Palmer
Hargreaves
Deutsche Telekom – You And Me – Social Intranet
you and me Employee Kit

Imprint

General information according to article 13 of the German Telemedia Act (Telemediengesetz)

Palmer Hargreaves GmbH
Vogelsanger Strasse 66
50823 Cologne
Germany

Managing directors of Palmer Hargreaves GmbH
Jörn Langensiepen
Susanne Hoffmann
Dr. Iris Heilmann

Contact
t
+49 221 933 22 - 0
f +49 221 933 22 - 11
e cologne@palmerhargreaves.com

Registered office
Cologne
VAT number: DE 1826 45 758
HRB 27916 | local court Cologne

Responsible for content according to article 55 (2) of the German Interstate Broadcasting Treaty (Rundfunktstaatsvertrag)
Dr. Iris Heilmann

Data protection statement

Thank you for visiting our website! It is highly important to us to comply with the provisions under data protection law. This data protection statement is intended to inform you, as the user of our website, of the nature, scope and purpose of the processing of personal data and the rights you have, if you are a data subject as defined in article 4 no. 1, of the General Data Protection Regulation. The data protection statement below already includes the alterations under the General Data Protection Regulation (GDPR), which has applied since 25th May 2018. At the same time, this statement also meets the requirements of article 13 of the German Telemedia Act (Telemediengesetz), which applied until then.


1. Controller

This website and the services offered are operated by

Palmer Hargreaves GmbH
Vogelsanger Strasse 66
50823 Cologne
Germany

+49 221 933 22 - 0
cologne@palmerhargreaves.com
palmerhargreaves.de 

Managing directors: Jörn Langensiepen | Susanne Hoffmann | Dr. Iris Heilmann

(hereinafter “Palmer Hargreaves“).

    

2. General

When developing this website, we have designed it with the intention of collecting as little data from you as possible. In principle, it is possible to visit our website without providing personal data. It is only necessary to process data if you decide to use certain services. When doing so, we always ensure that we only process your personal data in line with a legal basis or the consent you have given. We comply with the provisions of the General Data Protection Regulation (GDPR ) applicable since 25th March 2018 and the applicable national provisions, such as the German Federal Data Protection Act (Bundesdatenschutzgesetz), the German Telemedia Act (Telemediengesetz), or any other more specialised laws on data protection.


3. Definition 

The terms used in this data protection statement refer to the meaning below in line with the GDPR. 

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future. 

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. 

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. 

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. 

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

    

4. Purpose of use and legal basis for processing personal data

Personal data that are necessary in order to constitute, execute or carry out our service offers are processed on the legal basis of article 6 (1) (b) of the GDPR. Processing of personal data that is necessary for the purposes of our pursued legitimate interests is carried out in line with article 6 (1) (f) of the GDPR. If your personal data are processed for the stated purpose with your consent, then this is based on article 6 (1) (a) of the GDPR. Where we use external service providers within the scope of commissioned processing, the processing is carried out on the legal basis of article 28 of the GDPR. We will process and use the collected personal data for the purposes listed here.

  

5. Collected and processed personal data

We collect and process your personal data only if you provide us with them voluntarily and knowingly, for instance by contacting us or sending us an email. 

The personal data provided by you and their contents will exclusively stay with our affiliated companies and us. We will store and process your data only for the purposes stated in item 4 above. Any use for any purpose other than that stated requires your explicit consent. This also applies to the transfer and transmission of your data to third parties.


6. General log files

The webserver temporarily records the connection data of the inquiring computer (IP address), the pages you visit on our website, the data and the duration of your visit, the identification data of the used browser and operating system type and the website you have visited before as well as the successful retrieval in log files. The technical administration of the website and anonymous statistical measures facilitate an evaluation of the accesses to the Palmer Hargreaves offers and an evaluation, the aim of which is to enhance data protection and data security in our company in order to ensure an optimum level of security for the personal data that we process. The data of the server log files will be stored separately from the personal data that you provide. Unless there are any potential obligations of retention provided by law, we will delete or render anonymous your IP address 28 days after you have left our website.

    

7. Cookies

Use of cookies

Our website collects and stores information by using what are called browser cookies. 

What are cookies?

