Data protection policy
You can find the name and address of the controller in this website’s imprint.
Contact details for the Data Protection Officer
Internal Data Protection Officer for the controller:
Mrs Christiane Meyer
This data protection statement describes how your personal data is collected, used, shared, stored and protected. It applies to any RTO GmbH website on which the footer refers to this data protection policy, and to any applications, services and tools that refer to this data protection policy, regardless of how you access or use the services, including access from mobile devices.
By using our websites, our advertising services and our services, you accept this data protection policy and explicitly agree to the collection, use, storage and protection of your personal data in accordance with the descriptions given in this data protection policy.
We only collect and store personal data if this is absolutely necessary. We comply with the European General Data Protection Regulation (EU GDPR) and the Telemedia Act (Telemediengesetz, TMG) when collecting, processing, using and sharing your personal data. We will inform you about what type of data is collected and for what purposes it is collected below:
Security of your data
By using all technical and organisational security measures, your personal data that has been provided to us is secured in such a way that it cannot be accessed by unauthorised third parties. We recommend that you send very sensitive data or information by post, as complete data security cannot be guaranteed by email.
1. Handling client data
Personal data, with particular reference to the name, address, telephone number, email address and images, is only obtained and processed if you share this information voluntarily, e.g. within the scope of a request, ad placement or other commissioning. Data is stored in our client systems that cannot be accessed by unauthorised third parties. We only share this data with third parties if this is required to fulfil our contractual services. Regular separate consent is required from the data subject for any additional use of personal data, and for the collection of additional information.
With respect to commissioned placement of advertising, our advertising clients’ personal information may be published on Twitter. This automated process is part of our additional contractual services and serves the purpose of promoting our clients within an advertising context.
Twitter is a service from the American company Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ('Twitter’). However, not all data provided to RTO GmbH when placing orders and placing advertisements is sent to Twitter. The main information shared includes names, advertising images, advertising text, news and time of publication. A link to advertisements from our website will then be placed on Twitter or other websites that have content created by them. We do not share any other contact details with Twitter, i.e. no postal addresses, telephone numbers or email addresses.
As an American company, Twitter is not subject to the European General Data Protection Regulation. However, Twitter has also updated its data protection policy with effect from 25/05/2018 and based on this, your data will not be shared with third parties.
You can find more information about how Twitter uses data, settings, and options to object, on Twitter’s website by clicking on the following link: https://twitter.com/de/privacy#update
Legal basis for processing
All client data is collected and stored on the basis of your consent within the meaning of Article 6 Paragraph 1 Letter a) of the GDPR in connection with Article 9 Paragraph 1 and Article 9 Paragraph 2 Letter a) of the GDPR. This data is also processed within the scope of fulfilling our contractual services within the meaning of Article 6 Paragraph 1 Letter b) of the GDPR. Exceptions apply if data processing is permitted by law.
Once an order is placed, you will receive a link from us by email, which is valid for a period of 48 hours. You can provide us with the required consent to collecting and storing your personal data by clicking on this link. If the link is not clicked on within 48 hours, we will send a reminder by email. The email is sent to the address provided by you in your initial enquiry or when placing the order. You must ensure that this email address is correct. Client consent to data processing for contractual purposes shall be considered to be given as soon as the box for linking is ticked. In particular, as part of this process, we store your master data (name, address, email address, telephone number, images) as well as otherclient data given about you personally. We also have automatic access to the following data, which we do not store unless we require it to fulfil our contractual services:
- Your browser data (browser type and version)
- MAC address
- IP address
- Operating system and device information and other deducible user data
In accordance with Article 6 Paragraph 1, Letter a) of the GDPR, your consent is required to lawfully process personal data. If you do not give us the required consent on the basis of the process outlined above, we store your personal data on the basis of Article 6 Paragraph 1 Letter b) of the GDPR as a minimum, in order to fulfil our contractual duties.
Data storage period
Once the contract has been completely processed, which normally comes to an end once the advertisement has been placed, we will remove the publicly available data from our website. Data is only stored in our client system for as long as it is required for its contractual purpose. With a view to repeated follow-up orders, the data is stored in our company’s client system until your consent is withdrawn.
Your data is only provided on technically linked third-party pages or RTO GmbH subpages until you object to it being published on these pages.
