PRIVACY POLICY

In accordance with Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) and the Austrian Data Protection Act (DSG), Inspiralia GmbH processes the Customer’s personal data for the proper performance of the contractual relationship, sends commercial/advertising communications based on the Customer’s commercial profile about products and/or services related to the effectively concluded contracts, as well as about financial services, technical and business consulting services, services of intermediation and commercial development, development of products and technological applications, as well as consulting services and intermediation in the search for financial resources. This processing is legitimized on the basis of the signing of this contract and the legitimate interest of Inspiralia Ltd in maintaining the business relationship. The data will be kept for as long as this relationship lasts and beyond, until the possible liabilities resulting from it have lapsed.In addition, the data of all the signatories of this service and consultancy contract belonging to the Customer (the “Signatories”) may be transferred to other companies of the Inspiralia Group, such as Tecnologías Avanzadas Inspiralia SL, Toro Ventures Financial and Management Services SL, Future Sense SL, Fen Technology Ltd and Inspiralia USA Inc (which in the latter case would constitute an international transfer of its data to the USA). The adequate level of protection is derived from an adequacy decision of the European Commission under Art 45 GDPR. The undersigned may exercise their rights of access, rectification, erasure, opposition, restriction and portability of their data at any time and may request this in writing by sending an email to dach@inspiralia.com. The customer has the right to file a complaint with the Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna). (according to §24 para. 1 DSG).

Likewise, during the provision of the services, the parties may have access to personal data for which the Customer is responsible. In this context, with regard to compliance with the regulations on the protection of personal data, Inspiralia GmbH as the data processor, whereby Inspiralia GmbH undertakes to comply with the DSGVO and to ensure that the parties undertake as follows:a) The processing of personal data is carried out exclusively for the purpose of fulfilling the contractual services and adapting to the instructions of the customer.

b) To maintain confidentiality in respect of all personal data to which access is given, this obligation continuing after termination of the contractual relationship for whatever reason, and to ensure that all persons providing services to Inspiralia GmbH have undertaken to comply with this obligation.

c) Ensuring a level of security appropriate to the risk, taking into account the state of the art and its nature, the scope and context, and the purposes of the processing, as well as any risks of likelihood and significance for the rights and freedoms of data subjects for which they must implement appropriate technical and organizational measures. In assessing the adequacy of the level of security, Inspiralia GmbH shall take into account the ability to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services, in particular as a result of the accidental or unlawful destruction, loss or alteration of, or unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed.

d) not to disclose personal data to third parties (except for the Inspiralia Group companies mentioned in point 1, investors and relevant funding bodies), including for the purpose of onward transfer, and not to disclose it to persons who are not members of the Inspiralia Group without prior written consent. In all cases where Inspiralia GmbH has to assign another service provider to access the data (sub-processor), Inspiralia GmbH has to identify the third party in advance (name, address), and this can only be done with the express prior written consent of the customer.

e) Upon written request of the Data Controller, how to delete or return all personal data to which Inspiralia GmbH had access in order to provide the Service or to fulfill its obligations under this Contract. In this case, Inspiralia GmbH undertakes to destroy all existing copies, except in cases where there is a provision requiring their retention and/or where it proves necessary in order for Inspiralia GmbH to fulfill its contractual obligations and enforce its own contractual claims, in which case retention shall be reasonably limited.

Relevant Legal Bases under the GDPR:

Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or headquarters may also apply. If specific legal bases are applicable in individual cases, we will inform you about these in the privacy policy.

• Consent (Art. 6 (1) sentence 1 lit. a GDPR) – The data subject has given their consent to the processing of personal data concerning them for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR) – The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data.

National Data Protection Regulations in Austria:

In addition to the data protection regulations of the GDPR, national regulations on data protection in Austria apply. This includes, in particular, the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains specific provisions regarding the right to access, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes, data transfers, and automated decision-making in individual cases.

In accordance with legal requirements, and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, availability of, and separation of the data. Additionally, we have implemented procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data security threats. Furthermore, we incorporate data protection principles in the design and selection of hardware, software, and procedures, adhering to the principles of data protection by design and by default.