They are small text files that are stored on your data carrier and that store specific settings and data about your browser for exchange with our system. In general, a cookie contains the name of the domain that sent the cookie data as well as information on the age of the cookie and an alphanumeric identifier. 

Why do we use cookies?

Cookies facilitate our systems to recognize the user's device and to make any potential presettings available immediately. As soon as a user accesses the platform, a cookie will be transmitted to the hard disk of the user’s computer. Cookies help us to improve our website and to offer you an even better and customised service. This enables us to recognize your computer or your (mobile) device when you return to our website and therefore, we can 

  • store information about your preferred activities on the website and customise our website for you to suit your particular interests and
  • accelerate the speed of handling your enquiries.

We cooperate with third party services, which support us in making the Internet offer and the website more interesting for you. Therefore, cookies of these partner companies (third-party providers) are also stored on your hard disk when you visit our website. These cookies are deleted automatically after the predetermined time.  

You will find a list of the cookies set by us here.  

May I decide about the use of cookies?

If you do not wish cookies to be used, then you can set your browser to not accept any storage of cookies. Please keep in mind that in this case the use of our website might be restricted or not possible at all, as the case may be. If you wish to accept only our own cookies, but not the cookies of our service providers and partners, then you may select the “block third-party cookies” setting in your browser. We assume no responsibility for the use of third-party cookies.


8. Integration of third-party services and contents

Our website uses contents and services of other suppliers. For example, these are videos provided by YouTube. In order to retrieve and to present these data in the user’s browser, it is absolutely vital to transmit the IP address. The provider (hereinafter “third-party”) is therefore aware of the user’s IP address. 

Even if we try to use only third-party providers who need the IP address only in order to provide content, we do not have any influence on whether the IP address is stored, as the case may be. In this case, this process serves, among others, statistical purposes. As soon as we become aware that the IP address is stored, we will point it out to you.  

Use of the Google Tag Manager

Our website uses the Google Tag Manager. Through this service, website tags may be managed via an interface. The Google Tool Manager merely implements tags. This means: No cookies are used and no personal data are collected. The Google Tool Manager triggers other tags, which, in turn collect data, as the case may be. However, the Google Tag Manager does not access these data. If, at domain or cookie level, a deactivation was made, then they remain for all tracking tags, provided those tracking tags have been implemented with the Google Tag Manager. The deactivation at domain or cookie level remains for all tracking tags that have been implemented with the Google Tag Manager. You will find Google’s data protection statement at: https://policies.google.com/technologies/partner-sites?hl=en-GB 

The company Google is certified for the EU-US data protection framework “Privacy Shield“. This data protection framework shall guarantee compliance with the data protection level that is applicable in the EU. 

Use of YouTube

For integrating and presenting video content, our website uses plugins of the YouTube site, which is operated by Google. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, U.S.A. 

When accessing a page with an integrated YouTube plugin, a connection to the YouTube servers is established. YouTube thus learns which of our pages you have visited. YouTube may attribute your surfing habits directly to your personal profile, if you are logged in to your YouTube account. You can prevent this by logging out of your YouTube account beforehand. Using YouTube is in the interest of an attractive presentation of our online offers. This is a legitimate interest in terms of article 6 (1) (f) of the GDPR. You will find details on handling user data in the data protection statement of YouTube at: https://policies.google.com/privacy?hl=en-GB&gl=de 

Use of Google Analytics

Our website uses features of the web analysis service Google Analytics. The supplier of this web analysis service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. 

Google Analytics uses cookies. Cookies are small text files that your web browser stores on your end device and that facilitate an analysis of the use of the website. Information about your use of our website generated by means of cookies are transmitted to a Google server and stored there. The server is generally located in the U.S.A.  

Setting of Google Analytics cookies is based on article 6 (1) (f) of the GDPR. As the owner of this website, we have a legitimate interest in analysing the user behaviour in order to optimise our website, and advertising as well, as the case may be. 

We use Google Analytics in connection with the IP anonymization feature. It ensures that Google shortens your IP address within the member states of the European Union or in the other contracting states of the agreement on the European Economic Area before transmitting it to the U.S.A. There may be exceptions, where Google transfers the full IP address to a server in the U.S.A. and shortens it there. Google will use this information on our behalf in order to analyse your use of the website, to create reports about website activities and to render other services for us associated with the website use and Internet use. The IP address transmitted by Google Analytics will not be combined with other data of Google. 

