Privacy Policy

At Pfando Poland Sp. z o.o., we take the protection of your personal data seriously. Privacy protection and data security during the processing of personal data are our top priority, which we incorporate into our business processes and continuously optimize. We process your personal data in accordance with data protection regulations, in particular the General Data Protection Regulation (GDPR). In this Privacy Policy, we explain how we process your personal data and what rights you have.

Who is responsible for processing your personal data and how can you contact our data protection officer?

Data Controller:
Pfando Poland Sp. z o.o.
6/12 Żurawia St., Suite 745
00-503 Warsaw
Poland

Data Protection Officer:
Name: Attorney Jan Kühne
Email address: rodo@pfando.pl

Below you will find the subject areas of our Privacy Policy with direct links to individual sections:

1. What personal data do we process, why do we do it, and on what legal basis? (legal basis)
2. How do we protect personal data?
3. Transferring data to our partners is necessary for us to provide our services. Who we share your data with – you can find this information here.
4. What happens to your data when you contact us?
5. For your and our security, we collect access data and log files
6. To make your visit to our website even more comfortable, we use cookies & reach measurement
7. We use Google Analytics so that we can reach you optimally and tailor our offer to your needs
8. Always up to date with Google Re/Marketing services
9. A window to the world – Outbrain
10. Industry analysis thanks to Salesviewer
11. Thanks to AppNexus, every ad is up to date
12. Thanks to Sizmek, only relevant ads are displayed
13. Contact via Live Chat Inc.
14. Thanks to Hotjar, we develop our website in line with your expectations
15. Cultivating partnerships with easy.tracking
16. Bing Universal Event Tracking – to find everything
17. Relevant ads thanks to advanced store
18. Facebook, Custom Audiences, and Facebook marketing services
19. RTBLAB
20. Let’s Chat with WhatsApp
21. Snapchat
22. You will love our newsletters
23. Spoteffects
24. Nimbata
25. Pfando – Your new employer?!
26. Integration of third-party services and content
27. Storage and deletion of your personal data
28. You have the following rights under data protection regulations
29. You can contact the competent authority in the following ways
30. You can exercise your right to object at any time
31. Changes to the Privacy Policy

1. What personal data do we process, why do we do it, and on what legal basis? (legal basis)

1.1. This Privacy Policy explains the nature, scope, and purposes of the processing of personal data within our online offering and the associated websites, features, and content (hereinafter collectively referred to as the “online offering” or “website”). This Privacy Policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) on which the website is accessed.
1.2. Terms used herein, such as “personal data” or “processing,” refer to the definitions set forth in Article 4 of the General Data Protection Regulation (GDPR).
1.3. We process basic data (e.g., first and last names, addresses, and customer contact information) and contractual data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling contractual obligations and providing services in accordance with Article 6(1)(b) of the GDPR.
1.4. The personal data of users processed within the scope of this online offering includes basic data (e.g., first and last names and customer addresses), contract data (e.g., services used, names of case managers, payment information), usage data (e.g., subpages of our online offering visited, interest in our products), and content data (e.g., entries in the contact form).
1.5. The term “user” encompasses all categories of data subjects. These include our business partners, customers, interested parties, and other visitors to our website. Terms used, such as “user,” are gender-neutral.
1.6. We process users’ personal data exclusively in accordance with applicable data protection laws. This means that user data is processed only where there is a legal basis, in particular when processing is necessary for the performance of contractual services (e.g., order processing and inquiries) and online services, or is required by law, when the user has given consent, and also based on our legitimate interests (i.e., the interest in analyzing, optimizing, economically operating, and securing our online offering within the meaning of Article 6(1)(f) of the GDPR, in particular with regard to reach measurement, profiling for advertising and marketing purposes, and the collection of access and usage data from third-party services).
1.7. Please note that the legal basis for consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing for the performance of contractual services and activities is Article 6(1)(b) of the GDPR; the legal basis for processing to comply with legal obligations is Article 6(1)(c) of the GDPR; and the legal basis for processing for the purposes of legitimate interests is Article 6(1)(f) of the GDPR.

2. How do we protect personal data?

2.1. We use organizational, contractual, and technical measures in line with the current state of technical knowledge to ensure compliance with data protection regulations and to protect the data we process from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
2.2. Security measures include, in particular, encrypted data transmission between your browser and our server, secure storage in protected areas, and hardware and software security measures to prevent unauthorized access by third parties or loss of data.
2.3. Trustpilot. We use the Trustpilot review portal, operated by TrustPilot A/S, Pilestraede 58, 5th floor, 1112 Copenhagen, Denmark. In order to continuously improve the quality of our service, we allow our customers to post reviews on this independent portal, without influencing the content of the reviews.
For each contract concluded with our capital group, an invitation to submit a review is generated. For this purpose, your first name, last name, email address, and reference number (order number for unique identification) are transferred to Trustpilot. This data is not used by Trustpilot for its own purposes or transferred to third parties. You can submit your review at https://de.trustpilot.com/evaluate/pfando.de. Reviews are verified based on the reference number (order number) via a specially generated link. Submitting a review is voluntary.
To submit a review or provide feedback, you must create and activate a user profile on Trustpilot. In addition to rating the inviting company, you can also submit reviews of any other companies on the Trustpilot portal.
If you post a review by clicking on the link in the invitation, a user profile will be automatically created on Trustpilot after you enter your personal data (name and email address for verification purposes). This implies your acceptance of Trustpilot's privacy policy and terms and conditions. These are available on the Trustpilot website at http://de.legal.trustpilot.com/end-user-privacy-terms
By entering into a contract with us, you consent, in accordance with Article 6(1)(a) of the GDPR, to the transfer of the specified reference data to Trustpilot and to the automated sending of invitations to submit reviews from this application.
The Pfando review profile is available at: https://de.trustpilot.com/review/pfando.de