We cannot guarantee complete data security from the time your data is published. In particular, due to the numerous times third parties access our website, we cannot rule out that the information you have provided (in particular address, telephone number, names, images, etc.) may be copied, reproduced, saved or shared.
Options to object
If there are no necessary reasons that relate to a business transaction, you can withdraw the consent you have previously given for your personal data to be stored at any time in writing (e.g. by email or by fax), with immediate effect(pursuant to Article 21 of the GDPR). To guarantee data security for our clients, it is required that withdrawing persons authenticate themselves using valid proof of identification. Your personal data (telephone number, email address, residence, images, advertising text) is then deleted from our system without undue delay - taking into consideration retention periods under tax law and commercial law.
You can also communicate important changes to your data in writing. Based on applicable law, you can ask us at any time whether and what personal data is stored by us. A relevant message concerning this will be sent to you promptly on request.
2. Handling access data and server log files
Whenever our website is accessed and retrieved, your browser transmits the content provided, which is automatically collected by our system.
Legal basis for processing
The legal basis for collecting and temporarily storing data and log files is Article 6 Paragraph 1 Letter f) of the GDPR. When visiting and using our website, you agree to data collection and temporary storage.
Data transfer and recording
The following data is sent and automatically collected each time the website is accessed:
- browser type and version;
- operating system used;
- IP address and requesting machine;
- time and date of access;
- client file request (file name and URL);
- volume of data transferred;
- notification of whether access was successful; and
- name of your internet service provider.
The data is stored in our system’s log files. This data is not stored together with other user personal data.
Purpose of data processing
It is necessary for the system to temporarily store the IP address to allow the website to be provided on the user’s computer. The user’s IP address must be stored for the duration of the session.
In specific cases, this data is also stored for statistical purposes. It is not otherwise used or shared with third parties, nor is it used for commercial or non-commercial purposes. We reserve the right to subsequently review the data listed if we suspect any unlawful use of our website.
Information is stored in log files to guarantee the functionality of the website. Data is also used to optimise the website and to guarantee the security of our IT systems. We also have a legitimate interest in data processing for these purposes under Article 6 Paragraph 1 Letter f of the GDPR.
Data storage period
Access data is deleted as soon as it is no longer required to achieve the purpose of collection. If data is collected in order to make the website available, it is deleted when the session ends.
If data is stored in log files, it is deleted after a maximum of seven days. Further storage is possible. In this case, the users’ IP addresses will be distorted so that it is no longer possible to associate them with the requesting client.
Option to object and option of disposal
It is necessary for data to be collected and stored in log files in order to operate the website. As a result of this, the user has no option to object.
The following note provides information about the content of our newsletter, the registration and mailing process and your rights to object as a recipient. By subscribing to our newsletter for free, you are declaring that you agree to receiving newsletters and that you agree to the processes of our newsletter system.
Legal basis for processing
Consent to receiving newsletters by email is given on the basis of Article 6 Paragraph 1 Letter a) of the GDPR and Section 7 Paragraph 2 No. 3, and Paragraph 3 of the German Act Against Unfair Competition (Unlauterer Wettbewerbs-Gesetz, UWG). Using mailing service providers, carrying out statistical analyses and recording the registration process are all based on Article 6 Paragraph 1
Letter f) of the GDPR. We strive to use a secure, user-friendly system that meets your expectations as the recipient of our newsletter.
We only send newsletters, emails and other electronic communications with advertising content (hereinafter 'newsletters’) with the recipient’s consent. Our newsletter in particular includes information aboutspecial discounts, vouchers, competitions, photo and video updates and all news and/or announcements of new clubs, ladies or events. Normally, newsletters are only sent by email to the email address given by the subscriber.
Opt-in and recording
Newsletter registration follows a 'double opt-in’ process. This means that once you have registered, you then receive an email that asks you to confirm your registration. This confirmation is necessary so that it is not possible to register using someone else’s email address.
Newsletter registrations are recorded so that it is possible to evidence that the registration process followed legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to the data stored about you by the respective service provider are also recorded. Otherwise, your email address will only be stored in addition to thename given if you add a name as part of voluntarily disclosing information.
Third-party service providers for newsletter mailing
Newsletter mailing was developed by us and is normally carried out directly by our company. However, we reserve the right to use other newsletter mailing services from third-party providers. Of course, if this is the case, we will make a careful selection and only use services that securely process your data in accordance with the current EU data protection regulations.