Securing Online Connections with TLS/SSL Encryption Technology (HTTPS):

To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transferred between the website or app and the user’s browser (or between two servers), thereby safeguarding the data against unauthorized access.

TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as a signal to users that their data is being transmitted securely and in encrypted form.

In the course of processing personal data, it may occur that such data is transferred to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT-related duties or providers of services and content integrated into a website.

In such cases, we adhere to the legal requirements and, in particular, enter into appropriate agreements or contracts with the recipients of your data to ensure the protection of your personal data.

We delete personal data we process in accordance with legal requirements as soon as the underlying consent is revoked or no further legal basis for processing exists. This applies to cases where the original purpose of the processing is no longer applicable or the data is no longer needed. Exceptions to this rule arise if legal obligations or specific interests necessitate longer retention or archiving of the data.

Legal Retention Obligations and Exceptions

Data that must be retained for commercial or tax purposes, or whose storage is necessary for legal prosecution or the protection of the rights of other natural or legal persons, will be archived as required.

Our privacy policy provides additional information regarding data retention and deletion for specific processing activities.

If multiple retention periods or deletion deadlines are specified for certain data, the longest period always takes precedence.

Start of Retention Periods

• If a retention period does not explicitly start on a specific date and is at least one year, it begins at the end of the calendar year in which the event triggering the retention occurred.
• For ongoing contractual relationships, where data is stored, the triggering event is the termination of the contract or other end of the legal relationship.

Data that is no longer retained for its original purpose but due to legal requirements or other reasons will only be processed for the reasons that justify its retention.

As a data subject, you are entitled to various rights under the GDPR, particularly those outlined in Articles 15 to 21. These rights are as follows:

1. Right to Object

• You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions.
• If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes, including profiling related to direct marketing.

2. Right to Withdraw Consent

• You have the right to withdraw any consent you have granted at any time.

3. Right of Access

• You have the right to obtain confirmation as to whether personal data concerning you is being processed.
• You can request information about such data and additional details, as well as a copy of the data, in accordance with legal requirements.

4. Right to Rectification

• You have the right to request the correction of inaccurate personal data or the completion of incomplete personal data concerning you, in line with legal requirements.

5. Right to Erasure and Restriction of Processing

• You have the right to request the immediate deletion of personal data concerning you, subject to legal conditions.
• Alternatively, you can request the restriction of data processing in accordance with legal requirements.

6. Right to Data Portability

• You have the right to receive personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to request the transfer of this data to another controller, in accordance with legal requirements.

7. Right to Lodge a Complaint with a Supervisory Authority

• You have the right, under legal conditions and without prejudice to any other administrative or judicial remedy, to file a complaint with a data protection supervisory authority.
• This authority could be in the Member State of your habitual residence, place of work, or the location of the alleged infringement if you believe that the processing of your personal data violates the GDPR.

By exercising these rights, you help ensure the proper handling of your personal data and compliance with data protection laws.

We process users’ data to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functionalities of our online services to the user’s browser or device.

Types of Data Processed:

• Usage Data: e.g., page views, duration of visits, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features.
• Meta-, Communication, and Procedural Data: e.g., IP addresses, time stamps, identification numbers, involved persons.
• Log Data: e.g., log files related to logins, data retrievals, or access times.

Data Subjects:

• Users (e.g., website visitors, online service users).

Purposes of Processing:

• Provision of our online services and user-friendliness.
• Information technology infrastructure (operation and provision of information systems and technical devices, such as computers and servers).
• Security measures.

Retention and Deletion:

• Data is deleted according to the information provided in the “General Information on Data Storage and Deletion” section.

Legal Basis:

• Legitimate interests (Art. 6 (1) S. 1 lit. f) GDPR).

Additional Information on Processing Activities, Procedures, and Services

Provision of Online Services on Rented Storage Space:

For the provision of our online services, we use storage space, computing capacity, and software rented or otherwise obtained from a corresponding server provider (also referred to as a “web host”).

• Legal Basis: Legitimate interests (Art. 6 (1) S. 1 lit. f) GDPR).