3. Transferring data to our partners is necessary for the provision of our services.
Who we share your data with – you can find information here

3.1. We only transfer data to third parties within the framework of the applicable legal provisions. We only transfer user data to third parties if this is necessary, e.g. on the basis of Article 6(1)(b) of the GDPR for the purpose of contract performance or on the basis of legitimate interests in accordance with Article 6(1)(f) of the GDPR for the purpose of economic and efficient business operations.
3.2. If we use subcontractors to provide our services, we take appropriate legal measures and apply appropriate technical and organizational measures to ensure the protection of personal data in accordance with applicable law.
3.3. If content, tools, or other resources from other providers (hereinafter collectively referred to as "external providers") are used within the framework of this Privacy Policy and their registered office is located in a third country, it must be assumed that data may be transferred to the countries where these providers are based. "Third countries" are countries in which the GDPR is not directly applicable, i.e., as a rule, countries outside the EU or EEA. Data will only be transferred to third countries if an adequate level of data protection is ensured, the user's consent has been obtained, or there is another legal basis for the transfer.

4. What happens to your data when you contact us?

4.1. When you contact us (via contact form, telephone, chat, or email), the data you provide will be processed for the purpose of handling your inquiry and fulfilling your request in accordance with Article 6(1)(b) of the GDPR.
4.2. User data may be stored in our CRM ("Customer-Relationship-Management System") or in a comparable inquiry organization system.

5. For your and our security, we collect access data and log files.

5.1. Based on our legitimate interests within the meaning of Article 6(1)(f) of the GDPR, we collect data about each access to the server on which this service is located (so-called server logs). The access data includes: the name of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address, and the Internet service provider making the request.
5.2. Log information is stored for security reasons (e.g., to clarify abuse or fraud attempts) for a maximum of seven days and then deleted. Data that must be stored for evidentiary purposes is excluded from deletion until the matter has been finally clarified.
5.3. Every 4 weeks, the database is backed up by the hosting provider, with the previous copy being overwritten. In this way, we ensure that your data is not stored by our processor for longer than necessary.

6. To make your visit to our website even more comfortable, we use cookies & reach measurement.

6.1. Cookies are pieces of information sent by our web server or third-party servers to users' browsers and stored there for later reading. Cookies can take the form of small files or other means of storing information.
6.2. We use "session cookies," which are stored only for the duration of your current visit to our website (e.g., to enable navigation within the website). A randomly generated, unique identification number, known as a session ID, is stored in the session cookie. The cookie also contains information about its origin and storage time. Session cookies do not store any other data. Session cookies are deleted when you finish using our online offer, e.g., when you log out or close your browser.
6.3. Our website offers language cookie functionality (WPML). The cookie stores the language in which you want to view the website. When you navigate to subpages, the cookie indicates which language version of the subpage should be displayed.
6.4. We inform users about the use of cookies for pseudonymous reach measurement in this Privacy Policy.
6.5. If users do not want cookies to be stored on their device, they can deactivate the corresponding option in their browser settings. Stored cookies can be deleted in your browser settings. Disabling cookies may limit the functionality of this online offer.
6.6. You can object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative deactivation page (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
6.7. You can change your consent to cookies at any time in our Cookie Policy.

7. We use Google Analytics to optimize our communication with you and tailor our offer to your needs.

7.1. Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) of the GDPR), we use Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google uses cookies. The information generated by the cookie about your use of the online offering is usually transferred to a Google server in the USA and stored there.
7.2. Google is certified under the Privacy Shield Agreement and thus ensures compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
7.3. Google will use this information on our behalf to evaluate how users use the online offering, to compile reports on activities within the online offering, and to provide us with other services related to the use of the online offering and the internet. Pseudonymous user profiles may be created based on the processed data.
7.4. We use Google Analytics to ensure that the ads displayed through Google's advertising services and those of its partners are only shown to users who have shown an interest in our online offering or who have certain characteristics (e.g., interest in specific topics or products determined based on the pages visited) that we transmit to Google (so-called "Remarketing" or "Google Analytics Audiences").. With Remarketing Audiences, we also want to ensure that our ads correspond to the potential interests of users and are not annoying.
7.5. We use Google Analytics exclusively with active IP anonymization. This means that the IP address of users is shortened by Google within member states of the EU or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there.
7.6. The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent cookies from being stored by selecting the appropriate settings in their browser; they can also prevent the data generated by the cookie and related to their use of the online offer from being collected and processed by Google by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=de.
7.7. Further information on the use of data by Google, setting options and objections can be found on Google's websites: https://www.google.com/intl/de/policies/privacy/partners ("Use of data by Google when using partner websites or apps"), http://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"), http://www.google.de/settings/ads ("Managing the information Google uses to show you ads").