Within the scope of newsletter subscriptions, only your email address and other data automatically collected by our system is stored on the servers of third-party service providers.. This data is used to send and evaluate newsletters. Otherwise, third-party service providers may use this information to improve their own services, e.g. to optimise mailing from a technical perspective, or to visually improve how the newsletter is displayed. Data is stored for economic purposes, for example to determine the country in which each recipient is based. However, third-party service providers do not use your data to write to you as a newsletter recipient directly or share this information with third parties.
We will only use newsletter mailing platforms that are subject to the EU’s GDPR data protection regulations. We rely on the reliability and the IT security and data security of the third-party service providers carefully chosen by us.
Purpose of data processing
When subscribing to our newsletter, technical information and data is accessed by third-party provider servers. This particularly includes your email address, your IP address, the time of access, as well as information about your systemand your browser. Service improvements can be made and content adapted based on the reading habits and access locations/access times gained from this. Statistics are also compiled concerning whether and when the newsletter was opened and what links were clicked on.
Users’ email address are collected in order to send the newsletter. If you provide a name - which is given on a voluntary basis - it is used to address the newsletter subscriber.
You only need to provide your email to register for free newsletters. This information is only used to personalise the newsletter. You may provide your name, but this is not mandatory.
We only use information to adapt the newsletter’s content to our readers’ interests.
Data storage period
Data is deleted as soon as it is no longer required to achieve the purpose of collection. Accordingly, the user’s email address is stored for as long as the newsletter subscription is active.
Option to object
Please note that you can object to the future processing of your personal data for the purposes of receiving newsletters at any time in accordance with legal provisions (pursuant to Article 21 of the GDPR ). Your consent to communications sent via third-party providers and statistical analyses is also withdrawn at the same time. You can find a link to unsubscribe at the end of each newsletter. Otherwise, it is sufficient to send written termination by email. You can also object to processing especially for the purposes of direct marketing.
4. Handling registrations, contact forms and posts
If there is a contact form on our website, or if you have the option of registering or setting up a user account, the personal data provided in the form as part of such a process (in addition to the technical datacollected automatically) will be transmitted to us and stored. This is generally:
- name and surname (if provided);
- postal address (if provided);
- telephone number (if provided);
- email address (if provided);
- bank details (if provided); and
- other personal data that is required for applications, login areas, order forms or registrations.
Data is only used to process the conversation. In principle, data is only stored by RTO GmbH and not shared with third parties. If it relates to a user request that concerns an advertiser’s advertisements, the personal data given as part of a contact form, including the body of the message, is shared with this advertiser for the purposes of making contact.
We send your data to advertisers in a way that is secure and do not share it to other third parties without your prior consent. Please also review the respective data protection provisions for the advertiser, as we cannot control whether and for what purposes your data is stored by third parties.
Legal basis for processing
The legal basis for data processing is the presence of user consent pursuant to Article 6 Paragraph 1 Letter a) of the GDPR.
The legal basis for processing data determined when sending an email is Article 6 Paragraph 1 Letter f) of the GDPR. If the aim of email communications is to conclude a contract, the additional legal basis for processing is Article 6 Paragraph 1 Letter b) of the GDPR.
Purpose of data processing
Personal data from the form is only processed in order to process the request. If contact is made by email, there is also a legitimate interest in processing the data.
Personal data processed as part of logins, applications or the use of our contact form during the sending process, serves to prevent the contact form from being misused, and to guarantee the security of our IT systems. The IP addressis only stored for the purposes of the legal requirements we must adhere to as the operator of the website. We must be able to verify your IP address so thatthis can be reviewed if there are any criminal proceedings. It is also a requirement for this data to be collected for us to be able to offer our goods or services at all.
Your login details are only used for the purposes of internal analysis, e.g. the statistical evaluation of user behaviour. Of course, this data is not shared with third parties without your consent unless we are legally obligated to do so or if data must be shared to clarify a legal violation.
Online comments or posts are published either using the real name that has been registered (name and surname), or a pseudonym (nickname) chosen by the author of the comment. As such, your full name can only be viewed by other users if you have entered it as your username when registering. If you don’t want your real name to be published, we recommend that you choose a pseudonym.
You can find features and regulations for applying for, registering and choosing usernames on our site ladies-forum.de via the following link: https://www.ladies-forum.de/regeln.php
Data storage period
Data is deleted as soon as it is no longer required to achieve the purpose of collection. This is generally the case for data collected during the registration process if registration on our website is cancelled or changed.
