Information about privacy

We welcome you to our website and thank you for your interest. VAST MEDIA GmbH takes the protection of personal data seriously. We therefore wish to inform you below about which data related to your visit are used for which purposes.


Privacy Policy

The purpose of this Privacy Policy is to inform you about how your data are processed when you visit our website. The Privacy Policy most notably provides you with information about the scope within which, the manner in which, and the purpose for which your personal data are processed. Your data are processed in compliance with the applicable data privacy regulations.

With regard to the terms used in the Privacy Policy, please refer to Art. 4 GDPR.


1. Data controller

VAST MEDIA GmbH
Zehdenickerstr. 1
10119 Berlin
Germany
Phone: +49 30 12084 5238
E-mail: info@vast.media


2. Legal basis for processing

Insofar as we obtain the data subject’s consent to process personal data, the legal basis is Art. 6, 1 (a) GDPR.

With regard to the processing that is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, the legal basis is Art. 6, 1 (b) GDPR. This also applies with regard to processing required for the execution of precontractual measures.

Insofar as processing is necessary for compliance with a legal obligation to which the controller is subject, the legal basis is Art. 6, 1 (c) GDPR.

In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person the legal basis is Art. 6, 1 (d) GDPR.

In the event that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, the legal basis is Art. 6, 1 (e) GDPR.

Where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, the legal basis is Art. 6, 1 (f) GDPR. Our legitimate interest lies in conducting our business activities.


3. Collection of general data and information

When you visit our website, we collect data and general information that is provided to us by the browser of your end device.

When you use our website, we collect and use the following access data/log files:
- IP address of the computer making the request (possibly in anonymised form)
- data and time of your visit
- method (POST/GET)
- URL
- referring website
- client/browser
- operating system

The processing of these data serve enabling website use (creating a connection), system security, technical administration of the network infrastructure, and the optimisation of our website offering. Thus, it is based on our legitimate interests in the sense of Art. 6, 1 (f) GDPR, to protect users and to protect against other, unauthorised use. These data are not disclosed to third parties or used in any other way. The collected data are not used and a personal user profile will not be created.


4. Processing of personal data when you contact us

When we receive enquiries via the contact form or by e-mail, personal data are processed so that we can respond to those enquiries. The data collected when you contact us are shown in the contact form and/or depend on your e-mail message. These data are used to answer your enquiry and/or to contact you. The legal basis for processing these data is our legitimate interest in answering your enquiry pursuant to Art. 6, 1 (f) GDPR. Where you contact us with the intention of concluding a contract, the further legal basis for processing is Art. 6, 1 (b) GDPR. Your data are erased once your enquiry has been processed, provided that no statutory retention obligations exist.


5. Rights of the data subject

a) Right to information
Pursuant to Art. 15 GDPR, you have the right to obtain information from us about the personal data that we process.

You may, in particular, request information from us as to which data are being processed, for which purpose, and with whom those data may be shared.

b) Right to rectification
Pursuant to Art. 16 GDPR you have the right to obtain from us the rectification of inaccurate or incomplete data.

c) Right to erasure and restriction of processing
Pursuant to Art. 17 GDPR you may request the erasure of your data on the basis of the grounds specified therein. Where erasure is not possible, the processing of your personal data must be restricted pursuant to Art. 18 GDPR.

d) Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly-used, and machine-readable format and have the right to transmit these data to another controller.

e) Right to lodge a complaint
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.


6. Right to withdraw

Pursuant to Art. 7, 3 GDPR, you may withdraw your consent at any time with future effect.

Withdrawal shall be made using the above-mentioned contact details.


7. Right to object

Pursuant to Art. 21 GDPR, you may object at any time to the processing of your data which were collected on the basis of a legitimate interest where one of the grounds specified in Art. 21 GDPR exists.

You have the right to object at any time on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6, 1 (e) GDPR (processing is necessary for the performance of a task carried out in the public interest) and Art. 6, 1 (f) GDPR (processing is necessary for the purposes of the legitimate interests).

Where you object, your personal data will no longer be processed save where we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.


