Privacy Policy
Preamble
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process for which purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both within the scope of providing our services and especially on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender-specific.
Date: August 13, 2024
Table of Contents
- Preamble
- Responsible Party
- Overview of Processing
- Relevant Legal Basis
- Security Measures
- International Data Transfers
- General Information on Data Storage and Deletion
- Rights of Data Subjects
- Use of Cookies
- Contact and Inquiry Management
- Newsletter and Electronic Notifications
- Web Analysis, Monitoring, and Optimization
- Presence in Social Networks (Social Media)
- Changes and Updates
- Definitions of Terms
Responsible Party
Andreas Koschak
Parametric GmbH
Industriestrasse 19
3812 Wilderswil
Email Address:
Overview of Processing
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the affected persons.
Types of Processed Data
- Inventory data.
- Contact data.
- Content data.
- Usage data.
- Meta, communication, and procedural data.
Categories of Data Subjects
- Communication partners.
- Users.
Purposes of Processing
- Communication.
- Direct marketing.
- Reach measurement.
- Organizational and administrative procedures.
- Feedback.
- Profiles with user-related information.
- Provision of our online offer and user-friendliness.
- Public relations.
Relevant Legal Basis
Relevant legal basis under Swiss data protection law: If you are located in Switzerland, we process your data based on the Federal Act on Data Protection (short "Swiss FADP"). Unlike the GDPR, for example, the Swiss FADP generally does not require that a legal basis for the processing of personal data be mentioned, and the processing of personal data is carried out in good faith, lawfully, and proportionately (Art. 6 paras. 1 and 2 of the Swiss FADP). Additionally, personal data is only collected by us for a specific, recognizable purpose for the affected person and only processed in a manner compatible with this purpose (Art. 6 para. 3 of the Swiss FADP).
Security Measures
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and severity of the threat to the rights and freedoms of natural persons, in accordance with legal requirements.
These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, securing availability, and separation of the data. Furthermore, we have set up procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Additionally, we take into account the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and by default data protection-friendly settings.
Securing online connections using TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thus protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.
International Data Transfers
Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing occurs as part of utilizing third-party services or disclosing or transmitting data to other persons, entities, or companies, this will only be done in accordance with legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers occur only if the level of data protection is secured through other means, especially by standard contractual clauses (Art. 46 (2) (c) GDPR), explicit consent, or in the case of contractual or legally required transmission (Art. 49 (1) GDPR). Furthermore, we will inform you of the bases for third-country transfers with the individual providers from the third country, with adequacy decisions taking precedence as the basis. Information on third-country transfers and existing adequacy decisions can be found in the EU Commission's information offer: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
EU-US Trans-Atlantic Data Privacy Framework: Under the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain US companies as adequate based on the adequacy decision of July 10, 2023. You can find the list of certified companies and further information about the DPF on the US Department of Commerce's website at https://www.dataprivacyframework.gov/ (in English). We will inform you in the privacy notices about which service providers we use are certified under the Data Privacy Framework.
Disclosure of Personal Data Abroad: According to the Swiss Data Protection Act (DSG), we only disclose personal data abroad if an adequate level of protection for the data subjects is ensured (Art. 16 Swiss DSG). If the Federal Council has not established adequate protection (List: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we will take alternative security measures. These may include international agreements, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (EDÖB), or internal data protection regulations recognized in advance by EDÖB or a competent data protection authority from another country.
According to Art. 16 of the Swiss DSG, exceptions for the disclosure of data abroad may be permitted if certain conditions are met, including consent of the data subject, contract performance, public interest, protection of life or physical integrity, publicly available data, or data from a legally required register. Such disclosures are always made in accordance with legal requirements.
General Information on Data Storage and Deletion
We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies to cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.
In particular, data that must be retained for commercial or tax reasons or that must be stored for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.
Our privacy notices contain additional information on the retention and deletion of data that specifically apply to certain processing activities.
Where multiple retention periods or deletion deadlines are indicated for a data, the longest period is always decisive.
If a period does not explicitly start on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships, within the framework of which data is stored, the event triggering the period is the time of termination or other end of the legal relationship.
Data that is no longer retained for the originally intended purpose but is stored due to legal requirements or other reasons, we only process for the reasons that justify its retention.