Even after the registration process, it may be necessary to store the contracting partner’s personal data in order to comply with legal obligations.
Options to object
The user is entitled to object to the use of personal data at any time(pursuant to Article 21 of the GDPR). This particularly includes the name, email address and other personal user data. In order to do so, it is sufficient to send an email to the email address given in the imprint, or to the Data Protection Officer:
RTO GmbHHanauer Landstr. 439
60314 Frankfurt am Main Telephone: 069-42085- Email: datenschutz@rto .de
All personal data stored when contact is made will then be deleted. This means that the conversation cannot be continued.
5. Content and services from third-party providers
You will also receive offerings or services from third-party providers on this website. As an example, this may be maps provided by Google Maps, YouTube videos, banner placements from SolAds or other external images. As soon as you use these services from third-party providers on our website, your IP addresswill be collected for technical reasons. The third-party provider will therefore be able to store your IP address.
Unfortunately, we have no control over which third-party providers actually store your IP address, whether for statistical purposes or other purposes we are unaware of. We will endeavour to only include providers that do not use IP addresses for any reason other than providing content. Please also review the respective privacy policies of individual third-party providers and service providers whose services we use on our website.
The IP address must be stored for at least a short period of time for technical reasons concerning internet functionality. However, before sending to third-party providers, IP addresses are truncated to 1 byte and only further processed anonymously. IP addresses are not sent to third-party providers if they are not truncated.
We use reCAPTCHA on our website, a service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter 'Google’). The service has a function that we can use to help us distinguish whether information has been correctly input by a person or whether it has been automatically input by a computer program using automated program sequences. When the request is made, your IP address and other data required for this service is sent to Google.
Google uses the information for evaluation purposes. Your IP address, sent from your browser as part of the reCAPTCHA service, will not be merged with other Google data.
Data collection by Google is subject to the company’s deviating data protection policy. You can find more information about Google’s data protection policy here:
We use 'Google Webfonts’ from Google on our website. This is a free offering of open-source fonts. These web fonts are integrated using a server call. This server is a Google server based in the USA. Through this process, technical information can be sent to Google, including your browser’s IP address, etc.
Google uses the information for evaluation purposes. Your IP address, sent from your browser as part of the Google Webfonts service, will not be merged with other Google data.
You can find more information about Google Webfonts and Google’s data protection policy by clicking on the following links:
We use the service Google Maps from Google. If you use Google Maps on our website, information input into forms (e.g. location, address, etc.), information about your use of this website and your IP address may be sent to a server in the USA and stored on this server.We do not know the exact content of the data transmitted and to what extent it is used by Google. Google LLC. denies that data is linked to information from other Google services. However, the company may share information with third parties or use it to identify individual users. It is therefore possible that Google LLC. may process personal data and personality profiles for users, over which we have no control.
By using our website, you explicitly agree to Google LLC. collecting and processing information in the above-mentioned manner.
You can find more information about Google Maps and Google’s data protection policy by clicking on the following links:
We use a service from SolAds Media GmbH, Ackerstraße 35, 10115 Berlin (Germany) on our website. SolAds Media GmbH is a marketer of online advertising space on mobile and stationary end devices, and we only use the service for banner placement.
Through this process, technical information can be sent to SolAds, including your browser’s IP address, etc.
We do not know the exact content of the data transmitted and to what extent it is used by SolAds. However, SolAds Media GmbH denies that data is linked to information from other SolAds services.
You can find more information about how SolAds uses data, settings, and options to object, on SolAds Media’s website by clicking on the following link:http://www.solads.media/imprint.php
We use a service from Campoint AG, Dr.-Hermann-Neubauer-Ring 32 , 63500 Seligenstadt (Germany) on our website. Campoint AG is a service provider in the area of supporting online portals.
When using the webcams, personal, sensitive data, as well as technical information may be sent to the company. This in particular includes webcam recordings, images, screenshots, video clips and individual sequences. Your browser’s IP addressis also shared with Campoint AG. The IP address must be stored for at least a short amount of time for technical reasons concerning internet functionality.
We do not know the exact content of the data transmitted and to what extent it is used by Campoint. However, Campoint AG denies that data is linked to information from other Campoint services.
