Responsible for data protection
The controller responsible for data processing on this website is
Publk GmbH
Knesebeckstr. 59-61/61a, 10719 Berlin, Germany
E-mail address - no support for card users: info@socialcard.de
Telephone - no support for card users: 030 70010990
Overview of processing
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
Inventory data
Contact details
Content data
Usage data
Meta, communication and process data
Categories of affected persons
Communication partner
Users
Purposes of the processing
Contact enquiries and communication
Security measures
Managing and responding to enquiries
Feedback
Marketing
Provision of our online services and user-friendliness
Information technology infrastructure
Relevant legal bases
We process personal data on the basis of the following legal grounds: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), necessity for the fulfilment of a contract (Art. 6 para. 1 sentence 1 lit. b GDPR). Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile.
In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). The data protection laws of the individual federal states may also apply.
Security measures
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as it is no longer required to fulfil the purpose for which it was collected. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This applies, for example, to data that must be stored for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.
Our data protection notices may also contain further information on the retention and deletion of data, which apply primarily to the respective processing operations.
Use of cookies
Cookies are small text files that store and read information on end devices. They are used, for example, to save the login status, shopping basket content or content accessed. Cookies can also be used to ensure the functionality, security and convenience of online offers and to analyse visitor flows. We only use cookies that are absolutely necessary to provide our service.
Provision of the online offer and webhosting
We process users' data in order to provide them with our online services.
Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status); content data (e.g. entries in online forms).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing operations, procedures and services:
Provision of online services on rented storage space: We use storage space, computing capacity and software from server providers (web hosts); legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Collection of access data and log files: Access to our online offering is recorded in server log files. These contain, for example, the address and name of the websites and files accessed, date and time of access, data volumes transferred, browser type and version, operating system, referrer URL and IP addresses. This data serves the security and stability of the servers; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data that is required for evidence purposes is excluded from deletion until the incident has been clarified.
For the purpose of providing the online offer and web hosting, we obtain services in the area of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities) from the provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, which we use as a processor.
For the purpose of processing, we have concluded an order processing agreement with Hetzner Online GmbH in accordance with Art. 28 GDPR (AVV).
Contact and enquiry management
We use the service provider Zeus Prima d.o.o., Jelenovac 38 F 10 000 Zagreb, Croatia ("Zeus Prima"), which we use as a processor, to answer contact inquiries via e-mail and telephone about our services. When processing contact inquiries that a user has requested to be processed by a human being, we and Zeus Prima process the data of the requesting persons insofar as this is necessary to answer the support requests and any requested measures. Specifically, the following types of data are processed Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).
The processing takes place for the fulfillment of the contract and the processing of pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) as well as to safeguard our legitimate interest in proper communication with our users (Art. 6 para. 1 sentence 1 lit. f) GDPR).
For the purpose of processing, we have concluded an order processing agreement with Zeus Prima in accordance with Art. 28 GDPR (AVV).
To process contact enquiries and communicate with you, we use Freshdesk, a service provided by Freshworks, Inc, 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA ("Freshworks"), which we use as a processor. When contacting us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, we and Freshworks process the information of the enquiring persons to the extent necessary to respond to the contact enquiries and any requested measures. In detail, the following types of data are processed : contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time details, identification numbers, consent status).
The processing is carried out for the fulfilment of the contract and the processing of pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) as well as to safeguard our legitimate interest in proper communication with our users (Art. 6 para. 1 sentence 1 lit. f) GDPR).
For the purpose of processing, we have concluded an order processing agreement with Freshworks Inc. in accordance with Art. 28 GDPR (AVV).
During processing, personal data is transferred to the USA. This transfer takes place on the basis of the Commission's adequacy decision on the EU-US Data Privacy Framework. Freshworks is certified under the EU-US Data Privacy Framework.
Plugins and embedded functions and content
We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").
The integration of this content requires the processing of the user's IP address by the third-party provider. Without the IP address, the content cannot be sent to the user's browser. Third-party providers may also use pixel tags (invisible graphics) for statistical or marketing purposes. These pixel tags make it possible to analyse visitor traffic on our website. The information collected can be stored in cookies and combined with other data.
Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing operations, procedures and services:
Google Fonts
We use Google Fonts, a service of Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA ("Google") to integrate fonts. We do not transmit any personal data from Google. Google also does not use cookies. However, your browser will transmit your IP address to Google for technical reasons. This transmission takes place on the basis of the Commission's adequacy decision on the EU-US Data Privacy Framework. Google is certified under the EU-US Data Privacy Framework.
You can find Google's privacy policy here: policies.google.com/privacy, further information on data processing at Google Fonts can be found here: developers.google.com/fonts/faq.
Use of Google Maps
Our website uses Google Maps ("Google Maps"), a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to display interactive maps. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. This does not take place automatically, but only if the user actively clicks on it. Only through this conscious activation is data about the behaviour when using Google Maps transmitted to Google and processed by Google (2-clicks). If Google Maps is activated, Google may use Google Web Fonts for the purpose of standardising the display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
Google is responsible for processing your IP address and other usage data from Google Maps. You can find Google's privacy policy here: policies.google.com/privacy
Google also processes your data at Google LLC in the USA. Google LLC is actively certified under the EU-US Data Privacy Framework, which regulates the secure transfer of personal data from EU citizens to the USA.
The integration by us is based on our legitimate interests in being able to provide our users with the corresponding content and functionalities and to be able to operate our website economically and the fact that your legitimate interests do not outweigh this, Art. 6 para. 1 sentence 1 lit. f GDPR.
Friendly Captcha
We use Friendly Captcha (hereinafter referred to as "Friendly Captcha") on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
Friendly Captcha is used to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated programme. To do this, Friendly Captcha analyses the behaviour of the website visitor based on various characteristics. Friendly Captcha evaluates various information for the analysis (e.g. anonymised IP address, referrer, visit time, etc.). Further information on this can be found at: friendlycaptcha.com/legal/privacy-end-users/.
The data is stored and analysed on the basis of Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in protecting our website from abusive automated spying and SPAM.
For the purpose of processing, we have concluded an order processing agreement with Friendly Captcha GmbH in accordance with Art. 28 GDPR (AVV).
Smart dialogue platform from viind GmbH (chatbot)
We use the Smart Dialogue platform to provide you with information by means of a chatbot. The provider is viindGmbH, Leightonstraße 3, 97074 Würzburg.
In order to enable the use of the chatbot, the following categories of data must be processed: master data transmitted by you, message content and technical features such as your IP address.
This data is processed in order to process your messages and, if necessary, to be able to answer them automatically and to improve the quality of the chatbot.
The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b and f GDPR. Our legitimate interest lies in successively improving the functionality of the chatbot and being able to provide you with suitable answers to your enquiry as far as possible.
The above data can be stored for up to six months.
For the purpose of processing, we have concluded an order processing agreement with viind GmbH in accordance with Art. 28 GDPR (AVV).
Amendment and updating of the privacy policy
We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
If we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.
Rights of the data subjects
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR: Right to object (Art. 20 GDPR): You have the right to object to the processing of your data at any time. In the event of an objection, we will no longer process your data. An exception applies if there are compelling reasons worthy of protection that outweigh your interests.
Right to withdraw consent: You have the right to withdraw your consent at any time.
Right to information (Art. 15 GDPR): You have the right to request information about the personal data stored about you.
Right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR): You have the right to request rectification, erasure and restriction of processing of your data.
Right to data portability (Art. 20 GDPR): You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller.
Complaint to the supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.
The German version of this data protection declaration is the only legally binding version. Any translations provided are for information purposes only.
