Contact data (e.g. email, phone numbers).
- Content data (e.g. text entries, photographs, videos).
- Usage data (e.g. websites visited, interest in content, access times).
- Meta and communication data (e.g. device information, IP addresses).
Categories of subjects
Visitors and users of our online offering (hereafter “user“).
Purpose of processing
- Providing our online offering, its functions and contents.
- Answering contact request and communication with users.
- Security measures.
- Measuring reach/marketing.
Definition of Terminology
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. .
‘Processing’ describes any operation or sequence of operations relating to personal data, which is carried out with or without the help of automated means. The term is very far-reaching and encompasses nearly all data handling.
‘Controller’ means the natural or legal person, public authority, agency, or other body, which, alone or jointly with others, determines the purpose and means of the processing of personal data.
Applicable Regulatory Basis
We hereby state the regulatory basis of our data processing in accordance with Art. 13 GDPR. The following applies if the regulatory basis is not mentioned in the data privacy declaration: The basis for lawfulness of the obtaining of consent is Art. 6 par. 1 lit. a and Art. 7 GDPR; the basis for the lawfulness of the processing to fulfill our services and perform contractual measures as well as answer requests is Art. 6 par. 1 lit. b GDPR; the basis for the lawfulness of the processing for fulfilling lawful obligations is Art. 6 par. 1 lit. c GDPR; and the basis for the lawfulness of the processing for the purpose of pursuing our legitimate interests is Art. 6 par. 1 lit. f GDPR. In case vital interests of an affected person or any other natural person makes the processing of personal data necessary, Art. 6 par. 1 lit. d GDPR serves as the basis for the lawfulness of such processing.
Cooperation with Processors and Third Parties
As far as we disclose, pass on or make data available to other persons or corporate entities (processors or third parties) within the scope of our processing, this only occurs on the basis of legal consent (e.g. if the conveyance of data to third parties, as for example payment providers, is necessary for the performance of a contract in accordance with Art. 6 par. 1 lit. b GDPR), your consent, or if a legal obligation hence requires us to do so or on the grounds of our legitimate interests (e.g. in working with commissaries, web hosters etc.).
Insofar as third parties are commissioned with the processing of data on the basis of a so-called “order processing contract” (“Auftragsverarbeitungsvertrag“), this is effected on the basis of Art. 28 GDPR.
Transfer to Third Countries
Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or insofar as this occurs within the scope of the utilization of third party services or the disclosure, res. Conveyance, of data to third parties, this occurs exclusively if it is necessary for the performance of (pre-)contractual obligations, on the basis of your consent, on the basis of contractual obligation or the basis of our legitimate interests. Pending legal or contractual consent, we process data or have data processed data in third countries only if special conditions of Art. 44 ff. GDPR apply. This means, the processing takes place on the basis of special guarantees, for example, as the officially recognized statement of a data privacy level comparable to the EU (e.g. the “Privacy Shield“ for the US) or the observance of officially recognized special contractual obligations (so-called “standard contract clauses“).
Rights of the Data Subject
You have the right to request a confirmation if the data specified are processed and to obtain information on these data as well as further information and a copy of the data in accordance with Art. 15 GDPR. .
According to Art. 16 GDPR you have the right to demand data affecting you to be completed you or to have incorrect data corrected.
According to Art. 17 GDPR you have the right to demand the immediate deletion of the respective data or alternatively to demand a limitation of the processing of data as detailed in Art. 18 GDPR.
You have the right to demand to obtain data concerning you, which you have provided on the basis of Art. 20 GDPR and request the conveyance to other persons responsible.
Furthermore, you have the right to lodge a complaint with the supervisory authority responsible on the basis of Art. 77 GDPR.
Right of Revocation
You have the right to revoke permissions granted in accordance with Art. 7 par. 3 GDPR with future effect. This right can be called upon especially with regard to direct advertising.
Cookies and Right of Revocation with regard to Direct Advertising
‘Cookies’ are small files that are saved onto the users’ computers. The information contained in a cookie differs. Its primary function is to retain information on the user (res. the device which the cookie is stored on) during or after the user’s visit to an online offering. Temporary cookies, also called ‘session cookies’ or ‘transient cookies’, are cookies that are deleted once a user leaves the online offering or closes the browser. Such cookies contain the content of a shopping cart or a login status. ‘Permanent’ or ‘persistent’ denotes cookies that are stored beyond the closing of the browser. By way of that, the login status, for example, can be retained for users when they return to the offering after a number of days. Besides that, such a cookie stores the user’s interests, which are used for reach measuring or marketing purposes. Cookies which are offered by suppliers other than the controller for the online offering, are called ‘Third-party Cookies’ (all other cookies correspondingly are called ‘First-party Cookies’).
We make use of temporary as well as permanent cookies and inform on this within the scope of this Data Privacy Declaration.
All data processed by us are deleted or restricted in their processing on the basis of Art. 17 and 18 GDPR. In as far as not detailed otherwise in this Data Privacy Declaration, all collected data will be deleted as soon as their are no longer necessary to serve the intended purpose and their deleting is not barred by any operation of law. If data are not deleted as they are required for other and lawfully acceptable purposes, their processing is restricted. This means the data are closed and will not be processed for other purposes. This includes e.g. data that must be stored due to trade or tax laws.