8. Always up to date with Google Re/Marketing services

8.1. Na podstawie naszych prawnie uzasadnionych interesów (tj. interesu w analizie, optymalizacji i ekonomicznym prowadzeniu naszej oferty online w rozumieniu art. 6 ust. 1 lit. f RODO) korzystamy z usług marketingowych i remarketingowych (w skrócie „Google Marketing Services”) świadczonych przez Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google”).
8.2. Google jest certyfikowane w ramach porozumienia Privacy Shield i tym samym zapewnia przestrzeganie europejskich przepisów o ochronie danych (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
8.3. Google Marketing Services umożliwiają nam bardziej ukierunkowane wyświetlanie reklam na naszej stronie i poza nią, aby prezentować użytkownikom reklamy, które potencjalnie odpowiadają ich zainteresowaniom. Jeśli użytkownikowi np. wyświetlane są reklamy produktów, którymi interesował się na innych stronach internetowych, mówimy o „remarketingu”. W tym celu przy wywołaniu naszej strony oraz innych stron, na których aktywne są Google Marketing Services, Google bezpośrednio wykonuje kod, a w stronę wbudowywane są tzw. tagi (re)marketingowe (niewidoczne grafiki lub kod, nazywane też „web beacons”). Z ich pomocą na urządzeniu użytkownika zapisywany jest indywidualny cookie, tj. mały plik (zamiast cookies mogą być stosowane technologie porównywalne). Cookies mogą być ustawiane z różnych domen, m.in. google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com lub googleadservices.com. W pliku tym zapisywane są informacje o tym, jakie strony odwiedził użytkownik, jakimi treściami się interesował oraz jakie oferty kliknął, a także informacje techniczne o przeglądarce i systemie operacyjnym, stronach odsyłających, czasie wizyty oraz inne dane dotyczące korzystania z oferty online. Rejestrowany jest także adres IP użytkownika, przy czym – jak informujemy w ramach Google Analytics – adres IP jest skracany w państwach członkowskich UE lub EOG i tylko w wyjątkowych przypadkach w całości przesyłany do USA i tam skracany. Adres IP nie jest łączony z danymi użytkownika w ramach innych usług Google. Google może łączyć powyższe informacje także z informacjami z innych źródeł. Jeżeli użytkownik następnie odwiedza inne strony, mogą być mu wyświetlane reklamy dopasowane do jego zainteresowań.
8.4. Dane użytkowników w ramach Google Marketing Services są przetwarzane w sposób pseudonimowy. Oznacza to, że Google nie przechowuje i nie przetwarza np. imion i nazwisk ani adresów e-mail użytkowników, lecz przetwarza odpowiednie dane w ramach pseudonimowych profili użytkowników powiązanych z plikami cookie. Z perspektywy Google reklamy nie są zarządzane i wyświetlane dla konkretnej, zidentyfikowanej osoby, lecz dla właściciela pliku cookie – niezależnie od tego, kim jest właściciel. Nie dotyczy to sytuacji, gdy użytkownik wyraźnie zezwolił Google na przetwarzanie danych bez pseudonimizacji. Informacje gromadzone przez Google Marketing Services są przekazywane do Google i przechowywane na serwerach Google w USA.
8.5. Do wykorzystywanych przez nas Google Marketing Services należy m.in. program reklamowy „Google AdWords”. W przypadku Google AdWords każdy klient otrzymuje inny plik „Conversion-Cookie”. Cookies nie mogą być zatem śledzone na stronach klientów AdWords. Informacje uzyskane za pomocą cookie służą do tworzenia statystyk konwersji dla klientów AdWords, którzy zdecydowali się na śledzenie konwersji. Klienci AdWords poznają łączną liczbę użytkowników, którzy kliknęli ich reklamę i zostali przekierowani na stronę oznaczoną tagiem śledzenia konwersji. Nie otrzymują jednak informacji umożliwiających identyfikację użytkowników.
8.6. Możemy również włączać reklamy podmiotów trzecich na podstawie Google Marketing Service „DoubleClick”. DoubleClick stosuje cookies, które umożliwiają Google oraz jego partnerskim stronom wyświetlanie reklam na podstawie wizyt użytkowników na tej stronie lub na innych stronach w internecie.
8.7. Ponadto możemy korzystać z usługi „Google Optimizer”. Google Optimizer umożliwia nam w ramach tzw. testów A/B analizowanie, jaki wpływ mają różne zmiany na stronie (np. zmiany pól formularza, wyglądu itp.). W tym celu na urządzeniach użytkowników zapisywane są cookies. Przetwarzane są wyłącznie dane pseudonimowe.
8.8. Ponadto możemy korzystać z „Google Tag Manager”, aby integrować oraz zarządzać usługami analitycznymi i marketingowymi Google na naszej stronie.
8.9. Więcej informacji o wykorzystaniu danych do celów marketingowych przez Google znajdą Państwo na stronie: https://www.google.com/policies/technologies/ads, a polityka prywatności Google jest dostępna pod adresem: https://www.google.com/policies/privacy.
8.10. Jeśli chcą Państwo sprzeciwić się reklamom opartym na zainteresowaniach w ramach Google Marketing Services, mogą Państwo skorzystać z opcji ustawień i rezygnacji (opt-out) udostępnianych przez Google: http://www.google.com/ads/preferences.

9. Window to the world – Outbrain

9.1. Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) of the GDPR), we use cookies from Outbrain UK Ltd. ("Outbrain").
9.2. Outbrain is used to display content on other third-party websites that may be of interest to you. We hope this will improve your online experience and increase the number of users of our offering.
9.3. Outbrain UK Ltd. works exclusively with pseudonymous data. This means that your personal data is not processed.
9.4. Information on data protection at Outbrain can be found at http://outbrain.com/legal/privacy. There you can also opt out if you wish.
9.5. If you want to activate or deactivate Outbrain on this website, you can do so in your cookie preferences in your browser settings.