Collection of Access Data and Log Files:

Access to our online services is logged in the form of “server log files.” These files may include the address and name of the retrieved websites and files, the date and time of retrieval, the amount of data transferred, success messages, browser type and version, the user’s operating system, referrer URL (previously visited page), and typically IP addresses and the requesting provider.

• Server log files are used for security purposes, such as avoiding server overload (especially in the case of malicious attacks like DDoS attacks), and to ensure server load management and stability.
• Legal Basis: Legitimate interests (Art. 6 (1) S. 1 lit. f) GDPR).

Deletion of Data:

• Log file data is stored for a maximum of 30 days and then deleted or anonymized.
• Data that needs to be retained for legal purposes (e.g., for evidence) is excluded from deletion until the respective incident is fully resolved.

Cookies refer to functions that store and read information on users’ devices. They can serve various purposes, such as enabling the functionality, security, and comfort of online services, as well as analyzing visitor traffic. We use cookies in compliance with legal requirements and, when necessary, obtain user consent in advance. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to provide explicitly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online services. Consent can be revoked at any time, and we provide clear information about the scope and types of cookies used.

Data Processing Legal Basis:

Whether we process personal data through cookies depends on user consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as explained in this section and in the context of specific services and procedures.

Retention Period:

Cookies are distinguished by their retention period:

• Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted once the user leaves the online service and closes their device (e.g., browser or mobile app).
• Permanent Cookies: These cookies remain stored even after the device is closed. They allow, for example, the storage of login statuses or display of preferred content when the user revisits the website. Data collected via cookies may also be used for audience measurement. Unless we provide specific details about the type and retention period of cookies (e.g., during consent collection), users should assume that they are permanent and may be stored for up to two years.

General Information on Withdrawal and Objection (Opt-out):

Users can withdraw their consent at any time and also object to the processing of their data in accordance with legal requirements, including through their browser’s privacy settings.

Processed Data Types:

• Meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties).

Data Subjects:

• Users (e.g., website visitors, online service users).

Legal Basis:

• Legitimate interests (Art. 6 (1) S. 1 lit. f) GDPR).
• Consent (Art. 6 (1) S. 1 lit. a) GDPR).

Additional Information on Processing Procedures, Methods, and Services

Processing Cookie Data Based on Consent:

We use a consent management solution to collect users’ consent for the use of cookies or for processes and providers specified within the solution. This procedure is used to obtain, record, manage, and withdraw consent, particularly for the use of cookies and similar technologies that store, read, and process information on users’ devices.

Through this process, users’ consent is obtained for the use of cookies and the associated data processing, including specific processes and providers mentioned in the consent management solution. Users can also manage and revoke their consent. The consent declarations are stored to avoid repeated requests and to meet legal documentation requirements. The storage occurs server-side and/or in a cookie (known as an opt-in cookie) or using similar technologies, allowing us to associate the consent with a specific user or device.

Unless specific details are provided about the providers of consent management services, the following general information applies:

• The consent is stored for up to two years. A pseudonymous user identifier is created, along with the consent timestamp, details about the scope of consent (e.g., categories of cookies and/or service providers), and information about the browser, system, and device used.
• Legal Basis: Consent (Art. 6 (1) S. 1 lit. a) GDPR).

When contacting us (e.g., via mail, contact forms, email, phone, or social media), as well as in the context of existing user and business relationships, the details of the inquiring persons are processed as far as necessary to respond to the contact inquiries and any requested actions.

Processed Data Types:

• Master Data (e.g., full name, address, contact details, customer number, etc.)
• Contact Data (e.g., postal and email addresses or phone numbers)
• Content Data (e.g., textual or visual messages and contributions, and related information such as author details or creation time)
• Usage Data (e.g., page views, duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features)
• Meta, Communication, and Procedural Data (e.g., IP addresses, timestamps, identification numbers, involved persons)

Affected Persons:

• Communication partners.

Purposes of Processing:

• Communication
• Organizational and administrative procedures
• Feedback collection (e.g., gathering feedback via online forms)
• Provision of our online services and user-friendliness

Retention and Deletion:

• Data will be deleted according to the retention information provided in the “General Information on Data Storage and Deletion” section.

