This is the privacy statement ('Statement') for the website operated and provided by Scrollytelling GmbH, Gellertstrasse 2, 22301 Hamburg, Germany (we, us and our).
We will only use personal information collected through this website as set out in this Statement. Below you will find information about how we use your personal data, for what purposes your personal data is used, to whom it is disclosed and what control and information rights you have.
We collect and process your personal data based on the requirements and obligations set out in the EU General Data Protection Regulation (hereinafter "GDPR"). In addition, other national data protection laws may apply. For Germany, this is in particular the Federal Data Protection Act ("BDSG"), which specifies some of the requirements and obligations set out in the GDPR.
1. Data controller and contacting us or our data protection officer.
The data controller for personal data collected and processed in connection with the use of this website is:
Scrollytelling GmbH, Gellertstrasse 2, 22301 Hamburg Managing Directors: Benedikt Holtappels, Christian Krug, Jan Schwochow info@scrollytelling.net HRB 171500, Hamburg District Court VAT ID No.: DE351862104 https://scrlly.com/impressum
Please send any questions, concerns or comments about this statement or requests regarding your personal information by e-mail to info@scrollytelling.net. Further contact details can be found in the imprint.
The data you provide when contacting us will be processed to handle your request and deleted after it has been dealt with. Alternatively, we restrict the processing of the respective information in accordance with the statutory retention obligations, where applicable.
You can contact our data protection officer either via the above address or via info@scrollytelling.net.
2. Use of the website for information purposes
If you visit our website for information purposes, i.e. without registering for any of the services offered and without providing us with personal data in any other form, we automatically collect your access data and server log files (IP address, date and time of access, the pages you visited on our website including the message whether access was successful, the amount of data transferred, the referrer URL of the previously visited website and the browser type and version used). This personal data is necessary to provide you with our website, as well as to ensure system stability and efficiency and to implement appropriate protective measures for the security of our website and services.
The automatically collected personal data are necessary for the provision of the website. See Art. 6, para. (1), sentence 1 f) DSGVO (legitimate interest) regarding the use of technical information to improve our systems, to make your use of the websites more convenient or to ensure the security of our websites. This is in our legitimate interest, as the data used for these purposes is only stored for a limited period of time and does not allow any conclusion to be drawn about the person of the user.
The personal data collected is automatically deleted when the above-mentioned purposes have been fulfilled. We delete server log files after 7 days.
3. Newsletter and personalized advertising
We offer you the opportunity to subscribe to a newsletter in order to receive personalized advertising about our scrollys as well as invitations and information about product launches, satisfaction surveys and information about our existing or new services. Your personal data provided in this context (e-mail address and optionally title, first name and surname) will be used by us exclusively for the purpose of providing this service to the above-mentioned extent of your consent given for this purpose (Art. 6 para. 1 sentence 1 lit. a DSGVO).
We use the so-called double opt-in procedure to confirm your newsletter registration and your e-mail address. In this process, an e-mail is sent to the e-mail address you provided when registering for the newsletter to confirm your consent. As part of the double opt-in process, we store and document the IP address, the date and time of sending your newsletter registration via web form as well as the IP address, date and time of your confirmation of the double opt-in e-mail.
As soon as you unsubscribe from the newsletter, your personal data provided for the newsletter will be deleted. However, your e-mail address may be stored in a blacklist to document that you do not wish to receive our newsletter or if other legal retention periods apply.
To send our newsletter, we use the provider SendinBlue SAS, 55 Rue d'Amsterdam, 75008 Paris, France. This is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on our servers and on the servers of SendinBlue.
The data you provide for the newsletter dispatch will be stored until you unsubscribe from the newsletter and will be deleted from our servers as well as from SendinBlue's servers after you unsubscribe. Data that may have been stored by us for other purposes remains unaffected by this.
The privacy policy of SendinBlue can be found at: https://de.sendinblue.com/legal/privacypolicy/.
We have concluded an order processing contract with SendinBlue.
4. Recipients and categories of recipients
Access to your personal data is limited to those persons who need this data to perform their tasks.
We may transfer your personal data to the recipients and categories of recipients listed below for the relevant purposes.
Recipients - Affiliated or unaffiliated private entities that are not part of us.
Processors - whether affiliated or unaffiliated, may receive your personal data to process it on our behalf under appropriate instructions to the extent necessary for the relevant processing purposes. Processors are contractually obligated to implement appropriate technical and organizational security measures to protect Personal Data and to process Personal Data only as instructed.
