1. General information
1.1 Responsible body
The responsible body is Carl Hanser Verlag GmbH & Co. KG, Kolbergerstrasse 22, D-81679 Munich, Tel.: +49 (0)89 99830-0, Fax: +49 (0)89 984809, Email: firstname.lastname@example.org, Court of Registry Munich HRA 49621, hereinafter referred to as "we" or "us".
1.2 Categories of processed personal data
Personal data is any information that relates to an identified or identifiable natural person. We process the following data in our online services:
- Master data, e.g. name, address
- Communication data such as telephone, fax, email
- Order and contract data such as book orders, journal orders, booking of participation in events
- Billing data such as bank details, means of payment
- Purchase history such as products and services that you have purchased from us in the past
- Usage data such as visited websites, interest in content, access times
- Metadata such as device information, IP addresses
No special categories of data (Article 9 (1) GDPR) are processed.
1.3 Categories of data subjects
In our online services we process data related to the following groups of people:
- Customers and prospects
- Visitors and users of the online services
In the following, we also refer to the persons affected as "users".
1.4 Purpose of processing
We process your personal data for the following purposes in accordance with the following relevant legal bases:
- Providing the online services, its contents and functions
- Provision of contractual services (possibly in connection with registration), service and customer care
- Answering contact requests and communicating with users
- Marketing, advertising and market research
- Safety measures
1.5 Relevant legal bases
2. Security measures
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the enjoyment of data subject rights, data erasure and data vulnerability response. Security measures include the encrypted transfer of data between your browser and our server.
3. Disclosure of data to third parties and order processing
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (e.g. when a transmission of the data to third parties, such as delivery service providers, is required pursuant to Art. 6 (1) lit. b GDPR to fulfill the contract), if you have consented to this, if a legal obligation requires this or on the basis of our legitimate interests (e.g. when using web analysis and range measurement).
4. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or transmission of data to third parties, this is done only if it fulfils our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special conditions of Art. 44 et seq. GDPR apply. This means, for example, that the processing is based on special guarantees such as the officially recognized level of data protection which corresponds to EU standards (e.g. through the "Privacy Shield" in the USA) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
5. Rights of data subjects
As the data subject you have a right to information about stored data (Art. 15 GDPR) and under certain conditions to correction (Art. 16 GDPR), cancellation (Art. 17 GDPR), limitation of processing (Art. 18 GDPR), objection to processing (Art. 21 GDPR) and data portability (Art. 20 GDPR).
If you have given us consent to the processing of your data, you can revoke this at any time with effect for the future, the legality of the processing of your data until the revocation remains unaffected.
5.2 Right of objection
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes. This also applies to the profiling, as far as it is associated with such direct advertising. Furthermore, there is a right to object to the processing on the basis of Art. 6 (1) lit. f GDPR (legitimate interests). We will then cease processing your data unless we can demonstrate compelling, legitimate reasons for further processing that outweigh your interests, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
5.3 Cookies and right to object to direct advertising
5.4 Right of complaint
According to Art. 77 GDPR, you have the right to file a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or the supervisory authority responsible for us. This is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
5.5 Deletion of data
According to legal requirements, the storage takes place for six years in accordance with § 257 (1) HGB [German Commercial Code] (such as trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents) and for 10 years in accordance with § 147 (1) AO [German Fiscal Code] (such as books, records, management reports, accounting records, commercial and business letters, documents relevant to taxation).
6. Provision of contractual services
We process master data (such as name, addresses), communication data (such as telephone, fax, email) as well as contract, order and billing data (such as used services or products) for the purpose of fulfilling our contractual obligations and services acc. to Art. 6 (1) lit. b GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract. The deletion takes place after expiration of legal guarantee and comparable obligations, the necessity of the storage of the data is checked regularly; in the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (six years) and tax law (10 years) retention obligation); information in the user account remains until it is deleted.
Users can create a user account, depending on the functional range provided, for example, to create shopping lists, to display content available for download or to manage contents. As part of the registration, the required mandatory information will be communicated to the users. If users have terminated their user account, their data will be deleted with respect to the user account, unless their retention is necessary for commercial or tax law reasons under Art. 6 (1) lit. c GDPR. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.
As part of the registration and re-registration and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c GDPR.
We process usage data (e.g. the visited web pages of our online services, interest in our products) and master, communication, order and contract data (e.g. existing orders) for advertising purposes in a user profile in order to provide users with e.g. product references based on the products and services they have previously purchased.
When contacting us by contact form, email or by mail, we process the information of the user to complete the contact request as per Art. 6 (1) lit. b GDPR.
If no contractual relationship is established, personal data will be deleted after processing the contact request, if this is no longer required. This also applies to unsolicited manuscripts sent to the publisher. In the case of legal archiving obligations, the deletion takes place after its expiration.
In the case of the transmission of application documents the data are processed on the basis of § 26 (1) sentence 1 of the new BDSG [German Data Protection Act]. The provision of the personal data is necessary for the assessment of the suitability for the vacancy and thus for a possible conclusion of the contract. Failure to provide the data would mean that the application for the vacancy cannot be considered. The personal data is transferred to the following recipients:
- The responsible employees in the human resources department
- The supervisor(s) of the position you are applying for
- The works council as per § 99 BetrVG [German Works Council Constitution Act]
The data is stored until the application process is completed and beyond that for six months.
With the following information we inform you about the content of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.
Content of the newsletter: We send newsletters, emails and other electronic notifications with editorial or promotional information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. Insofar as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletters may also contain information about our products, offers, promotions and our company.
Credentials: In order to register for the newsletter, it is sufficient to enter your email address. Optionally, we ask for a salutation and a name in order to address you personally in the newsletter.
