Skip to content
Retorio press and news

Privacy Policy

Disclaimer

This version is a translation of the German original version on Retorio’s homepage: www.retorio.com/privacy-policy for your convenience.

  

Privacy Policy Platform Retorio GmbH

Privacy Policy / Status June 2021

 

1. Name and address of the person responsible

The responsible person within the meaning of the General Data Protection Regulation (DSGVO) and other data protection regulations is:

Retorio GmbH

Gaisbergstr. 11

81675 Munich

Germany

contact@retorio.com

 

2. Contact details of the data protection officer

The data protection officer of the data controller is:

DataCo GmbH

Dachauer Street 65

80335 Munich

Germany

+49 89 7400 45840

www.dataguard.de

 

3. Information on data processing independent of the platform

- Scope of the processing of personal data

As a matter of principle, we process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for actual reasons and the processing of the data is required by legal regulations.

- Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) p. 1 lit. a DSGVO serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) p. 1 lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) p. 1 lit. f DSGVO serves as the legal basis for the processing.

- Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

 

4. Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against the controller:

- Right to information about the processing of your data (Art. 15 DSGVO);

- Right to rectification of incorrect data (Art. 16 DSGVO);

- Right to erasure of your personal data (Art. 17 DSGVO);

- Right to restrict the processing of your personal data (Art. 18 DSGVO);

- Right to data portability (Art. 20 DSGVO);

- Right to complain to a supervisory authority (Art. 13(2)(d) and Art. 14(2)(e) DSGVO);

- Right to object to the processing of personal data (Art. 21 DSGVO).

 

5. Provision of the platform and creation of log files

- Description and scope of data processing

Each time our platform is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected in this context:

- Information about the browser type and the version used.

- The operating system of the user

- The user's Internet service provider

- The IP address of the user

- Date and time of access

- Referrer URL

- The amount of transmitted data

This data is stored in the log files of our system. This data is not stored together with other personal data of the user.

- Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the platform to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the platform. In addition, we use the data to optimize the platform and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f DSGVO.

- Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f DSGVO.

- Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the platform, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

- Possibility of objection and removal

The user can object to this. Whether the objection is successful is to be determined in the context of a balancing of interests.

 

6. Use of cookies

- Description and scope of data processing

Cookies are set when visiting our website. Cookies are files that are stored in the Internet browser or by the Internet browser on the user's computer system. This storage of information on the user's terminal device can be done using unique identifiers (UID), which allows us to identify or associate it with a natural person.

The provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) are relevant for the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is carried out on the basis of Section 25 (2) No. 2 TTDSG. This storage of and access to the information in your terminal equipment serves to facilitate your use of our website and to be able to offer you our services as you have requested. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted after the session ends (e.g. logging out or closing the browser) or after the expiry of a specified duration. Information about different storage periods for cookies can be found in the following sections of this privacy policy.

Insofar as cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. The basis for the storage and access to information in this case is § 25 para. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a), Art. 7 DSGVO. You can revoke your consent at any time with effect for the future or subsequently grant it again by configuring your settings for cookies accordingly. Alternatively, you can prevent the storage of cookies by making appropriate settings in your browser software. Please note that the browser settings you make only affect the browser you are using.

If personal data is processed following the storage of and access to the information on your terminal equipment, the provisions of the DSGVO are relevant. Information on this can be found in the following sections of this privacy policy. 

The following data is stored and transmitted in the cookies in the process:

- Language settings

- Log-in information

- Entered search terms

- Use of platform functions

We also use cookies on our platform that enable an analysis of the user's surfing behavior. You can find more information about this in the clarification about used plugins of this privacy policy.

- Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of our platform for users. Some functions of our platform cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We require cookies for the following applications:

- Adoption of language settings

- Remembering search terms

- Login information

The user data collected by technically necessary cookies are not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our platform and its content. Through the analysis cookies, we learn how the platform is used and can thus constantly optimize our offer. For more information, please refer to the explanation of used plugins of this privacy policy.

- Legal basis for data processing

The legal basis for the processing of personal data using analysis cookies is Art. 6 para. 1 p. 1 lit. a DSGVO.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 lit. f DSGVO.

- Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted from it to our platform. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our platform, it may no longer be possible to fully use all functions of the platform.

If you use a Safari browser from version 12.1, cookies are automatically deleted after seven days. This also applies to opt-out cookies that are set to prevent tracking measures.

 

7. E-mail contact

- Description and scope of data processing

On our website, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

The data is used exclusively for processing the conversation.

- Purpose of data processing

In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

- Legal basis for data processing

The legal basis for processing the data is Art. 6 (1) lit. a DSGVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

- Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

- Possibility of revocation, objection and removal

If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

 

8. Geotargeting

We use the IP address and other information provided by the user (in particular zip code in the context of registration or ordering) for regional targeting (so-called "geotargeting").

Regional targeting is used, for example, to automatically show you regional offers or advertising that are often more relevant to users. The legal basis for the use of the IP address and, if applicable, other information provided by the user (in particular zip code) is Art. 6 (1) lit. f DSGVO, based on our interest in ensuring more precise targeting and thus providing offers and advertising with higher relevance for users.

In this context, a part of the IP address as well as the additional information provided by the user (in particular zip code) are only read and not stored separately.

You can prevent geotargeting by, for example, using a VPN or proxy server that prevents precise localization. In addition, depending on the browser you use, you can also deactivate location localization in the corresponding browser settings (insofar as the respective browser supports this).

