Privacy Policy Jourma GmbH

Thank you for visiting our website. The protection of your personal data is important to us. We want you to feel secure when using our website. We process your personal data in accordance with the General Data Protection Regulation (GDPR) and the applicable data protection regulations in Germany.

• Contact details of the person responsible

  Is the controller within the meaning of the GDPR:

  Jourma GmbH
  Taunustor 1
  60310 Frankfurt am Main / Germany

  Phone: +49 69 5050604633
  E-mail: info(at)jourma.de
  Website: https://jourma.de

• Contact details for data protection issues

  If you have any questions about data protection, please contact our data protection officer at datenschutz(at)jourma.de using the contact details given above.

• Scope of the processing of personal data

  Generally, we only process our users' personal data to the extent necessary to provide a functional website and our content and services. Otherwise, the processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

  We may process the following categories of data:

  • Business page insight data (e.g. demographic information such as age, gender, region and country, interaction with the business page such as likes, subscriptions, sharing and viewing content, posts, interests).

  • Communication data (e.g. email content, social media posts).

  • Connection data (e.g. IP address, HTTP header, user agent).

  • Consent data (e.g. selected tools and categories of the consent banner).

  • Contact data (e.g. email address, phone number).

  • Core data (e.g. first name, surname).

  • Data privacy requests (e.g. your specific request, our answer, our documentation of the fulfilment of the request).

  • Device data (e.g. device type, screen resolution, browser type, operating system, language).

  • Identifiers (e.g. user ID, device ID, advertising ID, information from cookies and web storage elements).

  • Location data (e.g. country, region, city).

  • Newsletter data (e.g. name, email address, consent information, email opened, links clicked).

  • Usage data (e.g. pages visited, date and time of visit, duration of visit, previously visited pages, scroll activity, buttons clicked, links followed, files downloaded, interaction with media and forms).

  3.1 Contact form

  If you contact us using the contact form provided on the website, this is done on the basis of our legitimate interest in processing and answering your contact request (Art. 6 para. 1 letter f GDPR). We only use the data transmitted via the contact form to respond to your enquiry. This data will not be used for any other purpose at any time.

  3.2 Newsletter subscription

  If you subscribe to our newsletter, the data entered in the input mask (including name and email address) will be transmitted to the person responsible for data processing. Registration takes place using the double opt-in procedure: After you have registered, you will receive an email asking you to confirm your registration. Your subscription will only be activated after this confirmation. This serves to prevent unauthorized registration with third-party email addresses.

  When you register, we also save the IP address, date and time of registration in order to prevent possible misuse. Your data will not be passed on to third parties unless there is a legal obligation to do so. The data collected will be used exclusively for sending the newsletter. You can unsubscribe from the newsletter at any time via the link contained in every email and withdraw your consent to the storage of your personal data.

  We use standard market technologies to measure interactions with our newsletters (e.g. opening the email, clicking on links) for general statistical evaluations and to optimise and develop our content and customer communication. This is done with the help of small graphics embedded in the newsletters (so-called pixels) which establish a connection to the image server when the email is opened, and via links where we first register a click and then forward you to the desired target page.

  Your data will be processed on the basis of Art. 6 para. 1 letter a GDPR if you have given your consent. If the newsletter is sent in connection with the sale of goods or services, the legal basis is Art. 6 para. 1 letter f GDPR in connection with Section 7 (3) UWG. For delivery of the newsletter, we use Mailchimp (Intuit, Inc.).

• Legal basis for the processing of personal data

  Insofar as we obtain the consent of the data subject for the processing of personal data (e.g. for website tracking), Art. 6 para. 1 letter a GDPR serves as the legal basis. If we process your data in order to take steps at your request prior to entering into a contract (e.g. before registering for the usage of our app), our legal basis is Art. 6 para. 1 letter b GDPR. Otherwise, we process personal data in accordance with Art. 6 para. 1 letter f GDPR on the basis of legitimate interest, which we describe in the section about the purposes of data processing.

• Purpose of data processing

  Personal data is processed for various purposes:

  • Service Provision: Enabling the usability of our service, ensuring the permanent functionality and security of our information technology systems, maintaining our service in general for administrative purposes (Art. 6 para. 1 letter b, f GDPR). This includes the provision of our online offering with all its content and functions, including the consent management system. As example, data is stored in log files to ensure the functionality and security of the website.