Further notes on processing activities, procedures, and services:
- Retention and deletion of data: The following general periods apply to retention and archiving under Swiss law:
- 10 years - Retention period for books and records, financial statements, inventories, management reports, opening balances, accounting documents, and invoices, as well as all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (CO)).
- 10 years - Data necessary to consider potential claims for damages or similar contractual claims and rights, as well as for processing related inquiries, based on past business experience and customary industry practices, are stored for the statutory limitation period of ten years unless a shorter period of five years applies, which is relevant in certain cases (Art. 127, 130 CO). After five years, claims for rent, lease, and capital interest, as well as other periodic services, from the supply of foodstuffs, for board, and for innkeeper debts, as well as from manual work, retail of goods, medical care, professional work of lawyers, legal agents, proxies, and notaries, and from the employment relationship of employees expire (Art. 128 CO).
Rights of the Data Subjects
Rights of the data subjects under the Swiss Data Protection Act:
As a data subject, you have the following rights according to the provisions of the Swiss Data Protection Act:
- Right to Information: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary to assert your rights under this law and ensure transparent data processing.
- Right to Data Release or Transfer: You have the right to request the release of your personal data that you have provided to us in a commonly used electronic format.
- Right to Correction: You have the right to request the correction of incorrect personal data concerning you.
- Right to Object, Erasure, and Destruction: You have the right to object to the processing of your data and to request that the personal data concerning you be deleted or destroyed.
Use of Cookies
Cookies are small text files or other storage markers that store and read information on devices. For example, to save the login status in a user account, a shopping cart content in an online shop, the accessed content, or used features of an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and comfort of online services, as well as analyzing visitor flows.
Notes on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless it is not required by law. Permission is particularly not necessary if the storage and reading of information, including cookies, is strictly necessary to provide users with a telemedia service (i.e., our online offering) that they have explicitly requested. The revocable consent is clearly communicated to them and contains information about the respective use of cookies.
Notes on Data Protection Legal Bases: The legal basis on which we process users' personal data using cookies depends on whether we ask them for consent. If the users accept, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the economic operation of our online offering and improving its usability) or, if necessary, for the fulfillment of our contractual obligations, when the use of cookies is required to meet our contractual obligations. We provide information about the purposes for which cookies are used in this privacy policy or as part of our consent and processing processes.
Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:
- Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
- Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved, and preferred content can be displayed directly when the user revisits a website. Similarly, user data collected through cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), they should assume that these are permanent and that the storage duration can be up to two years.
General Information on Revocation and Objection (Opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements, including through the privacy settings of their browser.
- Processed Data Types: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties).
- Affected Persons: Users (e.g., website visitors, users of online services).
- Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Further Information on Processing, Procedures, and Services:
- Processing of Cookie Data Based on Consent: We use a consent management solution to obtain users' consent for the use of cookies or the procedures and providers mentioned within the consent management solution. This procedure serves to obtain, log, manage, and revoke consents, particularly regarding the use of cookies and similar technologies used to store, read, and process information on users' devices. In this process, users' consent for the use of cookies and related processing of information, including the specific processing and providers mentioned in the consent management procedure, is obtained. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid repeated queries and to provide proof of consent as required by law. The storage is server-side and/or in a cookie (so-called opt-in cookie) or by similar technologies to assign the consent to a specific user or their device. Unless specific information is provided about the providers of consent management services, the following general information applies: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, the information on the scope of consent (e.g., relevant categories of cookies and/or service providers), as well as information about the browser, system, and device used; Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Contact and Inquiry Management
When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within the context of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested actions.
- Processed Data Types: Inventory data (e.g., full name, address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and contributions, as well as information about them, such as author information or time of creation); usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties).
- Affected Persons: Communication partners.
- Processing Purposes: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Providing our online offering and user-friendliness.
- Retention and Deletion: Deletion according to the details in the section "General Information on Data Storage and Deletion".
- Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
Further Information on Processing, Procedures, and Services:
- Contact Form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to respond to and handle the respective request. This typically includes information such as name, contact details, and any additional information provided to us that is necessary for appropriate handling. We use this data exclusively for the stated purpose of communication; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Newsletters and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter referred to as "newsletters") only with the recipients' consent or based on a legal basis. If the content of the newsletter is specified during registration, it is relevant for the users' consent. To sign up for our newsletter, providing your email address is usually sufficient. However, to offer you a personalized service, we may request your name for a personalized address in the newsletter or additional information if necessary for the newsletter's purpose.