8. Customer account/registration

If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders or to be able to offer you a wish list function). We also store your IP address and the date and time of your registration. This data will not be transferred to third parties.

During the registration process, your consent will be obtained for this processing of your data, with reference made to this privacy policy. The data collected by us will be used exclusively to provide your customer account.

If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.

If the opening of the customer account is also intended to lead to the initiation of a contractual relationship with us or to fulfill an existing contract with us, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.

You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.

The data previously collected will then be deleted as soon as processing is no longer necessary. However, we must observe any retention periods required under tax and commercial law.


9. Newsletter

We furthermore process your personal data if you subscribe to our newsletter. The data you provide to obtain the newsletter (e.g. name and e-mail address) are used for our own advertising purposes, and for other electronic messages with advertising information about our products, offers, promotions, and our company, where you have explicitly given us your consent to do so.

You may unsubscribe from the newsletter at any time using the link contained in the newsletter e-mail or by sending us a corresponding message, thus withdrawing your consent. Once you have unsubscribed your e-mail will be erased without delay from our newsletter mailing list, provided that no statutory retention periods exist.

On the basis of our legitimate interests pursuant to Art. 6, 1 (f) GDPR, we make use of a service provider for the user-friendly and secure dispatch of the newsletter, and we collect data for statistical and analytical purposes and to log the subscription process.

The newsletter is dispatched and handled by the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (“Mailchimp”). Further information about Mailchimp and its privacy policy is available at:
https://mailchimp.com/legal/privacy/

MailChimp is certified under the terms of the Privacy Shield Framework:
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

The newsletter we send you contains what is known as a pixel tag with which technical information such as your IP address, browser, operating system, access, access time, and links you click on are collected when you open the newsletter. This information is used for the purposes of technical improvement and to better customise our newsletter service for you.


10. Use of cookies

Cookies are small data files that are transferred between us and the user. These data are sent from our server to the user’s browser and are stored on the user’s end device for future access. Cookies do not harm a user’s end device and do not contain viruses.

We use cookies on our website on the grounds of a legitimate interest pursuant to Art. 6, 1 (f) GDPR in order to enhance your visit to our website and to enable the use of certain functions.

When a page is visited, cookies are placed and this allows us to recognise the user’s browser. Cookies help us to simplify the use of our website for the user. Some of the cookies we use are erased at the end of a browser session, i.e. when you close your browser. Other cookies remain on your end device and enable us to recognise your browser when you next visit our website.


Preventing the placement of cookies

You can adjust your browser settings so that you are informed about the placement of cookies, to individually decide on whether to accept them, or to refuse some or all cookies. Cookies that have been placed can be erased. See the following links for more information about cookie settings for the browsers shown below:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you refuse cookies, the functionality of our website may be restricted.


11. Use of Google Analytics

Based on our legitimate interests pursuant to Art. 6, 1 (f) GDPR, we use Google Analytics for the purpose of analysis. Our legitimate interests here are the needs-appropriate design and ongoing optimisation of our website. This applies in particular since our visitors’ data are anonymised and we do not create user-specific profiles.

Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookies about your use of the website will generally be transmitted to and stored by Google on a server in the United States. Where IP anonymisation is activated on this website, within the member states of the European Union or in other countries which are signatories to the European Economic Area Agreement, your IP address will be abbreviated beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Your IP address transmitted from your browser in connection with Google Analytics will not be associated with any other data held by Google.

Google is certified under the terms of the EU-US Privacy Shield thereby undertaking to comply with European privacy laws. Further information on this subject is available here: https://www.privacyshield.gov/EU-US-Framework.


Disabling access by Google Analytics

You may prevent the placement of cookies by adjusting your browser settings.

You can further prevent the collection by Google of data related to your use of the website (incl. your IP address) by the cookie and the processing of those data by downloading and installing the browser plugin available here: https://tools.google.com/dlpage/gaoptout?hl=de.

Please note that if you prevent the use of Google Analytics, you may not be able to use all of the website’s functions to their full extent.


12. Google Fonts

Our website uses Google Fonts to display external fonts. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). Through certification according to the EU-US Privacy Shield, Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States.