  • Contact: Respond to contact enquiries, communicate with users, and provide a contact form (Art. 6 para. 1 letter f GDPR).

  • Newsletter: Providing and sending our newsletter, including storage of the subscription data for documentation obligations (Art. 6 para. 1 letter a, f GDPR).

  • Analytics: Providing analytical tools which recognise users of our service by identifiers, measure visited pages, analyse usage behaviour, and use the data to optimize the website (Art. 6 para. 1 letter a GDPR). The purpose of using analytics technologies is to improve the quality of our website and its content. The data is not analysed for marketing purposes in this context.

  • Social Network Business Pages: Providing and managing a social network business page, including communication with interested parties and clients, and processing of aggregated business page insight data for the optimization of the business page’s structure and design (Art. 6 para. 1 letter f GDPR).

  • Data Privacy Requests: Processing and answering your data privacy requests, and storage of your requests for documentation obligations (Art. 6 para. 1 letter f GDPR).

  • Compliance: Enforcement of our own legal claims and compliance with other legal provisions (Art. 6 para. 1 letter c, f GDPR).

• Data recipients

  The data collected by us will only be forwarded on if there is a legal basis for this under data protection law in the specific case.

  We use external service providers for certain functions of our website. As is common practice in many companies, we use both national and international partners for various business processes, including IT, logistics, telecommunications, sales and marketing. These service providers act exclusively in accordance with our instructions and are contractually obliged to comply with data protection regulations on the basis of a so-called order data processing agreement (DPA) in accordance with Art. 28 GDPR.

  The following categories of recipients – usually acting as processors – may have access to your personal data under certain circumstances:

  • Technical service providers who ensure the operation of our app and the processing of the stored or transmitted data (e.g. data centres, payment processors, IT security service providers). The transfer takes place on the basis of Art. 6 para. 1 letter b or letter f GDPR, unless they are processors.

  • Public authorities and government agencies, if we are legally obliged to disclose your data, in particular if this is necessary due to binding requirements, official enquiries, court orders and legal proceedings for legal prosecution or enforcement (Art. 6 para. 1 letter c GDPR).

  • External partners in business operations, such as auditors, banks, insurance companies, legal advisors or supervisory authorities. This may be the case, if the disclosure is necessary to protect our interests or for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data. The data transfer takes place on the basis of Art. 6 para. 1 letter b or letter f GDPR.

  • In addition, we only pass on personal data to third parties if this is legally permissible and necessary for the performance of a contract or for the implementation of pre-contractual measures that are carried out at your request (Art. 6 para. 1 letter b GDPR), or you have given us your express consent to do so in accordance with Art. 6 para. 1 letter a GDPR.

  Your data will be forwarded especially to the following recipients:

  • Google (Google Analytics, Google Tag Manager, Google Fonts): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – privacy notice: https://business.safety.google/privacy/ – privacy settings: https://adssettings.google.com/notarget – transfer to third country: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (adequacy decision, certified for the EU-US Data Privacy Framework).

  • LinkedIn (LinkedIn Business Page): LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland – privacy notice: https://www.linkedin.com/legal/privacy-policy – privacy settings: https://www.linkedin.com/psettings/enhanced-advertising – transfer to third country: LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200, Mountain View, California 94043, USA (adequacy decision, certified for the EU-US Data Privacy Framework).

  • Meta (Facebook Fanpage, Instagram Business Profile): Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland – privacy notice: https://www.facebook.com/privacy/policy/ – privacy settings: https://www.facebook.com/settings/?tab=ads – transfer to third country: Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA (adequacy decision, certified for the EU-US Data Privacy Framework).

  • Intuit (Mailchimp): Intuit, Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA (adequacy decision, certified for the EU-US Data Privacy Framework) – privacy notice: https://www.intuit.com/privacy/.

