Privacy

RESPONSIBILITIES

Responsible for this website is H/T/P, Blumenstrasse 28, D-80331 Munich. Further information about our company can be found in our imprint (https://www.happythinkingpeople.com/impressum).

DATA PROTECTION OFFICER

You can reach our data protection officer at

Happy Thinking People GmbH
Datenschutz
Blumenstraße 28
D-80331 Munich

By e-mail: datenschutz@happythinkingpeople.com

DEFINITIONS

Explanation of terms used in our privacy policy.

EU-GDPR: Regulation (EU) 2016/679 of the European Parliament and of the European Council, 27th April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (basic regulation on data protection).

Personal data (pursuant to Article 4, paragraph 1 GDPR): this refers to all information relating to an identified or identifiable natural person. Identifiable is someone who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or other special characteristics. Even a “pure information page” on which the user cannot register or interact, collects and uses personal data such as IP address via e.g. cookies.

Processing of personal data: based on the definition of Article 4 GDPR, processing includes the collection, organisation, arrangement, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison, restriction, erasure or destruction.

Third parties: this means anyone authorized by us to process the data (e.g. contractors)

Recipients of data are all persons to whom the data is disclosed.

Third country: A country outside the EU

WHAT DATA IS PROCESSED FOR WHAT PURPOSE?

GENERAL PURPOSE OF PROCESSING PERSONAL DATA

The purpose of the processing is the operation of a website with information about our company, a marketing/innovation research and consulting agency, as well as the presentation and offer of services in this area. We also process personal data to fulfil contractual obligations towards our customers and interested parties.

Personal data is collected, processed and used exclusively for the stated purpose.

With regard to the visit of websites, we assume that a personal reference can always exist by means of IP addresses. As a result, we must inform you accordingly about the data processing of the web server and the applications on the web server. In order for the pages to be displayed in your browser, the IP address of the device you are using must be processed. In addition, there is further information about the browser of your terminal device.

In accordance with the current data protection law test, we are obliged to protect our IT system, which processes personal data. For this purpose we record:

• IP address of the calling computer
• Operating system of the calling computer
• Browser version of the calling computer
• URL of the call
• Date and time of retrieval

IP address and log files are deleted as soon as they are no longer required to guarantee the security of our systems. We will then no longer be able to establish a personal reference from the remaining data. The data is used to correct errors on the website.

The legal basis for this data processing is Art. 6, 1f, GDPR. Our “interest” in the sense of Art. 6, 1 lit. f) is the operation of this website, the implementation of the protection goals of confidentiality and the integrity and availability of data.

COOKIES

We use cookies on our websites. Cookies are small text information that are stored in your terminal via your browser. Cookies are required to enable certain functions of our websites. We use session cookies that are automatically deleted from your browser immediately after your visit to the websites has ended. In the area of web analysis, however, we also use persistent cookies.

You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, we would like to point out that the use of our websites may then be limited. Cookies do not install or launch any programs or other applications on your computer.

The legal basis for this data processing is Art. 6, 1f, GDPR in conjunction with § 15 TMG. Our “interest” within the meaning of Art. 6, 1f is the operation of these websites.

ESTABLISHMENT OF CONTACT

ORDER/INQUIRY/CONTACT FORM

We offer a form on our website where you can request or order information about our offers. In addition to the voluntary information and your message content, we require the following information from you:

• Name/contact person, e-mail, telephone number, company
• Order details: such as questions, objectives of the research project, etc.

We need this information to process your request, to contact you correctly and to send you an answer. Our privacy policy is referenced in this form.

The legal basis for this data processing is Art. 6, 1f GDPR. Our “interest” within the meaning of Art. 6, 1f GDPR is our communication with customers and interested parties.

At the time the message is sent, the following data is also stored:

• IP address of the calling computer
• Operating system of the calling computer
• Browser version of the calling computer
• URL of the call
• Date and time of retrieval

These personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

EMAIL INQUIRIES

If you do not wish to fill in the form, you are free to contact us by other means, such as e-mail or telephone (see imprint for contact information). In this case, the user’s personal data transmitted by e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the communication/order request.

These e-mails are stored like commercial letters and in accordance with the legal retention periods. This information is protected against unauthorized access by third parties, but please note that unencrypted e-mails sent via the internet are not sufficiently protected against unauthorized access by third parties.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6, 1f GDPR – the legitimate interest is communication with customers and interested parties. If the e-mail contact is aimed at the conclusion of a contract, the legal basis is Art. 6, 1b GDPR (contract/pre-contractual measure).

DURATION OF DATA STORAGE

Requests received via the form on our website or by e-mail are usually stored in our system/CRM system. The CRM system is regularly checked to see whether data can be deleted. Should data no longer be necessary in the context of a customer or prospective customer relationship or should a conflicting interest of the customer prevail, we will delete the concerned personal data, provided that this does not conflict with statutory retention obligations.