10. Industry analyses thanks to Salesviewer

10.1. Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) of the GDPR), we use the SalesViewer analytics and optimization tool.
10.2. Salesviewer is a service provided by a third party: SalesViewer GmbH, Nikolaistr. 2, 44866 Bochum, Germany.
10.3. SalesViewer uses JavaScript-based code to collect data about companies and their corresponding usage. The data collected using this technology is encrypted using an irreversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to identify the visitor to this website.
10.4. You can object to the collection and storage of data at any time with future effect by clicking on the link https://www.salesviewer.com/opt-out to prevent SalesViewer® from recording data on this website in the future. An opt-out cookie will then be stored on your device. If you delete cookies in this browser, you will need to click the link again.

11. Thanks to AppNexus, every ad is up to date.

11.1. Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) of the GDPR), we use the AppNexus analytics and optimization tool.
11.2. AppNexus is a service provided by a third party: AppNexus Inc., 28 W 23rd Street, 4th Floor, New York, NY, 10010, USA.
11.3. The AppNexus application enables real-time optimization of advertising space, contextual advertising, and various other techniques to make the most effective use of your advertising budget. For you as a customer, this means that you can receive more relevant content, advertisements are free of malware and other harmful applications, and access to content is uninterrupted.
11.4. According to its own information, AppNexus does not collect personal data, but only platform information such as browser type, cookie information, operating system, etc.
11.5. Everything you need to know about AppNexus and its privacy policy can be found at: https://www.appnexus.com/en/company/platform-privacy-policy-de1
11.6. AppNexus Inc. has joined the Privacy Shield agreement:
https://www.privacyshield.gov/participant?id=a2zt0000000GnlTAAS&status=Active
11.7. If you do not want to use AppNexus' optimized ads, you can opt out: https://www.appnexus.com/en/company/platform-privacy-policy-de1

12. Thanks to Sizmek, only relevant ads are displayed.

12.1. Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) of the GDPR), we use the analytics and optimization tool Sizmek Technologies, Inc.
12.2. Sizmek is a third-party service provided by Sizmek Technologies, Inc., 401 Park Avenue S, 10016 New York City, USA.
12.3. Sizmek enables us to present you with relevant and targeted advertising material and advertisements based on your interests and usage behavior, including on third-party websites.
12.4. We also use Sizmek to measure the effectiveness of our advertisements (e.g., interaction or click on an advertisement) and for statistical analysis. For this purpose, cookies and similar technologies (e.g., pixels and statistical device identifiers) are used on the end device from which you visit our website to analyze and evaluate user behavior (e.g., clicks) and interactions with advertisements.
12.5. The data collected includes non-personal usage data (e.g., clicks on ads, pages, time and length of stay) and non-personal browser data (e.g., language settings, screen resolution) that does not allow for personal identification.
12.6. Sizmek's privacy policy is available at:
https://www.sizmek.com/privacy-policy-de/
12.7. Sizmek's Terms and Conditions can be found at: https://www.sizmek.com/terms-use/
12.8. Sizmek Technologies, Inc. is also a certified member of the Privacy Shield agreement and thus ensures compliance with the GDPR https://www.privacyshield.gov/participant?id=a2zt0000000GnB8AAK&status=Active
12.9. If you do not wish to support website optimization, you can opt out at: https://www.sizmek.com/privacy-policy-de/

13. Contact via Live Chat Inc.

13.1. Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) of the GDPR) and in order to provide you with multiple contact options, we use third-party software from Live Chat Inc., One International Place, Suite 1400 Boston, Massachusetts 02110-2619, United States of America.
13.2. Live Chat Inc. is certified under the Privacy Shield Agreement and thus ensures compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000L16xAAC&status=Active).
13.3. We provide this communication channel to give you the fastest and best possible access to our offers. However, Live Chat Inc.'s servers are located in the USA.
13.4. Live Chat Inc.'s Terms and Conditions are available at: https://www.livechatinc.com/terms-and-conditions/
13.5. Live Chat Inc. also provides a detailed description of security at: https://www.livechatinc.com/kb/livechat-security-and-data-storage/
13.6. The privacy policy is available at: https://www.livechatinc.com/gdpr-compliance/

14. Thanks to Hotjar, we are developing our website in line with your expectations.

14.1. Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) of the GDPR), we use the Hotjar analytics and optimization tool.
14.2. Hotjar is a third-party service provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe.
14.3. Hotjar makes it possible to track movements on websites. Hotjar creates so-called heat maps and allows us to design the website so that all buttons and information are in the right place for you.
14.4. Technical data such as the selected language, system, screen resolution, and browser type are collected and analyzed statistically and anonymously.
14.5. We may use Hotjar to collect direct feedback from website users. This provides us with valuable information to further tailor our websites to the needs of our customers.
14.6. Hotjar Ltd.'s privacy policy is available at: https://www.hotjar.com/legal/policies/privacy
14.7. Hotjar Ltd.'s Terms and Conditions are available at: https://www.hotjar.com/legal/policies/terms-of-service
14.8. If you do not wish to support website optimization, you can opt out at: https://www.hotjar.com/opt-out