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our site. When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display. Google also provides extensive information on personal ad settings and its privacy policy online.


13. Use of Google Tag Manager

We use Google Tag Manager. This allows us to manage website tags via an interface. This service solely implements tags, so no personal data are collected. In addition, Google Tag Manager does not use cookies.

More information about Google Tag Manager is available here: https://www.google.com/intl/de/tagmanager/.


14. Online presence on Facebook

We have an online presence on the social network Facebook, in order to communicate with interested users and to inform them about our company.

Facebook provides us, as the page operator, with what are known as “Facebook Insights”. When you visit our page, cookies are placed which collect anonymised statistical data. The cookies are placed by Facebook and are a mandatory requirement for our use of Facebook.

The processing of personal data is on the basis of our legitimate interest pursuant to Art. 6, 1 (f) GDPR in effectively communicating with and informing interested users. We have a legitimate interest in developing and optimising our website on the basis of user behaviour.

With regard to data processing, we and Facebook share responsibility pursuant to Art. 26 GDPR, whereby Facebook has primary responsibility. As the operator of the website, we make no decisions with regard to the processing of data and all other information arising out of Art. 13 GDPR.

Data subject rights may be asserted against us or Facebook. We would however point out that it is most effective to make such claims against Facebook because only Facebook has access to the processed data and can take corresponding measures and provide information.

With regard to further information about the processing of data, the agreement on shared responsibility and ways of objecting, please refer to Facebook’s privacy policy:
privacy policy: https://www.facebook.com/about/privacy/
agreement on the shared processing of personal data: https://www.facebook.com/legal/terms/page_controller_addendum
how to object: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Facebook Insights: https://www.facebook.com/business/a/page/page-insights


15. Online presence on Instagram

We have an online presence on the social network, Instagram, in order to communicate with interested users and to inform them about our company.

Instagram provides us, as the page operator, with what are known as “Instagram Insights”. When you visit our page, cookies are placed which collect anonymised statistical data. The cookies are placed by Instagram and are a mandatory requirement for our use of Instagram.

The processing of personal data is on the basis of our legitimate interest pursuant to Art. 6, 1 (f) GDPR in effectively communicating with and informing interested users. We have a legitimate interest in developing and optimising our website on the basis of user behaviour.

With regard to data processing, we and Instagram share responsibility pursuant to Art. 26 GDPR, whereby Instagram has primary responsibility. As the operator of the website, we make no decisions with regard to the processing of data and all other information arising out of Art. 13 GDPR.

Data subject rights may be asserted against us or Instagram. We would however point out that it is most effective to make such claims against Instagram because only Instagram has access to the processed data and can take corresponding measures and provide information.

With regard to further information about the processing of data, the agreement on shared responsibility and ways of objecting, please refer to Instagram’s privacy policy:
- website: https://www.instagram.com
- privacy policy: http://instagram.com/about/legal/privacy
- contact: https://help.instagram.com/519522125107875/
- agreement on the shared processing of personal data: https://www.facebook.com/legal/terms/page_controller_addendum


16. Online presence on other social media

We maintain online presences on social networks and platforms in order to communicate with customers, interested parties, and users active on them and inform them about our services. When you visit the respective networks and platforms, the Terms and Conditions and privacy guidelines of the respective provider apply. We would refer you to the various providers’ policies, links for which are provided below, in particular with regard to detailed information about data processing and your opt-out choices. With regard to claiming your rights as a data subject, we would also advise you to do so vis-à-vis the respective provider as only they have access to your data.

Unless otherwise specified in our Privacy Policy, we process user data where users communicate with us on social networks and platforms, e.g. write comments on our respective online social networks and platforms or send us messages.

Twitter: social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Website: https://twitter.com/

Privacy Policy: https://twitter.com/privacy

LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;

Website: https://www.linkedin.com

Privacy policy: https://www.linkedin.com/legal/privacy-policy

Privacy Shield (guarantee of data protection standard for processing of data in the USA):
https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

XING: social network; service provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung


17. Social Media Plug-ins

Our website uses the plug-ins of the following social media platforms: Twitter, Instagram, Facebook, LinkedIn, and XING, which are operated by the parties mentioned under section 15.