Irrespective of this, we always ask you for permission to use your e-mail address for general notifications such as a newsletter sent by e-mail. This consent is voluntary and completely independent of your request.

NEWSLETTER

Our newsletter serves the purpose of informing you about interesting marketing topics as well as news from H/T/P.

You will only receive the newsletter if we have your consent as recipient and refer to the legal basis according to Art. 6, 1a GDPR.

You have the right to revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. Your revocation will be documented with date. Your data will then be immediately blocked for further processing by us.

DOUBLE-OPT-IN AND LOGGING

For registration and handling of the newsletter we use a WordPress plug in stored by our own server (in Germany). No data is transferred to WordPress.

The registration for our free newsletter happens via a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with another person’s e-mail address.

These registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the login and confirmation time, as well as the IP address.

The legal basis for this data processing is Art. 6, 1f GDPR in conjunction with § 7 UWG. Our “interest” in the sense of Art. 6, 1f GDPR is the administration and dispatch of our news and release notes.

SUBSCRIPTION DATA NEWSLETTER

In order to subscribe to the newsletter, it is sufficient to provide your e-mail address. All other data you provide, such as title, name and interest in certain topics, is voluntary. We only use this information to address you correctly and to adapt the contents of the newsletter to the interests of our readers.

STATISTICAL SURVEYS AND ANALYSES

The newsletter contains a pixel-sized file that is retrieved from our server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times.

The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, we do not strive to observe individual users. The evaluations rather serve us to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

The stored data required for sending the newsletter will be processed exclusively for the stated purposes and will not be passed on to third parties.

You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consents to its dispatch and the statistical analyses expire. A separate revocation of the dispatch or the statistical evaluation is unfortunately not possible.

You will find a link to cancel the newsletter at the end of each newsletter or you can contact us at the contact details given in the imprint and send us an e-mail with your cancellation.

VOLUNTARY DISCLOSURES

If you voluntarily provide us with data (e.g. via forms) which are not required for the fulfilment of our contractual obligations, we process these data on the basis that we assume that the processing and use of these data is in your interest.

YOUR RIGHTS AS A CONCERNED PARTY

You are entitled to receive information about the personal data handled by us. You can contact our data protection officer or us directly at any time for information.

In the case of a request for information that is not made in writing, we may have to require the proof that you are the person you claim to be.

You have the right to request the correction, deletion or restriction of the processing of personal data, provided you are legally entitled to do so.

You have the right to object against the processing of your data. The same applies to the right of data transferability.

CONSENT

If we process your personal data on the basis of a consent, you have the right to revoke the consent at any time without affecting the legality of the processing carried out on the basis of the consent until revocation.

RIGHT OF APPEAL TO A SUPERVISORY AUTHORITY

You have the right to complain to a data protection supervisory authority about our processing of your personal data.

You can do this, for example, at the supervisory authority responsible for H/T/P:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27
91522 Ansbach

MODIFICATION OF THIS PRIVACY POLICY

We will revise this Privacy Notice if changes are made to this website or in other circumstances that might make this necessary. You can always find the current version at: https://www.happythinkingpeople.com/privacy/

RECEIVER/FORWARDING OF DATA

Data that you provide to us will only be passed on to third parties in the cases listed below. In particular, your personal data will not be passed on to third parties for their advertising purposes.

We use certain service providers for the operation and design of these websites. It can happen that a service provider receives knowledge of personal data (e.g. your IP address). We carefully select our service providers with regard to data protection and data security and take all measures required for correct data processing as required by data protection laws.

DATA PROCESSING OUTSIDE THE EUROPEAN UNION

With the following exceptions, we do not process your personal data in a so-called third country outside the EU. We host our website on our own servers in Berlin, Germany.

With regard to the use of Google services and JW players, it should be noted that Google’s appropriate level of data protection is guaranteed within the framework of its participation in the so-called “Privacy Shield” and the measures taken by Google with regard to data protection and data security.

Social Media

SHARING CONTENT VIA SOCIAL MEDIA

We do not use plug-ins provided by social network operators (Facebook, Twitter or Instagram). We only offer forwarding to the three platforms we use – Facebook, Twitter and Instagram.

As this is a link, no personal data is transferred to Facebook, Twitter or Instagram.

EMBEDDING TWITTER CONTENT

Our website also uses functions of the Twitter service. Basically our server loads these contents (tweets) from Twitter and shows them to us in such a way that no data is passed on to Twitter.

USE/INTEGRATION OF GOOGLE SERVICES

(Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.)

Google’s privacy policy applies in this regard: https://www.google.com/policies/privacy/

Google services are integrated via a server call – usually a Google server in the USA. This provides server call provides the server with information about which of our websites you have visited. The IP address of the terminal device used to visit these websites is also stored by Google.