You may prevent your web browser to set cookies. Some functionalities of our website might then be limited. You may also prevent the collection of data about your use of the website including your IP address and the subsequent processing by Google. This is possible if you download and install the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en 

You will find details on handling user data at Google Analytics in the data protection statement of Google at: https://support.google.com/analytics/answer/6004245?hl=en 

Our website uses the “Demographics and Interests” function of Google Analytics. It may be used to create reports that contain information about age, gender and interests of the website visitors. These data have been obtained from interest-related advertising of Google and visitor data of third-parties. It is not possible to attribute the data to a specific person. You may deactivate this function at any time. You can do this by using the display settings in your Google account or by prohibiting the collection of your data through Google Analytics in general as described in the item “Objection against data collection”. 

Alternatively, you may prevent the collection through Google Analytics by setting a so-called “opt-out cookie“ by clicking here. If you delete the cookies in your browser, you must click this link again afterwards. 

You will find Google’s data protection statement at: https://policies.google.com/technologies/partner-sites?hl=en-GB 

Use of DoubleClick

Our website uses the online marketing tool DoubleClick by Google. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. 

DoubleClick uses cookies in order to place ads relevant to the users, to optimise reports on performance or to avoid that users view identical ads several times. Cookies are small text files that your web browser stores on your device. Google records via a cookie ID which ads are placed in which browser and can thus prevent them from being shown several times. Optimum marketing of our website is a legitimate interest in terms of article 6 (1) (f) of the GDPR. 

Cookie IDs provide additional assistance to DoubleClick to measure so-called conversions related to ad views. This is the case, for example, if you see a DoubleClick ad and make a purchase using the same web browser on the website of the advertiser later. According to Google, DoubleClick cookies do not store any personal data. 

Due to the used marketing tools, your browser automatically establishes a direct link to the Google server. We do not have any influence on the extent and use of data collected by this tool through Google. As far as we know at the moment, Google learns via DoubleClick, which areas of our website you have visited or which of our ads you have clicked. If you are logged in to your Google account, Google may attribute the visit to our website to your account. Even if you are not logged in, it cannot be excluded that the provider determines and stores your IP address. You may control, restrict and prevent that cookies are set with an up-to-date web browser. Then you have the option to object to the tracking process. Deactivating of cookies may lead to a limited functionality of our website. 

The company Google is certified for the EU-US data protection framework “Privacy Shield“. This data privacy framework shall guarantee compliance with the data protection level that is applicable in the EU.  

You will find details about the data protection statement of DoubleClick by Google at: https://policies.google.com/privacy?gl=de&hl=en-GB

Use of Google AdWords and Google Conversion Tracking

Our website uses Google AdWords. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. 

AdWords is an online advertising program. When using the online advertising program, we use conversion tracking. After clicking on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your device. Google AdWords cookies lose their validity after 30 days and are not used to identify users. When having a look at the cookie Google and we can see that you have clicked on an ad and have been forwarded to our website. The storage of “conversion cookies“ is based on article 6 (1) (f) of the GDPR. As the website owner, we have a legitimate interest in analysing the user behaviour in order to optimise our website, and our advertising. 

Every Google AdWords customer receives a different cookie. The cookies cannot be traced via websites of AdWords customers. Conversion cookies are used to create conversion statistics for AdWords customers using conversion tracking. AdWords customers are informed how many users have clicked on their ad and have been forwarded to pages featuring a conversion tracking tag. However, AdWords customers do not receive any personal data to identify users. If you do not wish to participate in the tracking, then you can object to the use of it. The conversion cookie in the browser’s user settings must be deactivated. Then your activities will not be entered into the conversion tracking statistics. 

You will find details on Google AdWords and Google Conversion Tracking in Google's data protection statement of Google: https://policies.google.com/privacy?gl=de&hl=en-GB 

You may control, restrict or prevent that cookies are set with an up-to-date web browser at https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en. Deactivating of cookies may lead to a limited functionality of our website. 