15. Partnerships and cooperation with easy.tracking

15.1. Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) of the GDPR), we use the services of EASY Marketing GmbH, Asselner Hellweg 124, 44319 Dortmund.
15.2. Easy.tracking stores cookies in the user's browser for the purpose of correctly recording sales and/or leads.
15.3. "TRS" identifies database records containing touchpoint data. This allows easy.marketing to read a unique 24-character code that leads to the partner's website. This makes it possible to track the source of the user to the website of a partner cooperating with Pfando's.
15.4. The backup cookie "TRSCJ" stores basic touchpoint data for later visits.
15.5. If you do not want to support our partners' tracking, you can opt out at: https://pvn.pfando.de/privacy-optout.do
15.6. You can access the information stored so far at: https://pvn.pfando.de/privacy-mydata.do

16. Bing Universal Event Tracking – to find everything

16.1. In order to target our marketing activities, data is collected and stored on our website using Microsoft Bing Ads technology, which is used to create pseudonymous usage profiles. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service allows us to track user activity on our website if users have accessed it via Bing Ads. If you access our website via such an advertisement, a cookie will be set on your computer. Our website contains a Bing UET tag.
This is a code that, in combination with a cookie, stores non-personal data about your use of the website. No data that identifies you is collected.
16.2. The information collected is transmitted to Microsoft servers in the US and stored there for a maximum of 180 days. You can prevent the collection of data generated by cookies and related to your use of the website and the processing of this data by disabling cookies. However, this may limit the functionality of the website.
16.3. In certain cases, Microsoft may track your usage behavior across multiple devices (cross-device tracking) and thus display personalized ads on Microsoft websites and apps. You can disable this behavior at http://choice.microsoft.com/de-de/opt-out.
16.4. For more information about Bing analytics services, please visit Bing Ads (https://help.bingads.microsoft.com/#apex/3/de/53056/2). For more information about data protection at Microsoft and Bing, please refer to the Microsoft privacy policy (https://privacy.microsoft.com/de-de/privacystatement).

17. Targeted ads thanks to advanced store

17.1. In order to provide our customers with the most interesting and relevant browsing experience possible, we use ad4mat technology from advanced store GmbH, Alte Jakobstr. 79/80, 10179 Berlin, on the basis of Art. 6 (1) (f) GDPR.
17.2. Ad4mat collects pseudonymous information and data about user behavior on the Internet using cookies in order to create behavior analyses using a special algorithm.
17.3. The cookie is used solely to optimize the online presence and does not allow any conclusions to be drawn about the identity of the user. advanced store GmbH has committed to complying with the European industry standard EDAA for online behavioral advertising.
17.4. For more information and to manage your preferences, please visit http://www.youronlinechoices.com/de/.
17.5. If you wish to object to the use of pseudonymous cookie identifiers and behavioral analysis, you can use the option at https://www.ad4mat.com/de/adchoices/
17.6. Additional information and the privacy policy of advanced store GmbH are available at https://www.advanced-store.com/de/datenschutz/

18. Facebook, Custom Audiences, and Facebook marketing services

18.1. As part of our online offering, based on our legitimate interests in the analysis, optimization, and economic operation of our online offering, we use the so-called "Facebook Pixel" of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
18.2. Facebook is certified under the Privacy Shield Agreement and thus ensures compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
18.3. With Facebook Pixel, Facebook can, on the one hand, identify visitors to our online offering as a target group for displaying advertisements (so-called "Facebook Ads"). We therefore use Facebook Pixel to display our Facebook ads only to users who have shown an interest in our online offering or who have certain characteristics (e.g., interest in certain topics or products based on the pages they visit) that we transmit to Facebook (so-called "Custom Audiences"). With Facebook Pixel, we also want to ensure that our ads correspond to the potential interests of users and are not annoying. In addition, Facebook Pixel allows us to measure the effectiveness of Facebook ads for statistical and market research purposes, as we can see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
18.4. Facebook Pixel is integrated by Facebook directly when you visit our pages and may store a so-called cookie, i.e., a small file, on your device. If you then log in to Facebook or visit Facebook while logged in, your visit to our online offering will be recorded in your profile. The data collected about you is anonymous to us, i.e., it does not allow us to identify users. However, this data is stored and processed by Facebook, which allows it to be linked to a specific user profile and used by Facebook for its own market research and advertising purposes. If we send Facebook data for comparison, it will be encrypted locally in your browser and only then sent to Facebook via a secure https connection. This is solely for the purpose of comparison with the data encrypted by Facebook.
18.5. Data processing by Facebook is carried out in accordance with Facebook's data usage rules. General information about the display of Facebook ads can be found in Facebook's data policy: https://www.facebook.com/policy.php. Detailed information about Facebook Pixel and how it works can be found in the Facebook help center: https://www.facebook.com/business/help/651294705016616.
18.6. You can object to the use of your data for the display of Facebook ads. To set which types of ads are displayed to you on Facebook, you can visit the Facebook settings page and follow the instructions for activity-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e., they apply to all devices, such as computers and mobile devices.
18.7. To prevent Facebook Pixel from collecting data on our website, please click on the following link: Facebook Opt-Out Note: When you click on the link, an "opt-out" cookie will be stored on your device. If you delete cookies in this browser, you will need to click on the link again. The opt-out only works within the browser used and only within our domain on which the link was clicked.
To prevent Facebook Pixel from collecting data on our website, please click on the following link:
Set Facebook Opt-Out Cookie
Facebook Opt-Out Notice: When you click on the link, an "opt-out" cookie will be stored on your device.
18.8. You can also object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative deactivation page (http://optout.networkadvertising.org/) and additionally via the US page (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

