User Data

Hinweise zur Verarbeitung persönlicher Daten bei Nutzung der engagently Services.

Information on the processing of personal data when using the engagently services.

Dear readers,

engagently is a B2B SaaS provider for digital interaction and participation modules.

Engagently does not act independently vis-à-vis private individuals, but is integrated into existing platforms as an additional digital service - for example as a commenting function in connection with news articles on the media offering of a news publisher.

User registration and configuration of the usable offering is entirely in the hands of the integrating platform.

The platform provider informs its users about its data protection provisions and terms of use with regard to the processing of personal data and the guidelines for the use of the engaged interaction offer.

The protection of your data is of particular concern to us and, as a private company, we are subject to the provisions of the European

General Data Protection Regulation (GDPR), the supplementary provisions of the Federal Data Protection Act (BDSG-new) and the Telecommunications Telemedia Data Protection Act (TTDSG).

It goes without saying that we comply with the requirements and provisions arising from these laws.

In the following, we would like to explicitly inform you in detail about which personal data we collect in our engagently system, for what purpose and how long this data is stored.

(If you would like to know what personal data we process when you use our engagently website, you can find this information at www.engagently.co/privacy).

In addition, it is important to us to provide you with comprehensive information about your rights in relation to data processing and how you can assert these rights.

If you have any questions or comments about our data protection, please feel free to contact us at any time. You can contact us, for example, by sending an e-mail to datenschutz@ferret-go.com.

Person responsible

The controller pursuant to Art. 4 (7) GDPR and other data protection regulations provisions, is the

ferret go GmbH
Kadiner Str. 11
10243 Berlin

Phone: +49 30 330 830 904
E-Mail: datenschutz@ferret-go.com
Website: https://www.ferret-go.com/de

Data protection officer

For questions and suggestions regarding data protection and the enforcement of your rights, you can you are also welcome to contact our data protection officer:

David Pfau - conreri digital development GmbH
Von-Kurtzrock-Ring 16
22391 Hamburg

Phone: 0151 / 61728308
E-Mail: support@conreri.de
Website: https://www.conreri.de

General information
Your rights as a data subject
Use of our B2B SaaS solutions

1.General information

The use of our services is limited to the minimum amount of personal data required and is also possible without providing personal data, but may be considerably restricted in its scope.

You decide whether to consent to the use of various purposes when you first access our services on the websites of the platforms on which engagently is integrated. With the exception of the processing that is absolutely necessary for the operation of the services, it is up to you to decide which data processing you allow.

Due to many regulatory changes, a comprehensive set of regulations on data protection has emerged in recent years, which on the one hand is intended to ensure data security and strengthen the rights of users, but on the other hand has produced a flood of relevant terms. In order to make the following more detailed explanations of collected data, legal regulations and rights more accessible, we have briefly summarized the most important of these terms below.

Definitions of terms

In our data protection information, we use terms that are used and defined in the GDPR and are defined there. So that you know what this means, we would like to explain the most important terms.

Processor

A processor is a natural or legal person, public authority, agency or other body which processes or other body which processes personal data on behalf of the controller on behalf of the controller.

Consent banner

As a user, you have the option of giving your consent to processing that requires consent and to revoke this consent for the future. This decision via the so-called consent banner, which is automatically called up the first time you visit automatically when you visit our website for the first time and contains the most important data processing for you.

Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's device. A cookie is primarily used to store information about a user during or after their visit to an online service. The information stored may include, for example, the language settings on a website, the login status, a shopping cart or video interactions. The term cookies also includes other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as “user IDs”). Cookies are used to make websites more user-friendly. As cookies are stored on the user's computer, you have control over the cookies. You can make changes to the use and storage of cookies in your Internet browser settings. However, deactivating cookies will in most cases limit the usability of our website.

Third party

A third party is a natural or legal person, public authority, agency or body other than the data body, other than the data subject, the controller, the processor and the persons persons who, under the direct responsibility of the controller or processor, are authorized to processor are authorized to process the personal data.

Consent

Consent is an expression of self-determination under data protection law. It is the voluntary, informed and unambiguous expression of will for the specific case expression of will in the form of a declaration or other unambiguous confirmatory act by which the data subject indicates that he or she consents to the processing of the personal data concerning him or her. A given consent can be revoked at any time for the future.

Recipient

The recipient is a natural or legal person, public authority, agency or other body to whom other body to which personal data is disclosed, regardless of whether it is a third party or not. it is a third party or not. Authorities which, in the context of a authorities which may receive personal data in the framework of a particular inquiry in accordance with Member States may receive personal data are not considered recipients.

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pseudonymization

Pseudonymization is the processing of personal data in such a way personal data in such a way that the personal data can no longer be attributed to a specific data to a specific data subject without the use of additional information, provided that such information is stored separately and is subject to technical and organizational subject to technical and organizational measures to ensure that the personal data cannot be personal data are not attributed to an identified or identifiable natural person.