As the Privacy Shield certification claims, Google has committed to comply with the EU-US Privacy Shield Agreement published by the US Department of Commerce on the collection, use and storage of personal data from EU member states. Google, including Google Inc. and its wholly owned subsidiaries in the United States, has been certified to comply with applicable privacy shield principles. No further measures on the part of our customers are necessary. You can find the Google certificate here.

ANALYSIS TOOLS

The web analysis tool “Fathom“ is used on these web pages.

“Fathom” is a privacy-friendly tool for counting and, above all, for the clear presentation of visits to our websites.
No cookies are used in the process.

“Fathom” is a service provided by Conva Ventures Inc (BOX 37058 Millstream PO, Victoria, British Columbia, V9B 0E8). As a private company, the provider of “Fathom” falls within the so-called adequacy decision of the EU Commission for Canada, so that an adequate level of data protection is ensured.

Furthermore, the data processing takes place exclusively in Europe and in EU data centers through a so-called “EU isolation”. You can find more details about this here:
https://usefathom.com/features/eu-isolation

“Fathom” does not store the IP addresses of visitors to our websites. A hash value is stored, which is also used to identify returning visitors.

Neither we nor “Fathom” can directly derive personal data from this information.

Nevertheless, we have concluded a data processing agreement with the provider of “Fathom”, which meets the requirements of Art. 28 GDPR.

The legal basis for the data processing is based on our legitimate interests (i.e. interest in the analysis, optimization of our online presence within the meaning of Art. 6 para. 1 lit. f) DSGVO ).

GOOGLE RECAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

With reCAPTCHA it can be checked whether the data entry on our websites (e.g. in a contact form) is done by a human being or by an automated program. For this reCAPTCHA analyzes the behaviour of the web site visitor on the basis of different characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis reCAPTCHA evaluates various pieces of information (e.g. IP address, duration of the website visit or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Visitors to the website are not informed that an analysis is taking place.

Data processing is carried out on the basis of Art. 6, 1f GDPR. The website operator has a legitimate interest in protecting his website offers against abusive automated spying and SPAM.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/

Plugins & Tools

MAPBOX

This website uses Mapbox to display a map. Mapbox is an open source mapping platform for custom designed maps operated by Mapbox, Inc. and Mapbox International, Inc., 50 Beale St FL 9, San Francisco, CA, 94105-1863, United States.

For more information visit mapbox.com.

INTEGRATION OF VIDEO CONTENT

Since local hosting of videos is not powerful enough, we use the possibility of external video providers, such as VIMEO, YouTube, JW-Player. External service providers are so-called third-party providers. In order to use the respective service and for technical reasons, the servers of the respective provider may be contacted by pour websites. For the associated use of data from your browser or terminal device during this process, we refer to the data protection regulations of the respective third-party provider.

The use of YouTube, VIMEO and JW-Player is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6, 1f GDPR.

JW PLAYER

Plugins of the video portal JWPlayer, LongTail Ad Solutions, Inc. d/b/a JW Player 2 Park Avenue, 10th Floor New York, NY 10016, USA are integrated on our websites. Each time you visit a site that offers one or more JWPlayer video clips, a direct connection is established between your browser and a JW-Player server in the USA. Information about your visit and your IP address is stored there. By interacting with the JW-Player plugins (e.g. clicking the start button) this information is also transmitted to JW-Player and stored there.

For JWPlayer’s privacy policy and more information about JWPlayer’s collection and use of your information, please visit https://www.jwplayer.com/privacy.
JWPlayer also calls the tracker Google Analytics via an iFrame in which the video is called. This is JWPlayer’s own tracking, which we do not have access to. You can stop tracking by Google Analytics by using the opt-out tools that Google offers for some Internet browsers. Users can also prevent Google from collecting data generated by Google Analytics and relating to their use of the website (including their IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=en

VIMEO

Our website includes plugins of the Vimeo video portal by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Each time you visit a site that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address is stored there. By interacting with the Vimeo plugins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored there.

If you have a Vimeo account and do not want Vimeo to collect information about you through this website and link to your Vimeo membership information, you must log out of Vimeo before visiting this website. For more information about Vimeo’s collection and use of your information can be found at Vimeo’s Privacy Policy: https://vimeo.com/privacy.

Vimeo also uses an iFrame to show videos. This iFrame connects to Google Analytics. This is Vimeo’s own tracking system to which we have no access. You can stop tracking by Google Analytics by using the opt-out tools that Google offers for some internet browsers. Users can also prevent Google from collecting data generated by Google Analytics and relating to their use of the website (including their IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Further information on Vimeo’s data processing and information on data protection can be found at https://vimeo.com/privacy or https://vimeo.com/cookie_policy.

LINK TO OTHER PROVIDERS

Our website also contains links to the websites of other companies.

As far as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee and liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the contents of their pages. At the time of linking, the linked pages were checked for possible legal infringements and recognisable infringements. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is unreasonable without concrete evidence of a violation of the law. Upon notification of violations of the law, such links will be removed immediately.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

18th May 2018