Legal Basis:

• Legitimate interests (Art. 6 (1) S. 1 lit. f) GDPR).
• Contract fulfillment and pre-contractual inquiries (Art. 6 (1) S. 1 lit. b) GDPR).

Additional Information on Processing Procedures, Methods, and Services

Contact Form:

When contacting us through our contact form, email, or other communication methods, we process the personal data provided to respond to and address the respective matter. This typically includes information such as name, contact details, and any other information provided that is necessary for appropriate handling. We use this data exclusively for the stated purpose of communication and response.

• Legal Basis:
  • Contract fulfillment and pre-contractual inquiries (Art. 6 (1) S. 1 lit. b) GDPR)
  • Legitimate interests (Art. 6 (1) S. 1 lit. f) GDPR).

Web analytics (also referred to as “reach measurement”) is used to evaluate the visitor traffic on our online services. It may include pseudonymous data on visitor behavior, interests, or demographic information, such as age or gender. With reach analysis, we can, for example, determine when our online offerings or their functions and content are most frequently used, or encourage return visits. It also helps us identify areas for optimization.

In addition to web analytics, we may also employ testing methods, such as A/B testing, to test and optimize different versions of our online offerings or its components.

Unless otherwise specified below, profiles—data aggregated during a usage process—may be created, and information may be stored and retrieved from a browser or device. The collected data may include visited websites, elements used on those websites, as well as technical details such as browser type, operating system, and usage times. If users have consented to the collection of their location data either directly to us or to the providers of services we use, location data may also be processed.

Additionally, the IP addresses of users are stored. However, we employ an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect the users. Generally, for web analytics, A/B testing, and optimization, no clear user data (such as email addresses or names) is stored. Only pseudonymous data is kept, meaning neither we nor the service providers of the tools know the actual identity of the users but only the data stored in their profiles for the purposes of the respective processes.

Legal Basis:

• If we request users’ consent to use third-party services, the legal basis for data processing is consent.
• Otherwise, the user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services).
• Please also refer to the section on the use of cookies in this privacy policy.

Processed Data Types:

• Usage Data (e.g., page views, duration of stay, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions)
• Meta, Communication, and Procedural Data (e.g., IP addresses, timestamps, identification numbers, involved parties)

Affected Persons:

• Users (e.g., website visitors, online service users)

Purposes of Processing:

• Reach Measurement (e.g., access statistics, identifying returning visitors)
• Profiles with user-related information (creating user profiles)

Retention and Deletion:

• Data will be deleted according to the retention information in the “General Information on Data Storage and Deletion” section.
• Cookies may be stored for up to 2 years (unless otherwise specified, cookies and similar storage methods can be stored on users’ devices for up to two years).

Security Measures:

• IP Masking (Pseudonymization of IP addresses)

Legal Basis:

• Consent (Art. 6 (1) S. 1 lit. a) GDPR)
• Legitimate Interests (Art. 6 (1) S. 1 lit. f) GDPR)

Additional Information on Processing Procedures, Methods, and Services:

Matomo:

Matomo is a software used for web analytics and reach measurement. The data collected through Matomo is processed solely by us and not shared with third parties. Cookies are created and stored on users’ devices during Matomo usage. These cookies have a maximum retention period of 13 months.

• Legal Basis: Consent (Art. 6 (1) S. 1 lit. a) GDPR)
• Data Deletion: Cookies are stored for a maximum of 13 months.

Matomo Cloud:

This refers to the hosting of the Matomo web analytics and reach measurement software.

• Service Provider: InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand
• Website: Matomo Cloud
• Privacy Policy: Matomo Cloud Privacy Policy
• Data Processing Agreement: Matomo Cloud DPA
• Third-Country Transfers: Adequacy Decision (New Zealand).

We maintain online presences within social networks and process user data in this context to communicate with active users or offer information about ourselves.

We would like to point out that user data may be processed outside the European Union. This could pose risks to users, as it may become more difficult to enforce user rights.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, usage behavior and resulting interests can be used to create user profiles. These profiles may then be used to display ads within and outside of the networks that are presumed to align with the user’s interests. Cookies are typically stored on users’ devices to track usage behavior and interests. Additionally, user profiles can store data independent of the devices used by the users (especially if they are members of the platforms and logged in there).