You can find more information about how Campoint AG uses data, settings, and options to object, on Campoint’s website by clicking on the following link: https://www.campoint.net/impressum
We use a service from CAM-CONTENT S.L., Carrer del Rossinyol 6, E-03730 Javea (Spain) on our website. CAM-CONTENT S.L. is a provider in the area of webcam erotica.
When using the live cam system from CAM-CONTENT S.L., personal, sensitive data, as well as technical information may be sent to the company. This in particular includes webcam recordings, images, screenshots, video clips and individual sequences. Your browser’s IP addressis also shared with CAM-CONTENT S.L.
We do not know the exact content of the data transmitted and to what extent it is used by CAM- CONTENT S.L. However, as a Spanish company, CAM-CONTENT S.L. is subject to the European General Data Protection Regulation and is therefore not entitled to share or store your data with third parties without your consent.
Legal basis for processing
Purely technical requests from reCAPTCHA, the use of Google services and the use of providers such as SolAds Media GmbH, Campoint AG and CAM-CONTENT S.L., are all based on legitimate interests pursuant to Article 6 Paragraph 1 Letter f) of the GDPR.
Personal user data is processed and transmitted to Campoint AG and CAM-CONTENT S.L. based on your consent. By using these services, you agree to data collection and the sending of data, with particular reference to personal, sensitive data and information, pursuant to Article 6 Paragraph 1 Letter a), Article 6 Paragraph 1 Letter b) of the GDPR.
Options to object
If you do not agree to personal, sensitive data being transmitted, you must not use any of our services that relate to Campoint AG and CAM-CONTENT S.L. We cannot determine whether and which webcam recordings are sent to the providers.
If you use one of these services and want to object to personal user data being shared with third- party providers, you can send us an email to the email address given in the imprint:
RTO GmbHHanauer Landstr. 439 60314 Frankfurt am Main Telephone: 069-42085- Email: email@example.com
The objection is based onArticle 21 of the GDPR. Please note this will mean that webcam services will no longer be able to be used.
Purely technical data, e.g. your IP address, is automatically transmitted for technical reasons. However, before any processing takes place, IP addresses are truncated to 1 byte and are only further processed anonymously. There is no right to object against the IP address being stored for at least a short period of time as this is required for technical reasons.
Our website uses Google Analytics functions from Google.
Legal basis for processing
Website analysis services used to improve efficiency on our website, e.g. Google Analytics, operated by Google LLC., requires personal data relating to website visitors to be shared with third- party providers.
Measurement using Google Analytics from Google LLC. is carried out based on legitimate interests pursuant to Article 6 Paragraph 1 Letter f) of the GDPR. The legal basis for using third-party cookies is Article 6 Paragraph 1 Letter f) of the GDPR.
Using data and the purpose of processing
Google Analytics uses 'cookies’. Cookies are small text files that are saved on your computer that allow website use to be analysed. Information collected by the cookie about your use of this website, and the IP address sent by your browser, is sent to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports about website activities for the website operator, and to provide other services to us that relate to website and internet use.
In doing so, pseudonym user profiles may be created with the processed data. Google will also share this information with third parties if this is required by law or if third parties process this data by order of Google.
Please note that we only use Google Analytics with the 'anonymizeIP()’ extension (active IP anonymisation). This means that users’ IP addresses are truncated by Google within European Union Member States or in other signatory states to the Agreement on the European Economic Area. _This guarantees that your IP address is masked so that all data is collected anonymously. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. The IP address sent from the user’s browser will not be merged with other Google data. It is therefore not possible to relate it to a specific person.
By using our website, you agree to the data collected relating to you being processed by Google in the above-mentioned manner and for the above-mentioned purposes.
You can find more information about how Google uses data for advertising purposes, settings options, and options to object, on Google’s web pages via the following links:
https://www.google.com/intl/de/policies/privacy/partners/ ('How Google uses information from sites or apps that use our services’),
Option to object
You can object to data collection and data storage by Google Analytics at any time with future effect(pursuant to Article 21 of the GDPR). You also have the option of installing a browser plug-in from Google. This is available for various browser versions and can be downloaded and installed at
. Alternatively, you can prevent cookies from being installed by changing your browser settings accordingly.
However, please note that if you do so, you may not be able to use all of this website’s functions properly.