Double opt-in and logging: Registration for our newsletter takes place via a so-called "double opt-in procedure". This means you will receive an email after logging in to ask for confirmation of your registration. This confirmation is necessary so that nobody can register using somebody else’s email address. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the email service provider will be logged.
Emailing service: The newsletter is sent by emarsys suite, a product of Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, D-80339 Munich.
Measuring success: Each newsletter sent includes a so-called "web beacon", i.e. a pixel-sized file, which is retrieved from the server of the email service provider when the newsletter is opened. This will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can in fact be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the email service provider to observe individual users. The evaluations serve us rather to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The dispatch of the newsletter and the success measurement are made on the basis of a consent of the recipients as per Art. 6 (1) lit. a, Art. 7 GDPR in conjunction with § 7 (2) no. 3 UWG [Law Against Unfair Competition] or on the basis of the statutory permission pursuant to Art. § 7 (3) UWG.
The logging of the registration process is based on our legitimate interests in accordance with Art. 6 (1) lit. f GDPR and serves as proof of consent to the receipt of the newsletter.
Termination/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent at any time with effect for the future. A link to cancel the newsletter can be found at the end of each newsletter.
9. Download materials
As part of the use of the downloads, we save the IP address and the time of each user action; if you are registered as a customer, we also save information about the use made in your user account. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c GDPR or you have given us your consent in accordance with Art. 6 (1) lit. a GDPR.
10. Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with customers, prospects and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
11. Collection of access data and log files
We save data on every access to the server on which this service is located (so-called "server log files") based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR. The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Logfile information is stored for security purposes (e.g. to investigate abusive or fraudulent activities) for a maximum of ninety days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
We use so-called cookies on our website. Cookies are small text files that are stored on the user's computer.
We use both our own cookies and third-party cookies. The cookies are used to
- offer you functions such as a registration or a cross-site shopping cart display and ensure the optimal presentation of our web pages.
- evaluate the usage behavior anonymously with the support of analysis tools and further develop our user-oriented web pages.
- include advertising on our website with an AdServer.
12.1 Which cookies we use
We use session cookies and persistent cookies. For example, the session cookies allow us to identify and authorize you after a successful login in a secure area for the entire duration of your visit or to offer you a cross-site shopping cart and notepad in a webshop. The session cookies are deleted when the browser is closed. Persistent cookies allow us, for example, to store your credentials. This means that when you return to a page, you can return to your entered data and settings. Persistent cookies are stored for a limited period of time.
12.2 Usage-based online advertising
Usage-based online advertising serves the purpose of displaying optimized online advertising to site visitors by analyzing anonymized or pseudonymized data regarding the use of a website based on their possible preferences and interests. Cookies are also used for this purpose. These cookies are mainly used to track the preferences of the site visitors with regard to usage-based online advertising, which can be used to optimize the design of the website.
Thus, the content of a website can be tailored to the needs of individual visitors, improving our online services. The corresponding data are pseudonymous or anonymous – which means we and the individual third-party companies do not require separate consent to use-based online advertising (§ 15 (3) Telemedia Act).
12.3 Pixel-Tags / web beacons on banner ads
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR), we make it possible for the advertising company or its agency to use so-called pixel tags (invisible graphics, also referred to as "web beacons") in the banner advertising on our online services for statistical or marketing purposes.
Through the "pixel tags", information can be evaluated directly by the advertising company or its agency – for example, how often the banner is clicked. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online services. The corresponding data is pseudonymous in nature, which means that we and the individual advertising companies do not require separate consent to usage-based online advertising (§ 15 (3) Telemedia Act).
12.4 Deactivation of cookies
13. Analysis and reach measurement
In order to develop the offer on our website even more optimally, make your visit as interesting as possible, as well as carry out reach measurements, we use technical aids for the recognition and interpretation of user behavior. In the following, we explain what these means are and how they handle your personal data.
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR) we use the analysis service "etracker" of etracker GmbH, Erste Brunnenstraße 1, D-20459 Hamburg.
From the data processed by etracker, user profiles can be created under a pseudonym. Cookies can be used for this purpose. The cookies make it possible to recognize your browser. The data collected with the etracker technologies will not be used without the separate consent of the person concerned to personally identify visitors to our website and will not be combined with personal data about the bearer of the pseudonym. Furthermore, the personal data will only be processed for us, i.e. not combined with personal data collected within other online services.
Data collection and storage by this application may be objected to at any time with future effect. Link: http://www.etracker.de/privacy?et=no9Zl3
14. Integration of services and contents of third parties
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, such as embedded videos or links to their offers (hereinafter referred to collectively as "content"), within our online services. For this purpose, the third-party providers of this content need to perceive the IP address of the users, since otherwise they cannot send the content to their browser. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online services, and may be combined with such information from other sources.
Within our online services we use the reCAPTCHA service of the third party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use reCAPTCHA to recognise bots during data input, e.g. in online forms, on the legal bases of our legitimate interest in accordance with Art. 6 paragraph 1f GDPR. reCAPTCHA collects hardware and software information for analysis purposes, e.g. device and application data such as IP address, duration of the website visit or the mouse movements carried out by the user and sends these to Google. The information that is collected during use of the service is utilised by Google to improve reCAPTCHA and for general security purposes. Google does not use it for personalised advertising. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
15. Contact and Data Protection Officer
For inquiries about the handling, extent or origin of your personal data, or for the purpose of deletion (as far as possible according to legal requirements), blocking or modification, please contact our Data Protection Officer:
Carl Hanser Verlag GmbH & Co. KG
+49 89 99830-0
+49 89 984809
As of: March 18, 2019