19. RTBLAB

19.1 RTBLAB. Our website uses the rtbLab analytics service. The provider is EASYmedia GmbH, Löhner Straße 12d, 44652 Herne, Germany. Based on the data, pseudonymous usage profiles can be created. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of your web browser. Cookies enable your browser to be recognized. The data collected using rtbLab technology is not used to identify visitors to the website without the separate consent of the data subject and is not combined with the personal data of the pseudonym holder. rtbLab cookies remain on the end device until they are deleted. The storage of rtbLab cookies is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in anonymously analyzing user behavior in order to optimize its website and advertising. You can object to the collection and storage of data at any time with future effect. To object to the collection and storage of visit data in the future, you can download the rtbLab opt-out cookie at login.rtbmarket.com/index/optout. This will prevent rtbLab from collecting and storing visit data from your browser in the future. The rtbLab opt-out cookie will be set. Please do not delete this cookie as long as you wish to maintain your objection.
19.2 RTBLAB RETARGETING. Our websites use the rtbLab function. The provider is EASYmedia GmbH, Löhner Straße 12d, 44652 Herne, Germany. This function is used to display interest-based advertising to website visitors. The user's browser stores so-called cookies – text files stored on the computer that enable the user to be recognized. These websites can then display advertisements related to the content that the user has previously viewed on websites using the rtbLab retargeting function. If you have given your consent, rtbLab combines your web and app browsing history with your end device for this purpose.
You can object to the collection and storage of data at any time with future effect. To object to the collection and storage of data about future visits, you can download the rtbLab opt-out cookie at login.rtbmarket.com/index/optout. This will prevent rtbLab from collecting and storing data about visits from your browser in the future.
The rtbLab opt-out cookie will be set. Please do not delete this cookie unless you wish to maintain your objection.
The basis for data processing is Article 6(1)(f) of the GDPR. The legitimate interest arises from the fact that the website operator has an interest in anonymously analyzing website visitors for advertising purposes.

20. Let’s Chat with WhatsApp

20.1. To provide customers and interested parties with an additional communication channel, we offer contact via WhatsApp. We use WhatsApp on the basis of our legitimate interests in fast and effective communication and to meet the needs of our communication partners in terms of communication via instant messengers in accordance with Article 6(1)(f) of the GDPR.
20.2. If you wish to communicate with us via WhatsApp, please read the following information about WhatsApp's functionality, encryption, risks, use of metadata within the Facebook group, and your options for objection.
You are not required to use WhatsApp and can contact us by other means, such as by phone or email. Please use the contact details provided.
20.3. WhatsApp (WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA) is a US service, which means that data sent via WhatsApp may first be transferred to WhatsApp in the USA before being delivered to us.
20.4. However, WhatsApp is certified under the Privacy Shield agreement and thus ensures compliance with European and Swiss data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active).
20.5. WhatsApp also ensures that the content of communications (i.e., message content and attached photos) is end-to-end encrypted. This means that the content of messages cannot be read, even by WhatsApp itself. Always use the latest version of WhatsApp to ensure encryption.
20.6. However, please note that WhatsApp may not be able to see the content, but it can determine that and when communication partners are communicating with us, and obtain technical information about the communication partners' device and, depending on the device settings, also location information (so-called metadata). In addition to encrypted content, it is possible to transfer communication partners' data within the Facebook group, in particular for the purpose of optimizing services and security.
20.7. Communication partners should also assume, unless they have objected, that the data processed by WhatsApp may be used for marketing purposes or to display user-tailored advertisements.
20.8. For more information about the purpose, type, and scope of data processing by WhatsApp, as well as your rights and privacy settings, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/.
20.9. You can object to communication with us via WhatsApp at any time. If you subscribe to messages (so-called "broadcasts") via WhatsApp, you can delete our number from your contacts and ask us to remove your contact from our list. In the case of ongoing individual inquiries, you can also request that we do not continue to communicate via WhatsApp.
20.10. For communication via WhatsApp, we delete WhatsApp messages when it can be assumed that we have responded to user inquiries, if no further reference to the previous conversation is to be expected, and if no legal storage obligations prevent deletion.
20.11. Deletion on the devices we use takes place within 30 days.
20.12. We also inform you that we do not transfer the contact details we receive from you to WhatsApp without your consent (e.g., by contacting you via WhatsApp).
20.13. Finally, we would like to inform you that for your security, we reserve the right not to respond to inquiries via WhatsApp. This applies to situations where, for example, contractual information requires special confidentiality or a response via messenger does not meet formal requirements. In such cases, we will indicate more appropriate channels of communication to you.

