1. Controller and Data Protection Officer
The data controller per the definition under GDPR is:
Admitad gmbH, Heinz-Nixdorf-Str 6, 74172 Neckarsulm, Deutschland (Germany)
Data Protection Officer
Should you have any questions about our data protection measures, the processing of your data, or the protection of your rights as a data subject, you can contact our Data Protection Officer and us:
External Data Protection Officer
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21 20354 Hamburg, Deutschland (Germany)
If you have any questions or concerns regarding your personal data, please contact us at firstname.lastname@example.org.
If you wish to communicate directly with our Data Protection Officer (because you have a particularly sensitive matter, for example), please contact him/her by post as email communications may experience security issues. Please state that your request relates to the company Admitad GmbH.
2.1 Personal data
“Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
2.2 Technical data
“Technical data” means any information that cannot be related to your identity, e.g., information on browser types, operating systems, domain names, access dates and times, referring website addresses, online transactions, and browsing and search activity.
“Processing” means any operation or set of operations performed on data such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of said data.
3. Collecting and processing personal data
The scope of how we collect and process your personal and non-personal data or other information depends on the way you interact with us or our technologies and services:
· As a visitor of www.admitad.com
· As a publisher or an advertiser of the Admitad affiliate network
· As a user of our publishers’ and/or advertisers’ websites
· As a job applicant to Admitad.
We use personal data only to administer and provide our technologies and services. We store personal and any other kind of data strictly in compliance with applicable data protection and privacy legislation and our contractual duties and will prevent unauthorized access to data to the best of our abilities.
With the following information, we will inform you of the contents of our newsletter and the procedure for the registration and dissemination of newsletters, and the evaluation of statistics thereof, as well as your right to object to the procedure. By subscribing to our newsletter, you agree to the receipt of the newsletter and the procedures described.
We send out newsletters, emails, and other electronic notifications with promotional information (hereinafter “Newsletter”) subject to the recipient’s consent or legal permission.
Registering for our newsletter is handled through a so-called double opt-in procedure, which means you will receive an email after you register, in which you will be asked to confirm your registration once again. Registrations for the newsletter are recorded to prove adherence to the precise registration process according to legal requirements. This includes storing the time of logon and confirmation. Furthermore, changes to the data stored by Mindbox, a third-party service, are also recorded.
The newsletters can be sent by Admitad or Mindbox.
Mindbox is a newsletter platform of the Dutch company Mindbox.Cloud B.V. (a Dutch private limited company) located at Strawinskylaan 613, 1077XX Amsterdam, The Netherlands.
To register for the newsletter, we only need your email address. Any other voluntarily provided information about you is only used to personalize the newsletter. You can change the personal data you share with us at any time.
There are cases when we direct newsletter recipients to Mindbox’s websites. For instance, our newsletters contain a link with which newsletter recipients can access newsletters online (for example, in case of problems displaying the newsletter in the email program).
You may terminate the receipt of our newsletter at any time, which means you revoke your consent to receive it. By doing so, your consent to the dissemination of the newsletter via Mindbox and statistical analysis thereof expires at the same time. Unfortunately, it is not possible to cancel the dissemination of the newsletter via Mindbox or the statistical evaluation thereof through other means. You may withdraw your consent to receive our newsletter at any time by changing the notification settings in your account. In addition, you can find a link to unsubscribe from our newsletter at the bottom of each newsletter.
5. Legal Basis
The processing of your personal data relies on the following legal bases:
- Your consent, if you have given us such consent (Art. 6 (1) (a) of GDPR)
- The initiation or execution of a contract with you (Art. 6 (1) (b) of GDPR)
- The fulfillment of legal obligations (Art. 6 (1) (c) of GDPR)
- The implementation of our legitimate interests (Art. 6 (1) (f) of GDPR).
6. Data protection and transmission to third parties
Admitad takes all technical and organizational security measures required to protect your personal data from loss, unauthorized disclosure, or other forms of misuse. Data is stored in a safe environment that is not open to public access. Your personal data may be encrypted before transmission in certain cases (e.g., processing your login data). This means that communication between your device and our servers will include recognized encryption measures if your browser supports doing so.
Our staff has been trained in privacy matters and responsibly handling personal data and information to which they gain access.
Please be aware that should you contact us via email, the confidentiality of the information therein may not be ensured. Third persons may have access to the contents of emails.
For Admitad to execute its business processes in a convenient and optimal manner, it may be necessary for certain data to be processed by trusted third parties and reliable partners. These third parties may:
- Process payments
- Fulfill orders
- Send emails
- Manage communications (e.g., newsletters, security notifications, chat, etc.)
- Host websites
- Conduct other related activities
on behalf of Admitad. However, Admitad only shares data that is needed to serve the specific purpose for which the third parties are engaged. Admitad ensures that these third parties are under similar obligations to maintain privacy and confidentiality as Admitad’s own employees and that they will handle your information in the way and to the extent Admitad is permitted to. Admitad does not allow any third party to use your information for any purposes for which the information was not collected.
Admitad will only disclose your personally identifiable information (PII) outside the country you live in if it is necessary for the intended purpose of processing. However, as a member of the worldwide Admitad group of companies, each local Admitad entity may maintain or perform data processing operations in countries outside the European Economic Area (EEA) or in countries without an adequate level of data protection if doing so is required for the fulfillment of our obligations or the underlying contract with you. Furthermore, subcontractors of Admitad, which Admitad engages to act on its behalf concerning the processing of your PII, may be domiciled in such areas.
To secure the transfer and processing of PII under chapter 5 of GDPR, Admitad has implemented and requested the required technical and organizational measures and has entered into the appropriate contractual frameworks with Admitad Group companies and subcontractors, which ensure that the data recipient has implemented an adequate level of data privacy in its organization as required by GDPR. This includes the signing of Data Processing Agreements and European Union standard contractual clauses issued by the EU Commission. These precautions are appropriate safeguards as stipulated by Article 46 GDPR and local data protection laws in effect, ensuring that your information will be treated securely, confidentially, and under the applicable data protection laws.
If Admitad is acquired by or merges with a third party, we reserve the right, in either of these circumstances, to transfer or assign the information we have collected from you as part of such a merger, acquisition, sale, or other change of control. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your information is treated, transferred, or used.
7. Transfer to Third Countries
Data is transferred to countries outside the European Economic Area. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data by employing contractual agreements or other suitable guarantees, such as certifications or proven compliance with international security standards.
Our affiliated companies may be located outside the EU (https://www.admitad.com/en/site/about/contacts/)
8. User Rights
You have the following rights concerning our processing of your personal data:
· The right to access
· The right to rectification
· The right to erasure
· The right to restrict processing
· The right to data portability
· The right to object (on grounds related to your particular situation) if your personal data is processed based on our legitimate interest
· The right to withdraw your consent at any time in the event of any consent-based processing of your personal data without affecting the lawfulness of processing said data based on consent before your withdrawal
· The right to lodge a complaint with a supervisory authority.
You may exercise your legal rights by contacting us via email at email@example.com.
If you are registered as a publisher or an advertiser on our website, you may access your account and correct or delete some of your data by yourself.
While observing applicable privacy legislation, we will erase your data without any action required by you if retention of your data is no longer necessary for the purpose pursued or retention is no longer allowed for any legal reason. We may restrict processing instead of erasing your data where it is legally not allowed to erase (e.g., legal obligations to maintain your personal data).
For all questions and requests related to the security of your personal data, please contact our Privacy Officers and us at firstname.lastname@example.org.