➢Using the Scalable Central Measurement System (Skalierbares Zentrales Messverfahren, SZMnG)
Our website uses a measurement system ('SZMnG’) from INFOnline GmbH (https://www.INFOnline.de) to determine statistical parameters relating to the use of our website. The objective of use measurement is to statistically determine the number of visits to our website, the number of website visitors and visitors’ surfing behaviour - based on a standardised system - and thus to obtain comparable values across the market.
With respect to any digital websites that is a member of the German Audit Bureau of Circulation (Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V., IVW –http://www.ivw.eu)) or that takes part in studies by the Working Group for Online Media Research (Arbeitsgemeinschaft Online-Forschung e.V., AGOF -http://www.agof.de),,) use statistics are regularly further processed for reach by the AGOF and the Working Group for Media Analysis (Arbeitsgemeinschaft Media-Analyse e.V., agma -http://www.agma-mmc.de)) and published using
the performance value 'unique user’, and published by the IVW using the performance values 'Page Impression’ and 'Visits’. These reaches and statistics can be viewed on the respective websites.
Legal basis for processing
Measurement using the SZMnG measurement system from INFOnline GmbH is carried out on the basis of legitimate interests pursuant to Article 6 Paragraph 1 Letter f) of the GDPR.
Purpose of processing
The purpose of processing personal data is to compile statistics and to form user categories. Statistics are used to be able to understand and evidence how our website is used. User categories form the basis of interest-based targeting for advertising material and/or advertising campaigns. Use measurement that guarantees comparability with other market players is key in marketing this website. Our legitimate interests are based on the economic usability of the findings from the statistics and user categories, and the market value of our website - including direct comparison with third-party websites - which can be determined from the statistics.
In addition, we have legitimate interests in providing pseudonymised data to INFOnline, the AGOF and the IVW for the purposes of market research (AGOF, agma) and for statistical purposes (INFOnline, IVW). We also have legitimate interests in providing pseudonymised data to INFOnline to further develop and provide interest-based advertising material.
Type of data
INFOnline GmbH collects the following data, which can be used to identify a person pursuant to the EU GDPR:
- IP address: Any device requires a unique address, an 'IP address’ to send data over the internet. The IP address must be stored for at least a short period of time for technical reasons concerning internet functionality. Before any processing takes place, IP addresses are truncated to 1 byte and are only further processed anonymously. IP addresses are not stored or further processed if they are not truncated.
- A randomly generated client identifier: reach processing either uses a cookie with the 'ioam.de’ identifier, a 'local storage object’ or a signature created using a variety of information automatically sent from your browser, in order to recognise computer systems. This identifier is unique to a browser provided that the cookie or local storage object has not been deleted. As such, it is only possible to measure data and then assign it to the respective ClientIdentifier if you access other websites that also use the SZMnG measurement system from INFOnline GmbH. The validity of cookies is limited to a maximum of 1 year.
The measurement system from INFOnline GmbH, which is used on this website, identifies use data. This identification happens so that the performance values of Page Impressions, Visits and Clients are collected and other parameters can be formed using these (e.g. qualified clients). The data measured can also be used as follows:
'Geolocalisation’, i.e. the assignment of website access to the location of access, only takes place on the basis of anonymised IP addresses and only to the geographical level of the federal state/region. No conclusions can be drawn about the specific location of a user based on the geographical information obtained.
The use data for a technical client (e.g. a browser on a device) is compiled across websites and stored in a database. This information is used for technically assessing social information - age and gender - and is sent to AGOF service providers for further reach processing. As part of the AGOF study, and using a random sample, social attributes are technically assessed, which relate to the following categories: age, gender, nationality, occupation, family status, general information about the home, household income, place of residence, internet use, online interests, location of use, user type.
Data storage period
INFOnline GmbH does not store full IP addresses. Truncated IP addresses are stored for a maximum of 60 days. Use data is stored together with unique identifiers for a maximum of 6 months.
The IP address and the truncated IP address are not shared. Data with client identifiers is sent to the following AGOF service providers to compile AGOF studies:
- Kantar Deutschland GmbH (https://www.tns-infratest.com/)
- Ankordata GmbH & Co. KG (http://www.ankordata.de/homepage/)
- Interrogare GmbH (https://www.interrogare.de/)
You can find more information about data protection in the measurement system on INFOnline GmbH’s website (https://www.infonline.de), which is the party that operates the measurement system, the AGOF’s data protection page (http://www.agof.de/datenschutz) and the IVW’s data protection page (http://www.ivw.eu).