21. Snapchat

21.1 Our website uses a tracking tag from the social network Snapchat, operated by Snap Inc., 63 Market Street, Venice, CA 90291, USA. Snapchat is certified under the EU-U.S. Privacy Shield. Data processing by Snap Inc. is carried out in accordance with Snapchat's privacy policy. Information on data use can be found at: https://www.snap.com/de-DE/privacy/privacy-by-product/. Information on the Snapchat tag is available in the Snapchat help center: https://businesshelp.snapchat.com/en-US/a/snap-pixel-about.
21.2 Purpose of data processing: The Snapchat pixel is used for analysis, optimization, and economic operation.
Snap Inc. can use the Snapchat pixel to identify visitors to our website as a target group for displaying advertisements. We use the Snapchat pixel to display our Snapchat advertisements only to users who have shown interest in our online offering or who have certain characteristics that we pass on to Snapchat (Custom Audiences).
The Snapchat pixel also ensures that Snapchat ads match the interests of users. In addition, we use it to measure the effectiveness of Snapchat ads.
21.3 Legal basis for data processing: The legal basis for the processing of personal data using the Snapchat pixel is Art. 6 (1) (f) GDPR, i.e., legitimate interest. Our legitimate interest lies in the analysis, optimization, and economic operation of our website and online offerings.
21.4 Right to object and opt out: You can object to the collection of data by the Snapchat pixel and the use of your data for the display of Snapchat ads. To set which types of ads are displayed to you on Snapchat, you can use the function available in the Snapchat app. You can also object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative deactivation page (http://optout.networkadvertising.org/) and additionally via the US (http://www.aboutads.info/choices) or European (http://www.youronlinechoices.com/uk/your-ad-choices/) pages.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

22. You will love our newsletters

22.1. We would like to briefly outline the registration, shipping, and statistical analysis processes, as well as your rights to object. By subscribing to our newsletter, you agree to receive it and to the process described.
22.2. Newsletter content: We send newsletters, emails, and other electronic notifications with the latest information about Pfando or our offers (hereinafter "newsletter") only with your consent or on the basis of legal provisions. If the content was specifically described when you subscribed to the newsletter, this is decisive for your consent. In addition, our newsletters contain information about products, offers, promotions, and our company.
22.3. Double opt-in and logging: Registration for the newsletter takes place in a double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. Confirmation is necessary so that no one can register using someone else's email address. Newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes recording the time of registration and confirmation as well as the IP address.
22.4. Newsletter2Go is used as the newsletter software. Your data is transferred to Newsletter2Go GmbH. Newsletter2Go is a German, certified provider selected in accordance with the requirements of the GDPR and the German Data Protection Act. For more information, visit: https://www.newsletter2go.de/informationen-newsletter-empfaenger/
22.5. According to its own information, the shipping provider may use this data in pseudonymized form, i.e., without assigning it to a user, for the purpose of optimizing or improving its own services. However, the shipping provider does not use the data of our newsletter recipients for its own correspondence or pass it on to third parties.
22.6. Registration data: To subscribe to the newsletter, you only need to provide your email address. In order to be able to address you personally, we also ask you to provide your first name.
22.7. Our newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is downloaded from the mailing service provider's server when the newsletter is opened. During this download, technical information such as the browser and system, as well as the IP address and time of download, is collected. This information is used to technically improve the service based on technical data or to analyze target groups and their reading behavior (reading location can be determined based on the IP address) and access times. Statistical analyses also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual recipients, but neither we nor the shipping provider aim to observe individual users. We use the analyses to identify reading habits and to adapt the content or send different content depending on interests.
22.8. The use of a mailing service provider, the performance of statistical analyses, and the logging of the registration process are based on our legitimate interests in accordance with Art. 6 (1) (f) GDPR. Our interest lies in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users.
22.9. Opt-out/revocation – You can opt out of the newsletter at any time, i.e., revoke your consent. This will also revoke your consent to the delivery by the provider and to statistical analysis. Unfortunately, it is not possible to revoke the delivery by the provider or statistical analysis separately. A link to unsubscribe from the newsletter can be found at the end of each newsletter. If users have only subscribed to the newsletter and then unsubscribed, their personal data will be deleted.

23. Spoteffects

Our website uses xad spoteffect from the provider XAD spoteffects GmbH, Saarstr. 7, 80797 Munich, as well as the open source analytics tool Piwik to improve the website and measure the effectiveness of TV advertising.
Piwik uses cookies to recognize visitors. The visitor cookie is set for a period of 13 months. Alternatively, visitors can be recognized heuristically by the tracker. In this case, the data from the last 31 days is searched for matching visits.
IP addresses are shortened and stored in hashed form, which makes it impossible to draw conclusions about households or individuals.
To prevent Piwik from collecting data on our website, please click on the link: http://trck.spoteffects.net/analytics/index_siteid773.php?module=CoreAdminHome&action=optOut&language=de and uncheck the box.

24. Nimbata

On our website, we use the cloud-based call tracking solution Nimbata from Nimbata LLC (6 Liberty Square, Boston, MA 02109, USA). Nimbata helps us determine which marketing campaigns lead to phone calls to our company.

Nimbata uses cookies to assign specific tracking numbers to users and interactions, which allow us to determine the source of incoming calls. In this context, your IP address, device information, and assigned tracking ID are processed and, if necessary, combined with data from marketing campaigns. The setting of cookies and the processing of your personal data in this context is based on your consent in accordance with Article 6(1)(a) of the GDPR.

Further information on data protection at Nimbata can be found at https://www.nimbata.com/privacy-policy.

25. Pfando – Your new employer?!

25.1. Pfando Poland Sp. z o.o., as the operator of this website, publishes job postings. As a user of this website, you can apply for specific job openings or submit an unsolicited application. You can also join the Pfando Talent Network.

In the event of successful recruitment, Pfando will store your data for the duration of your employment and delete it no later than 6 months after its termination. Otherwise, the data provided will be processed solely for the purpose of the recruitment process and will be deleted within 6 months of the end of the recruitment process.

The legal basis for processing is Article 6(1)(b) and Article 88 of the GDPR, § 26 BDSG (new).