Current processors include in particular, but without limitation:
Processors that provide services to us in connection with our IT infrastructure (e.g., hosting or operating and maintaining our IT systems and platforms).
Processors for the operation and maintenance as well as the creation of content for our website.
Processors for our CRM and for our email marketing platform to whom we may transfer your personal data.
We also transfer your personal data to certain third-party processors with whom we work to provide you with certain functionality on our website (for example, in connection with cookies).
These processors may also engage other processors to provide the respective services.
Government agencies, courts, outside counsel, and similar third parties of a governmental nature, to the extent required or permitted by applicable law.
Our website contains links to third-party websites or to other websites under our responsibility. If you follow a link to one of these websites (which are outside our responsibility), we will notify you. These websites have their own privacy policies. We do not accept any responsibility or liability for these policies.
If you click on an external link, e.g. when calling up our brochure, data on the link destination, including your IP address, will be transmitted. The necessity lies in the TCP/IP protocol on which the Internet is based and is technically necessary.
5. Cross-border data transmission
As part of our information sharing activities described above, your personal data may be transferred to other countries (including countries outside the EU or EEA) that may have different data protection standards than your country of residence.
In this case, we have put in place appropriate safeguards with the third parties involved to ensure an adequate level of protection for personal data. Please note that personal data processed abroad is subject to foreign laws and may be accessible to foreign governments, courts, law enforcement and regulatory authorities. However, we will endeavor to take appropriate measures to maintain adequate data protection even when transferring your personal data to such countries. If we process data in a third country or this is done in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.
A transfer outside the EU / EEA is always secured by standard contractual clauses.
6. Security
We have put in place appropriate, state-of-the-art security measures to protect the personal data for which we are responsible from loss, misuse and alteration. For example, our security and privacy policies are reviewed regularly and improved as needed, and only authorized personnel have access to personal information. Personal data transmitted through our website is also protected by SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
While we cannot absolutely ensure or guarantee that no loss, misuse or alteration of information will ever occur, we make every reasonable effort to prevent it.
IP Address Truncation
When IP addresses are processed by us or by the service providers and technologies we use and it is not necessary to process the full IP address, it is shortened (so-called "IP masking"). In this process, the last two digits or the last part of the IP address after a period are removed or replaced by wildcards. This is intended to prevent or make it considerably more difficult to identify a person by their IP address.
7. Data storage
We strive to keep the processing of your personal data to a minimum. As no specific retention periods are set out in this Privacy Policy, your personal data will only be retained for as long as we need it to fulfill the purpose for which it was collected and, where applicable, for as long as required by legal retention obligations.
8. Your rights
As a data subject, you are entitled to various rights under the GDPR, in particular Art. 15 - 21 GDPR:
To request confirmation as to whether (i) data relating to you is being processed and to receive information about this data, as well as further information and a copy of the data in accordance with the legal requirements. This also includes information about the purposes of the processing, the categories of personal data concerned and the data recipients as well as possible retention periods.
To request the rectification, erasure or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected or (iii) the consent on which the processing was based has been withdrawn.
To refuse and withdraw your consent to the processing of your personal data at any time - without affecting data processing operations that have already taken place.
To object to the processing of your personal data for reasons arising from your particular situation. In this case, we ask you to provide us with information about your specific situation. After reviewing the facts presented by you, we will either stop processing your personal data or provide you with our compelling legitimate grounds for further processing.
You also have the right to take legal action in relation to a possible infringement of your rights in the processing of your personal data, as well as to lodge complaints with the competent data protection authorities.
You may request (i) to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and (ii) to transfer this data to another controller without hindrance from us; if technically feasible, you have the right to have the personal data transferred directly from us to another controller.
Complaint to a supervisory authority: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the provisions of the GDPR.
You may (i) exercise the rights set out above or (ii) send us questions or (iii) complaints regarding our data processing by contacting us using the contact details set out in Section 1.
9. Changes to the Privacy Policy
This Privacy Policy may require updating from time to time - for example, due to the implementation of new technologies or the introduction of new services. We therefore reserve the right to change or amend this Privacy Policy at any time. We will publish any such changes at https://scrlly.com/datenschutz. and/or inform you accordingly (e.g., by email or regular mail).
Please note that the addresses and contact information of companies and organizations provided in this Privacy Policy may change over time, and please verify the information before contacting us.
If you have any questions regarding our processing of your personal data in connection with other services, please contact info@scrollytelling.net.
Status: 28.08.2022