Social Media

Integration of Third-Party Services and Contents

Our website uses contents and services of other suppliers. In order to retrieve and to present these data in the user’s browser, it is absolutely vital to transmit the IP address. The providers (hereinafter “third-party”) are therefore aware of the user’s IP address.

Even if we try to use only providers who need the IP address only in order to provide content, we do not have any influence on whether the IP is stored, as the case may be. In this case, this process serves, among others, statistical purposes. As soon as we become aware that the IP address is stored, we will point it out to you.

You will find us on the following platforms and social networks:

  • Facebook
  • Instagram
  • LinkedIn
  • XING
  • Google/ YouTube
  • Twitter.

When using social networks, data are processed outside the European Union (EU) and the European Economic Area (EEA). A data protection level equivalent to that of the EU cannot be safeguarded in all the countries outside the EU. In this context, there may be risks involved for you as the user, if the transmitted data are processed in what is called third countries with an inadequate level of data protection.

This makes enforcement of known rights of users difficult. Moreover, it may happen that the provider in the third country processes your data but not in your interest. Where providers from the US are certified under what is called the Privacy Shield Framework – a data protection treaty between the US and the EU – such providers are obliged to adhere to the EU data protection standards.

The purposes of processing pursued by the social networks usually deviate from the purposes we pursue. Thus, the data you record in social networks are, in most cases, processed for purposes of market research, advertising, and creation of user profiles for personalised advertising (such as Facebook, Google, Instagram etc.).

To realise this, cookies, which record the user behaviour and facilitate user profiling, are used. You will find a list of the purposes of the processing of users’ data in the data protection statements of the respective providers. You can restrict profiling, at least to some extent, by adjusting the settings in your user account. Please read the relevant data protection statements of the respective provider to find out how to proceed.

Basically, this refers to the following data:

  • Registration data, such as user name, password, email address
  • Profile information, such as given name and surname, telephone number, picture 
  • Log file information, such as web request, IP address, browser type, landing pages, visited pages 
  • Device ID 
  • Meta data, such as hashtags, geotags, comments 

Processing of your personal data for the stated purposes is based on our legitimate management and communications interest to offer an information and communications channel pursuant to Art. 6 (1) (f) of the GDPR. Where you have given your consent to the data processing to the relevant provider of the social network, the legal basis of the processing is based on  Art. 6 (1) (a) and Art. 7 of the GDPR.

Due to the fact, that the real data processing is carried out by the provider of the social network, our possibilities to access your data are restricted. Solely the provider of the social network is legitimised to access your data in full. That is why only the provider is able to directly take and implement relevant measures to perform your user rights (request for information, request for erasure, objection, etc.). Therefore, the most effective way to assert relevant rights is to assert them directly against the relevant provider.  

Furthermore, on mobile end devices, you may restrict the services’ access to contact and calendar data, photos, location data etc. by adjusting the settings on your device. However, this depends on the operation system used.  

We, Palmer Hargreaves, do not collect and process any data from your use of the service. However, in the event we share or respond to your posts or create posts that refer to your profile ourselves, then the data you have entered in the social network, including, but not limited to, your (user) name and the content made public on your account, will be processed to the extent that they will be integrated in our offer and made publicly accessible to our followers.  

If you need assistance in this matter, please feel free to contact us.


Data Subjects' rights

Below, you will find a more detailed list of the relevant data processing carried out by the providers and their options for objections (what is called opt out) by using the relevant links to the providers' websites:

Facebook

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland – data protection statement: https://www.facebook.com/about/privacy/

Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active 

Instagram

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Data protection statement: https://help.instagram.com/155833707900388

Opt out: https://help.instagram.com/370452623149242/?helpref=hc_fnav&bc[0]=368390626577968&bc[1]=1757120787856285  

LinkedIn

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Data protection statement: https://www.linkedin.com/legal/privacy-policy

Opt out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

Xing

XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany

Data protection statement /Opt out: https://privacy.xing.com/en/privacy-policy 

Google/ YouTube

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data protection statement: https://policies.google.com/privacy

Opt out: https://adssettings.google.com/authenticated

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active https://policies.google.com/?hl=en; https://policies.google.com/privacy/frameworks

Twitter

Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Data protection statement: https://twitter.com/en/privacy

Opt out: https://twitter.com/personalization

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

  

9. Data security

Unfortunately, transferring information via the Internet is never 100 % secure, and that is why we cannot guarantee the security of the data transmitted via the Internet to our website. 

