We maintain our own company page on the social media platform Facebook (the “Fan Page”) so that we can keep our customers, potential customers and other users informed about our services and what we have been up to. Facebook is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter “Meta”).
§ 1 Controller within the meaning of Article 4 no. 7 GDPR
The controller responsible for processing the data connected with our Fan Page is:
Dieter-Streng-Straße 4, 90766 Fürth
Tel.: +49 (0)911 / 30 91 61 0
Contact information for our data protection officer:
SPH IT + Consulting GmbH & Co. KG
Tel.: +49 (0)911 / 21 77 48 0
Our data protection officer can also be contacted by post. Please address any correspondence to “Data Protection Officer/Datenschutzbeauftragter” at our business address.
In addition, Meta is also responsible under data protection law for processing the data on our Fan Page. You can contact Meta and its data protection officer using the details provided here.
§ 2 Processing of personal data by Meta
(2) When you access our Fan Page, your browser establishes a connection with Facebook and transfers information.
The following data is collected if you are not logged in to, or registered with, Facebook:
- IP address
- Cookies: When you access our Fan Page, Facebook automatically installs cookies on your browser. According to Facebook, the datr cookie is used to identify the web browser establishing the connection with Facebook and serves to protect the social network. The datr cookie is stored on the browser for two years, but can be deleted via the browser’s settings.
This data is collected if you have a Facebook account and are logged in:
- IP address
- Cookies: a datr cookie is installed on your browser in this case as well (see above). If you have a Facebook account and are logged in when you visit our Fan Page, the c_user cookie is also activated. Facebook links your visit to our Fan Page with your personal user account. This enables Facebook to track your user behaviour.
(3) Please note that the data we collect from you when you visit our Fan Page may be processed outside the European Union. We have no influence over this.
(4) Meta is part of the US-based corporation, Meta Platforms, Inc. As a US company, it is subject to the US CLOUD Act, which allows US government agencies access to the data stored by Meta. We have no control over this.
§ 3 Facebook Insights
(1) Facebook offers its “Facebook Insights” (hereinafter “Insights”) service to us as a commercial user. “Insights” installs cookies on the devices of visitors to our Fan Page. These store information on visitors’ browsers for two years and remain active unless they are deleted. You can find more detailed information here.
§ 4 The data we process:
(1) You are not required to provide us with your personal data when you visit our Fan Page. We process only that personal data which you opt to disclose (e.g., your real name in your user profile) and data which is directly linked to activity on our Fan Page (e.g., comments, posts, likes, tags).
(2) We process your personal data on the basis of our legitimate interest in providing information and communicating effectively and our interest in optimising our marketing activities (Article 6(1)(f) GDPR). If Meta asks you to consent to the processing of your personal data, i.e., by ticking a checkbox or by clicking on a button to confirm that you consent to data processing, the legal basis for processing your data is Article 6(1)(a) and Article 7 GDPR.
(3) When you visit our Fan Page, the web analysis mentioned under § 3 above is performed for marketing purposes via the “Insights” function; this provides us with metrics and helps us to optimise our market image. The legal basis for processing this data is our legitimate interest under Article 6(1)(f) GDPR.
§ 5 Your rights
(1) You have the following rights vis-à-vis Meta as well as us:
- Right of access (Article 15 GDPR)
- Right to rectification and erasure (Articles 16 and 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to object to processing (Article 21 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to withdraw your consent (Article 7(3) GDPR).
You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.
(2) Please note that the most effective way to request information and assert your rights as a user is to address such concerns directly to Meta. Only Meta has access to user data and is able to take action and provide information directly. However, please do not hesitate to contact us if you require assistance.
§ 6 Concluding remarks
To operate our business, we must collect and process data. Whenever data are collected and processed, data protection and data security must be ensured. The foregoing is not only required by law; it is one of our core principles.
Please do not hesitate to contact us using the details provided above (§ 1) if you have any questions or comments on data protection in connection with our services.