For a detailed explanation of the specific forms of processing and opt-out options, we refer to the privacy policies and statements of the respective network operators.

Even in the case of data requests and asserting rights of the data subjects, we recommend addressing these issues to the providers themselves. Only the providers have access to the user data and can directly take appropriate actions and provide information. However, if you still need assistance, you can contact us.

Processed Data Types:

• Contact Data (e.g., postal and email addresses or phone numbers)
• Content Data (e.g., text or image messages, posts, and related information such as author and creation time)
• Usage Data (e.g., page views, duration of stay, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions)
• Meta, Communication, and Procedural Data (e.g., IP addresses, timestamps, identification numbers, involved parties)

Affected Persons:

• Users (e.g., website visitors, online service users)

Purposes of Processing:

• Communication
• Feedback (e.g., collecting feedback via online forms)
• Public Relations
• Reach Measurement (e.g., access statistics, identifying returning visitors)
• Tracking (e.g., interest/behavior-based profiling, use of cookies)
• Remarketing
• Marketing
• User Profiles (creating user profiles)
• Provision of Our Online Offering and User-Friendliness
• Conversion Measurement (measuring the effectiveness of marketing measures)
• Target Group Formation

Retention and Deletion:

• Data will be deleted according to the retention information in the “General Information on Data Storage and Deletion” section.

Legal Basis:

• Legitimate Interests (Art. 6 (1) S. 1 lit. f) GDPR)
• Consent (Art. 6 (1) S. 1 lit. a) GDPR)

Further Notes on Processing Procedures, Methods, and Services:

LinkedIn:

• LinkedIn: A social network for which we, together with LinkedIn Ireland Unlimited Company, are responsible for collecting (but not processing further) visitor data used to create “Page Insights” (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as actions they take. Additionally, details about the devices used (e.g., IP addresses, operating systems, browser type, language settings, and cookie data) and profile information (e.g., job function, country, industry, hierarchy level, company size, and employment status) are collected.
  • Legal Basis: Legitimate Interests (Art. 6 (1) S. 1 lit. f) GDPR)
  • Website: LinkedIn
  • Privacy Policy: LinkedIn Privacy Policy
  • Third-Country Transfers: Data Privacy Framework (DPF)

Google Ads Remarketing:

• Google Remarketing: This technology adds users who have interacted with our online services to a pseudonymous remarketing list, enabling us to show relevant ads to those users on other online platforms based on their previous visits.
  • Legal Basis: Consent (Art. 6 (1) S. 1 lit. a) GDPR)
  • Website: Google Ads
  • Privacy Policy: Google Privacy Policy
  • Third-Country Transfers: Data Privacy Framework (DPF)

Google Ads and Conversion Measurement:

• Google Ads: We use Google Ads for online marketing purposes to place content and ads within Google’s advertising network. This includes showing ads to users who have expressed interest in them and measuring conversions (whether users interact with and use the promoted offerings).
  • Legal Basis: Consent (Art. 6 (1) S. 1 lit. a) GDPR), Legitimate Interests (Art. 6 (1) S. 1 lit. f) GDPR)
  • Website: Google Ads
  • Privacy Policy: Google Privacy Policy
  • Third-Country Transfers: Data Privacy Framework (DPF)

Google Tag Manager:

• We use Google Tag Manager to manage website tags centrally. This tool facilitates the implementation and management of services and tools we use on our website. The Google Tag Manager itself does not create user profiles or store cookies, but it facilitates the integration of services that do.
  • Legal Basis: Consent (Art. 6 (1) S. 1 lit. a) GDPR)
  • Website: Google Tag Manager
  • Privacy Policy: Google Privacy Policy
  • Third-Country Transfers: Data Privacy Framework (DPF)

LinkedIn Insight Tag:

• LinkedIn Insight Tag: A code that tracks user behavior and conversions when they visit our online offerings, enabling us to optimize ad performance and create custom audiences.
  • Legal Basis: Consent (Art. 6 (1) S. 1 lit. a) GDPR)
  • Website: LinkedIn
  • Privacy Policy: LinkedIn Privacy Policy
  • Opt-Out: LinkedIn Retargeting Opt-Out

We kindly ask you to regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you when these changes require any action from your side (e.g., consent) or when any individual notification is necessary.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that these addresses may change over time. We recommend verifying the information before contacting us.