However, we protect our website from loss, destruction, access, modification or dissemination of your data by unauthorized persons through technical and organisational measures. 

In particular, your personal data are transferred in encrypted form. We use the coding system SSL/TLS (Secure Sockets Layer/Transport Layer Security) for this purpose. Our security measures are continuously improved in line with technological development. 

  

10. Rights of the data subjects

If you are a data subject as defined in article 4 (1) of the GDPR, then you have the following rights regarding processing of your personal data according to the GDPR. 

Right to confirmation and access

Under the conditions of article 15 of the GDPR, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed and to obtain access from the controller to the personal data stored about you and to obtain a copy of such information free of charge. 

Right to correction

Under the conditions of article 16 of the GDPR, you have the right to request the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. 

Right to deletion

Under the conditions of article 17 of the GDPR, you have the right to demand from us the erasure of personal data concerning you without undue delay, provided that one of the reasons stated in article 17 of the GDPR applies and the processing is not required.   

Right to restriction of processing

Under the conditions of article 18 of the GDPR, you have the right to demand restriction of processing where one of the conditions stated in article 18 of the GPDR applies. 

Right to data portability

Under the conditions of article 20 of the GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us provided that the other conditions of article 20 of the GDPR are fulfilled. 

Right to withdraw any given consent

You have the right to revoke consent for processing personal data given to us with effect for the future at any time. Please send the revocation to the following email address: dataprotection@palmerhargreaves.com 

Right to object

Under the conditions of article 21 of the GDPR, you have the right to object at any time the processing of personal data concerning you. If the conditions for an effective objection are met, then we may no longer process your personal data. 

Right to lodge a complaint with a supervisory authority

Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

    

11. Forwarding your personal data

Your personal data will be forwarded as described below:  

The website is hosted by a third-party service provider in the EU. We make sure that the data are only processed in Germany. This is necessary to operate the website as well as for constituting, executing and carrying out the existing licence agreement and possible even without your consent. 

Your personal data will also be forwarded if we have the right or are obliged to forward data due to legal provisions and/or official or court order. In particular, this may refer to the provision of information for law enforcement, prevention of threats or enforcement of intellectual property rights. 

Where your data are forwarded to service providers to the extent required, such service providers will only have access to your personal data to the extent that this is necessary to perform their tasks. These service providers are obliged to treat your personal data according to the applicable data protection laws, including, but not limited to the GDPR. 

Other than described above, we, as a rule, do not transmit your data to third-parties without your consent. In particular, we do not forward personal data to a body in a third country or to an international organisation.

  

12. Storage period for personal data

As regards the storage period, we delete personal data as soon as their storage is no longer required to fulfil the initial purpose and there are no statutory retention periods. The statutory retention periods are basically the criterion for the final period of storage of personal data. After expiry of this period, the relevant data will be routinely deleted. If there are retention periods, the processing will be restricted by blocking the data.

  

13. References and Links

When you visit Internet sites that are referred to from our website, you may again be asked for details, such as name, address, email address, browser features etc. This data protection statement does not lay down the processing, forwarding or handling of personal data by third-parties. 

Third-party service providers may have diverging and their own rules on handling the collection, processing, and use of personal data. Therefore, we would like to recommend to reading up on how third-parties deal with personal data on their websites before entering personal data.

  

14. Modification of the data protection statement

We continuously further develop our website to offer you a service that is becoming better and better. We will continuously keep this data protection statement up-to-date and revise it accordingly whenever and where this becomes necessary.  

Of course we will inform you of any changes of this data protection statement in good time. We will do so by sending you an email to the email address you have provided to us. Where it is necessary that you give us further consent for handling your data other than this, we will of course obtain such consent from you before any changes in this regard become effective. 


15. Data Protection Officer (DPO)

We have appointed a data protection officer: 

Philipp Herold (mein-datenschutzbeauftragter.de)

Rudolf-Diesel-Straße 10
23617 Stockelsdorf
Germany

dataprotection@palmerhargreaves.com  


Issued: March 2019