Deletion and Restriction of Processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove a previously given consent. The processing of this data is limited to the purpose of a potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist (so-called "blocklist").
The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider to send emails, this is done based on our legitimate interests in an efficient and secure dispatch system.
Content: Information about us, our services, promotions, offers, and news in the area of data protection, as well as event information and personalized suggestions based on our service catalog and personal preferences.
Notes on Legal Bases: The dispatch of the newsletter is based on the recipients' consent or, if consent is not required, based on our legitimate interests in direct marketing. The registration process is logged based on our legitimate interests to prove that it was conducted in accordance with the law.
- Processed Data Types: Inventory data (e.g., full name, address, contact information, customer number, etc.), contact data (e.g., postal and email addresses or phone numbers), usage data (e.g., page views and duration of visit, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features), meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties).
- Affected Persons: Communication partners.
- Processing Purposes: Communication; direct marketing (e.g., via email or postal mail).
- Retention and Deletion: Deletion according to the details in the section "General Information on Data Storage and Deletion".
- Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as "reach measurement") is used to evaluate visitor traffic on our online services and can include pseudonymous values related to behavior, interests, or demographic information about visitors, such as age or gender. With reach analysis, for example, we can identify the times when our online services or their functions and content are used the most or invite repeat usage. We can also track which areas need optimization.
In addition to web analysis, we can also use testing procedures to test and optimize different versions of our online services or their components.
Unless otherwise specified below, profiles—data aggregated for a usage process—may be created for these purposes, and information may be stored and then read from a browser or device. The collected data includes, in particular, visited websites and used elements, as well as technical information such as the browser used, the computer system, and usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, the processing of location data is also possible.
Furthermore, users' IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored during web analysis, A/B testing, and optimization, but pseudonymous data. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
Legal basis notes: If we ask users for their consent to use third-party providers, consent constitutes the legal basis for data processing. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, cost-effective, and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
- Types of Data Processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
- Data Subjects: Users (e.g., website visitors, users of online services).
- Purposes of Processing: Reach measurement (e.g., access statistics, identification of returning visitors); Profiles with user-related information (creating user profiles). Provision of our online services and user-friendliness.
- Retention and Deletion: Deletion according to the details in the section "General Information on Data Storage and Deletion". Storage of cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years).
- Security Measures: IP masking (pseudonymization of the IP address).
- Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).
Further Notes on Processing Processes, Procedures, and Services:
- Google Analytics: We use Google Analytics to measure and analyze the use of our online services based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to assign analytical information to a device to identify which content users have accessed within one or multiple usage sessions, which search terms they used, re-accessed, or interacted with our online service. The time of use and its duration are also stored, as well as the sources of users referring to our online service and technical aspects of their devices and browsers.
Pseudonymous user profiles are created with information from the use of various devices, and cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides broad geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used solely for this derivation of geolocation data before being immediately deleted. It is not logged, accessible, or used for further purposes. When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before traffic is forwarded to Analytics servers for processing; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for Third-Country Transfers: Adequacy Decision (Ireland); Right to Object (Opt-Out): Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Ad Personalization Settings: https://myadcenter.google.com/personalizationoff. Further Information: https://business.safety.google/adsservices/ (Types of processing and processed data). - Google Tag Manager: We use Google Tag Manager, a software from Google that allows us to centrally manage so-called website tags through a user interface. Tags are small code elements on our website that are used to capture and analyze visitor activities. This technology helps us improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, store cookies with user profiles, or perform independent analyses. Its function is limited to simplifying and streamlining the integration and management of tools and services we use on our website. Nevertheless, when using Google Tag Manager, the IP address of users is transmitted to Google, which is necessary for technical reasons to implement the services we use. Cookies may also be set. This data processing only occurs when services are integrated through the Tag Manager. For more detailed information about these services and their data processing, we refer to the further sections of this privacy policy; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement:
https://business.safety.google/adsprocessorterms. Basis for Third-Country Transfers: Adequacy Decision (Ireland).
Presences on Social Networks (Social Media)
We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.