If you do not want to take part in measurement, you can object by clicking on the following link:
For technical reasons, a cookie must be used to guarantee that measurement does not take place. If you delete cookies from your browser, you must repeat the opt-out process by clicking on the above link.
➢External payment providers
You have the option of choosing from a number of different payment methods on our website. We generally offer payment by instant transfer, payment on account, payment in cash, and a number of payment services from third-party providers. As part of payment processing and the related ID and credit check, you are generally required to provide personal data. Information provided by you via forms is sent to us and stored by us. This is generally:
- name and surname;
- address or postal address;
- date of birth;
- email address;
- telephone number; and
- bank details.
Legal basis for the processing
We store all data sent to us within the scope of payment processing based on your consent within the meaning of Article 6 Paragraph 1 Letter a of the GDPR. This data is also processed within the scope of fulfilling our contractual services within the meaning of Article 6 Paragraph 1 Letter b of the GDPR.
As the aim of payment processing is also to conclude a contract, the additional legal basis for processing is Article 6 Paragraph 1 Letter b of the GDPR.
Purpose of data processing
This data must be provided so that orders can be processed. Your data is also used to check your address and to be able to draw conclusions about your previous payment behaviour as a buyer. Depending on the payment option chosen, data is automatically sent to the respective third-party provider’s server and used there for the purposes of analysis and evaluation. In doing so, third-party service providers may collect probability values for this payment behaviour, based on a scientifically proven statistical system. Address details may also be used by third-party providers for this purpose, particularly if they find that you have not passed the credit check.
Option to object
You can object to data collection and data storage at any time(pursuant to Article 21 of the GDPR). However, please note that in this case, you may not be able to use all of the payment methods we offer. It is not possible to make payments without data being collected.
6. SSL encryption
Our website is encrypted using 'SSL processes’ (Secure Socket Layer) to allow our users’ confidential and personal content and personal data to be securely transmitted. Data that is encrypted using SSL cannot be read by third parties. You can recognise SSL encryption by 'https://’ being shown in the browser line.
7. Using cookies
We use 'cookies’ to make our web pages more effective, secure and user-friendly, and to make using our website easier. Cookies are small text files that are placed on your computer’s hard drive.
If a user accesses a website, a cookie may be saved on the user’s operating system. This cookie contains a character string that allows the browser to be uniquely identified when the website is accessed again.
Legal basis for processing
The legal basis for processing personal data when using cookies for analytical purposes - based on consent given by the user - is Article 6 Paragraph 1 Letter a) of the GDPR. The legal basis for processing personal data when using cookies required for technical purposes is Article 6 Paragraph 1 Letter f) of the GDPR.
We therefore only use the data collected by cookies to optimise advertising, to restrict the repetitiveness of advertisements, to show content and advertisements that are in line with your interests, to form anonymous user groups based on interests and for statistical evaluation, in order to be able to better adapt our website to our users’ interests.
Option to object
If you do not agree to us using cookies, you can prevent your interests from being stored and used(pursuant to Article 21 of the GDPR). Most browsers automatically accept cookies by default. However, you can deactivate cookies being saved or change your browser settings such that you a notified if cookies are sent.
Please note that it may then only be possible to use our website in a restricted way as a result of the above-mentioned settings.
8. Links to other websites
Our website may include links to other websites (with particular reference to client homepages) and/or other services such as Facebook, Twitter, Google+ and YouTube. In this respect, the data protection provisions for the respective provider of the website and/or services apply. We have no control over whether these providers comply with data protection regulations.
Legal basis for processing
The legal basis for processing data collected within the context of registration, login or another form of input, and sharing it with services from such third-party providers via a link is Article 6 Paragraph 1 Letter a) of the GDPR. By providing data, the user consents to data processing and sharing.
Purely technical requests are made on the basis of legitimate interests pursuant to Article 6 Paragraph 1 Letter f) of the GDPR.
Links to social network services such as Facebook, Google+, Instagram and micro-blogging service Twitter are used on our website. These services are provided by the companies Facebook Inc., Google LLC, Twitter Inc. and Instagram LLC ('providers’).