You have the right to withdraw your consent to the processing of your personal data at any time or to object to the processing of data that is not based on consent. You can withdraw your consent or object by sending an email to datenschutz@pfando.de. In this case, all personal data stored by Pfando in connection with the contact will be deleted.

The right to object does not, in principle, apply to data that the company needs to perform a contract or take pre-contractual measures. However, you may have additional rights under which you can request the deletion of your data.

Data collection during application

  • Polite form (required field)
  • First and last name (required field)
  • Email address (required field)
  • Phone number
  • Application documents (e.g., cover letter, resume (required), certificates, photo)
  • [- additional information regarding education and qualifications, if applicable]

25.2. Processing of log data.

When you access the provider's website, your web browser automatically transmits certain data to the provider's server for technical reasons. The following data is collected by the provider separately from any other data you may provide to the provider and used for the purposes mentioned above:

Data collection (usage data)

  • Name of the called page or URL,
  • Date and time of retrieval,
  • Access status / HTTP status code,
  • The amount of data sent each time,
  • The page from which the query originates,
  • Browser software and version,
  • Operating system and version,
  • IP address (anonymized, truncated by the last 3 digits),
  • A randomly generated cookie or session key number.

When data is stored in log files, usage data is deleted after 7 days at the latest. Longer storage is possible in accordance with data protection regulations. In this case, IP addresses are deleted or distorted so that it is not possible to assign the page view to your computer.

The legal basis for storing data and logs is Article 6(1)(f) of the GDPR in conjunction with § 15 of the German Telemedia Act (TMG).

The collection of data for the purpose of providing the website and storing data in logs is necessary for the website to function. Therefore, you have no right to object. However, you can exercise your right to object by using automated procedures that use technical specifications, e.g., by anonymizing your IP address through a VPN provider.

The following section on the use of cookies for web analytics is crucial for collecting usage data for the purpose of measuring reach.

26. Integration of third-party services and content

26.1. As part of our online offering, based on our legitimate interests (i.e., our interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1)(f) of the GDPR), we use content or services from third parties to integrate their content and services, e.g., videos or fonts (hereinafter collectively referred to as "content").).
26.2. This always requires that the external providers of this content can recognize the IP address of the users, because without the IP address they would not be able to send the content to the browser. The IP address is therefore necessary to display the content. We make every effort to use only content whose providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixels (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags enable the analysis of traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user's device and include, among other things, technical data about the browser and operating system, referring pages, time of visit, and other data relating to the use of our online offering, and may be combined with information from other sources.
26.3. The following list provides an overview of third-party providers and their content, along with links to their privacy policies, which contain additional information about data processing and, in some cases, opt-out options:
26.4. External fonts from Google, Inc., https://www.google.com/fonts ("Google Fonts"). Google Fonts are integrated by calling up a Google server (usually in the USA). Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.
26.5. Maps from the "Google Maps" service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
26.6. External JavaScript framework code "jQuery", provided by jQuery Foundation, https://jquery.org.

27. Storage and deletion of your personal data

27.1. Data stored by us is deleted when it is no longer needed for the purpose for which it was collected and when there are no legal storage obligations preventing this. If user data is not deleted because it is needed for other, legally permissible purposes, the processing of this data is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be stored for commercial or tax reasons.
27.2. In accordance with legal provisions, storage takes place for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual reports, business correspondence, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, reports, accounting documents, business and commercial correspondence, documents relevant for taxation, etc.).

28. You have the following rights under data protection regulations

28.1. Users have the right (Article 15 GDPR) to obtain, upon request, free information about whether personal data is collected and stored by us.
You have the right to obtain information about which personal data is used and, in accordance with §34 BDSG, to request a copy of your personal data. However, the right to information may be restricted by §34 BDSG.
28.2. In addition, users have the right (Art. 16 GDPR) to correct incorrect data, restrict processing (Art. 18 GDPR), and delete (Art. 17 GDPR) their personal data. The right to deletion may be restricted in accordance with § 35 BDSG.
28.3. In order to exercise your rights, you have the right to data portability (Art. 20 GDPR).
If you suspect unlawful data processing, you may request a machine-readable summary of your personal data and indicate the recipient to whom it should be sent in order to lodge a complaint with the competent supervisory authority.
28.4. Users may also withdraw their consent at any time with future effect.

29. You can contact the competent authority in the following ways

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Phone: 07 11/61 55 41-0
Email: poststelle@lfdi.bwl.de

30. You may exercise your right to object at any time.

30.1. Under certain conditions, you have the right, for reasons arising from your particular situation or when personal data is used for direct marketing purposes, to object at any time to the processing of your personal data, and we may be required to stop processing it.
In addition, you have the right to object at any time to the processing of your personal data for direct marketing purposes. This also applies to profiling, insofar as it is related to such direct marketing. In this case, we will no longer process your personal data for these purposes.

To exercise your rights, please send an email to
rodo@pfando.pl,

or contact us by mail at
Pfando Poland Sp. z o.o.
ul. Żurawia 6/12, apt. 745
00-503 Warsaw
Poland
Password: my data

31. Changes to the privacy policy

31.1. We reserve the right to supplement or amend this privacy policy at any time in order to adapt it to changed legal provisions or in the event of changes in data processing and the introduction of new technologies. However, this only applies to information relating to data processing. If user consent is required or if parts of the privacy policy contain provisions governing the contractual relationship with customers, changes will only be made with your consent.
31.2. We will publish the changes on www.pfando.pl and/or inform you directly (e.g., by email).