In this section, we provide an overview of the terminology used in this privacy policy. Where terms are legally defined, the legal definitions apply. The following explanations are intended to aid understanding.

• Inventory Data: Essential information necessary for identifying and managing contract partners, user accounts, profiles, and similar associations. This includes personal and demographic data such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Inventory data forms the basis for formal interactions between individuals and services, facilities, or systems, enabling clear identification and communication.
• Content Data: Information generated during the creation, editing, and publication of various types of content. This includes texts, images, videos, audio files, and other multimedia content published across different platforms and media. Content data also includes metadata providing details about the content, such as tags, descriptions, author information, and publication dates.
• Contact Data: Essential information that enables communication with individuals or organizations, including phone numbers, postal addresses, email addresses, and communication channels like social media handles and instant messaging identifiers.
• Conversion Measurement: A process used to assess the effectiveness of marketing measures. Typically, a cookie is stored on users’ devices on websites where marketing activities occur and then retrieved on the target website. For example, it allows tracking if the advertisements we placed on other websites were successful.
• Meta, Communication, and Procedural Data: These categories include information about how data is processed, transmitted, and managed. Metadata (data about data) describes the context, origin, and structure of other data, including file size, creation date, author information, and revision history. Communication data captures exchanges of information between users across various channels, such as emails, call logs, social media messages, and chat histories, including involved persons, timestamps, and transmission methods. Procedural data describes processes and workflows within systems or organizations, including transaction logs and audit trails used for tracking and verification.
• Usage Data: Information capturing how users interact with digital products, services, or platforms. It includes data like usage patterns, feature preferences, time spent on certain pages, navigation paths, frequency of use, IP addresses, device information, and location data. Usage data is crucial for analyzing user behavior, optimizing user experience, personalizing content, and improving products or services.
• Personal Data: Any information relating to an identified or identifiable natural person. A person is considered identifiable when they can be directly or indirectly identified, especially through identifiers like names, identification numbers, location data, online identifiers (e.g., cookies), or unique characteristics related to their physical, physiological, genetic, mental, economic, cultural, or social identity.
• Profiles with User-Related Information: The processing of personal data to analyze, evaluate, or predict personal aspects, such as interests or behavior, by creating automated profiles. This can include analyzing demographic, behavioral, or interest-related data (e.g., interactions with websites). Profiling often involves the use of cookies and web beacons.
• Log Data: Information recorded about events or activities in a system or network, typically including timestamps, IP addresses, user actions, error messages, and other usage or operational details. Log data is often used for system analysis, security monitoring, or performance reporting.
• Reach Measurement: Also known as web analytics, this process evaluates visitor flows on online platforms, including user behavior or interests in specific content. It helps website operators understand which content is popular and when users visit, allowing them to better tailor content to user needs. Typically, pseudonymous cookies and web beacons are used for reach measurement.
• Remarketing: This term refers to the practice of tracking which products a user is interested in on a website, to later display relevant ads to the user on other websites, reminding them of those products.
• Tracking: Tracking refers to the practice of following users’ behavior across multiple online platforms. Typically, behavioral and interest data is stored in cookies or on servers of tracking technology providers (profiling). This data is then used to show ads that align with users’ interests.
• Controller: The individual or organization responsible for deciding the purposes and means of processing personal data, either alone or jointly with others.
• Processing: Any operation or set of operations performed on personal data, whether by automated means or otherwise. It includes actions such as collection, evaluation, storage, transfer, or deletion.
• Audience Targeting: The creation of specific target groups for advertising purposes. For example, if a user shows interest in certain products or topics, it can be inferred that they might be interested in ads for similar products or services. “Lookalike Audiences” refers to users whose profiles and interests are similar to the targeted audience. This often involves the use of cookies and web beacons.