We use geotargeting on our platform for the following purposes:

- Customer targeting

 

9. Content delivery networks

Google Cloud CDN

- Description and scope of data processing

We use functions of the content delivery network Google Cloud CDN of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: Google Cloud CDN) on our platform. A Content Delivery Network (CDN) is a network of regionally distributed servers connected over the Internet that is used to deliver content, especially large media files such as videos. Google Cloud CDN provides web optimization and security services that we use to improve the load times of our platform and to protect it from misuse. When you access our platform, a connection is established to the servers of Google Cloud CDN in order to retrieve content, for example. As a result, personal data may be stored and analyzed in server log files, in particular the user's activity (especially which pages have been visited) and device and browser information (especially the IP address and the operating system).

Further information on the collection and storage of data by Google Cloud CDN can be found here: https://policies.google.com/privacy?hl=de.

- Purpose of data processing

The use of the functions of Google Cloud CDN serves the delivery and acceleration of online applications and content.

- Legal basis for data processing

The collection of this data is based on Art. 6 (1) lit. f DSGVO. The platform operator has a legitimate interest in the technically error-free presentation and optimization of its platform - for this purpose, the server log files must be collected.

- Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

- Possibility of objection and removal

For information on opt-out and removal options vis-à-vis Google Cloud CDN, please visit: https://policies.google.com/privacy?hl=dede/privacypolicy/

 

10. Use of web provider tools

We use plugins for various purposes. The plugins used are listed below:

Service Provider Third Country Transfer (Country)

*(no third country transfer)

**(own hosting)

***(adequacy decision) Purpose of data processing Legal basis of data processing Information on data protection and appropriate guarantees in the case of third-country transfer.

Instagram Meta Platforms Ireland Limited Ireland (USA) Improvement of external presentation Art. 6 para. 1 p.1 lit. a DSGVO https://help.instagram.com/15583370790038

Facebook Pixel Meta Platforms Ireland Ltd. Ireland (USA) Tracking Art. 6 para. 1 p.1 lit. a DSGVO https://www.facebook.com/about/privacy

https://www.facebook.com/legal/EU_data_transfer_addendum/update

Google Analytics

Google Ireland Ltd. Ireland (USA) Tracking Art. 6 para. 1 p.1 lit. a DSGVO https://policies.google.com/privacy?gl=DE&hl=de

https://business.safety.google/gdpr/

Google Tag Manager Google Ireland Ltd. Ireland (USA) Tag configuration and integration of Google services Art. 6 para. 1 S.1 lit. a DSGVO https://policies.google.com/privacy?gl=DE&hl=de

https://business.safety.google/gdpr/

Google Maps Google Ireland Ltd. Ireland (USA) Map service Art. 6 para. 1 p.1 lit. a DSGVO https://policies.google.com/privacy?gl=DE&hl=de

https://business.safety.google/gdpr/

LinkedIn Insight Tag LinkedIn Ireland Unlimited Company Ireland (USA) Marketing Art. 6 para. 1 p.1 lit. a DSGVO https://www.linkedin.com/legal/privacy-policy?_l=de_DE

https://de.linkedin.com/legal/l/dpa

LinkedIn Analytics LinkedIn Ireland Unlimited Company Ireland (USA) Analysis Art. 6 para. 1 p.1 lit. a DSGVO

https://www.linkedin.com/legal/privacy-policy?_l=de_DE

https://de.linkedin.com/legal/l/dpa

Twitter Ads Twitter International Company Ireland (USA) Conversion Tracking Art. 6 para. 1 p.1 lit. a DSGVO https://twitter.com/de/privacy

https://help.twitter.com/de/rules-and-policies/global-operations-and-data-transfer

Facebook Retargeting Meta Platforms Ireland Ltd. Ireland (USA) Tracking Art. 6 para. 1 p. 1 lit. a DSGVO https://www.facebook.com/about/privacy

https://www.facebook.com/legal/EU_data_transfer_addendum/update

Google Ads Remarketing Google Ireland Ltd. Ireland (USA) Marketing / Tracking Art. 6 para. 1 p. 1 lit. a DSGVO https://policies.google.com/privacy?gl=DE&hl=de

https://business.safety.google/gdpr/

Google Marketing Platform Google Ireland Ltd. Ireland (USA) Marketing / Tracking Art. 6 para. 1 p. 1 lit. a DSGVO https://policies.google.com/privacy?gl=DE&hl=de

https://business.safety.google/gdpr/

Google Web Fonts Google Ireland Ltd. Ireland (USA) Fonts Art. 6 para. 1 p.1 lit. a DSGVO https://policies.google.com/privacy?gl=DE&hl=de

https://business.safety.google/gdpr/

Intercom Intercom Inc. USA Email, push messages, live chat Art. 6 para. 1 p.1 lit. a DSGVO https://www.intercom.com/legal/privacy

HubSpot HubSpot Inc. USA Tracking Art. 6 para. 1 p.1 lit. a DSGVO https://legal.hubspot.com/de/privacy-policy

 

11. Telemetry data

- Description and scope of data processing

We collect telemetry data on our platform. We implement this with the following tools:

o Sentry.io

- The data is processed for the following purposes:

o Troubleshooting

o Log analysis

- Legal basis for data processing

The collection of this data is based on Art. 6 (1) lit. f DSGVO. The platform operator has a legitimate interest in the technically error-free presentation and optimization of its platform.

- Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

- Possibilities of objection and removal

You may object to the processing of your personal information at any time by sending an informal email to contact@retorio.com. All other rights for you as a data subject, you can likewise address to this email address.

This privacy policy was created with the support of DataGuard.