  In exceptional cases, we are jointly responsible for specific data processing with those recipients, as follows: We and social network providers process business page insight data on our social network business pages as joint controllers, whereby the respective social network provider is contractually responsible to fulfil the data subject rights and we will forward your requests. More information can be found in this privacy notice. You can find the relevant contracts with our joint controllers at: LinkedIn (LinkedIn Ireland Unlimited Company): https://legal.linkedin.com/pages-joint-controller-addendum; Facebook, Instagram (Meta Platforms Ireland Ltd.): https://www.facebook.com/legal/terms/page_controller_addendum.

• Transfer to third countries

  We may use services whose providers are partly located in so-called third countries (outside the European Union (EU) or the European Economic Area (EEA), particularly the USA) or transfer personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union.

  If an adequacy decision of the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework.

  If no adequacy decision has been issued for the country in question, we have taken appropriate contractual safeguards to ensure an adequate level of data protection for any data transfers. These include the EU Standard Contractual Clauses or Binding Corporate Rules (Art. 46 GDPR).

  Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

  If a transfer to a third country is planned and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. If your explicit consent is obtained, you will also be informed of this.

  Your data may be forwarded especially to the recipients in third countries mentioned in the section about data recipients, including the adequacy decision or appropriate safeguard for the data transfer.

• Duration of data storage

  We only store your personal data for as long as it is required for the respective purposes for which it was collected. Your data is stored exclusively on our servers in Germany, provided that it is not passed on to other service providers, third parties or forwarded to one of our partner apps. Service providers commissioned by us will only store your data on their systems for as long as is necessary to provide the commissioned service. Your contact requests will be stored for a maximum of 6 months.

  In certain cases, storage beyond this period may be necessary, for example in the event of an impending or ongoing legal dispute with you or in the context of other legal proceedings.

  Statutory retention periods and deletion requirements remain unaffected by this, for example according to the German § 257 HGB or § 147 AO. After expiry of the statutory retention period, the data will be deleted unless further storage is necessary and covered by a legal basis.

• Access and storage of information on the device

  Our website only accesses or stores information on your device if this is strictly necessary to provide your requested digital service, i.e. for the main functions of our service, or if you have given your prior consent, i.e. for optional services, according to implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with § 25 TDDDG.

  We use technologies such as cookies, local storage or session storage, which are stored on the device, or scripts and other programming code, which access information on your device, like identifiers such as device ID or advertising ID. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. As example, this cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

  The legal basis for the processing of personal data using technically necessary technologies is Art. 6 para. 1 letter f GDPR. When accessing our website, users are informed by an info banner about the use of technologies for analysis purposes, including those of the third-party providers listed below, and are referred to this privacy policy. The legal basis for the processing of personal data using optional technologies for analysis purposes is Art. 6 para. 1 letter a GDPR if the user has given consent to this.

  Usually, such technologies are not blocked by your device or browser. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the storage and transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. You can also adapt your browser settings to block the display of graphics or the performance of scripts, or you can adapt your device settings on mobile devices to block the access to your advertising ID.

  9.1 Consent Manager

  We use Consent Management to activate or deactivate website functions relevant to data protection. This allows you to customize the selected data protection settings. After you have made your selection, the Consent Manager will store cookies with your settings on your system. The cookies are deleted after 180 days. The purpose is to ensure that our website complies with data protection regulations. The legal basis for the processing of personal data is our legitimate interest under Art. 6 para. 1 letter f GDPR.

  The following cookies will be stored by the Consent Manager on your device:

  • 'cookie-consent' (180 days): consent decision.

  • 'advanced' (180 days): consent decision for advanced functions.

  • 'analytics' (180 days): consent decision for analytics purposes.

  • 'functional' (180 days): consent decision for functional purposes.

  • 'marketing' (180 days): consent decision for marketing purposes.

  9.2 Language

  We store your selected language in a cookie named 'NEXT_LOCALE' (1 year).

  9.3 Google Tag Manager

  Our website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which is used exclusively to manage website tools by integrating so-called website tags. A tag is an element that is stored in the source code of our website in order to execute a tool, for example through scripts. If these are optional tools, they will only be integrated by Google Tag Manager with your consent. The Google Tag Manager uses JavaScript and does not require the use of cookies.

  Google collects information about which tags are integrated through our website in order to ensure stability and functionality when using Google Tag Manager. However, Google Tag Manager does not store any personal data beyond the mere establishment of a connection, in particular no data about user behaviour or the pages visited.