German laws stipulate storage for six years according to § 257 Par. 1 HGB (trade books, inventories, opening balances, annual financial statements, trade letters, journal vouchers etc.) as well as ten years according to § 147 Par. 1 AO (books, recordings, operating reviews, journal vouchers, trade and business letters, tax relevant documents etc.).
The hosting services we utilized serve the purpose of providing the following services: infrastructure and platform services, processing capacity, storage and data base services, security services as well as technical maintenance services which we employ in order to uphold this online offering.
To this end we, res. our hosting provider, processes inventory data, contact data, content data, contract data, usage data, meta and communication data of clients, interested parties and visitors of this online offering on the basis of our legitimate interest in an efficient and secure provision of this online offering in accordance with Art. 6 par. 1 lettewr f GDPR in conjunction with Art. 28 GDPR (Order Processing Contract).
Collecting Access Data and Log files
We, respectively our hosting provider, collects data pertaining to each access to the server which this service is hosted on, on the basis of our legitimate interests in the sense of Art. 6 par. 1 letter f GDPR (so-called Server log files). These access data include
- Name of the website visited,
- date and time of access,
- amount of data conveyed,
- choice of language,
- report of successful access,
- type of browser and version,
- the user’s operating system,
- referrer URL (the page visited previously),
- IP address as well as
- the inquiring provider.
For security reasons (e.g. in order to accommodate the clearance of abuse or fraud cases) log file information will be stored for a duration of no more than seven days and will then be deleted. Data that has to be stored further as it is required as evidence is exempted of this deletion until the case has been cleared.
When contacting us (e.g. through a contact form, email, phone, or social media) user information required to answer the contact request and the processing thereof are processed in accordance with Art. 6 par. 1 letter b) GDPR. User information may be stored in a customer relationship management system (“CRM System“) or a comparable request organization.
Requests will be deleted when they are no longer required. The requirements are reviewed in two year intervals; moreover, archiving regulations apply.
Google has been certified under the Privacy Shield agreement and thereby guarantees to comply with European Data Privacy regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information at our behest to evaluate our users’ usage of our online offering, to compile reports on the activities within our online offering as well as to provide additional services related to the use of this online offering and the internet. This entails the creation of pseudonymous user profiles.
We use Google Analytics only with IP anonymization activated. This means, Google will shorten the IP address of users within the member states of the European Union or other contract states of the agreement. Only in exceptional cases will the full IP address be conveyed to a server in the US to be shortened there.
Google will not merge the IP address conveyed by the user’s browsers with other data. By changing the setting in their browser software, users may prevent the storage of cookies; furthermore, users can prevent the capturing of data generated by the cookie regarding their use of the online offering and the processing thereof by downloading and installing the plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Opt-out cookies prevent the future collection of your data when visiting this website. In order to prevent the collection of data by Universal Analytics on different devices, you will have to carry out the opt-out on all systems used. By clicking here, the opt-out cookie is set: Deactivate Google Analytics
For further information on the use of data by Google, on setting and ways to opt-out, please visit the Google website: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services“), http://www.google.com/policies/technologies/ads (“Advertising“), http://www.google.de/settings/ads (“Manage information used by Google to show advertising”).
Online Presences in Social Media
We entertain presences in social networks and on platforms in order to communication with active clients, prospects and users. When accessing the networks and platforms the terms and conditions and data privacy regulation of the respective providers apply.
Unless stated otherwise in our Data Privacy Declaration, data of users who communicate with us through social networks and platforms will be processed; this includes content posted on our online presences or messages sent to us.
Incorporation of Third-Party Services and Content
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and the economical operations of our online offering in the sense of Art. 6 par. 1 letter f. GDPR) we make use of content and service offerings of third parties in order to incorporate their content and services as e.g. videos or type fonts (hereafter “content”) .
Prerequisite to this is the perception of users’ IP addresses by these third parties as sending content is not possible without the IP address. The IP address is critical in the representation of the content. We strive to use only content by providers who use this IP address for the sole purpose of delivering their content. Third-party providers may also use so-called pixel tags (invisible graphics also called “web beacons”) for statistical purposes and marketing usage. Pixel tags allow the analysis of information such as visitor traffic on the website. These pseudonymous information may furthermore be stored in cookies on the users’ device and, among other things, may contain technical information about the browser, the operating system, referral pages, visiting time as well as additional data on the use of our online offering; it may also be connected with such information from other sources.
We incorporate videos of the platform “YouTube” by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The respective data privacy declaration is available here: https://www.google.com/policies/privacy/, you can opt-out here: https://adssettings.google.com/authenticated.
We incorporate maps by the “Google Maps“ services of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The respective data privacy declaration is available here: https://www.google.com/policies/privacy/, you can opt-out here: https://adssettings.google.com/authenticated.
This data privacy declaration was created with the help of the “Data Privacy Generator“ (Datenschutz-Generator) of RA Dr. Thomas Schwenke, Att.