We note that user data may be processed outside the European Union. This can pose risks for users, as enforcing user rights may be more difficult.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on user behavior and resulting interests. These profiles may, in turn, be used to display advertisements both within and outside the networks that presumably match users' interests. Therefore, cookies are usually stored on users' computers, which record their usage behavior and interests. Additionally, usage profiles may include data independent of the devices used by users (particularly if they are members of the respective platforms and logged in).
For a detailed presentation of the respective processing forms and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.
Even in the case of requests for information and the assertion of data subject rights, we note that these are most effectively asserted with the providers. Only they have access to the user data and can take direct action and provide information. Should you still need assistance, you can contact us.
- Types of Data Processed: Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and posts, and related information such as authorship or creation time). Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions).
- Data Subjects: Users (e.g., website visitors, users of online services).
- Purposes of Processing: Communication; Feedback (e.g., collecting feedback via online forms). Public relations.
- Retention and Deletion: Deletion according to the details in the section "General Information on Data Storage and Deletion".
- Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
Further Notes on Processing Processes, Procedures, and Services:
- LinkedIn: Social Network - We, together with LinkedIn Ireland Unlimited Company, are responsible for the collection (but not further processing) of data from visitors, which is used for the creation of "Page Insights" (statistics) for our LinkedIn profiles.
This data includes information about the types of content users view or interact with, or actions they take, as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data) and details from users' profiles, such as job function, country, industry, hierarchical level, company size, and employment status. Privacy information on the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy
We have entered into a specific agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum (the ‘Addendum’)", https://legal.linkedin.com/pages-joint-controller-addendum), which specifies, among other things, the security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill data subject rights (i.e., users can, for example, make requests for information or deletion directly to LinkedIn). Users' rights (particularly to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection of data by and transmission to Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of Ireland Unlimited Company, particularly concerning the transmission of data to the parent company LinkedIn Corporation in the USA; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for Third-Country Transfers: Adequacy Decision (Ireland). Right to Object (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Changes and Updates
Please regularly review the content of our privacy policy. We will update the privacy policy as soon as changes in the data processing we perform make it necessary. We will inform you when such changes require your participation (e.g., consent) or any other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time, and we ask you to verify the information before contacting them.
Definitions
This section provides an overview of the terminology used in this privacy policy. If terms are legally defined, their legal definitions apply. The following explanations are intended primarily for understanding.
- Inventory Data: Inventory data includes essential information necessary for identifying and managing contract partners, user accounts, profiles, and similar associations. This data may include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between individuals and services, institutions, or systems by enabling clear identification and communication.
- Content Data: Content data includes information generated during the creation, editing, and publication of all types of content. This category of data can include text, images, videos, audio files, and other multimedia content published across various platforms and media. Content data is not limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.
- Contact Data: Contact data are essential information that enables communication with individuals or organizations. It includes phone numbers, postal addresses, and email addresses, as well as communication means such as social media handles and instant messaging identifiers.
- Meta, Communication, and Procedural Data: Meta, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Meta data, also known as data about data, includes information describing the context, origin, and structure of other data. It may include details such as file size, creation date, document author, and modification histories. Communication data records the exchange of information between users through various channels, such as email traffic, call logs, social network messages, and chat histories, including involved individuals, timestamps, and transmission paths. Procedural data describes processes and workflows within systems or organizations, including workflow documentation, transaction and activity logs, and audit logs used for tracking and reviewing operations.
- Usage Data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data includes a wide range of information showing how users use applications, which functions they prefer, how long they stay on certain pages, and the paths they navigate through an application. Usage data can also include usage frequency, activity timestamps, IP addresses, device information, and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.
- Personal Data: "Personal Data" refers to any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more specific features that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- Profiles with User-Related Information: The processing of "profiles with user-related information," or simply "profiles," involves any type of automated processing of personal data that involves using this personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this can include various information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.). Profiling often involves the use of cookies and web beacons.
- Reach Measurement: Reach measurement (also referred to as web analytics) is used to evaluate visitor traffic on an online service and can include the behavior or interests of visitors regarding certain information, such as website content. Through reach analysis, operators of online services can identify when users visit their websites and which content they are interested in. This allows them to better tailor website content to the needs of their visitors. Reach measurement often involves the use of pseudonymous cookies and web beacons to recognize recurring visitors and obtain more accurate analyses of the use of an online service.
- Controller: A "Controller" is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data.
- Processing: "Processing" is any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and includes almost any handling of data, such as collecting, evaluating, storing, transmitting, or deleting it.