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ('Facebook’). You can find an overview of Facebook plug-ins and their appearance here: https://developers.facebook.com/docs/plugins
Google+ is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ('Google’). You can find an overview of Google plug-ins and their appearance here: https://developers.google.com/+/web/
Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ('Twitter’). You can find an overview of Twitter buttons and their appearance here: https://publish.twitter.com/#
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ('Instagram’). You can find an overview of Instagram plug-ins and their appearance here:http://blog.instagram.com/post/36222022872/introducing-instagram-badges
The above-mentioned social plug-ins are not directly embedded into our website; instead, there is solely a link to the respective services for the above-mentioned network providers. As such, if you click onto a page on our website that contains such a link, your browser will not establish a direct link with Facebook, Google, Twitter or Instagram servers. This means that no information (including IP addresses) can be sent to the providers in the USA.
The providers may only directly associate the visit to our website with your Facebook, Google+, Twitter or Instagram profile if you are signed into the service. The information and data (including your IP address) will then be directly sent from your browser to the respective provider’s server in the USA and stored there.
You can find the purpose and scope of data collection and further processing and use of the data by the specified provider, as well as your rights and settings options for protecting your privacy, in the respective provider’s data protection policy.
Facebook’s data policy:http://www.facebook.com/policy.phpGoogle’s buttons policy:http://www.google.com/intl/de/+/policy/+1button.htmlTwitter’s data protection policy: https://twitter.com/privacy
Instagram’s data protection policy: https://help.instagram.com/155833707900388/
Options to object
Please note that you can object to the future processing of your personal data at any time in accordance with legal provisions (pursuant to Article 21 of the GDPR ).
If there is simply a link to third-party provider services, there is no option to object as no personal data is processed through this process.
9. Sharing personal data with third parties
Data is only shared with third parties to the extent outlined in the previous clauses and within the scope of the purposes outlined there. Additional data is not shared without your prior explicit consent. However, we reserve the right to share your data with third parties without consent if this is required in order to protect against risks to public order or prosecution. Of course, data is only shared on the basis of an existing authorisation from the requesting party. If one of the latter grounds exists, the personal data provided by you is shared, particularly with law enforcement authorities and supervisory authorities.
Your personal data is not further shared with third parties, and is particularly not shared for advertising purposes. As such, we will not use the data provided by you for advertising or marketing campaigns and will also not sell it to third parties, unless you have given your prior explicit consent for us to do so.
10. Data subject rights
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have a number of rights with respect to the controller (RTO GmbH):
Specifically, data subjects are particularly users/visitors to our website, registered persons, buyers and clients or other persons whose personal data we collect, process and/or store. The data subject has the following rights:
- Right of access (Article 15 of the GDPR )
i.e. you can request confirmation from us at any time as to whether or not we process personal data that relates to you
- Right to rectification (Article 16 of the GDPR )
i.e. you have the right to rectification and/or completion if the personal data processed that relates to you is incorrect or incomplete. The controller must make the rectification without undue delay.
- Right to object (Article 21 of the GDPR )
You have the right to object to the processing of personal data relating to you at any time for reasons relating to your particular situation, which is based on Article 6 Paragraph 1 Letters e or f of the GDPR; this also applies to profiling based on those provisions.
- Right to erasure (Article 17 of the GDPR )
You can request that the controller erases personal data relating to you without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- Right to restrict processing (Article 18 f. of the GDPR )
Under certain conditions, you can request that the processing of personal data relating to you is restricted. You can find a list of these conditions in Article 18 of the GDPR.
- Right to data portability (Article 20 of the GDPR )
You have the right to request that you receive the personal data relating to you, which you have provided us, in a structured, commonly used and machine-readable format. You also have the right to have this data transmitted to another controller without hindrance from us, to whom the personal data was provided.
You also have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn (Article 7 Paragraph 3 of the GDPR ).
The data subject also has the right to lodge a complaint with a data protection supervisory authority (supervisory authority), if the data subject considers that the processing of personal data relating to him or her violates the GDPR. (Article 77 of the GDPR)
If you have any questions regarding this, please contact firstname.lastname@example.org.
Please note that we must ensure that any such requests actually concern the data subject.
11. Validity of the data protection policy
By using our website, you consent to the data use outlined above. The data protection policy is currently valid and dated 25/05/2018, the date on which the European General Data Protection Regulation enters into force.
If we further develop our website or use new technologies, it may be necessary to change this data protection policy. RTO GmbH reserves the right to make changes to the data protection policy at any time with future effect. We recommend that your review the current data protection policy from time to time.