  The legal basis for the processing of personal data is your consent according to Art. 6 para. 1 letter a GDPR.

  9.4 Google Fonts

  We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to embed online fonts. When you call up a page, your browser loads the required fonts in order to display texts correctly and attractively. Google Fonts is used to ensure a uniform and appealing presentation of our website through the maintenance-free and efficient use of fonts.

  For this purpose, your browser must establish a connection to Google's servers. This tells Google that our website has been accessed via your IP address. According to Google, such calls are separate from other Google services that require user authentication. They are not merged with other data. No cookies are stored. The server to which a connection is established may be located in the USA.

  The legal basis for the processing of personal data is your consent according to Art. 6 para. 1 letter a GDPR.

  9.5 Google Analytics

  We use the analysis tracking tool Google Analytics (GA) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is tracked and sent to Google Analytics. The reports from Google Analytics allow us to better customize our website and our service to your wishes.

  The information generated by Google Analytics about your use of the website, such as pages visited, browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request are usually transmitted to a Google server in the USA and stored there.

  The following cookies will be stored by Google Analytics on your device:

  • '_ga' (2 years): recognition and differentiation of visitors through a user ID.

  • '_ga_GPMVEYNLWP' (2 years): maintaining the information of the current session.

  • '_ga_ZKJSTBC3W1' (2 years): maintaining the information of the current session.

  The legal basis for the processing of personal data is your consent according to Art. 6 para. 1 letter a GDPR.

• Your rights as a data subject

  You have the following rights:

  • Right to information

    In accordance with Art. 15 GDPR, you have the right to obtain information from us about the personal data concerning you. This requires a request from you, which must be sent either by email or by post to the addresses given above.

  • Right to object to data processing and to withdraw consent

    In accordance with Art. 21 GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims. If we process your data for direct marketing purposes, we fulfil your objection without reasoning.

    In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future.

    In this regard, please contact the contact point indicated above.

  • Right to rectification and erasure

    Insofar as personal data concerning you is incorrect, you have the right under Art. 16 GDPR to demand that we correct it immediately. If you wish to make such a request, please contact the contact point specified above.

    Under the conditions set out in Art. 17 GDPR, you have the right to request the erasure of personal data concerning you. To make a request in this regard, please contact the contact point specified above. In particular, you have the right to erasure if the data in question is no longer necessary for the purposes for which it was collected or processed, if the data retention period has expired, if there is an objection or if the processing is unlawful.

  • Right to restriction of processing

    In accordance with Art. 18 GDPR, you have the right to request that we restrict the processing of your personal data. To make a request in this regard, please contact the contact point specified above.

    In particular, you have the right to restrict processing if the accuracy of the personal data is disputed between you and us; in this case, you have this right for the period of time required to verify the accuracy. The same applies if the successful exercise of a right to object is still disputed between you and us. You also have this right in particular if you have a right to erasure and you request restricted processing instead of erasure.

  • Right to data portability

    In accordance with Art. 20 GDPR, you have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the requirements. To make a request in this regard, please contact the contact point specified above.

• Right to appeal

  If you are of the opinion that our website violates data protection regulations, you have the right to contact a data protection supervisory authority in accordance with Art. 77 GDPR. You can assert this right, for example, with a supervisory authority in the member state of your habitual residence, place of work or place of the alleged infringement.

  The contact details of the competent supervisory authority at our location are:

  The Hessian Commissioner for Data Protection and Freedom of Information
  Gustav-Stresemann-Ring 1
  65189 Wiesbaden / Germany

  Phone: 0611-1408 0
  E-mail: poststelle(at)datenschutz.hessen.de

• Requirement for the provision of data

  In principle, there is no obligation to provide your data. The use of our website is usually possible without providing personal data. In case of the contact form, it is required to enter your first name, surname, email address and your message to contact us. Without these data, you cannot contact us via the contact form.

• Automated decision-making

  Automated decision-making including profiling in accordance with Art. 22 GDPR which produces legal effects or similarly significantly affects you does not take place.

• Update of the privacy policy

  The ongoing technical development in the area of IT technology/security and the internet also requires an adaptation of the existing data protection declaration. We therefore reserve the right to make additions or changes to this privacy policy without prior notice.