Telecommunications Telemedia Data Protection Act TTDSG

The TTDSG is a law designed to protect the integrity of the end device and thus the privacy of the user. The legal basis for the storage and retrieval of information in the end user's terminal equipment is consent, in accordance with Section 25 (1) sentence 1 TTDSG. This consent is requested when the website is accessed. According to Section 25 (2) No. 2 TDSG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user. In the cookie settings, you can see which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exception rule of Section 25 (2) TTDSG and therefore do not require consent. Please note that the legal basis for the downstream processing of personal data is then derived from the GDPR. The relevant legal bases for the processing of personal data on this website can be found further on in this privacy policy.

Processing

Processing is any operation or set of operations which is performed on personal data, whether or not by automated means. This basically includes any handling of personal data such as the collection, storage, modification, use, transmission, dissemination, deletion or destruction of personal data.

Controller

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. processing of personal data. The controller has the admissibility of the data processing through the use of technical and organizational measures technical and organizational measures.

Data transfer outside the EU

The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union as part of the use of third-party services.

We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that your data may then only be processed on the basis of special guarantees, such as the EU Commission's official recognition of a level of data protection equivalent to that in the EU or compliance with officially recognized special contractual obligations, the so-called “standard data protection clauses”.

2. Your rights as a data subject

According to the EU General Data Protection Regulation, you as the data subject have various rights that you can assert at datenschutz@ferret-go.com. These are set out below:

Right to information

You can request confirmation from us as to whether personal data concerning personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from us:

the purposes for which the personal data are processed
the categories of personal data that are processed
the recipients or categories of recipients to whom your personal data have been or will be disclosed
the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period
the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing
the existence of the right to lodge a complaint with a supervisory authority any available information as to the source of the data if the personal data were not
personal data are not collected from the data subject;
the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You also have the right to request information about whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

You also have a right to rectification and completion vis-à-vis us if your personal data is incorrect or incomplete.

Right to lodge a complaint with the supervisory authority

If you are of the opinion that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority responsible for us supervisory authority responsible for us:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 5961
10555 Berlin

Phone.: +49 30 138890
E-Mail: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de

The supervisory authority to which the complaint has been submitted will inform you about the status and outcome of the complaint, including the possibility of a judicial judicial remedy pursuant to Art. 78 GDPR.

Right to restriction of processing

You can request the restriction of the processing of your personal data under the following conditions

if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether our legitimate reasons outweigh your reasons.

If the processing of your personal data has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

Right to erasure

You can demand that we delete your personal data immediately and we are obliged to delete this data immediately if one of the following reasons applies:

Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing;
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR;
your personal data has been processed unlawfully;
the erasure of your personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject
Your personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

The right to erasure does not exist insofar as the processing is necessary

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the establishment, exercise or defense of legal claims.

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

Right to data portability

You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from us to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

3. Use of our digital B2B SaaS interaction and participation solutions

The use of our services is limited to the minimum amount of personal data required and is generally possible without providing personal data. Personal data can enter the engagently system and be processed through the following processes.

Login as a user
Data entry as a user

Login as a user

In order to fulfill the usage-related purpose, users must log in to engagently. Based on the login data, engagently can distinguish the users and store and process the user-related interaction data in a dedicated manner.

The login always takes place via the user account service used by the engagently integrating platform operator.

This is either the self-operated SSO (Single Sign On), a Public OAuth Service or Social LogIn (e.g. Facebook LogIn).

When using SSO and/or Public OAuth Service, the platform operator defines the personal data transmitted to engagently via the login and informs the users accordingly.

In the case of the use of social logins, the social platform defines the type and scope of the personal data transmitted to engagently.

Basically, all that is required to identify a user is a unique user ID, which is transferred to engagently by the leading user account system.

In the case of a commenting function, it is helpful to differentiate between commenters by name. For this purpose, only a nickname is sufficient. Nicknames are generally names that do not allow any conclusions to be drawn about the true identity of the user.

If the platform operator wishes that users may only comment by stating their real name, the user agrees to this via the platform operator's terms of use. In this case, the clear name details are also processed in the engagently system.

The same applies if the platform operator wishes to allow users to comment by providing an e-mail address.

Engagently stores and processes the personal data transmitted via the login process in accordance with the instructions of the integrating platform operator (when using SSO or Public OAuth Service) or in accordance with the specifications of the social platform (e.g. Facebook login), but always in accordance with and in compliance with the legal data protection requirements.

Data entry as a user

When using engagently (e.g. commenting on an article), the user enters data into the engagently system, e.g. in the form of a comment text. engagently does not proactively check whether personal data has been entered in the comment text. engagently also does not subsequently analyze the comments for personal data.

Engagently stores and processes these entries in such a way that they are always in a direct and secure relationship to the user entering the data and are only visible to other users if the user entering the data explicitly confirms this.

Data queries and deletion

The following channels and functions are available to engagently users in order to gain access to and delete data stored and processed by engagently.

Requests for information

Users can contact datenschutz@ferret-go.com directly with their data access requests, data deletion requests and account deletion requests.

Social login disconnect requests

Facebook Connect

Under this link, users can find out how to remove their Facebook login to engagently directly via the Facebook platform.

https://de-de.facebook.com/help/170585223002660

X Connect

Under this link, users can find out how to remove their X login to engagently directly via the X platform.

https://help.x.com/de/managing-your-account/connect-or-revoke-access-to-third-party-apps

Deletion of comments

Users also have the option of deleting their comments independently at any time directly via the comment module provided by engagently.