Through certification according to the EU-US Privacy Shield, these platforms guarantee that they will follow the EU’s data protection regulations when processing data outside of the EU, i.e. in the United States.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website.

If a plug-in is stored on one of the pages you visit on our website, your browser will download an icon for the plug-in from the respective platforms’ servers. For technical reasons, it is necessary for them to process your IP address. In addition, the date and time of your visit to our website will also be recorded.

If you are logged in to one of the above mentioned platforms while visiting one of our plugged-in websites, the information collected by the plug-in from your specific visit will be recognized by them. The information collected may then be assigned to your personal accounts on those platforms. If, for example, you use the Twitter Tweet button, this information will be stored in your Twitter account and may be published on the Twitter platform. To prevent this, you must either log out of Twitter before visiting our site or select the appropriate settings in your Twitter account. This also applies for Instagram, Facebook, LinkedIn, and XING.

Further information about the collection and use of data as well as your rights and protection options in the respective platforms’ privacy policy can be found here.


18. Disclosure of data to third parties

The personal data provided by the data subject are used exclusively for internal purposes by the data controller and collected and stored for the data controller’s own purposes. Within our company those in-house departments and/or organisational units receive such of your personal data as are necessary for them to fulfil our contractual and statutory obligations or within the scope of processing and pursuing our legitimate interest. As the data controller, we may use subcontractors in order to provide and execute our services or we may permit the sharing of your data with one or more contract data processors who, equally, will use the personal data only for internal purposes which may be attributed to the data controller, e.g. in connection with handling a contract, for the purpose of complying with statutory obligations which require us to provide information about, report, or share data, or where the disclosure of such data is in the public interest; insofar as external service providers process data at our behest in the role of contract processor or parties assuming certain functions (e.g. external data centres, support/maintenance of EDP/IT applications, archiving, data destruction, purchasing/procurement, customer management, letter shops, website management, auditing services, credit institutions, printers or data disposal businesses, courier services, logistics); on the basis of our legitimate interest or the legitimate interest of a third party (e.g. authorities, information agencies, debt collection agencies, solicitors, courts of law, assessors, Group-affiliated companies and supervisory authorities).


19. Legal obligation to process data

Like anyone involved in business activities, we too are subject to many legal obligations. In the first instance, these are statutory requirements (e.g. commercial and fiscal laws) as well as possibly supervisory or other obligations imposed by official authorities. The purposes of processing may include the fulfilment of supervisory and reporting requirements under fiscal law, the archiving of data for data protection and data security purposes, and auditing by fiscal and other authorities. The disclosure of personal data may furthermore be necessary as part of measures imposed by the authorities/courts of law for the purposes of gathering evidence, prosecution or the enforcement of civil claims.


20. Data security

In order to prevent unauthorised access or disclosure, to guarantee the correctness of data, and to ensure the authorised use of data, we have implemented technical and organisational measures to secure and protect the data that we obtain online, as set out in Art. 32 GDPR. We secure our website and other systems against manipulation, loss, destruction, access to, alteration, or dissemination of your data by unauthorised individuals.


21. Erasure and blocking of personal data

We erase or block the personal data we have collected pursuant to Arts. 17 and 18 GDPR.

We store and process personal data only for as long as this is necessary to achieve the purpose for which the data were stored. Data may also be stored for longer where such retention is foreseen by European and national lawmakers under EU regulations, laws, or other provisions to which we are subject. In this case, the data are blocked for other uses.

As soon as the purpose for which the data were stored has been fulfilled or the retention period set out by the mentioned provisions has lapsed, the personal data are routinely blocked or erased.


22. Questions and notes

When you use our website, the version of the Privacy Policy that may be retrieved online at the time of your visit shall apply. We reserve the right to amend or update this Privacy Policy as part of the further development of the website or because of statutory or official requirements.

We would ask our users to inform themselves regularly about the content of our Privacy Policy.

If you have any other questions about privacy relating to our website, you can contact us at the e-mail address shown above. We will then try to answer your questions and clear up any concerns you may have.


Last updated: February 2020